Image: Anthony Riera/Pexels
The Assistant Secretary for Technology Policy/Office of the National Coordinator for Health Information Technology announced a proposed rule on Monday that would represent a significant rollback of certification criteria for health IT developers.
The fifth iteration of ASTP/ONC's Health Data, Technology, and Interoperability rules, the proposed HTI-5 rulemaking has many parts. Chief among them, it's focused on removing duplicative regulatory requirements and eliminating rules that impede innovation, according to the agency, while aiming to better harness capabilities that are already well-established in health IT products on the market.
"The HTI-5 proposed rule delivers on President Trump’s directive to reduce regulatory burden and to enable American innovation through artificial intelligence," said Dr. Tom Keane, Assistant Secretary for Technology Policy and National Coordinator for Health IT, in a press statement.
"These proposals reflect a commonsense approach that removes redundant requirements on health IT developers, that better ensures seamless patient access to their information and that sets a foundation for AI-based data exchange."
Saving time and money on old rules
ASTP/ONC said the proposals in the Health Data, Technology, and Interoperability: ASTP/ONC Deregulatory Actions to Unleash Prosperity Proposed Rule, known as HTI-5, are estimated to save certified health IT developers an average of up to 4,000 hours each in the first year, slashing an estimated 1.4 million health IT certification compliance hours.
In the draft HTI-5, the agency proposes to remove 34 and update seven of 60 certification criteria within the ONC Health IT Certification Program.
It's "a major reset for the program," said Michael Lipinski, ASTP director, on Tuesday during a media briefing. The focus is "on what Congress has asked us to focus on," he added – namely, interoperability and APIs.
ASTP/ONC's focus on FHIR and APIs have foundations in the 21st Century Cures Act, he said. A comprehensive analysis reviewed requirements that are out of date or have minimal benefit for patients and providers.
Lipinski said that "by no means" should the HTI-5 proposal be seen as "gutting the certification program." Instead, proposed changes are based on "reasoned, rational decisions, as you will see in the rule itself in terms of which criteria we proposed to remove."
He offered two examples, including the review of rules that address document-based exchange – consolidated document architecture. With the pivot to APIs and FHIR-based exchange, Lipinski said the regulators asked, "Do we still need to certify the ability to perform CDA exchange?"
EHR industry feels heard
In March, the EHR Association sent a letter to Health and Human Services Secretary Robert F. Kennedy Jr. asking to improve efficiencies, empower patients and reduce compliance costs.
Key goals EHRA outlined relate to harmonizing interoperability standards across agencies, including ASTP/ONC and the Centers for Medicare & Medicaid Services, and expanding standardized functionality to reduce health data exchange burdens on healthcare providers.
But, "we do have suggestions regarding where ASTP/ONC could shrink the regulatory burden on our industry while still playing a key role in supporting cost-effective, safe health IT use," EHRA had said in the letter.
EHRA asked for:
- Fewer regulatory requirements and more time to comply.
- Elimination of redundant or valueless certification program criteria already in place.
- Cancellation of the Insights EHR Reporting Program.
- Narrowed restrictions on decision support to allow for AI innovation.
- Narrowing standards development to de-emphasize use cases that are not well-supported by market demand.
In advance of ASTP/ONC's anticipated deregulation proposal, "Our goal is not to remove all regulations," said Leigh Burchell, vice president of policy and public affairs at health IT vendor Altera Digital Health and chair of EHRA, on Dec. 18.
"We're being listened to, finally, that some of the regulations are blockers to us being innovative and being able to do things that are very important for our customers," she told Healthcare IT News.
Making 2025 enforcement discretion permanent
ASTP/ONC said in its HTI-5 fact sheet that it is proposing to make permanent previously taken enforcement discretion related to the Insights Conditions and Maintenance of Certification requirements.
In April, the agency said that for 12 months, it would limit collection and reporting requirements to just the use of FHIR in certified health IT. The HTI-1 Final Rule required certified health IT developers to track data on seven measures related to compliance with regulatory timelines and make annual reports to the agency.
Then, in June, the agency proposed additional changes to assurances, APIs and attestation enforcement discretion.
Notably, the agency proposes to descope real-world testing with deregulatory actions for testing plans and results and rely on the voluntary Standards Version Advancement Process, which allows certified health IT developers to use a newer approved version of a standard than is adopted in regulation.
Third, in November, following the government shutdown and ASTP/ONC reopening, the agency announced it would not exercise direct review authority over issues arising solely from a health IT developer not complying with the Jan. 1, 2026, HTI-1 compliance date.
"We welcome that there's absolutely room in those programs for increased efficiency," Burchell said last week.
Information blocking and enforcement
The proposed HTI-5 also updates information blocking regulations to promote electronic health information access, exchange and use, the agency said.
As explained in its fact sheet, ASTP/ONC seeks to update regulatory definitions to include automated and AI-driven processes for accessing and exchanging EHI.
Consistent with the administration's recent efforts to step up enforcement info blocking regulations, the proposal also removes or revises specific exceptions to prevent those participating in health data exchanges from using technical or contractual loopholes to unfairly block data access for competitors and patients.
Lipinski explained that feedback ASTP/ONC has received this year indicated that data flow has been an issue that needed express regulatory clarity, and it has thus been codified in the draft HTI-5 rule as a result.
Additionally, he said HHS has released statements, alerts and videos stating that it would release additional enforcement resources, and is taking actions to coordinate on enforcement actions.
Lipinski added that ASTP/ONC said it has been providing technical assistance to the Office of Inspector General.
"We are looking at the complaints we get in that involve certified health IT and what actions we can take under the certification program, and we are devoting resources to that," he said.
Push for AI-driven interoperability
Proposals in HTI-5 to reset the certification program’s scope are intended to free up capacity for health IT developers to focus more resources on standards-based APIs like FHIR and AI-enabled interoperability, according to the agency.
They also align with executive orders on Unleashing Prosperity Through Deregulation and Reducing Anti-Competitive Regulatory Barriers, ASTP/ONC said.
The agency said it has reviewed and evaluated decision support interventions certification criteria changes, focusing on ways to reduce health IT developer and provider burdens.
"As we have noted previously in this proposed rule and in prior rulemakings, we consider factors such as standards maturity, market adoption and complexity of implementation when adopting, revising or phasing out standards and certification criteria."
The agency said that by reducing the scope of the DSI certification criteria, it will fully remove AI model card requirements.
In the proposed rule, ASTP/ONC said it has "no publicly available evidence" that existing HTI transparency requirements resulted in "positive impacts on patient care, such as removing deficient or untested algorithms, or testing a deployed algorithm on local data."
"We believe that the underlying assumption that source attribute information would be valuable to healthcare delivery organizations and healthcare professionals when deciding whether to implement or use a DSI was incorrect," the agency said in the draft HTI-5 proposal.
When asked during the media briefing about the agency's position on AI testing and tool transparency as well as the thinking, Lipinski pointed to a new request for information on using AI to lower healthcare costs released by HHS on Friday to better understand the agency's position on AI safety.
The department is asking for stakeholder advice on how to issue and structure digital health and AI software change rules to keep patients safe, structure reimbursements to support cost-reducing AI technologies and increase interoperability of protected data to keep the system running smoothly.
"The department obviously cares about the role of artificial intelligence in clinical care and wants to hear from the public," Lipinski said. "That RFI [indicates] where the department stands when it comes to artificial intelligence and what the role the department should be in regulating it."
Once the proposed rule is published in the Federal Register (expected on Dec. 29), a 60-day public comment period will begin, ending on Feb. 27, 2026. Learn more at healthit.gov/hti5.
Andrea Fox is senior editor of Healthcare IT News.
Email: afox@himss.org
Healthcare IT News is a HIMSS Media publication.
