Industry groups weigh in on HTI-5 proposed rule

The HHS Assistant Secretary for Technology Policy (ASTP)/Office of the National Coordinator for Health Information Technology (ONC) received more than 6,400 public comments on its proposed rule aimed at health IT deregulation. 

Titled "Health Data, Technology and Interoperability: ASTP/ONC Deregulatory Actions to Unleash Prosperity" (HTI-5), the proposed rule aims to reduce or eliminate certain health IT certification criteria, update information blocking definitions and accelerate Fast Healthcare Interoperability Resources-based (FHIR) interoperability.  

Specifically, the HTI-5 proposed rule suggested removing 34 and revising seven of the 60 certification criteria within the ONC Health IT Certification Program, in alignment with the Trump administration's deregulatory stance. 

ASTP/ONC also proposed resetting the certification program's regulatory scope, prioritize FHIR-based application programming interfaces (APIs) that enhance automation and performance, move beyond read-only interactions and expand the scope of available data.  

Additionally, the HTI-5 proposed rule recommended clarifying the definitions of "access" and "use" within the information blocking rule and revising other definitions to promote electronic health information access and exchange. 

Public comments on the proposed rule were due to regulators by Feb. 27, 2026. Leading industry groups shared their thoughts on the proposed rule in letters addressed to Thomas Keane, M.D., the ASTP/ONC assistant secretary for technology policy. Several of these letters are summarized below. 

The American Hospital Association's response 

In its letter to Keane, the American Hospital Association (AHA) expressed support for ASTP/ONC's efforts to promote interoperability and remove duplicative certification criteria.  

However, the AHA diverged from ASTP/ONC's stance in several areas, offering alternative recommendations.  

For example, in the proposed rule, ASTP/ONC proposed removing all 13 privacy and security certification criteria. It also proposed reducing the scope of the decisions support interventions (DSI) certification criterion to fully remove AI model card requirements, essentially removing some transparency into how an AI application was designed and tested. 

The AHA disagreed with these positions, instead recommending that the security and privacy and DSI criteria be retained in their current form rather than revised or removed. Removing all security and privacy certification criteria could shift risk and cost inappropriately from developers to providers, the AHA stated. 

Additionally, the AHA urged ASTP/ONC to develop a reasonable path to transition to FHIR-based certification criteria. 

"The goal of transitioning the certification program to FHIR-based criteria is laudable; however, we urge the agency to provide reasonable timelines to allow for testing and for providers to align resources," the AHA stated.  

The AHA also urged the agency to retain Consolidated Clinical Data Architecture (C-CDA)-based criteria, since many rural providers remain dependent on it. The group further advocated that ASTP/ONC retain the information blocking definition as written. 

Overall, the AHA encouraged ASTP/ONC to adopt realistic timelines, balance innovation with patient safety and promote interoperability standards while maintaining privacy and security and reducing unnecessary burdens. 

The Workgroup for Electronic Data Interchange's response  

Like the AHA, the Workgroup for Electronic Data Interchange (WEDI) supported ASTP/ONC's goals of advancing interoperability and reducing administrative burden. WEDI stated that it is seeking a health IT transition that promotes seamless data exchange, prioritizes patients and caregivers and maximizes data privacy and security. 

In this vein, WEDI said it generally supported the effort to revise certification criteria to remove duplicative or outdated requirements but still acknowledged a few concerns. 

"While ASTP/ONC does not anticipate the proposed removals or revisions will change the products currently offered by health IT developers, we do have concerns that this may be too strong of an assumption," WEDI stated.  

"Developers may not initially change their products, but as the products continue to evolve with new functionalities and requirements, developers may begin to remove older capabilities where the certification is no longer required, thereby impacting the users of those products." 

Additionally, WEDI recommended that the privacy and security certification criteria remain in place and opposed revisions to the DSI certification requirements. It also recommended that additional work be done to understand the implications of AI access to health information in the context of information blocking before changing any definitions. 

"Overall, WEDI recommends that ASTP/ONC continue to monitor the effects of removal of certification criteria on EHRs' functionalities and restore any criteria where a critical need is identified," the letter stated. 

While WEDI expressed support for ASTP/ONC's goals of reducing the burden of health IT certification, it also acknowledged that the "drive for innovation must also be balanced with providing the users with products that function to meet the complete needs for delivering patient care." 

The Medical Group Management Association's response 

The Medical Group Management Association (MGMA), which represents a range of medical groups from independent practices to large health systems, expressed support for ASTP/ONC's efforts to transition healthcare to a FHIR-based API ecosystem and to remove redundant certification requirements. 

However, MGMA suggested that removing 34 requirements "risks shifting technical, operational, direct and indirect costs, and compliance responsibilities downstream to medical groups." 

For example, the changes could result in increased product variability, MGMA suggested, making it difficult to achieve out-of-the-box functionality and forcing medical groups to renegotiate EHR acquisitions to maintain crucial capabilities. 

"MGMA recommends that if ASTP proceeds to remove many of the criteria as proposed, then it should establish a feasible, strategic, longer-term timeline from what is proposed," MGMA stated.  

"Extending the proposed timelines for non-redundant criteria to be removed will benefit medical groups as they prepare for changes to their current product capabilities and workflows." 

MGMA also stressed the importance of extended timelines and market stability to ensure fewer disruptions to daily operations. 

Like the AHA and WEDI, MGMA expressed concern about the proposed changes to DSI requirements, arguing that they would leave practices to independently assess vendor AI tools and assume inappropriate risk. 

"This creates a gap at a time when guardrails, governance, and trust in AI-enabled decision support are increasingly important," MGMA stated. 

Overall, while the industry groups appreciated ASTP/ONC's efforts to remove redundancies, they pushed for timeline extensions and fewer structural changes to the certification criteria. 

Jill Hughes has covered health tech news since 2021.