ONC inks final health IT certification rule

Despite broad concern by health IT developers and owners, some deadlines have been pushed out in HTI-1, the new federal rule governing certification, AI transparency and other standards, while those for decision support algorithms have not.
By Andrea Fox
09:25 AM

Photo: MART PRODUCTION/Pexels

The Office of the National Coordinator for Healthcare Technology has completed its final health IT certification rules and the U.S. Health and Human Services Agency has sent the document to the Office of the Federal Register for publication.

The Health Information Management Systems Society and Electronic Health Record Association weighed in with initial thoughts on the industry's concerns voiced during the comment period.

WHY IT MATTERS

The final Health Data, Technology, and Interoperability: Certification Program Updates, Algorithm Transparency and Information rule implements the Electronic Health Record Reporting Program provision of the 21st Century Cures Act by establishing new conditions and maintenance of certification requirements for health information technology developers under the ONC's Health IT Certification Program. 

Provisions in the HTI-1 final rule are intended to advance interoperability, improve transparency and support the access, exchange and use of electronic health information, as well as set timelines for the adoption of new baseline standards. In addition, the 21st Century Cures Act requirement for developers of certified health IT to adopt a Condition of Certification – which the agency calls the "Insights Condition" – means they must report metrics to provide insight into how the certified health IT is used in support of care delivery as part of their certification.

In addition to addressing AI transparency requirements in certified health IT, the rule revises certain information blocking definitions and exceptions, and adds a new exception for the Trusted Exchange Framework and Common Agreement. 

At the HHS TEFCA Live! celebration on Thursday, at the opening of the two-day ONC annual meeting, HHS Deputy Secretary Andrea Palm noted that approximately 30% of the world's data value is being generated by the healthcare industry and that there is a lot to learn about the use of data to achieve healthcare goals.

The agency's new data strategy "envisions data as available, accessible, timely, equitable, protected and meaningfully usable for us inside HHS for the public and for all of us in partnership together," she said.

"Every second an exponential amount of healthcare data is generated in and mined for valuable insights," Palm said.

HIMSS said ONC aligned with its guidance on changes that support the ubiquitous interoperable exchange of health data, with a few exceptions.

"HIMSS applauds ONC on the release of today's HTI-1 final rule, which takes a realistic path to achieving greater information sharing to aid patient safety and accelerates digital health transformation in the U.S.," said Tom Leary, senior vice president and head of government relations for HIMSS, the parent company of Healthcare IT News.

"We appreciate ONC listening to stakeholders to establish a timeline to successfully complete the extensive work required to implement the new and revised criteria in a manner ensuring that quality, safety and patient privacy are not compromised; and that healthcare delivery sites caring for underserved communities aren’t left behind," Leary said.

The EHRA said that it is still reviewing the complete final rule to fully understand HTI-1’s impact on its members and their clients, but still has concerns about the timeframe needed to implement new requirements on clinical decision support.

"Based on a quick analysis, it is clear that ONC heard the broad industry feedback that many of the proposed deadlines were infeasible compared to the scope of work required for compliance," said David Bucciferro of Foothold Technology-Radicle Health, who is chair of the EHRA executive committee, by email.

But while EHRA asked to maintain CDS terminology, one of many burdens and competing requirements the organization said its members will be required to assume, ONC said it's still going to adopt a new definition for predictive decision-support intervention.

Predictive DSI requires that certified health IT modules enable a limited set of identified users. They must also support technical performance and quality attributes for both evidence-based and Predictive DSIs, according to the new rules.

"We have not finalized proposed requirements that Health IT Modules clearly indicate when source attributes from other parties are unavailable," the agency noted.

Intervention risk management practices must be applied for each Predictive DSI supplied by the health IT developer as part of a Health IT Module, "including requirements to subject Predictive DSIs to risk analysis and risk mitigation related to validity, reliability, robustness, fairness, intelligibility, safety, security and privacy," ONC ruled. 

Governance requirements – how data are acquired, managed and used – must be consistent with IRM, the agency said.

"While we appreciate the extension of some deadlines, we are disappointed that many remain unchanged from the proposed rule," Bucciferro said. 

"In particular, we’re concerned that even the reduced scope of work to deliver the required DSI transparency functionality will be daunting given the short timeframe allotted in the final rule."

With the new rule, ONC said it has also adopted: 

  • USCDI v3, which includes "certain data elements, namely sex, sexual orientation, and gender identity."
  • HL7 FHIR US Core 6.1.0, which aligns with USCDI v3 data elements for FHIR APIs. 
  • Substitutable Medical Applications, Reusable Technologies App Launch Implementation Guide, or SMART v2 Guide, beginning January 1, 2026.
  • A transition to updated terminology standards in Systematized Nomenclature of Medicine Clinical Terms U.S. Edition, with the current SNOMED code expiring on January 1, 2026.

The agency said that due to the preponderance of comments, maintenance of certification as part of the assurance condition of certification is necessary to implement requirements fully and will be required starting January 1, 2025.

THE LARGER TREND

In addition to HTI-1, ONC announced this week that TEFCA is live and ready to encourage the secure, efficient, standards-based exchange of electronic health information through approved network brokers.

eHealth Exchange, Epic Nexus, Health Gorilla, KONZA and MedAllies can immediately begin exchanging data and are providing scalability for interoperability, according to Micky Tripathi, the National Coordinator for Health Information Technology.

"One of the benefits of TEFCA I think is, as I said, it's the next evolution," he said Thursday at the ONC annual meeting's opening session. 

"It's helping us pick up where the industry has been able to take us, and they say working in the public-private partnership, 'How do we fill in those gaps that are too hard for the industry to do alone?'" Tripathi said. "In part, because they're really complicated, they involve federal government regulatory frameworks, a whole bunch of things the private sector can't do on its own.”

ON THE RECORD

"This final rule revises several program certification criteria, including criteria related to decision support, electronic case reporting and standards-based [APIs] as well as raises the baseline version of the USCDI from Version 1 to Version 3," ONC said in the final HTI-1 rule's executive summary. "The adoption of new and revised standards and criteria in this final rule will facilitate interoperability through standardized health information and functionality, which will lead to better care and health outcomes for patients while reducing burden and costs."

Andrea Fox is senior editor of Healthcare IT News.
Email: afox@himss.org

Healthcare IT News is a HIMSS Media publication.

Want to get more stories like this one? Get daily news updates from Healthcare IT News.
Your subscription has been saved.
Something went wrong. Please try again.