The Office of the National Coordinator for Health Information Technology (ONC) published the Health Data, Technology, and Interoperability: Certification Program Updates, Algorithm Transparency, and Information Sharing (HTI-1) Final Rule on December 13, 2023.
The new rule requires new and updated standards, implementation specifications and certification criteria for electronic health records and health information technology modules for certification through the ONC certification program.
The HIMSS government relations team has developed an extensive list of resources that help healthcare leaders to better understand the HTI-1 Final Rule. The five resources below divide the rule into five key areas to help HIMSS members navigate the transition from the current scheme for certifying health IT.
Revised timeline for implementation of new and updated standards and certification criteria and timeline for reporting to insights condition EHR reporting program.
By Dec. 31, 2024, certified API Developers must publish their customers' service base URL information (FHIR Endpoints) in accordance with approved standards.
Also, certified developers of Health IT and Health IT modules certified to current clinical decision support criterion must update their certificate clinical decision support to the new criterion for Decision Support Interventions criterion. Delays in the implementation of other certification requirements were issued to allow developers of Health IT to focus on DSI during the first year of revised certification requirements. They must also provide updated functionality of decision support
ONC finalized its proposal to discontinue “Year Themed Editions” of Certified Health IT, indicating that they will update certification requirements when new standards are available.
Health IT modules will be required to accommodate the data elements in USCDI v3, using the FHIR US Core 6.1.0 and C-CDA Companion Guide R4.1 by January 1, 2026.
Implementation deadlines for all certification criteria utilizing USCDI v3 have also been pushed back to Jan. 1, 2026.
Health IT modules will be required to have the functionality to allow patients to restrict uses and disclosures of their personal health information by January 1, 2026.
View the fact sheet: New and Revised Standards and Certification Criteria for Health IT Modules
ONC finalized adoption of the DSI Criterion, a revision of the current CDS Criterion must be utilized in Certified Health IT no later than Dec. 31, 2024. Delays in other certification requirements were made to allow developers of Health IT to focus on meeting DSI criterion in CY2024
ONC finalized new definitions for “predictive decision support interventions” and “decision support interventions.” It excluded Linked Referential Decision Support (InfoButtons) from the DSI criterion.
To attain certification, ONC defined required actions for by developers of Health IT/Health IT modules incorporating DSI into certified Health IT to ensure transparency and safety, including relevant technical and performance information; source attribution; adoption of risk management practices; and participation in real world testing.
Scope of source attribution requirements will be limited to DSI created by the developer of certified Health IT modules, not third parties.
View the fact sheet: Decision Support Interventions Criterion for Certified Health IT
ONC finalized a revised definition of “Information Blocking.” It revised definitions of “a developer of certified health IT” and an actor that “offers Health IT” to clarify what actors are within scope of information blocking requirements and therefore are subject to civil monetary penalties.
Eligible clinicians and hospitals are subject to disincentives, proposed in the 21st Century Cures Act: Establishment of Disincentives for Health Care Providers That Have Committed Information Blocking published by the Centers for Medicare and Medicaid Services and ONC on Nov. 1, 2023.
ONC revised two exceptions to Information Blocking requirements: 1. Uncontrollable Events component of the infeasibility exception now mandates that the actor must demonstrate the information blocking activity was directly caused by an uncontrollable event and 2. Manner Exception was revised to remove “Content” from the former Content and Manner Exception.
ONC finalized two new Information Blocking exception conditions: 1. The Infeasibility exception now includes a condition allowing actors to deny the ability to modify electronic health information (EHI) IF the request comes from a third party that isn’t a provider or a business associate. 2. The Manner exception now includes a condition allowing actors to meet requests using TEFCA provided the requestor is also a TEFCA participant, even if the request indicated they wanted the information provided through other means.
View the fact sheet: Information Blocking Requirements for Certified Health IT
ONC’s HTI-1 final rule finalized the creation of the Insights Condition and Maintenance of Certification requirement for developers of Health IT to report key data to maintain certification of their products.
Reporting focuses on interoperability, conformance to certification testing, usability/user centered design, and security metrics while providing data on the behavior of end users.
ONC will roll out measures for data capture and reporting in three yearly cycles, with Year 1 measures captured in 2026 and reported in July of 2027.
Measures will be reported annually, as aggregate calculations for each certified Health IT module.
View the fact sheet: Insights Condition and Maintenance of Certification (EHR Reporting Program)