ONC inks final health IT certification rule
The Office of the National Coordinator for Healthcare Technology has finalized the final rules for healthcare IT certification, and the U.S. Health and Human Services Agency has submitted the document to the Office of the Federal Register for publication.
The Health Information Management Systems Society and the Electronic Health Record Association weighed in on industry concerns raised during the comment period.
WHY IT MATTERS
The final rule on Health Data, Technology, and Interoperability: Certification Program Updates, Algorithm Transparency, and Information implements the Electronic Health Record Reporting Program provision of the 21st Century Cures Act by establishing new terms and conditions and
maintaining certification requirements for health information technology developers under ONC's Health IT Certification Program.
Provisions in the HTI-1 last line are intended to promote interoperability, improve transparency, and support access, exchange, and use of electronic health information, and to establish timelines for the adoption of new baseline standards. Additionally, the 21st Century Cures Act's requirement that developers of certified healthcare IT adopt a certification condition – which the agency calls the “Insights Condition” – means they must report metrics to provide insight into how the certified healthcare IT is being used to support care provision as part of their certification.
In addition to addressing AI transparency requirements in certified healthcare IT, the rule revises certain definitions and exceptions that block information and adds a new exception for the Trusted Exchange Framework and the Common Agreement.
During the HHS TEFCA Live! Marking Thursday's celebration at the opening of the two-day ONC Annual Meeting, HHS Deputy Secretary Andrea Palm noted that approximately 30% of the world's data value is generated by the healthcare sector and that there is much to learn about the use of data to achieve healthcare goals.
The agency's new data strategy “views data as available, accessible, timely, equitable, protected and meaningfully useful to us at HHS, to the public and to all of us in partnership,” she said.
“An exponential amount of healthcare data is generated and mined for valuable insights every second,” Palm said.
HIMSS said ONC aligned itself with its guidance on changes that support ubiquitous interoperable health data exchange, with some exceptions.
“HIMSS applauds ONC for the release of the current HTI-1 final rule, which sets a realistic path toward achieving greater information sharing to promote patient safety and accelerates digital healthcare transformation in the US,” said Tom Leary, senior vice president and head of government relations for HIMSS, the parent company of Healthcare IT news.
“We appreciate ONC listening to stakeholders to establish a timeline for successfully completing the extensive work required to implement the new and revised criteria in a manner that ensures that quality, safety and patient privacy are not compromised are at risk; and that health care sites serving underserved communities are not put at risk.” I'm not left behind,” Leary said.
The EHRA said it is still reviewing the entire final rule to fully understand the impact of HTI-1 on its members and their clients, but still has concerns about the timeframe needed to implement new clinical decision support requirements implement.
“Based on a quick analysis, it is clear that ONC has heard broad industry feedback that many of the proposed deadlines were unattainable compared to the scope of work required to meet compliance,” said David Bucciferro of Foothold Technology-Radicle Health and President of the EHRA. management committee, by email.
But while EHRA asked to maintain the CDS terminology, one of several burdens and competing requirements the organization said its members must adopt, ONC said it is still adopting a new definition for predictive decision support interventions.
Predictive DSI requires certified healthcare IT modules to enable a limited group of identified users. Under the new rules, they must also support technical performance and quality characteristics for both evidence-based and predictive DSIs.
“We have not yet finalized the proposed requirements so that Health IT modules clearly indicate when third-party source attributes are not available,” the agency noted.
Intervention risk management practices must be applied for any predictive DSI provided by the healthcare IT developer as part of a healthcare IT module, “including requirements to subject predictive DSIs to risk analysis and risk mitigation with respect to validity, reliability, robustness, fairness , understandability, safety, security and privacy,” ONC ruled.
Governance requirements – how data is acquired, managed and used – must be consistent with IRM, the agency said.
“While we appreciate the extension of some deadlines, we are disappointed that many deadlines remain unchanged from the proposed rule,” Bucciferro said.
“In particular, we are concerned that even the limited scope of work to deliver the required DSI transparency functionality will be daunting given the short time frame allotted in the final rule.”
With the new rule, ONC said it has also adopted the following:
- USCDI v3, which “includes certain data elements, namely sex, sexual orientation, and gender identity.”
- HL7 FHIR US Core 6.1.0, aligned with USCDI v3 data elements for FHIR APIs.
- Replaceable Medical Applications, Implementation Guide for Launch of Reusable Technologies or SMART v2 Guide, from January 1, 2026.
- A transition to updated terminology standards in Systematized Nomenclature of Medicine Clinical Terms US Edition, with the current SNOMED code expiring on January 1, 2026.
The agency said that due to the preponderance of comments, maintaining the certification as part of the assurance condition of certification is necessary to fully implement the requirements and will be required from January 1, 2025.
THE BIG TREND
In addition to HTI-1, ONC announced this week that TEFCA is live and ready to encourage the secure, efficient, standards-based exchange of electronic health information through approved network brokers.
eHealth Exchange, Epic Nexus, Health Gorilla, KONZA and MedAllies can begin exchanging data immediately and provide scalability for interoperability, said Micky Tripathi, national health information technology coordinator.
“I think one of the benefits of TEFCA is, like I said, it's the next evolution,” he said Thursday during the opening session of the ONC annual meeting.
“It helps us continue where the industry has been able to take us, and they say that working in the public-private partnership, how can we fill those gaps that are too difficult for the industry to do alone?” Tripathi said: “Partly, because they are very complicated, they involve federal government regulatory frameworks, a whole range of things that the private sector cannot do alone.”
ON THE RECORD
“This final rule revises several criteria for program certification, including criteria related to decision support, electronic case reporting, and standards-based (APIs) and increases the basic version of the USCDI from version 1 to version 3,” ONC said in the final. Summary of the HTI-1 rule. “The adoption of new and revised standards and criteria in this final rule will facilitate interoperability through standardized health information and functionality, leading to better care and health outcomes for patients while reducing burden and costs.”
Andrea Fox is editor-in-chief of Healthcare IT News.
Email: afox@himss.org
Healthcare IT News is a HIMSS Media publication.