HTI 5 Proposal Signals Health IT Deregulation and FHIR-first Interoperability and Refines Information Blocking Rule

The new Health Data, Technology and Interoperability proposed rule (known as HTI-5) signals a significant deregulatory shift aimed at simplifying Health IT certification, accelerating FHIR‑based interoperability, and tightening information blocking rules to promote competitive, AI‑ready health data exchange. 

The proposed rule, issued by the Office of the Assistant Secretary for Technology Policy at the U.S. Department of Health and Human Services (ASTP) and the Office of the National Coordinator for Health Information Technology (ONC) to streamline the ASTP/ONC Health IT Certification Program, has a public comment deadline of February 27, 2026

In this post we will explain the most important aspects of this proposed rule that creates major changes to the Health IT landscape.

Big Picture: A Deregulatory Reset with a FHIR-Forward Focus

HTI-5 would eliminate certain long‑standing, functionality‑oriented and non‑FHIR‑based requirements, while re‑anchoring future policy on FHIR APIs and modern data exchange realities. The proposed rule frames these changes as burden‑reducing for developers and providers by removing outdated requirements to catalyze competition and innovation—including emerging AI policy and AI‑enabled interoperability approaches.

Health IT Certification Program: Scope Reductions, Targeted Revisions, and Administrative Clean Up

ASTP/ONC proposes to remove or revise a large share of health IT certification criteria, asserting that these capabilities are now widely adopted and no longer require regulatory maintenance through certification. In total, HTI-5 would remove 34 and revise 7 of the existing 60 criteria—with notable reductions in criteria for decision support, C‑CDA‑centric requirements, privacy and security certification requirements, and certain design/performance obligations. 

Decision Support: Narrowing DSI and Retiring CDS

If finalized HTI-5 would retire the legacy “clinical decision support” criterion at § 170.315(a)(9), consistent with its HTI‑1 sunset and replacement by the “decision support interventions” (DSI) criterion.

HTI-5 further proposes to scale back the DSI criterion at § 170.315(b)(11), including by removing AI “model card” transparency and related source‑attribute and risk‑management elements. ASTP/ONC cites a lack of demonstrated clinical utility and alignment with the White House’s AI deregulatory posture. 

For developers, this would mean fewer prescriptive transparency artifacts and process controls at certification. While HTI-5 preserves the fundamental requirement for Certified Health IT to support evidence-based and predictive DSIs, it proposes to significantly streamline the associated transparency and administrative obligations to align with broader deregulatory goals.. ASTP/ONC estimates substantial annual cost savings from the DSI criterion revision. 

C-CDA De emphasis and FHIR Acceleration

To steer the health care ecosystem toward FHIR‑based APIs and away from C‑CDA‑centric conformance, HTI-5 proposes to remove criteria such as Consolidated CDA creation performance (§ 170.315(g)(6)) and other C‑CDA‑dependent capabilities where, per ASTP/ONC, industry adoption is mature and continued certification with those outdated standards would impede migration to API‑based interoperability. ASTP/ONC similarly signals a continued pivot for public health and case reporting functionality toward FHIR as the singular future approach, consistent with HTI-1 and other recent agency policies.

USCDI Update: Adoption of v3.1 and Streamlining Data Elements Enforcement Discretion

HTI-5 proposes adoption of USCDI v3.1 and well as codification of ASTP/ONC’s March 2025 enforcement discretion notice for noncompliant USCDI v3 data sets that do not have the capability to designate sexual orientation or gender identity.

Conditions and Maintenance of Certification: Descope and Align

• Real World Testing (RWT): HTI-5 would eliminate the plan submission requirement, limit full RWT results reporting to API‑focused criteria (g)(10), (g)(31), (g)(32), and (g)(33), and otherwise allow Standards Version Advancement Process (SVAP)‑only reporting for non‑API criteria—aligning RWT with the program’s API‑first direction.
• Insights: Consistent with ASTP/ONC’s April 2025 enforcement discretion notice, HTI-5 would remove most measures and retain only the “use of FHIR in apps through certified health IT” measure—reaffirming a narrow, high‑value set of insights tied to FHIR adoption.
• Assurances, APIs, Attestations: HTI-5 proposes conforming edits without, per ASTP/ONC, introducing new net costs, keeping the Conditions structurally aligned to the deregulatory changes. 

Removal of Privacy/Security and Design/Performance Criteria 

HTI-5 proposes removing all of the 14 privacy and security criteria (e.g., authentication, audit logs, encryption, multi-factor authentication), on the basis that these capabilities are widely adopted and/or independently required under HIPAA.

HTI-5 also proposes to remove the “safety‑enhanced design” criterion and the “accessibility‑centered design” criterion, citing widespread adoption of underlying practices, limited downstream use of transparency artifacts, and administrative costs that no longer justify certification overhead. HTI-5 similarly proposes clean‑up of dependent references and obsolete concepts such as “Complete EHR.” 

Information Blocking: Clarifying “Access” and “Use,” Narrowing the Infeasibility Exception, and Emphasizing Automation and AI

HTI-5 proposes targeted but impactful revisions to the information blocking rule under 45 CFR part 171 to reflect what ASTP/ONC considers to be misuse of the exceptions to the rule in an anti-competitive manner and to reflect the rising use of artificial intelligence and automation in health IT.

Definitions of “Access” and “Use”

If finalized, HTI-5 would clarify that “access” and “use” explicitly include automated means, “including, without limitation, autonomous AI systems.” ASTP/ONC also seeks comment on a parallel revision to the definition of “exchange.” This clarification underscores that automation—whether via APIs, services, or AI agents—falls within conduct to access, exchange, and use electronic health information that the agencies seek to promote.

Infeasibility Exception: Eliminating the “Third Party Seeking Modification Use” Condition

HTI-5 proposes to remove § 171.204(a)(3)—the condition permitting actors to deny requests that seek modification use of EHI by third parties—citing misuse risks and the maturation of two‑way interoperability methods that support secure, permissible EHI modification. ASTP/ONC’s market assessment indicates it is no longer reasonable to dismiss modification‑use requests as categorically infeasible without exploring alternative manners under the Manner Exception. 

Manner Exception Exhausted: Reinforcing Alternative Paths

HTI-5 reiterates the importance of offering alternative manners for fulfilling requests and proposes to change the Manner Exception by clarifying that the “manner requested exhausted” condition cannot be satisfied by agreements that are not at market rate, are contracts of adhesion, or contain unconscionable terms.

TEFCA Exception Removal

HTI-5 proposes removal of the TEFCA-specific Manner Exception, citing continued growth in QHIN participation and signaling that nominal participation in TEFCA will no longer justify information blocking.

Bottom Line

If finalized, HTI‑5 would materially reduce health IT certification overhead, re‑center the certification program on FHIR APIs, and recalibrate information blocking rules to curb misuse and reflect automation/AI realities. 

Certified Health IT developers should expect a leaner certification footprint with fewer prescriptive design and documentation artifacts, yet a sharper focus on FHIR‑based API performance, USCDI alignment, and real‑world interoperability outcomes. 

All actors regulated by the information blocking rule can anticipate enhanced expectations to support automated access and use of EHI, including by AI‑enabled tools, and fewer avenues to refuse EHI requests as infeasible. In fact, ONC/ASTP already recently updated its information blocking FAQs consistent with HTI-5 to explain that interfering with automation technologies could implicate the information blocking rule.

While we have presented what we see as the most important aspects of this proposed rule, the rule itself is much bigger than this. If you have any questions about these or any other aspects of HTI-5 or would like to discuss the impacts of the rule on your business or support in preparing comments to the rule. Please reach out to the authors of this post or to your health care attorneys at Reed Smith.