The Department of Health and Human Services (HHS), through the Assistant Secretary for Technology Policy/Office of the National Coordinator for Health Information Technology (ASTP/ONC), has released a proposed rule that would significantly roll back federal certification requirements for health IT developers. The proposal—known as HTI-5, the fifth iteration of the Health Data, Technology, and Interoperability rulemaking—marks one of the most consequential shifts in federal health IT policy in years.

ASTP/ONC frames the proposal as a targeted deregulatory effort designed to eliminate duplicative or outdated requirements, reduce compliance costs, and redirect industry focus toward interoperable, AI-enabled health data exchange. The rule explicitly advances President Trump’s Executive Orders on Unleashing Prosperity Through Deregulation and Reducing Anti-Competitive Regulatory Barriers.

Why This Matters

If finalized, HTI-5 would materially reshape the federal health IT regulatory landscape—reducing compliance obligations, accelerating AI-driven data exchange, and shifting oversight from prescriptive certification requirements toward market-driven standards and targeted enforcement. Organizations operating in or adjacent to certified health IT should assess how these changes affect product development, data governance, interoperability strategy, and competitive positioning—and consider engaging during the comment period to shape the final rule.

Key Elements of the HTI-5 Proposal

Major Reduction in Certification Criteria
ASTP/ONC proposes eliminating 34 of the 60 certification criteria in the ONC Health IT Certification Program and revising an additional seven—altering nearly 70% of existing requirements. The agency asserts that many current criteria no longer meaningfully advance interoperability and instead impede innovation and market entry.

Quantified Compliance Savings for Developers
The agency estimates the proposed changes would save certified health IT developers up to 4,000 compliance hours per developer in the first year, reducing total industry compliance burden by approximately 1.4 million hours. ASTP/ONC positions these savings as capital and workforce capacity that can be redeployed toward product development and interoperability.

Permanent Enforcement Discretion for HTI-1 Requirements

HTI-5 would make permanent several enforcement discretion policies previously announced in 2025, including:

• Limiting Insights reporting requirements to FHIR usage only, rather than seven HTI-1 performance measures.

• Scaling back enforcement tied to assurances, API requirements, and attestations.

• Descoping real-world testing obligations and instead relying on the voluntary Standards Version Advancement Process, allowing developers to adopt newer standards without waiting for regulatory updates.

• Declining direct review authority over noncompliance tied solely to the January 1, 2026 HTI-1 compliance date.

Collectively, these changes signal a durable shift away from prescriptive oversight toward voluntary standards adoption.

Rollback of AI-Related Transparency and CDS Requirements

The proposal removes certification requirements for clinical decision support (CDS) algorithms, including the Biden-era requirement that developers produce “model cards” disclosing data sources and other attributes. While narrow in scope, these requirements represented some of the only existing federal transparency guardrails for healthcare AI.

Elimination of Additional Functional and Design Requirements

ASTP/ONC proposes removing certification criteria related to:

• Family health history

• Audit reporting

• Multifactor authentication

• Safety-enhanced design

• Accessibility-centered design

The agency argues these criteria no longer function as effective interoperability drivers and are better addressed through market forces or other regulatory frameworks.

Information Blocking: Expanded Access, Sharper Enforcement

HTI-5 proposes updates to information blocking regulations intended to expand electronic health information (EHI) access, exchange, and use. Notably, ASTP/ONC would revise regulatory definitions of “access” and “use” to explicitly include automated and AI-driven processes, enabling autonomous systems to retrieve and exchange EHI.

At the same time, and consistent with the administration’s broader enforcement posture, the proposal would remove or narrow certain information blocking exceptions to prevent data holders from exploiting technical or contractual loopholes that restrict competitors or patient access. This dual approach—greater technical flexibility paired with fewer exceptions—signals continued scrutiny of data access practices even as certification requirements are relaxed.

Push Toward AI-Enabled Interoperability

ASTP/ONC describes the reset of the certification program as a deliberate effort to free developers to focus on standards-based APIs, particularly FHIR, and to accelerate AI-enabled interoperability. The agency has also issued a related request for information seeking stakeholder input on:

• How to structure digital health and AI software change rules that protect patient safety

• Reimbursement approaches for cost-reducing AI technologies

• Ways to increase interoperability of protected health data while maintaining system integrity

This signals that while near-term regulation is being scaled back, the department is actively shaping its longer-term AI policy framework.

Timeline and Next Steps

The proposed rule is expected to be published in the Federal Register on December 29, triggering a 60-day public comment period that will close on February 27, 2026. Significant stakeholder engagement is anticipated from health IT developers, providers, payers, digital health companies, and patient advocacy groups.

The Nelson Mullins federal advocacy team has extensive healthcare experience to bring clients an understanding of how the legislative, administrative, regulatory, and political processes operate on the Hill and at various state houses and, in turn, impact your industry and members.

Please reach out to Jake Kohn and Jason Epstein for any questions regarding this topic.