HTI-5 is a proposed federal regulation issued by the ASTP/ONC (HHS Assistant Secretary for Technology Policy/Office of the National Coordinator).
As a reminder, Congress passes laws (in this case mostly the HITECH and Cures Acts) which then delegate federal regulatory agencies to write rules that can be found in the CFR (Code of Federal Regulations). Proposed rules are typically required to offer a public comment period after which a final rule will be written into the CFR.
The Trump administration is setting its directions for interoperability and digital health more broadly in this proposed rule. There is also a related RFI on how the administration can accelerate AI. You can get information, including the proposed rule text and how to make comments (which are open until the end of February) at healthit.gov.
HTI-5 fundamentally does three things:
- It cleans up and/or removes a number of requirements for EHRs to be certified (which allows the physician or hospital to get some more money from CMS).
- It tightens information blocking exceptions used by some EHR vendors to prevent app access to patient data.
- It signals strong support for FHIR and HIPAA-compliant data flow in general.
1. EHR Deregulation in HTI-5
Since roughly 2011, certified EHRs have been required to have a number of mandated features. With this proposal, of the existing 60 EHR certification criteria, 17 were removed and 7 were revised. Most of the fundamental infrastructure here is still in place. Specific features of interest are the removal of some sexual identity features of the USCDI (v 3.1), removal of eCQM reporting, and a reset of reporting.
Broadly, the proposal removes some older interoperability approaches (View Download Transmit) and signals a broader rethinking of the infrastructure supporting quality measurement. Much of the ad hoc security reporting is removed and deferred to the HHS Office of Civil Rights, which administers HIPAA and has its own security and privacy rules for providers and payers.
Public health reporting is streamlined. Various EHR design process measures are removed. There is some residual ambiguity about CCDAs (the consolidated clinical document architecture standards used for the Continuity of Care Document often handled by HIEs), but fundamentally CCDs remain as the rule tries not to “upset the apple cart”.
For payers, there should be very little immediate impact in terms of getting clinical data or demographics they need to exchange. Over time, the proposal outlines a major emphasis on APIs and may be the ultimate enabler to get healthcare to an API economy.
Payers should absolutely think about their business models evolving as they can now use APIs to stay in constant communication with providers. Historically provider/payer API interactions were for X12 revenue cycle claims transactions. With the various recent HL7 HIR API standards (CDex, PDex, prior authorization), providers and payers can be sharing data relatively continuously.
While continuous data sharing via APIs is a novelty in healthcare, other industries use API data flows as the center of their business models. Think Amazon, Walmart, and most airline, finance, and other apps on your phone, which provide the final consumer glue.
Both CMS and ASTP/ONC have made it clear that API-enabled consumer empowerment will be part of modern healthcare. Expect payment incentives to increasingly reflect this direction. We are seeing this accelerate from Meaningful Use and Promoting Interoperability to the new CMS ACCESS Model, which allows digital-first providers to bypass traditional providers.
2. Information Blocking in HTI-5
The 2020 ONC Cures Act required EHRs, providers, and networks to provide patients access to their data, including a variety of penalties for noncompliance. Obviously, enforcement of information blocking required complex definitions to balance privacy, security, feasibility, innovation, and competition.
The Biden administration did not engage in information blocking enforcement actions. The Biden administration also placed various limitations on information blocking, allowing EHR vendors and potentially providers to claim and negotiate around various regulatory exceptions, effectively allowing information blocking to continue by making it much more difficult for apps to access data.
The Trump administration’s HTI-5 rule proposes removal or modification of these three additional information-blocking exceptions. The first exception – known as “third party seeking modification use” – is the notion that EHRs could limit write access (the original Cures Act rule did not address write access for a variety of political, technical, and informatics reasons). ASTP is proposing to eliminate this exception.
The second exception – known as the “manner exhausted” exception – deals with the situation where a party wants to get data but not use standard APIs and is simply confusing. ASTP plans to either tighten this materially or eliminate it.
The third exception is the “TEFCA exception”, which somewhat states that if one supports and offers TEFCA then they cannot be considered information blockers. ASTP proposes removing this.
3. APIs and the Future of Data Exchange in HTI-5
ASTP explicitly stated that they see FHIR APIs as their direction. Two areas of clarification that change the nature of data acquisition are the proposed support for robotic process automation (RPA, better known as screen scraping) and agentic AI access. ASTP proposes that interference with RPA or agentic AI will be considered information blocking.
Final Takeaways Around HT1I-5
This rule is deregulatory. There will likely be an HTI-6 rule that addresses details of the APIs. That work is still in progress and will likely be at least a number of months away, since it has not yet been listed in the Office of Management and Budget Unified Agenda of pending regulations.
The 1upHealth team is excited about the transformations coming with this new direction. Payers will have the opportunity to build data platforms based on increasing amounts of clinical data and much richer communications with their in-network providers. Moreover, the 1upHealth Lakehouse architecture is designed to power the modern API-first world in healthcare.
If you want to talk to one of our regulatory experts about HTI-5 or any other current or future regulations, please contact us.