AHA Pushes Back on Health IT Certification Rules

The Office of the National Coordinator for Health Information Technology (ONC) Health IT Certification Program, established in 2010, sets the standards for EHRs to ensure they meet federal requirements for data accuracy, security, and interoperability. This certification is critical for providers participating in federal incentive programs like those from the Centers for Medicare & Medicaid Services (CMS). At the heart of the debate is the "HTI-5" proposed rule, which aims to overhaul this certification process. The ONC's stated goal is to reduce regulatory burden on health IT developers and accelerate the industry's shift towards modern, FHIR-based application programming interfaces (APIs) for more seamless data exchange. The proposal is substantial, calling for the elimination of 34 of the 60 existing certification criteria and revisions to seven others. The ONC argues many current criteria are now standard in the market, are duplicative of other regulations like HIPAA, or hinder innovation by being overly prescriptive. The American Hospital Association (AHA) is pushing back on the speed and scope of these changes, arguing the proposed timeline is unrealistic. They are asking for at least a 24-month transition period after any final rule is published to allow hospitals and vendors adequate time to adapt without disrupting patient care. A key objection from the AHA is the proposal to remove all 13 privacy and security certification criteria. The AHA contends this would inappropriately shift the risk and cost of securing patient data from technology vendors directly onto providers, at a time of elevated cybersecurity threats. The AHA also opposes the immediate removal of criteria supporting older data exchange standards like Consolidated Clinical Data Architecture (C-CDA). They warn this could disadvantage smaller and rural hospitals that still rely on this framework, potentially degrading their ability to exchange information or forcing them to pay vendors extra for the functionality. This entire regulatory push is rooted in the 21st Century Cures Act, a 2016 law designed to boost interoperability and stop "information blocking," ensuring patients have electronic access to their health information. The current HTI-5 proposal is the ONC's latest step in implementing the Act's long-term vision. The public comment period for the HTI-5 proposed rule closed on February 27, 2026. The ONC will now review feedback from the AHA and other stakeholders before issuing a final rule, which will determine the future landscape for health IT certification and data exchange.