The Office of the National Coordinator for Health Information Technology (ONC) has finalized sweeping changes to its health IT certification program, eliminating edition-based certifications and introducing new requirements for decision support, interoperability, and data standardization, according to the latest update. The HTI-1 Final Rule, effective March 11, 2024, is set to impact health systems by advancing algorithm transparency, real-world testing, and FHIR-based data exchange.
ONC described the new rule as a necessary step to modernize certification requirements and ensure that certified health IT products align with industry advancements.
“The move away from edition-based certification is a fundamental shift,” the update stated. “It allows health IT updates to align with development cycles and regulatory changes more efficiently.”
Certification Program: Moving Beyond Editions
ONC will no longer classify health IT certification criteria by edition, such as the 2015 Edition or 2015 Cures Update. Instead, certification updates will be incremental, making it easier for health IT developers to adopt regulatory changes over time.
“By eliminating edition-based updates, we’re creating a more agile certification structure that better supports innovation and compliance,” ONC stated.
The certification criteria will now be referred to simply as “ONC Certification Criteria for Health IT.”
Expanded Real-World Testing for Decision Support Interventions
A major addition to the certification program is the inclusion of Decision Support Interventions (DSI) in real-world testing requirements. Health IT vendors must now incorporate DSI testing into their certification programs.
According to the update, any health IT module certified before August 31, 2024, must include DSI testing in plans submitted by December 2024. Vendors certifying after that deadline must comply by December 2025.
The update stated that DSI expands on existing clinical decision support criteria, reflecting the increasing role of AI and machine learning in healthcare. ONC emphasized that this requirement is intended to ensure the reliability and transparency of AI-driven decision support in clinical settings.
Strengthened API Security and FHIR Standardization
Interoperability remains a key focus of the HTI-1 rule. By December 31, 2024, API developers must publish service base URLs and related details in a standardized FHIR-based format at no charge. The update emphasized that this requirement ensures patients can access their health records using any FHIR-compliant application.
Additionally, all certified API functionality must support patient-driven revocation of application access within one hour of a request. This requirement builds on previous API security clarifications issued by ONC in 2021, which allowed short-lived access tokens to expire within one hour instead of requiring immediate revocation. The update stated that these requirements strengthen data security and ensure that patients have greater control over third-party application access to their health information.
“Patients deserve to have a seamless and secure way to manage their health data access,” the update stated. “This rule reinforces their ability to control application permissions with minimal delay.”
USCDI and C-CDA Updates Required by 2025
Health IT developers must update their systems to support the U.S. Core Data for Interoperability (USCDI) Version 3 by the end of 2025. The update stated that this change will ensure standardized data exchange, including social determinants of health and disability status.
Certified systems must also transition to the latest HL7 Consolidated Clinical Document Architecture (C-CDA) Companion Guide by the same deadline. According to the update, this version supports the expanded data set required under USCDI v3, enhancing interoperability across health IT platforms.
“Standardized data sharing is critical for care coordination and analytics,” the update stated. “These updates will enhance data consistency across health systems.”
Certification Deadlines for Updated Code Sets and Data Elements
The HTI-1 Final Rule mandates updates to various minimum standard code sets by December 31, 2025. The update outlined several key changes:
- Race and Ethnicity Coding: Health IT systems must adopt the latest CDC Race and Ethnicity Code Set (Version 1.2).
- Sex, Gender, and Pronoun Standardization: Certified systems must support updated SNOMED CT and LOINC codes for gender identity, sexual orientation, and sex for clinical use.
- Electronic Prescribing: Health IT modules must transition to the July 2022 RxNorm Full Monthly Release.
- Public Health Reporting: Updated standards for immunization registries and case reporting must be adopted, including HL7 FHIR-based electronic case reporting implementation guides.
These updates reflect ONC’s broader strategy to align health IT certification with evolving public health and clinical data standards.
The Road Ahead: Annual Health IT Insights Reporting
Starting in 2026, certified health IT developers will be required to submit annual reports tracking the adoption and use of certified functionalities. The first year of reporting will focus on individual access to EHR data and the use of FHIR-based applications.
According to the update, the reporting framework will be phased in over three years:
- 2026 Reporting Focus: Number of unique patients accessing their EHRs via certified APIs, number of API-supported applications, and immunization submissions.
- 2027 Reporting Expansion: Measures related to C-CDA reconciliation, FHIR bulk data access, and interoperability usage across health IT deployments.
- 2028 and Beyond: Further expansion of reporting requirements, including automation of reconciliation processes and deeper insights into health IT adoption trends.
These measures, ONC stated, will address information gaps in health IT and offer transparency into how certified tools are being used across the industry.
Take It Away
Health IT executives should prepare for the following key changes:
- Edition-based certification is ending – Future updates will be incremental, aligning with development cycles.
- New real-world testing mandates – Decision Support Interventions must be included in certification testing.
- API security updates – Applications must allow patients to revoke access within one hour.
- FHIR standardization required – Certified APIs must publish service base URLs in a FHIR-compliant format.
- USCDI and C-CDA updates by 2025 – Health IT systems must transition to new data exchange standards.
- Expanded public health data standards – New race, ethnicity, gender identity, and prescribing code sets must be adopted.
- Annual reporting starts in 2026 – Certified developers must submit usage data on FHIR adoption, immunization reporting, and EHR access.
“These updates mark a significant evolution in certification, with a strong emphasis on real-world interoperability and transparency,” ONC stated.
Share Your Thoughts
You must be logged in to post a comment.