The landscape of health IT regulation just took another major leap forward. In the final days of 2024, federal regulators dropped two game-changing rules—HIT-2 and HTI-3—adding to the foundation set by HTI-1. Together, these regulations are reshaping how healthcare organizations approach interoperability, data sharing, and compliance in an era of rapidly evolving technology.
Specifically, HHS, through ONC’s Assistant Secretary for Technology Policy (ASTP), published final Health Data, Technology, and Interoperability rules, which implement provisions of the 21st Century Cures Act and are intended to improve the secure exchange and use of electronic health information.
The Cures Act grants authority to the agencies to set standards and create a certification program for health information technology. HTI-1 was released in December 2023 and HTI-2 and HTI-3 in December 2024.
Key updates in each rule include:
HTI-1
- Establishes a new baseline version of the United States Core Data for Interoperability (USCDI).
- Implements the Cures Act “EHR Reporting Program,” which requires reporting on specific IT metrics.
- Updates information blocking rules by updating definitions to support information sharing.
- Adds definitions related to the Trusted Exchange Framework and Common Agreement (TEFCA) and an exception to the rule for parties who join TEFCA.
- Revised conditions to the Infeasibility exception to the information blocking rule.
- Updates the ONC Health IT Certification Program standards and criteria.
HTI-2
- Finalizes rules related to TEFCA. More specifically, the HTI-2 Final Rule finalizes a new part of the CFR for provisions related to TEFCA in 45 CFR Part 172. These final provisions further implement the Public Health Service Act section 3001(c)(9) as added by the Cures Act and provide greater transparency of TEFCA processes.
- Adopts TEFCA-related definitions for information blocking purposes.
- Establishes processes and qualifications necessary for an entity to obtain Designation.
- Establishes procedures governing Qualified Health Information Networks (QHINs).
HTI-3
- Enhances information blocking rules.
- Revises the Privacy and Infeasibility exceptions.
- Adds a new exception for “Protecting Care Access” which permits actors to restrict information sharing when they are acting on the “good faith belief” that the restricting access to information in certain circumstances relating to reproductive health care may reduce a risk of harm to the patient.
ASTP has posted excellent resources for each rule here: www.healthit.gov/topic/laws-regulation-and-policy/health-data-technology-and-interoperability-certification-program
Sources:
