How the HTI Rules Are Reshaping Health Data

Key Takeaways

• The HTI rules represent a multi-year federal effort to modernize health data interoperability while balancing transparency, privacy, and operational burden.

• HTI-1 raised the bar for health IT certification and decision support transparency, especially for predictive and algorithm-driven tools.

• HTI-2 codified TEFCA, turning trusted nationwide data exchange from policy guidance into enforceable regulation.

• HTI-3 refined information blocking rules, giving organizations clearer guidance on when and how exceptions apply in real-world data sharing.

• HTI-4 focused on technical alignment and program continuity, ensuring prior interoperability requirements remain workable as standards evolve.

• HTI-5, still proposed, signals a potential shift toward deregulation by removing or revising certification criteria and scaling back some transparency requirements.

• Regardless of regulatory adjustments, healthcare and public health organizations remain responsible for secure, appropriate, and trustworthy data exchange.

Over the past several years, the U.S. Department of Health and Human Services (HHS), through the Assistant Secretary for Technology Policy and Office of the National Coordinator for Health Information Technology (ASTP/ONC), has issued a series of Health Data, Technology, and Interoperability (HTI) rules. Together, HTI-1 through HTI-5 represent a phased approach to modernizing health data exchange, balancing transparency, interoperability, privacy, and regulatory burden.

Rather than a single policy shift, the HTI framework reflects an evolving strategy. Early rules focused on expanding interoperability and transparency. More recent actions emphasize operational clarity, enforcement, and, in the case of HTI-5, potential deregulation. Understanding how these rules fit together helps healthcare organizations prepare for what is required today and what may change next.

HTI-1: Raising the Baseline for Transparency and Interoperability

Finalized in early 2024, HTI-1 marked a major update to the ONC Health IT Certification Program and information blocking framework. Its focus was on strengthening transparency and accountability across certified health IT.

Key elements of HTI-1 included:

• Updates to certification criteria aligned with newer versions of the United States Core Data for Interoperability (USCDI)
• Expanded information blocking definitions and expectations
• A significant update to Decision Support Interventions (DSI), including transparency requirements for predictive and algorithm-driven tools

HTI-1 signaled a clear direction from ONC: interoperability and decision support should be measurable, explainable, and more consistent across the market.

HTI-2: Codifying TEFCA and Trusted Exchange

Finalized in late 2024, HTI-2 built on that foundation by formally codifying key elements of the Trusted Exchange Framework and Common Agreement (TEFCA) into federal regulation under 45 C.F.R. Part 172.

HTI-2 focused on:

• Making TEFCA governance, onboarding, and operational requirements part of regulatory code
• Clarifying how TEFCA participation fits within information blocking rules
• Reinforcing standards-based exchange and long-term alignment with modern technical frameworks, including FHIR

By codifying TEFCA, HTI-2 moved nationwide interoperability from policy guidance into an enforceable structure, creating a clearer path for network-to-network exchange across clinical, payer, and public health systems.

HTI-3: Clarifying Information Blocking in Real-World Exchange

Finalized in early 2026, HTI-3 represents the most recent completed HTI rule. Its purpose was not to expand interoperability requirements, but to refine how information blocking policy is applied in practice.

HTI-3 includes:

• Expanded and clarified information blocking exceptions, particularly around privacy, security, and infeasibility
• Greater specificity on documentation expectations when an exception is used
• Additional guidance to reduce uncertainty for organizations actively exchanging data, including those participating in TEFCA

HTI-3 acknowledges that as interoperability becomes more operational, organizations need clearer guardrails to exchange data responsibly while protecting patient rights.

HTI-4: Technical Alignment and Program Continuity

HTI-4 is narrower in scope than earlier rules but plays an important role in maintaining continuity. It focuses on technical updates and program alignment, including adjustments to certification timelines, standards references, and administrative requirements.

While HTI-4 does not introduce major new policy concepts, it helps ensure that prior HTI rules remain implementable and aligned as technical standards evolve.

HTI-5: A Proposed Shift Toward Deregulation

Released as a proposed rule in late 2025, HTI-5 signals a potential change in direction. Unlike earlier HTI rules, HTI-5 is explicitly deregulatory in intent.

The proposal would:

• Remove 34 ONC Health IT Certification Program criteria and revise 7 others
• Reduce perceived duplication and administrative burden
• Revise certain information blocking policies to address reported misuse
• Scale back Decision Support Interventions requirements, including removing AI “model card” transparency requirements introduced under HTI-1

HTI-5 has not been finalized. Its ultimate impact will depend on public comments and the final rule. If adopted as proposed, it would shift more responsibility from certification requirements to organizational governance, vendor selection, and internal oversight.

How the HTI Rules Fit Together

Viewed together, the HTI framework shows a clear progression:

• HTI-1 expanded transparency and raised certification expectations
• HTI-2 established a formal, trusted national exchange framework through TEFCA
• HTI-3 clarified enforcement and real-world application of information blocking rules
• HTI-4 maintained technical alignment and program stability
• HTI-5 proposes reducing regulatory burden and reevaluating how much standardization should be required

The result is a more mature interoperability environment, one that increasingly relies on both federal standards and organizational responsibility.

What Healthcare and Public Health Organizations Should Keep in Mind

Across HTI-1 through HTI-5, several consistent themes emerge:

• Interoperability expectations are not going away, even if certification requirements change
• Participation in trusted exchange frameworks like TEFCA is becoming more operational and more visible
• Information blocking compliance now depends as much on documentation and governance as on technology
• As certification requirements potentially shrink, internal policies, vendor accountability, and clinical governance become more important

For public health agencies and healthcare providers, the goal remains the same: ensure that health data moves securely and appropriately, supporting care delivery and population health.

Supporting Interoperability Today and Preparing for What’s Next

Patagonia Health’s EHR, Practice Management, and Billing platform is designed to support sustained interoperability across evolving federal requirements. Our solutions help organizations remain compliant while preparing for future regulatory shifts.

As the HTI framework continues to evolve, success will depend not only on meeting technical requirements but on maintaining trust, clarity, and readiness across the healthcare ecosystem.

Frequently Asked Questions

What are the HTI rules?

The Health Data, Technology, and Interoperability (HTI) rules are a series of federal regulations issued by HHS and ASTP/ONC to improve how electronic health information is shared, protected, and used across the healthcare system.

How do HTI-1 and HTI-2 differ?

HTI-1 focused on updating health IT certification requirements and strengthening transparency, particularly for decision support tools. HTI-2 built on that foundation by formally codifying TEFCA, establishing a national framework for trusted data exchange between health information networks.

What problem does HTI-3 address?

HTI-3 clarifies how information blocking rules and exceptions apply in practice. It provides more detailed guidance on privacy, security, and infeasibility exceptions, helping organizations exchange data confidently while staying compliant.

Why is HTI-4 important if it introduced fewer changes?

HTI-4 helps maintain continuity by aligning technical standards, timelines, and program requirements. While less visible, it supports the long-term stability of the interoperability framework.

What would HTI-5 change if finalized?

HTI-5 proposes removing or revising a large number of health IT certification criteria to reduce administrative burden. It would also adjust information blocking policy and scale back some transparency requirements introduced in earlier rules, including certain AI-related disclosures.

Will HTI-5 affect clinicians and public health staff?

Potentially. Certification changes can affect EHR functionality, decision-support behavior, interoperability workflows, and how tools are explained to users. Even deregulatory changes may shift responsibility to local governance and vendor oversight.

What should organizations focus on now?

Organizations should stay aligned with current HTI requirements, strengthen internal data governance, engage vendors about compliance plans, and monitor how HTI-5 progresses. Interoperability success increasingly depends on both technology and organizational readiness.