By Stephanie Jamison (Greenway Health), Chair, and Leigh Burchell (Altera Digital Health), Vice Chair, EHR Association Executive Committee

In the months leading up to ASTP’s July 2024 release of the Health Data, Technology, and Interoperability: Patient Engagement, Information Sharing, and Public Health Interoperability (HTI-2) proposed rule, the EHR Association and other health IT stakeholder organizations braced themselves for what was certain to be a massive policy proposal. Those fears were quickly realized when the overwhelming scope of proposed new and expanded software requirements in the 1067-page HTI-2 NPRM was revealed. 

Following our in-depth analysis of HTI-2 and the process of drafting comments, the Association has identified concerns related to public health, standards, Insights measures, and electronic prior authorization requirements within the proposed rule, all of which will be discussed in greater detail in the subsequent blogs in this HTI-2 series. Additionally, there are several overarching issues we believe need to be addressed – including some previously raised by the EHR Association that have yet to be adequately addressed by ASTP and other regulatory agencies.

Compliance Timelines and Scope

It’s a common refrain in the Association’s comment letters and RFI responses: the compliance timelines and scope of work in ASTP regulations create significant burdens for all health IT developers, as well as our healthcare provider customers. We delivered this message related to HTI-1 when it was proposed, and our members are now devoting extensive resources to compliance – sometimes at the cost of innovation clients have requested.   

Yet, as evidenced by the extensive scope of the newer HTI-2 proposals, ASTP and CMS continue to ignore the significant and serious timeline concerns we’ve voiced for years … [In] reality, developers have been forced to deliver compliant solutions significantly earlier than the deadlines officially listed by ASTP so that our customers can meet CMS’s deadlines. This does not allow providers adequate runway after the ASTP deadline to adopt the updates and risks compromising a safe implementation process.

Yet, as evidenced by the extensive scope of the newer HTI-2 proposals, ASTP and CMS continue to ignore the significant and serious timeline concerns we’ve voiced for years. CMS programs, such as the Medicare Promoting Interoperability program and Merit-based Incentive Payment System (MIPS), require healthcare providers to use upgraded certified EHR technology within only a few short months after the deadlines set by ASTP for vendors to finish development of those upgrades. This means that, in reality, developers have been forced to deliver compliant solutions significantly earlier than the deadlines officially listed by ASTP so that our customers can meet CMS’s deadlines. This does not allow providers adequate runway after the ASTP deadline to adopt the updates and risks compromising a safe implementation process.

In the case of HTI-2 and the timelines the agency has suggested, the earliest proposed deadlines of 2026 are infeasible given the time required to develop and deploy upgraded software – an already unrealistic concept that will be exacerbated if the HTI-2 final rule isn’t released until several months into 2025. Further, even the proposed requirements for 2027 and 2028 certification changes are so significant as to make them difficult to complete on time, particularly when factoring in the necessary implementation runway for customers as described above. 

The Too-High Price of Compliance

The HTI-2 compliance burden is so onerous that it is expected to reshape the certified solutions market. It is predicted to result in a sizable decrease in Certification Program participation, with ASTP projecting a 12% reduction in certified products – a market contraction that will disrupt and place an undue burden on smaller healthcare organizations by forcing them to select and implement certified solutions from a new health IT partner in what would likely be a very short period.

Even more striking is the fact that HTI-2 compliance efforts are expected to drive smaller EHR developers out of business altogether. ASTP projects that the cost of complying with HTI-2, particularly on the heels of HTI-1, will lead to an 11% decrease in the number of health IT developers on the market.

Even more striking is the fact that HTI-2 compliance efforts are expected to drive smaller EHR developers out of business altogether. ASTP projects that the cost of complying with HTI-2, particularly on the heels of HTI-1, will lead to an 11% decrease in the number of health IT developers on the market.

Providers and patients are also impacted by the high cost of compliance – both in terms of dollars spent and innovation opportunities lost. Heightened regulatory burdens on developers frequently translate into higher prices for providers who must adopt mandated technology upgrades, which trickles down to care delivery and operations. 

Additionally, the need to focus all resources on delivering compliant solutions detracts from developers’ ability to focus on providing customers with innovation and “delighters,” effectively stunting growth and innovation in the industry. 

Alignment of Incentives

It is not all negative. We are highly supportive of ASTP’s proposal to expand the Certification Program to include criteria focused on the adoption and use of certified health IT by both payers and public health agencies (PHA) to supplement criteria for healthcare providers. Holding all parties to specific and consistent standards and procedures offers great potential for improved data exchange. 

That said, other agencies, such as the CDC and CMS, must offer incentives and/or mandates to enforce the adoption and use of these new proposed criteria by PHAs and payers. If left voluntary, adoption by payers and PHAs could be minimal.

Reality-based Compliance

In announcing the publication of HTI-2, ATSP’s Micky Tripathi called it “a tour de force” that harnesses “all the tools at [ASTP]/ONC’s disposal to advance HHS-wide interoperability priorities.” 

Accomplishing HTI-2’s ambitious goal of ensuring “that the entire system that supports patients and providers utilizes the best technology available in a safe and responsible way” depends upon the ability of EHR developers and healthcare providers to achieve compliance. While the goals of the proposals are admirable, we rely on ASTP’s ability to carefully evaluate industry feedback and take a realistic approach to HTI-2’s final scope and timelines. 

Competition and innovation must not be sacrificed in the name of government-led regulatory compliance and certification.