By Leigh Burchell (Altera Digital Health), Chair, EHR Association Executive Committee
LinkedIn: Leigh C. Burchell
LinkedIn: Electronic Health Record Association
The current administration has made deregulation a central policy priority, aiming to reduce burden and costs in as many sectors of the economy as possible, including health care. This is exemplified by the January 2025 Executive Order 14192: Unleashing Prosperity Through Deregulation, which requires federal agencies to eliminate ten regulations for each new one introduced.
As the trade association for health IT developers, we believe that smart deregulation should focus on removing outdated, redundant, and low-value requirements with ASTP/ONC and CMS playing a role more focused on driving improvements in standardized interoperability and health data exchange. Health IT regulation should support—not hinder—the industry’s collective ability to deliver safe, effective, and innovative technology solutions, without compromising the progress made or devaluing the investments in health IT over the last fifteen years. As always, we remain committed to working alongside federal agencies within the construct of a regulatory environment that benefits providers, developers, and—most importantly—patients.
The Critical Role of ASTP/ONC
The EHR Association noted in our March 11, 2025, letter to Secretary Kennedy that the Assistant Secretary for Technology Policy/Office of the National Coordinator for Health Information Technology (ASTP/ONC) is instrumental in advancing the digitization of the healthcare sector and in coordinating numerous federal agencies’ efforts regarding health data collection, analysis, and optimization. Since the creation of the National Coordinator role through the HITECH Act of 2009, health IT adoption has grown exponentially, creating numerous opportunities to harness data and technology to improve the delivery of healthcare. As a result, ASTP/ONC’s responsibilities have also expanded over this period. As software developers regulated by this agency, we depend on ASTP/ONC to promote interoperability in health IT by publishing standards for information documentation and exchange, as mandated by Congress.
While ASTP/ONC’s ongoing work of coordinating federal policies is vital, the agency can do more to further improve collaboration with state governments to foster regulatory alignment and avoid fragmentation across jurisdictions. Moreover, ongoing efforts from both ASTP/ONC and CMS are essential to guarantee that all stakeholders, including public health agencies, payers, and ancillary providers such as laboratories, do their part in ensuring the safe and efficient exchange of health information.
Opportunities for Deregulation Without Sacrificing Progress
The administration has a clear opportunity to scale back regulatory requirements in a way that fosters innovation while continuing to appropriately push the industry forward in key areas. The EHR Association recommends that ASTP/ONC:
1. Refocus regulatory efforts on persistent interoperability gaps rather than adding new certification requirements.
Certification requirements present a clear opportunity for deregulation. Certification has played a pivotal role in driving the adoption of health IT standards, providing a level of transparency and quality assurance that benefits both healthcare providers and patients. However, as the industry has matured over the past 15+ years, the expansion of certification requirements has continued at an unnecessary pace. Rather than broad regulatory expansion, the focus should now shift to targeted improvements that address real-world interoperability challenges.
2. Eliminate certification criteria that have outlived their usefulness.
The costs and efforts associated with maintaining and enforcing certification can be further reduced by eliminating various existing certification criteria (or components of criteria) that have outlived their usefulness or have not delivered the value anticipated by ASTP/ONC. For instance, patient demographics and observations, FHIR Bulk Data, and patient health information capture either duplicate other requirements or have seen limited adoption and could be removed as regulatory certification requirements. Additionally, criteria such as computerized provider order entry (CPOE) have become so widely implemented that they no longer need to be included as a requirement for certification.
3. Streamline data exchange by advancing the efficiency of the FHIR ecosystem and maximizing the value of existing API technologies.
FHIR lowers API development costs by providing a standardized framework that eliminates the need for custom-built integrations and enables developers to reuse interfaces across systems, reducing redundancy. Its modular design allows for expansion without disrupting interoperability, preventing costly overhauls as regulations evolve. Widespread adoption by EHR developers and regulators like ASTP/ONC and CMS further streamlines compliance, creating a consistent, industry-wide approach to interoperability.
The EHR Association recommends that ASTP/ONC focus on streamlining FHIR-based data exchange by enhancing the efficiency of the FHIR ecosystem and maximizing the value of existing API technologies, rather than introducing additional certification requirements or expanding regulatory mandates. While FHIR has significantly reduced the cost and burden of API development by providing a standardized framework, variability in implementation, evolving regulatory mandates, and security concerns still create inefficiencies that drive up costs.
To reduce unnecessary regulatory burdens while advancing interoperability, ASTP/ONC should prioritize optimizing existing API frameworks rather than layering on new requirements. This includes refining FHIR implementation standards to ensure consistency across platforms, strengthening security protocols to protect sensitive health data, and fostering API usability improvements for both developers and end-users. By focusing on enhancing rather than expanding regulations, ASTP/ONC can drive more efficient data exchange, lower compliance costs, and ensure that health IT innovation continues without undue administrative complexity.
4. Rethink the launch of the Insights measures.
Insights serves as a Condition and Maintenance of Certification requirement included in the 21st Century Cures Act, but this could be effectively covered by other requirements, such as certification and Real World Testing. ASTP/ONC has an immediate opportunity for deregulation by eliminating this costly and ineffective mandate before it is implemented. The program is expected to offer minimal practical value for the market, and its reporting requirements would add administrative burden without yielding meaningful improvements in healthcare outcomes or interoperability. We encourage ASTP/ONC to think creatively about how they can satisfy statutory obligations with efforts already taken by software developers.
5. Reconsider DSI regulation.
As defined in the Health Data, Technology, and Interoperability (HTI-1) final rule, the Decision Support Intervention (DSI) certification criterion aims to ensure that health IT tools, including DSIs, are safe, effective, and equitable, supporting clinical decision-making without introducing new risks or biases. While decision support functionality is widely utilized, the current DSI certification structure places undue restrictions on AI applications or modules without contributing to patient safety, system reliability or usability. It also establishes an uneven playing field for health AI technology developers by imposing stringent requirements exclusively on those who supply certified health IT, while developers who do not participate in certification are unencumbered by any regulatory framework. ASTP/ONC should reconsider this regulatory approach.
6. Address AI regulation through a risk-based framework.
AI has the potential to greatly enhance healthcare, but an overly generic regulatory strategy may hinder innovation and waste resources for all involved. Therefore, ASTP/ONC should implement a risk-based framework for AI regulation, differentiating between clinical and non-clinical applications. Oversight and bureaucratic demands for AI tools designed to alleviate clinician burnout and streamline administrative tasks should be minimized. Rather than enforcing rigid regulations that offer little practical benefit, focus should be placed on researching effective methods for the safe implementation of AI in healthcare.
CMS’s Role in Reducing Quality Reporting Burden Without Compromising Care
CMS also has an opportunity to alleviate regulatory burden on both software developers and participants in programs like Promoting Interoperability by streamlining quality reporting requirements. We recommend decreasing the number of quality measures required for these programs, ensuring only those with demonstrated clear clinical value remain. Additional efficiencies could be achieved by aligning reporting formats across CMS programs and implementing requirements only when appropriate technology standards are established.
Lastly, CMS should consider how quality measurement requirements affect clinician workflows and contribute to clinician burnout and frustration. Each measure should be evaluated to determine whether the value of the measure in data gained by CMS is proportional to the cost and burden.
Reducing Inefficiencies in Public Health Certification
Electronic Case Reporting (eCR) can play a critical role in disease surveillance, but its implementation to date remains inefficient and burdensome. The CDC’s role in establishing technical requirements has resulted in fragmented adoption and redundant compliance efforts, complicating interoperability instead of facilitating it. The process of overseeing Certified Electronic Health Record Technology (CEHRT) should remain solely under the auspices of ASTP/ONC, which has the established framework and expertise necessary for effective governance of health IT functionality. The CDC’s focus should be on defining public health reporting needs, not on imposing technical requirements or running a parallel certification process for separate functionality. Consolidating this process under ASTP/ONC would eliminate regulatory inefficiencies and reduce provider and developer burden.
This article was originally published on EHR Association Blog and is republished here with permission.