Autumn 2025 Issue

Health IT Happenings: Deregulation in the Spotlight
By Leigh Burchell
For The Record
Vol. 37 No. 3 P. 28

Recommendations for Reducing Health IT’s Regulatory Burden

One of the highest-priority initiatives of the current Trump Administration is regulatory reform, with instructions having been given to agencies to repeal or reform “obsolete and redundant rules” and those that impose a high cost without clear benefits. A scan of the regulatory environment for health IT reveals a multitude of reasonable targets for deregulatory efforts, including within Health and Human Services (HHS).

Following a general request for input from the Assistant Secretary for Technology Policy (ASTP)—also known as the Office of the National Coordinator for Health Information Technology (ONC)—and the release of several deregulatory-themed requests for information from different entities within the federal government, the HIMSS EHR Association spent much of the first half of 2025 assessing regulatory efficacy and developing recommendations for HHS and the Office of Management and Budget (OMB) that we hoped would be considered reasonable deregulatory targets. Based on our interpretation of OMB’s request for comments addressing “any and all regulations currently in effect,” as well as our collective experience in complying with regulatory programs over the last 15 years, we included within our efforts areas where regulatory efficiency can be improved, rather than focusing solely on the cancellation of regulations.

As primary stakeholders impacted by health IT regulations, our member organizations benefit most from a reasonable regulatory environment. The primary impetus behind our list of recommendations is the belief that efficient and clinically valuable EHRs can be delivered more effectively in an environment where regulations, at this stage of the health IT adoption journey, focus on safety and the exchange of usable patient data. More innovation-friendly oversight would reduce the amount of development that technologists undertake solely to satisfy regulation, remove documentation frustrations stemming from CMS mandates, and allow a greater focus on meeting client demand.

Certification Deregulation
In response to ONC’s request for input on deregulatory opportunities, we submitted several suggestions focused on the certification program and information blocking provisions. For example, we recommend revising the current conditions and maintenance of certification to focus on streamlined and meaningful oversight without placing undue demands on developers, especially when the direct benefits of the requirements to providers and patients are limited.

Additional recommendations include the following:

• removing criteria that are noninteroperability focused, are redundant, or have not delivered substantive value, and focusing instead on promoting standardized, scalable interoperability alongside privacy and security protections;

• refining certification criteria to eliminate unnecessary complexity or low-value components; and

• streamlining and modernizing certification process requirements to reflect today’s program maturity and reduce redundant oversight.

We also recommend sustaining the focus on and funding for certification testing tools to ensure they remain accurate, reliable, and consistently available. This will reduce participants’ burden and support effective compliance while improving efficiencies with further automation.

Regarding information blocking, ASTP/ONC should provide stronger federal guidance to prevent a patchwork of state-level requirements or adjudication of information blocking cases outside of the process outlined in the 21st Century Cures Act. Additionally, clarifying or streamlining existing information blocking exceptions would reduce complexity and compliance burden for all stakeholders.

Finally, states would benefit from clear guidance on how to effectively engage with and benefit from the Trusted Exchange Framework and Common Agreement (TEFCA), thereby preventing the fragmentation of information exchange efforts. Empowering the Recognized Coordinating Entity to support this effort by serving as a resource for state alignment would ensure TEFCA realizes its potential as a unifying framework for nationwide interoperability.

Aligning With CMS Goals
Many of the goals outlined for the agency by CMS Administrator Mehmet Oz, MD, are closely linked to health IT, such as the importance of real-time access to patient data, easing the prior authorization process, and the patient’s capacity to move their data at will—goals shared by the software development community.

However, to achieve these shared goals, CMS programs will need to be more narrowly focused on several key areas and include coordination between CMS and ASTP/ONC to optimize the efficiency of the federal regulatory environment. For example, aligning measurement requirements specific to certification with the real-world data needed for treatment would reduce providers’ documentation burden, ideally removing measures that capture data that is not critical to providing care during the visit.

In fact, we recommend reinvigorating the project that was undertaken a few years ago to shift quality measurement to an outcomes-based approach. Such a shift would support the collection and analysis of large datasets to identify the care that most effectively helps patients and thus should be encouraged through CMS payment models.

Such an adjustment also supports the goal of providing clinicians with relevant, real-time feedback on delivering better and more efficient care. This is important because, as the industry transitions to digital quality measurement, it’s crucial to ensure that:

• data remains accessible to providers while they are delivering care;
• the calculation of quality measures needs to remain sensitive to privacy and security; and
• the burden imposed on providers to calculate and report that data is minimized.

It is also crucial to align incentives for providers with goals related to the exchange of comprehensive patient data and the adoption of newer technologies, such as expanded health IT functionality and open application programming interfaces. This will ideally be achieved through a collaborative effort among ASTP/ONC, the EHR Association, and the provider community, ensuring implementation timelines that permit safe software development processes and allow for cost-efficient provider technology upgrades to facilitate adoption.

Finally, we recommend continuing industrywide alignment on evolving and maturing standards specific to key goals (eg, ePrior Authorization, surprise billing, and the exchange of clinical imaging). This includes collaboration on Real World Data access for analytics and research by identifying optimal data-sharing methods for large data volumes. A collaborative effort is also recommended to identify solutions to the challenges related to patient matching and identity verification, as well as a provider directory, all of which currently present significant obstacles to exchanging and accessing useful real-time data.

Enabling Maximum Benefit
Along with our recommendations for regulatory repeal and refinement, we have also identified several requirements that warrant revisiting. These are regulations impacting the EHR and/or health IT industries that could deliver measurable value to providers, patients, and national health but are held back by regulatory constraints.

One significant area of opportunity is connecting health IT used in care environments with public health entities. For example, electronic case reporting is intended to save providers from the burdensome task of paper reporting of public health events by facilitating the shift to user-friendly, timely electronic reporting of that data. It is a change that has been long requested by providers based on their experience with COVID-19 reporting programs, as well as other requirements specific to disease surveillance.

However, while appropriate regulations are in place and do not need any significant adjustment, the CDC and state, tribal, local, and territorial (STLT) authorities have been unable to effectively establish the necessary reporting and data-sharing infrastructure because funding has been insufficient to address both the technical development and the connections with the hundreds of STLTs in various locations. Electronic case reporting benefits cannot be achieved by reducing regulatory requirements but rather by stabilizing them and enhancing the capacity of the CDC and the STLTs to implement them in a timely fashion.

These recommendations demonstrate the commitment of the EHR Association’s membership to advancing policies that support safe, effective, and interoperable health IT while ensuring that regulatory frameworks are appropriately aligned with the capabilities of modern technology and the needs of health care providers and patients.

— Leigh Burchell is Altera Digital Health’s vice president of policy and public affairs and chair of the EHR Association Executive Committee.