The HTI-1 final rule, issued in December 2023 by the ONC, updates the Health IT Certification Program and changes information blocking regulations under the 21st Century Cures Act. Its aim is to improve interoperability of health IT systems, increase patient access to electronic health information (EHI), and enhance data security and privacy protections. The rule’s compliance deadlines run through January 1, 2026.
One major update in HTI-1 is the expansion of the U.S. Core Data for Interoperability (USCDI) Version 3. This broadens the types of patient data that must be shared, now including more detailed demographics such as sexual orientation, gender identity, and social determinants of health. As a result, healthcare organizations will handle a larger volume and variety of sensitive patient data.
Additionally, HTI-1 introduces an “edition-less” certification model. Instead of releasing periodic edition updates, certification will be maintained as an ongoing, updated framework. This change aims to speed up adoption of new standards by developers and reduce confusion for users and implementers in healthcare settings.
The ONC also now requires an Internet-based method for patients to request restrictions on the use or sharing of their EHI. This aligns with HIPAA regulations and allows patients more control over how their data is shared, making privacy management more dynamic and patient-centered.
While sharing data more freely among providers, payers, and public health agencies can improve care, it also increases exposure to privacy and security risks. Information that moves across organizational lines may be more vulnerable to breaches, misuse, or accidental disclosure.
Healthcare staff like nurses, who handle patient data daily, understand that balancing privacy with interoperability is difficult. Melinda Kidder, a healthcare expert, notes that nurses play an important part in protecting sensitive data as workflows incorporate new IT systems under HTI-1. The key challenge is maintaining strict privacy without blocking timely access to necessary clinical information.
The wider use of APIs and expanded data sharing calls for stronger cybersecurity measures. HTI-1 responds by requiring faster expiration for access tokens and supporting refresh tokens for patient-facing applications, which improves security during electronic health exchanges.
Since many organizations will update or replace health IT modules to meet the new standards, thorough staff training is crucial. Ongoing education helps clinical, administrative, and IT teams understand new workflows, privacy protocols, and technical setups related to interoperability.
A new part of the HTI-1 final rule is the Insights Condition within the ONC Health IT Certification Program. This requires annual reporting of interoperability metrics by health IT developers with a significant user base—those serving at least 50 hospital sites or 500 clinicians.
Beginning in 2026, certified health IT vendors must report data on seven key measures across four areas:
These aggregated reports will be publicly available on the ONC website to improve transparency and accountability. They will also help developers and healthcare organizations track interoperability performance and privacy compliance.
Healthcare administrators can use this data to assess how their health IT vendors perform and to plan technology upgrades strategically to meet regulatory and patient care goals.
The interoperability requirements of HTI-1 call for big changes in clinical and administrative workflows. Introducing new health IT systems can strain operations and reveal gaps in privacy procedures.
Healthcare professionals, especially nurses, must adapt to more documentation tasks, new access rules, and extended data sharing while keeping confidentiality intact. Nurses often act as the final protectors of patient information and link technology with patient care.
Hospital and practice administrators should encourage cooperation among clinical teams, IT departments, and health IT vendors. It is important to ensure new technologies fit smoothly into everyday workflows. Getting feedback from end users helps improve system functions and keep patient data safe.
Paul Jeffery Smith, Deputy Director of Certification and Testing Division at ONC, stresses the need for ongoing training and usability improvements to fully benefit from certified health IT while maintaining privacy safeguards.
The HTI-1 final rule aims to increase patient involvement by giving individuals easier access and clearer control over their health data. This approach seeks to break down information silos and lets patients be active in their care choices.
The rule requires certified health IT systems to offer patient portals or API-based access where patients can view, download, or send their EHI. Systems must also provide an Internet-based way for patients to limit others’ use or sharing of their data, as mandated by the HIPAA Privacy Rule 45 CFR 154.522(a), effective January 1, 2026.
Greater patient control can add complexities for healthcare providers who must maintain compliance and adapt workflows. When patients request data restrictions, providers need clear policies and teamwork to balance these requests with sharing clinical information.
Medical practice administrators should develop protocols and train staff to recognize and respond to patient restriction requests promptly, all while making sure patient care continues without interruption.
Artificial intelligence (AI) and automation tools offer ways to handle the complexity created by interoperability and privacy rules. Under HTI-1, these tools can simplify workflows, support compliance, and reduce administrative work for healthcare staff.
Simbo AI, a company that focuses on front-office phone automation and intelligent answering, demonstrates how AI can improve healthcare administration. Their systems handle patient calls, appointment scheduling, and information requests efficiently, freeing up staff time for patient care.
From the privacy perspective, AI can support enforcement of data access rules. Automated workflows can detect when patients limit use of their EHI and quickly update data-sharing settings in electronic health record (EHR) systems.
Moreover, AI-powered decision support tools, addressed by HTI-1’s Algorithmic Transparency and Decision Support Intervention criteria, must allow feedback and risk management to reduce bias and maintain ethical standards. This oversight is important given AI’s growing role in clinical areas.
Using AI and automation helps healthcare providers manage daily demands of interoperability rules, lower human error, and increase efficiency in patient care delivery.
Solutions like Simbo AI’s show how front-office functions can adjust to new health IT requirements. They also support better provider-patient communication while following privacy rules required by HTI-1.
For healthcare providers in the U.S., HTI-1 offers both challenges and opportunities. It is important to take active steps to implement interoperability while handling data privacy rules.
Careful planning and technology use can help healthcare organizations meet HTI-1 standards and improve both patient involvement and data privacy protections.
As the HTI-1 final rule shapes health information exchange and privacy, medical practice leaders must balance operational demands with regulations. Implementing interoperable systems can be complex, but sound leadership and thoughtful integration—especially with AI and workflow automation—can make the process manageable and aligned with patient care goals.
The HTI-1 final rule, published by ONC, aims to advance interoperability, improve patient access to health information, and reduce information blocking, representing a significant shift in health IT.
HTI-1 emphasizes breaking down silos in healthcare data, allowing seamless access to comprehensive health records across different settings, which improves continuity of care.
HTI-1 empowers nurses by fostering collaborative patient involvement in health care and facilitating smoother communication, enabling timely interventions.
While facilitating data sharing, HTI-1 raises concerns for nurses about ensuring the privacy and security of sensitive patient information in interoperable systems.
Nurses must adapt their daily workflows to incorporate new health IT systems arising from HTI-1, which may present integration challenges.
Continuous training is crucial for nurses to effectively utilize new technologies introduced by HTI-1 without compromising patient care.
Nurses can provide invaluable feedback to health IT teams, ensuring that new regulations translate into improved patient outcomes.
HTI-1 emphasizes patient access to health information, encouraging individuals to actively participate in their health decisions, fostering a collaborative care approach.
HTI-1 promotes streamlined and secure communication among healthcare entities, which is vital for nurses relying on timely information for patient interventions.
Nurses remain optimistic that embracing technologies like HTI-1 will lead to positive changes in patient care, enhancing overall healthcare delivery.
Simbo is using AI agents to automate all phone related workflows. Connect now to know more.
Schedule AI Agents Demo Now© Since 2019, Simbo AI.
