HTI-5: The Government Just Bet Big on FHIR—Here's What It Means for Healthcare
The HTI-5 proposed rule would eliminate over half of health IT certification requirements while doubling down on FHIR APIs. Here's what healthcare organizations need to know.
HTI-5: The Government Just Bet Big on FHIR—Here's What It Means for Healthcare
Right before the new year, the federal government dropped one of the most significant health IT policy shifts in a decade. And if you're building anything in healthcare interoperability, you need to pay attention.
On December 22, 2025, the Assistant Secretary for Technology Policy/Office of the National Coordinator for Health Information Technology (ASTP/ONC) released the HTI-5 Proposed Rule—officially titled "Deregulatory Actions to Unleash Prosperity." The name tells you exactly what they're going for.
What's Actually Happening
The government is proposing to eliminate more than half of its health IT certification requirements. We're talking 34 out of 60 certification criteria getting the axe, with another 7 being revised. That's nearly 70% of existing requirements being changed or removed.
But this isn't deregulation for deregulation's sake. There's a clear strategy here: clear out the old stuff, double down on FHIR.
The HTI-5 Fact Sheet makes the intent explicit. The rule would "establish a new foundation on which to build FHIR-based API requirements in the future." They're calling it "America's FHIR-Forward Future"—which, yes, is a bit much, but the direction is unmistakable.
What's Getting Cut
The proposed rule would remove a lot of legacy requirements that have been around for years:
- C-CDA creation and transmission requirements — The government is steering away from C-CDA-centric conformance toward FHIR APIs
- All 14 privacy and security certification criteria — Things like authentication, audit logs, and encryption requirements are being removed on the grounds that HIPAA already covers them
- Real World Testing requirements — The burdensome testing plans and results reporting would be descoped
- Most "Insights" reporting requirements — Only FHIR app usage metrics would remain
According to Healthcare IT News, the changes are estimated to save certified health IT developers more than 1.4 million compliance hours in their first year—an average of 4,000 hours per developer.
Why This Matters Beyond Compliance
This isn't just about reducing paperwork. The rule explicitly connects FHIR APIs to AI—stating that one goal is to "support creative AI-enabled interoperability solutions."
The timing isn't coincidental. We're seeing major AI companies partnering with FHIR infrastructure providers to power consumer health applications. The White House Health Tech Ecosystem initiative has Amazon, Apple, Google, OpenAI, and Anthropic all committing to patient-centric data exchange. CMS is requiring aligned networks to provide FHIR API access by July 4, 2026.
The message from multiple parts of the federal government is consistent: FHIR is the path forward.
Who Should Care About This
EHR vendors get obvious compliance relief, but also a clear signal about where to invest. The rule is basically saying: stop spending resources on legacy standards, put that effort into FHIR.
Health systems and providers should expect their vendors to accelerate FHIR adoption. The enforcement discretion ONC announced for HTI-1 requirements (extended to March 1, 2026) gives everyone a bit more runway, but the destination hasn't changed.
Digital health companies and startups building on healthcare data now have stronger regulatory tailwinds. A FHIR-first federal policy means more consistent APIs to build against and clearer expectations from enterprise customers.
AI companies entering healthcare get a cleaner data architecture to work with. As the World Economic Forum noted, healthcare needs to "evolve beyond siloed, function-specific data architectures to ones that ingest multimodal data in real time." FHIR is the closest thing we have to that.
What Happens Next
The proposed rule was published in the Federal Register on December 29, 2025, and comments are open for 60 days. The deadline is February 27, 2026.
If you have opinions about where health IT standards should go—and if you're reading this, you probably do—this is the time to make them heard. The rule aligns with Executive Order 14192 on deregulation, so it has political momentum behind it.
A few things to watch:
- Will the C-CDA removal timeline create gaps? Some organizations still depend heavily on consolidated clinical documents.
- How will the security criteria removal play out? The theory is HIPAA covers it, but certification provided a specific checklist.
- What new FHIR requirements come next? This rule clears the deck—expect future rules to build on this foundation.
The Bigger Picture
For years, healthcare interoperability has been a patchwork of standards, with organizations juggling HL7 v2, C-CDA, FHIR, and proprietary formats. The federal government is now clearly picking a winner.
This doesn't mean legacy integrations disappear overnight—there's too much infrastructure built on older standards. But it does mean the regulatory incentives are aligning around FHIR in a way they haven't before.
Combined with the $50 billion Rural Health Transformation Program emphasizing technology adoption, the CMS Interoperability Framework requiring FHIR APIs, and major tech companies building FHIR-based consumer health products, we're seeing multiple forces pushing in the same direction.
At FHIRfly, we're glad to see regulatory policy aligning behind FHIR. It's the right direction for healthcare interoperability.
