Health Data, Technology, and Interoperability rules are now ASTP/ONC’s primary mechanism for shaping how certified health IT is expected to perform in real-world use. HTI-1 raised the bar on FHIR APIs, transparency, and predictable system behavior. HTI-5 continues that trajectory, with a sharper focus on how certified capabilities actually function after certification.

HTI-5 is not a reset and not a brand-new framework. It is a continuation of ASTP/ONC’s move away from one-time certification events and toward sustained, accountable interoperability. For EHRs and Health IT developers, understanding this shift early is the difference between steady execution and reactive compliance work later.

What HTI-5 is Really About?

HTI-5 refers to ASTP/ONC’s proposed updates to the Health IT Certification Program that reinforce expectations around reliability, usability, and governance of certified health IT over time. While HTI-1 emphasized the presence of certified FHIR APIs, algorithm transparency, and predictable system behavior, HTI-5 expands attention to how those capabilities are used and maintained in production, including:

Patient access that is timely, usable, and dependable
Data exchange that works consistently beyond certification testing
Support for longitudinal data use, not just single transactions
Alignment with broader federal initiatives such as TEFCA and CMS programs

HTI-5 does not replace existing certification criteria. Instead, it layers additional expectations around durability, monitoring, and explainability of certified capabilities once they are live. Industry summaries, including a recent HTI-5 overview by Josh Mandel, reinforce this theme: ASTP/ONC is increasingly focused on how interoperability performs in practice, not just on paper.

Why HTI-5 Matters Now

HTI-5 matters because ASTP/ONC’s oversight model has already changed, even if many organizations are still operating as if certification is a one-time milestone.

Several forces are converging:

Certified FHIR APIs are now widely deployed, shifting scrutiny from availability to real-world behavior
Patient access requirements are expanding in scope and enforcement
TEFCA is operational, increasing expectations for consistent exchange across networks
CMS programs increasingly rely on certified data for quality, cost, and accountability

ASTP/ONC has been explicit that certification is no longer static. HTI-5 reflects this reality by reinforcing that certified health IT must support data access, exchange, and use in ways that can be explained, audited, and defended if reviewed later.

What HTI-5 Signals About ASTP/ONC’s Direction

HTI-5 makes several expectations harder to ignore:

Interoperability Must be Operational
APIs are expected to work reliably across updates, versions, and workflows, not just pass a test script.
Patient Access is Core
Patient-facing access is no longer peripheral. Certified systems must support consistent, usable access over time.
Longitudinal Data Use Matters
Health IT is expected to support ongoing care, chronic conditions, and cumulative data use, not just point-in-time exchange.
Oversight is Continuous
Certification surveillance, information blocking enforcement, and cross-agency coordination all depend on a system’s ability to demonstrate how data was exchanged and used.

None of this is entirely new. HTI-5 simply reinforces that these expectations are now central to certification oversight.

What this Means for EHRs and Health IT Developers

For EHRs, HTI-5 emphasizes operational readiness, not just certification readiness.

EHRs and developers should be paying attention to:

Monitoring real-world FHIR API usage, not just test success
Managing ongoing updates to FHIR and USCDI version updates
Ensuring patient access workflows remain stable over time
Preserving traceability for data exchange and system behavior
Aligning certified capabilities with TEFCA and CMS expectations

The primary risk is not immediate decertification. The real risk is operational drag - increased support burden, slower certification reviews, and difficulty responding to oversight questions when systems cannot easily explain what happened and why.

How Darena Health Supports HTI-5 Readiness

Darena Health helps EHRs and health IT developers handle the parts of compliance that are continuous, operational, and easy to underestimate.

Our ASTP/ONC-certified modules and services help organizations:

Maintain compliant, production-ready FHIR APIs over time
Track and document real-world API utilization
Manage FHIR and USCDI version updates without disrupting workflows
Preserve traceability needed for certification surveillance
Reduce internal burden so product teams stay focused on product innovation

Rather than treating each rule as a one-time project, Darena helps organizations build a compliance foundation that stays aligned as interoperability requirements evolve.

From Compliance to Operational Readiness

HTI-5 reinforces a clear direction. ASTP/ONC expects certified health IT to support data access, exchange, and use in ways that are reliable, explainable, and defensible over time. These expectations are enforced through existing certification structures, surveillance, and oversight, not through a single new checkbox.

Organizations that invest now in operational readiness will face fewer surprises as the scrutiny continues to increase.

Have questions about how HTI-5 impacts your EHR or Health IT solution?

Darena Health works directly with EHRs and developers to assess HTI-5 implications and integrate certified modules that reduce long-term compliance risk.