Overview
On December 29, 2025, the US Department of Health and Human Services (HHS) Assistant Secretary for Technology Policy/Office of the National Coordinator for Health Information Technology (ASTP) published the Health Data, Technology, and Interoperability: ASTP/ONC Deregulatory Actions to Unleash Prosperity (HTI-5) proposed rule in the Federal Register to update its Health IT Certification Program requirements and amend the information blocking regulations that ASTP issued under the 21st Century Cures Act. On the same date, ASTP published a separate notice in the Federal Register withdrawing yet-to-be finalized proposals from the Health Data, Technology, and Interoperability: Patient Engagement, Information Sharing, and Public Health Interoperability (HTI-2) proposed rule.
In conjunction with the proposed rule and withdrawal notice, ASTP released new information blocking frequently asked questions (FAQs), including FAQs that address the information blocking regulations’ manner and fees exceptions. Together, the proposed changes and interpretive guidance in the FAQs would reduce the circumstances under which actors may deny requests for access, exchange, or use of electronic health information (EHI).
This client alert discusses:
- The proposed changes to the information blocking regulations, including changes to the manner exception, removal or limitation of the manner exhausted condition of the infeasibility exception, and new or amended definitions, as well as the FAQs.
- ASTP’s proposal to substantially scale back the criteria for certification of health information technology under the certification program.
The deadline for submitting comments to ASTP regarding the proposed rule is February 27, 2026, at 5:00 pm EST.
For more information about information blocking, visit McDermott Will & Schulte’s Information Blocking and Interoperability in Healthcare resources page.
In Depth
Key proposed changes to the information blocking regulations
The proposed rule would:
- Remove the third party seeking modification use condition of the infeasibility exception, which permits actors to deny certain requests to write back EHI to certified health IT.
- Amend the manner requested prong of the manner exception to exclude from the exception arrangements that are not at market rates, are contracts of adhesion, or include unconscionable terms.
- Overhaul the manner exception exhausted condition of the infeasibility exception to limit the circumstances under which an actor could deny a request for a manner of access, exchange, or use of EHI on the basis that it offered alternative manners to the requestor, or, alternatively, remove the condition entirely.
- Remove the Trusted Exchange Framework and Common Agreement (TEFCA) manner exception.
Information blocking prohibition
Under the current regulations, information blocking means a practice by a health IT developer of certified health IT (certified health IT developer), health information network, or health information exchange (HIN/HIE), or by a health care provider (collectively, actors), that, except as required by law or covered by an exception adopted by ASTP, is likely to interfere with access, exchange, or use of EHI, and:
- If conducted by a certified health IT developer or HIN/HIE, is a practice that such certified health IT developer or HIN/HIE knows, or should know, is likely to interfere with, prevent, or materially discourage access, exchange, or use of EHI.
- If conducted by a health care provider, is a practice that the provider knows is unreasonable and is likely to interfere with, prevent, or materially discourage access, exchange, or use of EHI.
Interference
The current information blocking regulations define “interfere with” or “interference” to mean “to prevent, materially discourage, or otherwise inhibit.” ASTP has previously identified practices that it believes may interfere with access, exchange, or use of EHI in FAQs. ASTP’s new FAQs clarify its interpretation that interference may include interference with access, exchange, or use of EHI by agentic artificial intelligence (AI), robotic process automation, and other automation technology, and not only technology using more manual means.
Amended information blocking exceptions
ASTP proposes to revise or remove certain existing information blocking exceptions.
Manner exception
The manner exception to the information blocking prohibition permits an actor’s practice that limits the manner in which the actor fulfills a request to access, exchange, or use EHI if the practice meets the exception’s manner requested condition or alternative manner condition.
The current manner requested condition requires the actor to fulfill a request for information in any manner requested, unless the actor is technically unable to fulfill the request or cannot reach agreeable terms with the requestor to fulfill the request. If the actor and requestor mutually agree on terms for the manner requested, the agreement may include fees that do not satisfy the fees exception and interoperability element license terms that do not satisfy the licensing exception.
If the actor does not fulfill the manner requested because it is technically infeasible or the parties do not mutually agree on terms for the manner requested, the actor may meet the exception under the alternative manner condition. That condition requires the actor to fulfill the request for EHI without unnecessary delay in an alternative manner. The actor must fulfill alternative manners in a priority order and only proceed to the next priority alternative manner if the actor is technically unable to fulfill the request in the higher priority manner. Any fees charged by the actor in relation to fulfilling the request are required to satisfy the fees exception, and any interoperability element license in relation to fulfilling the request must satisfy the licensing exception.
ASTP proposes to amend that manner requested condition to exclude any contracts, agreements, or licenses that are not at market rate, are contracts of adhesion, or include unconscionable terms. The proposed rule includes the following new definitions:
- “Market rate” means the value in an arm’s length transaction, consistent with the general market value of the subject transaction.
- “Contract of adhesion” means a contract provided on a standardized form, or on a “take it or leave it basis” without a realistic opportunity to bargain, where the desired product, service, access, use, or exchange cannot be provided except by acquiescing to the form contract.
- “Unconscionable terms” means contractual terms that are excessive, unreasonable, or shockingly unfair or unjust.
In ASTP’s new FAQs, the agency interprets the manner exception to generally require the actor to provide all of the EHI requested to meet the exception. The FAQs note that the actor may be able to meet another exception for any EHI that it cannot provide in accordance with the manner requested condition and/or alternative manner condition.
Infeasibility exception
The current information blocking regulations’ infeasibility exception provides that a denial of a request to access, exchange, or use EHI due to the infeasibility of the request is not information blocking when the denial meets one of the exception’s infeasibility conditions. The denial also must meet the timeframe of the exception’s responding to requests condition, which requires the actor to respond to the requestor in writing with the reasons why the request is infeasible within 10 business days of receipt of the request.
ASTP proposes to revise or remove the following infeasibility conditions:
- Third party seeking modification use condition. One of the current infeasibility exception conditions allows an actor to deny a request if the request is to enable use of EHI to modify EHI, provided that the request is not from a health care provider requesting such use from an actor that is its business associate. ASTP proposes to remove the condition because it believes that the “condition is susceptible to misuse by actors withholding EHI to unnecessarily inhibit access, exchange, and use of EHI by third parties that patients and health care providers want,” such as competitors to the actor. In the preamble to the proposed rule, ASTP notes that actors may be able to rely on the information blocking regulations’ security or preventing harm exception to address concerns about third-party modifications impacting the integrity of EHI or creating patient safety risks from corrupt or misidentified patient data.
- Manner exception exhausted condition. The current manner exception exhausted condition allows an actor to meet the infeasibility exception if it meets three factors. First, it requires that the actor could not reach agreement with a requestor or was technically unable to fulfill a request for EHI in the manner requested under the manner requested condition. The second factor requires that the actor offered at least two alternative manners in accordance with the alternative manner condition, one of which must use either technology certified to standard(s) adopted for the certification program or certain published content and transport standards. The third factor requires that the actor does not provide the “same” access, exchange, or use of the requested EHI to a “substantial number” of individuals or entities that are “similarly situated” to the requester. The condition provides that when determining whether a requestor is similarly situated, an actor cannot discriminate based on certain factors, including whether the requestor is a patient or other individual who is the subject of EHI; the health care provider type and size; whether the requestor is a competitor of the actor; and whether providing such access, exchange, or use would facilitate competition with the actor.
ASTP proposes to either revise or remove the manner exception exhausted condition from the infeasibility exception. ASTP is concerned that this condition is susceptible to misuse by actors to unnecessarily inhibit access, exchange, and use of EHI with competitors or other requestors. To address its concerns, ASTP proposes several changes to the second and third factors of the condition. If finalized, the changes would allow an actor to rely on the condition to deny a request for access, exchange, or use only if it does not provide analogous access, exchange, or use to any other individual or entity.
Specifically, ASTP would change the second factor to require the actor to offer all of the alternative manners under the alternative manner condition of the manner exception rather than only two alternatives.
In the third factor, the proposed rule would replace “same” with “analogous” so that an actor could not rely on the manner exception exhausted condition if the actor provides the same or analogous access, exchange, or use of EHI to any other requestor. ASTP believes using “analogous” access, exchange, or use in comparison to what the actor provides to others is less subject to manipulation than “same,” which could be interpreted to mean identical.
ASTP also proposes to change “substantial number” to at least one individual or entity and remove consideration of whether such individual or entity is “similarly situated” to the requestor. ASTP raised concerns that the terms “substantial” and “similarly situated” can be manipulated to deny access, exchange, or use.
TEFCA manner exception
The current TEFCA manner exception permits an actor to limit the manner in which it fulfills a request for access, exchange, or use of EHI to provide such access, exchange, or use only via TEFCA if the actor and requestor are both part of TEFCA and certain other conditions are met. The proposed rule would remove the exception completely. The administration has signaled continued support of TEFCA but proposes that using information blocking exceptions to incentivize participation in the network may be unnecessary.
Changes to certification criteria
ASTP proposes to remove 34 and revise seven certification criteria from a total of 60 current criteria to achieve its policy goals of reducing administrative burden and prioritizing the Fast Healthcare Interoperability Resources (FHIR®) standards, including FHIR-based application performance interfaces. ASTP proposes to retain and make no changes to 19 certification criteria, which include new and revised certification criteria that were adopted in the HTI-4 final rule. The following table from the proposed rule identifies the criteria to be removed or revised:
| Certification criteria | Reference | Remove/revise | Timing |
|---|---|---|---|
| Patient demographics and observations | § 170.315(a)(5) | Revise | Effective date of final rule |
| Clinical decision support | § 170.315(a)(9) | Remove | Effective date of final rule |
| Family health history | § 170.315(a)(12) | Remove | Effective January 1, 2027 |
| Implantable device list | § 170.315(a)(14) | Remove | Effective date of final rule |
| Transitions of care | § 170.315(b)(1) | Revise | Effective January 1, 2027 |
| Clinical information reconciliation and incorporation | § 170.315(b)(2) | Remove | Effective January 1, 2027 |
| Security tags – summary of care – send | § 170.315(b)(7) | Remove | Effective date of final rule |
| Security tags – summary of care – receive | § 170.315(b)(8) | Remove | Effective date of final rule |
| Care plan | § 170.315(b)(9) | Remove | Effective date of final rule |
| Decision support interventions | § 170.315(b)(11) | Revise | Effective date of final rule |
| Clinical quality measures – report | § 170.315(c)(3) | Revise | Effective date of final rule |
| Clinical quality measures – filter | § 170.315(c)(4) | Remove | Effective January 1, 2027 |
| Authentication, access control, authorization | § 170.315(d)(1) | Remove | Effective date of final rule |
| Auditable events and tamper-resistance | § 170.315(d)(2) | Remove | Effective date of final rule |
| Audit report(s) | § 170.315(d)(3) | Remove | Effective date of final rule |
| Amendments | § 170.315(d)(4) | Remove | Effective date of final rule |
| Automatic access time-out | § 170.315(d)(5) | Remove | Effective date of final rule |
| Emergency access | § 170.315(d)(6) | Remove | Effective date of final rule |
| End-user device encryption | § 170.315(d)(7) | Remove | Effective date of final rule |
| Integrity | § 170.315(d)(8) | Remove | Effective date of final rule |
| Trusted connection | § 170.315(d)(9) | Remove | Effective date of final rule |
| Auditing actions on health information | § 170.315(d)(10) | Remove | Effective date of final rule |
| Accounting of disclosures | § 170.315(d)(11) | Remove | Effective date of final rule |
| Encrypt authentication credentials | § 170.315(d)(12) | Remove | Effective date of final rule |
| Multi-factor authentication | § 170.315(d)(13) | Remove | Effective date of final rule |
| View, download, and transmit to 3rd party | § 170.315(e)(1) | Revise | Effective date of final rule |
| Patient health information capture | § 170.315(e)(3) | Remove | Effective January 1, 2027 |
| Transmission to cancer registries | § 170.315(f)(4) | Remove | Effective January 1, 2027 |
| Transmission to public health agencies – electronic case reporting | § 170.315(f)(5) | Revise | Effective date of final rule |
| Transmission to public health agencies – antimicrobial use and resistance reporting | § 170.315(f)(6) | Revise | Effective date of final rule |
| Transmission to public health agencies – healthcare surveys | § 170.315(f)(7) | Remove | Effective January 1, 2027 |
| Automated numerator recording | § 170.315(g)(1) | Remove | Effective January 1, 2027 |
| Automated measure calculation | § 170.315(g)(2) | Remove | Effective January 1, 2027 |
| Safety-enhanced design | § 170.315(g)(3) | Remove | Effective date of final rule |
| Quality management system | § 170.315(g)(4) | Remove | Effective date of final rule |
| Accessibility-centered design | § 170.315(g)(5) | Remove | Effective date of final rule |
| Consolidated CDA creation performance | § 170.315(g)(6) | Remove | Effective date of final rule |
| Application access – patient selection | § 170.315(g)(7) | Remove | Effective January 1, 2027 |
| Application access – all data request | § 170.315(g)(9) | Remove | Effective January 1, 2027 |
| Direct Project | § 170.315(h)(1) | Remove | Effective date of final rule |
| Direct Project, Edge Protocol, and XDR/XDM | § 170.315(h)(2) | Remove | Effective date of final rule |
ASTP proposes to make conforming changes to related certification standards and implementation specifications, as well as various terms and definitions.
Withdrawal of non-finalized HTI-2 provisions
ASTP previously finalized certain proposals contained in the HTI-2 proposed rule, but others related to certification criteria and information blocking exceptions remained in proposed form. In its notice, ASTP withdrew the remaining proposals, citing:
- Public comments on the HTI-2 proposals and requests for information.
- A focus on deregulation.
- Technology changes (e.g., newer standards).
- Emerging AI technologies.
Future rulemaking and enforcement
The proposed rule signals future rulemaking, specifically to further reduce and remove long-standing functionality-oriented and non-FHIR-based certification criteria. While this rule did not add significant new capabilities to the certification program, ASTP seeks feedback on tools other than C-CDA and ways to advance AI-enabled interoperability solutions. Furthermore, actions continue to signal that information blocking enforcement is on the horizon.
The McDermott Will & Schulte difference
If you have questions about how ASTP’s proposals would affect your organization if finalized, or if you would like assistance preparing comments to submit to ASTP, please contact any of the authors of this client alert, your regular McDermott Will & Schulte lawyer, or your regular McDermott+ consultant.