Trump Team’s Health IT Plan Could Hurt Physician Practices, Health Groups Warn

Groups representing medical practices are expressing concerns about a proposed rule from the Trump administration that would change the required standards for electronic health records (EHRs).

“While MGMA [the Medical Group Management Association] supports reducing unnecessary regulatory burden on health IT [information technology] developers, we believe the proposed removal of 34 certification criteria and revision of certain certification requirements risks shifting technical, operational, direct and indirect costs, and compliance responsibilities downstream to medical groups,” Anders Gilberg, the association’s senior vice president for government affairs, wrote in a Feb. 27 letter to Thomas Keane, MD, HHS’s national coordinator for health information technology.

Furthermore, “we believe the compressed, proposed effective dates (listed as either effective date of final rule or Jan. 1, 2027) may lead to unnecessary disruption to care and operations for medical groups and introduce added complexity and burden,” he wrote.

Under the proposed rule, the administration says it is removing “duplicative and unnecessary requirements” of the Office of the National Coordinator for Health Information Technology Health IT Certification Program in order to “support providers in caring for their patients. Developers of certified health IT will have more time to support providers’ specific technological needs. Providers may also have more health IT choices to meet their needs through increased competition in the certified health IT market that may come from reduced barriers to entry for the certification of health IT.”

Much of the deregulation involves the Fast Healthcare Interoperability Resources (FHIR) standard. The FHIR standard “sought to improve developer usability and ease of implementation by leveraging internet‐scale tooling common to modern web services,” according to the proposed rule. “FHIR was designed to help reduce implementer variation, allow for widespread web security conventions to be layered in (e.g., OAuth 2.0, OpenID Connect, and TLS), and facilitate more incremental adoption through modularity.”

The American Medical Group Association (AMGA) said that although it supports the administration’s deregulatory goals, it did have some concerns, including with the administration’s proposal to remove “real-world testing” as a condition of EHR certification. “The proposal to remove the Real World Testing Condition of Certification would eliminate one of the few mechanisms that ensures certified health IT actually performs as intended in live clinical environments,” Darryl Drevna, AMGA’s senior director of regulatory affairs, wrote in an email to MedPage Today. “Without it, AMGA members risk deploying technology that passes controlled certification testing but fails in real workflows. That’s going to force providers to absorb the costs of workarounds, failed implementations, and potential patient safety gaps.”

Another question about the proposed regulation is how it would interact with the Merit-Based Incentive Payment System (MIPS), which adjusts Medicare physician pay based on how well the physicians perform on various quality measures. “We also emphasized the need to align changes to certification with requirements for MIPS,” Jonathan French, senior director for public policy and content development at the Healthcare Information and Management Systems Society (HIMSS), said in an email to MedPage Today.

“Providers are required to take actions that are currently supported by certification criteria that are going away,” wrote French, whose organization represents a variety of health IT stakeholders. “We do not want providers to be penalized by CMS because their developer stopped supporting a functionality because of the proposed certification changes. However, our developer members have indicated that they will continue to support customer needs even if they are not required for certification.”

The proposed rule comes with several potential pitfalls for smaller practices, French said. “First, the proposals would trigger a massive shift to certification just focusing on interoperability/information access … We anticipate new entrants to the developer marketplace that will just support getting patient information from point A to point B, and not necessarily focus on providing the functionality to support care delivery and administrative tasks that providers have grown accustomed to. Without due diligence by the providers, they could select health IT that doesn’t support some of their needs.”

“Second is the change to information blocking, specifically proposing to change the definition of ‘use’ and ‘access’ to clearly indicate that refusing appropriate requests for electronic health information from agentic and automated AI [artificial intelligence] tools will be considered information blocking,” he continued. “If a patient chooses to use a third-party AI to request their patient information, that is their right through HIPAA [the Health Information Portability and Accountability Act] and the actor has a legal responsibility to share that information.”

Despite these issues, HIMSS supports the deregulation effort for the most part, added French, noting that HIMSS had commented on the proposed rule in a Feb. 25 letter to Keane. “We agreed with the decision to remove many of the certification criteria that use older standards, and agreed with removing certification criteria focused on HIPAA compliance at the application level, [because that] didn’t make as much sense as encouraging hospitals and providers to address HIPAA compliance at an enterprise level.”