Taction Software®
Custom Software

ONC Interoperability Rules: 2026 Updated Requirements

The Office of the National Coordinator for Health IT (ONC) continues to tighten interoperability requirements through progressive rulemaking. For health IT developers, healthcare providers, and health information networks, 2026 brings a new wave of compliance obligations — updated certification criteria, expanded data standards, algorithm transparency mandates, and stricter information blocking enforcement. This guide covers what changed, what’s required, and how to build compliant systems.

Certification

Tell Us Your Requirements

Our experts are ready to understand your business goals.

What is 1 + 1 ?

100% confidential & no spam

Trusted Partners

Trusted by Industry Leaders Worldwide

Recognition

Awards & Recognitions

Clutch AI Award
Top Clutch Developers
Top Software Developers
Top Staff Augmentation Company
Clutch Verified
Clutch Profile

Executive Summary

ONC’s regulatory trajectory since the 21st Century Cures Act has been consistent: more data must be exchangeable, in more standardized formats, through more open APIs, with fewer barriers to access. The 2024–2026 rulemaking cycle — primarily through HTI-1 and HTI-2 — advances this trajectory significantly.

The key themes for 2026:

USCDI expansion. USCDI v3 becomes the required data standard for certified health IT, adding data classes for health insurance information, clinical tests, functional status, disability status, and social determinants of health (SDoH) assessment data. Health IT developers must update their systems to capture, store, and exchange these new data classes.

Algorithm transparency. HTI-1 introduced requirements for transparency around clinical decision support algorithms and AI-powered predictive tools used in certified health IT. Developers must provide source attributes, intended use descriptions, and performance information for algorithms that influence clinical decisions.

FHIR API maturation. FHIR R4 APIs conforming to US Core profiles remain the required standard. Updated requirements address API performance expectations, SMART on FHIR implementation refinements, and Bulk FHIR export completeness.

Information blocking enforcement escalation. ONC and the HHS Office of Inspector General have moved from education to enforcement on information blocking. Civil monetary penalties of up to $1 million per violation are now being actively imposed against health IT developers, health information networks, and health information exchanges.

Key Requirements and Deadlines

  1. 01

    HTI-1 Final Rule (Effective Dates 2024–2026)

    USCDI v3 adoption. Certified health IT must support USCDI v3 data classes. New requirements include structured capture and exchange of SDoH screening data, health insurance information, functional and disability status, and expanded clinical note types. Systems that only support USCDI v1 or v2 must upgrade.

    Algorithm transparency. Developers of certified health IT must provide transparency information for clinical decision support interventions — including source attributes (who developed the algorithm, what data it was trained on), intended use (which clinical scenarios it targets), and performance characteristics (sensitivity, specificity, known biases). This applies to rule-based CDS and AI/ML-powered interventions.

    EHI export scope. The electronic health information export must be comprehensive — including all data the system maintains, not just USCDI data classes. Systems that limit export to a USCDI subset are non-compliant.

    C-CDA updates. Updated C-CDA requirements align document templates with USCDI v3 data classes — adding sections for SDoH, health insurance, and expanded clinical note types.

  2. 02

    HTI-2 Proposed/Final Rule

    Additional USCDI advancement. HTI-2 is expected to advance to USCDI v4 or establish the timeline for v4 adoption, continuing the pattern of annual data standard expansion.

    AI and algorithm governance. HTI-2 expands algorithm transparency requirements with additional governance expectations — documentation of algorithm lifecycle management, monitoring for performance degradation, and processes for addressing identified biases.

    Certification program updates. Refinements to testing procedures, certification maintenance requirements, and ONC-ACB (Authorized Certification Body) oversight strengthen the certification program’s ability to verify real-world compliance.

  3. 03

    Information Blocking Enforcement Timeline

    Active enforcement. The HHS OIG began imposing civil monetary penalties for information blocking in 2024. By 2026, enforcement is fully operational — complaints are investigated, violations are adjudicated, and penalties are assessed. Health IT developers, HINs, and HIEs face the highest penalty exposure (up to $1M per violation). Healthcare providers face enforcement through CMS conditions of participation and other existing authorities.

Technical Implementation Details

USCDI v3 Implementation

Implementing USCDI v3 requires changes across data capture, storage, exchange, and API layers:

New data capture workflows. SDoH screening instruments (AHC-HRSN, PRAPARE) must be available in EHR documentation workflows with structured, LOINC-coded response capture. Health insurance information fields must be structured and codeable. Functional status assessments must use standardized instruments.

Vocabulary updates. New data classes require additional vocabulary bindings: LOINC for SDoH assessment panels, SNOMED CT for SDoH conditions and findings, ICD-10 Z-codes for social determinant documentation on claims. Terminology servers and mapping tables must be updated.

FHIR US Core profile updates. New and updated FHIR US Core profiles accommodate USCDI v3 data classes. Observation profiles for SDoH screening results, Coverage profiles for health insurance information, and updated Condition profiles for functional status must be implemented and tested.

C-CDA template updates. New C-CDA sections and entries accommodate USCDI v3 data — SDoH assessment sections, insurance information sections, and functional status documentation. Templates must be validated against updated C-CDA specifications.

Algorithm Transparency Implementation

Source attribute documentation. For every CDS intervention in the certified system — drug interaction alerts, dosing calculators, risk prediction models, NLP-powered tools — document the developer, data sources, intended use, and known limitations.

Performance transparency. For AI/ML-based interventions, provide published performance metrics — accuracy, sensitivity, specificity, PPV, NPV — along with information about the validation population and known demographic performance disparities.

User-accessible transparency information. The transparency information must be accessible to users of the certified system — clinicians should be able to view the source, purpose, and limitations of any CDS intervention that influences their workflow.

Information Blocking Technical Compliance

API availability and performance. FHIR APIs must be available, performant, and responsive. Unreasonable rate limits, excessive downtime, or incomplete FHIR resource implementations can constitute technical information blocking.

App onboarding processes. Third-party app registration and onboarding must be reasonable and timely. Requiring unnecessary documentation, imposing excessive fees, or creating unreasonable delays in app approval may constitute information blocking.

EHI export completeness. Verify that your EHI export includes all electronic health information — not just USCDI elements. Custom data types, proprietary fields, and system-specific data that constitutes EHI must be included.

Compliance Checklist

USCDI v3 readiness:

  • All USCDI v3 data classes supported for capture, storage, and exchange
  • SDoH screening workflows implemented with LOINC-coded instruments
  • Health insurance information captured in structured format
  • Functional status and disability status assessment workflows active
  • FHIR US Core profiles updated for USCDI v3 data classes
  • C-CDA templates updated for USCDI v3 sections
  • Bulk FHIR export includes all USCDI v3 data classes

How Taction Ensures Compliance

At Taction, our team helps health IT developers, healthcare organizations, and health information exchanges build and maintain ONC-compliant systems as regulations evolve.

What we do:

  • USCDI v3 implementation — We update EHR and health IT systems to support new USCDI v3 data classes — building SDoH screening workflows, insurance data capture, functional status assessments, and updated FHIR/C-CDA profiles.
  • FHIR API development — We build and update US Core-compliant FHIR R4 APIs that satisfy ONC certification requirements — including SMART on FHIR authorization, Bulk FHIR export, and USCDI v3 resource profiles.
  • Algorithm transparency documentation — We help health IT developers inventory CDS interventions, document source attributes and performance characteristics, and build transparency interfaces that meet ONC requirements.
  • Information blocking compliance — We audit health IT products and data access practices against information blocking rules, identify gaps, map restrictions to regulatory exceptions, and build remediation plans.
  • Certification preparation — We prepare health IT products for ONC certification testing — building against current criteria, testing with ONC-approved tools (Inferno), and coordinating with ONC-ATLs and ONC-ACBs.

Ready to Discuss Your Project With Us?

Your email address will not be published. Required fields are marked *

What is 1 + 1 ?

What's Next?

Our expert reaches out shortly after receiving your request and analyzing your requirements.

If needed, we sign an NDA to protect your privacy.

We request additional information to better understand and analyze your project.

We schedule a call to discuss your project, goals. and priorities, and provide preliminary feedback.

If you're satisfied, we finalize the agreement and start your project.