I help ONC-certified Health IT developers navigate the next round of regulatory change. With HTI-5 proposing to remove or sunset many existing certification criteria and signaling a future built around FHIR APIs, developers face two decisions at once: which criteria to safely deregulate today, and how to position the product for an API-centric future.

I spent 14 years inside an ONC-Authorized Test Lab and Certification Body, supporting roughly 100 Health IT developers through more than 200 test events and assessments. I know the certification process from the inside.

What I help with

Safe deregulation under HTI-5

  • Map the proposed HTI-5 changes to your specific certified criteria and CHPL listing
  • Assess customer impact and contractual exposure before removing any criteria
  • Time changes to minimize disruption to quarterly ONC-ACB attestations and Real World Testing reporting
  • Document the rationale and transition plan for ONC-ACB review

FHIR API future

  • Position § 170.315(g)(10) implementation as a foundation, not a checkbox
  • Plan the SVAP path and the USCDI v3 to vNext transition
  • Prepare for HTI-5 API certification scope changes and follow-on rulemaking
  • Evaluate FHIR client-application alignment for products that consume rather than expose data

Electronic Prior Authorization readiness (CMS-0057 + HTI-4)

CMS-0057-F (Interoperability and Prior Authorization Final Rule, January 2024) and HTI-4 (Electronic Prescribing, Real-Time Prescription Benefit, and Electronic Prior Authorization, August 2025) together drive the move from fax-and-portal prior auth to FHIR-based APIs. CMS-0057 puts the API and decision-time obligations on payers; HTI-4 establishes the corresponding ONC certification criteria for Health IT Modules supporting these workflows.

  • Map HTI-4 certification criteria to your product roadmap: RTPB, ePA workflows, FHIR API conformance
  • Coordinate with payer integration plans against CMS-0057 compliance dates: operational and reporting requirements by January 1, 2026; Patient Access / Provider Access / Payer-to-Payer / Prior Authorization API conformance by January 1, 2027
  • Position the work alongside existing CEHRT obligations and HTI-5 deregulation analysis so a single regulatory workstream covers the portfolio

Ongoing CEHRT obligations

  • Quarterly ONC-ACB attestation strategy and submission review
  • Real World Testing plan development and annual reporting
  • Conditions of Certification: Information Blocking, API maintenance, attestation cycles
  • TEFCA Exchange purpose alignment for products participating in QHIN flows

Predictive DSI § 170.315(b)(11)

  • Source attribute documentation across the 13 evidence-based and 31 predictive categories
  • Intervention Risk Management practices and FAVES (Fair, Appropriate, Valid, Effective, Safe) evaluation
  • Cross-mapping to NIST AI RMF and ISO/IEC 42001 so AI governance work satisfies multiple obligations at once

Future-proofing under HTI-5 deregulation

The work holds whether HTI-5 keeps the (b)(11) Predictive DSI rules, modifies them, or removes them entirely. Internal stakeholder and customer expectations for risk assessments, intervention attributes, and training data transparency persist regardless of regulatory direction. The artifacts I help build meet today’s rule and adapt to whatever lands next.

What’s at stake

When this works. Compliance stops being the slow lane on your roadmap. ONC-ACB attestations submit on time without sprint disruption. HTI-5 transitions land cleanly, and you find out about follow-on rulemaking from me, not from a customer escalation.

When this doesn’t get done. CEHRT status lapses, and hospital sales freeze. A missed quarterly attestation triggers a Conditions of Certification review. An HTI-5 deregulation decision made without customer-impact analysis surfaces in a procurement diligence question six months later.

Background

Fourteen years at Drummond Group, the leading ONC-Authorized Test Lab and Certification Body in Health IT. The Drummond Test Lab captured over 80% of the Meaningful Use certification market during my tenure. I worked across every facet of the program:

  • Health IT Test Proctor (2010 to 2018). Verified more than 200 Health IT products against ONC certification criteria across the 2011, 2014, and 2015 editions of Meaningful Use.
  • Technical Review Manager, Certification Body (2019 to 2020). Reviewed quarterly attestations and post-certification submissions, evaluated whether changes triggered re-test, and led surveillance testing for high-profile clients operating under OIG and CMS Corporate Integrity Agreements.
  • Senior Program Engineer (2022 to 2024). Led research and growth strategy for emerging certification programs including the Pediatric Health IT Certification program (built on ONC, AHRQ, and HL7 standards), FHIR Client Applications, and alternative testing methods.

I also helped launch Drummond’s HITRUST service line and worked there as a Senior Cybersecurity Assessor before returning to the Health IT side.

For the past year I have been working on the developer side of an interoperability software platform, which keeps me current on what FHIR API implementation actually looks like in production code rather than in regulatory text.

Other credentials and affiliations:

  • Member of the Coalition for Health AI and the NIST AI Safety Consortium working groups
  • Credited contributor to the CHAI Responsible AI Guide (Privacy and Cybersecurity Profile)

ONC engagements rarely live alone. If your CEHRT work touches AI features under § 170.315(b)(11), the AI governance page covers ISO/IEC 42001 and NIST AI RMF readiness. If customers are asking for HITRUST attestations alongside CEHRT, the HITRUST advisory page covers e1, i1, and r2 readiness.

Get started

Most ONC engagements begin with a regulatory impact assessment scoped to your CHPL listing and product roadmap. From there we choose the right blend of deregulation, FHIR positioning, and ongoing CEHRT maintenance.

Schedule a call to discuss your CHPL listing and HTI-5 transition plan.