Health Tech Leaders Commit to Innovative Changes Focused on Patients. On July 30, more than 60 major health care and information technology organizations at a White House event pledged to a series of innovative advancements aimed at putting the patient at the center of their care. Early adopters include well-known data networks, health systems and providers, and patient facing application (app) vendors. The goal of committing to the voluntary criteria outlined during the event is to lead a patient-centric digital health ecosystem that will improve patient outcomes, reduce provider burden, and ensure value throughout the health care delivery system.

The Centers for Medicare & Medicaid Services (CMS) also announced during the event progress on its work in building foundational tools that support an improved digital ecosystem, including an enhanced Plan Finder for Medicare beneficiaries, development of a Fast Healthcare Interoperability Resources (FHIR®)-based Application Programming Interface (API) National Provider Directory, improved digital identity processes, and trusted exchange and CMS-Aligned Networks. These topics were the subject of the June 3 meeting hosted by CMS and Assistant Secretary for Technology Policy/Office of the National Coordinator for Health IT (ASTP/ONC) where they engaged with attendees on advancing data interoperability, patient access, and patient-friendly digital health products.

ASTP/ONC Releases HTI-4 Final Rule. The Health Data, Technology, and Interoperability: Electronic Prescribing, Real-Time Prescription Benefit and Electronic Prior Authorization (HTI-4) final rule was released as a display copy by ASTP/ONC. It is expected to be published in the Federal Register on August 4 as part of the FY2026 CMS Hospital Inpatient Prospective Payment System final rule (CMS-1833-F). The HTI-4 final rule finalizes certain proposals from the HTI-2 Patient Engagement, Information Sharing, and Public Health Interoperability proposed rule, including new and updated health information technology (IT) certification criteria for electronic prior authorization, electronic prescribing, and real-time prescription benefit information. It also includes several related criteria for API functionality and finalizes the adoption of additional standards that support the exchange of clinical and administrative information with payers. This fact sheet provides additional details on what is included in HTI-4. ASTP is also holding a virtual information session on August 12 at 1:00 pm ET. 

Monarez Confirmed by Senate as New Director of CDC. Susan Monarez, PhD was confirmed in a Senate vote of 51-47 as the new director of the Centers for Disease Control and Prevention (CDC). Monarez is a microbiologist and immunologist. She served as acting director from January through March and left the position when nominated to be the director. Prior to joining the CDC, Monarez was the deputy director of the Advanced Research Projects Agency for Health (ARPA-H). She served in the White House’s Office of Science and Technology Policy and on the National Security Council, lead efforts on pandemic preparedness, promoted the use of wearable devices, and addressed health data privacy. Other previous work includes supporting improved health outcomes with artificial intelligence (AI) and machine learning, addressing affordability and accessibility in health care, and addressing health disparities in maternal morbidity and mortality.

USCDI v6 Published by ASTP/ONC. The U.S. Core Data for Interoperability Version 6 (USCDI v6) is now available on the ASTP/ONC website. Changes in USCDI v6 include six new data elements, four added applicable standards, updates to three data classes, and changes to seven data element definitions. The USCDI v6 Standard Document and the ASTP/ONC Standards Bulletin 25-2 provide additional information about USCDI v6 and its changes. ASTP/ONC is currently accepting comments on future versions of the USCDI through the ONC New Data Element and Class (ONDEC) Submission System. The deadline for submitting feedback is September 29.

No Surprises Enforcement Act Introduced with Bipartisan and Bicameral Support. U.S. Representative Greg Murphy, M.D. (R-NC) introduced the “No Surprises Enforcement Act” that aims to reinforce provisions included in the No Surprises Act (NSA). The NSA passed with bipartisan support in 2020 and provides specific protections for patients from unexpected and usually costly medical bills. The bill is co-sponsored by U.S. Representatives Jimmy Panetta (D-CA), John Joyce, M.D. (R-PA), Raul Ruiz, M.D. (D-CA), Bob Onder, M.D. (R-MO), and Kim Schrier, M.D. (D-WA). In the U.S. Senate, Senators Roger Marshall, M.D. (R-KS) and Michael Bennet (D-CO) introduced companion legislation. Lawmakers supporting this bill expressed concern that the NSA has not provided the wide-scale relief for patients from surprise billing as was intended. This new legislation, if enacted, would close gaps in enforcement by increasing penalties for noncompliance, resolving inconsistencies in penalties for noncompliant entities, and improving transparency in reporting requirements.

ASTP/ONC Highlights Health IT Certification Program Resources. ASTP/ONC highlighted resources available on its website for different requirements of the ONC Health IT Certification Program (Certification Program), including the following:

• ONC Certification Criteria for Health IT by Regulatory Update Deadline: This webpage provides a list of the certification criteria updates based on the regulation text, final rule, and regulatory deadline.
• Insights Measure Specifications Version 4: Clarifications Fact Sheet: This fact sheet provides clarifications of the Insights Measure Specifications Version 4 for health IT developers participating in the Certification Program. It is specific for the requirements of the Insights Condition and Maintenance of Certification.
• Promoting an Open and Transparent API Ecosystem: API Conditions and Maintenance of Certification Requirements for Certified API Developers in the ONC Health IT Certification Program: This fact sheet provides details on the API requirements and expectations for Certified API developers participating in the Certification Program. It helps patients, clinicians, researchers, and other interested parties understand the requirements that apply to developers of certified API products.

CISA and Partners Issue Advisory on Scattered Spider Threat. The Cybersecurity & Infrastructure Security Agency (CISA), Federal Bureau of Investigation, and Canadian and Australian partners issued an updated joint Cybersecurity Advisory on Scattered Spider. Scattered Spider is a cybercriminal group that is known to use ransomware in cyberattacks on commercial facilities. They typically use phishing, push bombing, and subscriber identity attacks to steal credentials, launch remote access tools, and circumvent multi-factor authentication. The Cybersecurity Advisory provides recommendations for organizations to take to mitigate their risk of an attack.

Texas State Law Enacts New Requirements for EHRs and AI Use. Texas Senate Bill 1188, signed into law in June and effective on September 1, 2025, adds new requirements for EHR storage by covered entities and the use of AI by physicians. For EHRs, the law requires that covered entities physical store patient information in the U.S. or a U.S. territory. The requirement applies to EHR data stored by a third-party, sub-contracted, or cloud service entity or use a technology that allows patient information to be electronically retrieved, accessed, or transmitted. Covered entities are also obligated to ensure that EHR information is only accessible to people who must access the information and appropriate safeguards are in place to protect EHR data. For AI, the law allows the use of AI for diagnostic purposes if the clinician reviews all records created by AI and discloses to the patient the use of AI with the service.