MGMA warns health IT overhaul could shift costs, compliance burden to medical practices

The nation’s largest association of medical practice leaders is urging the federal government to extend implementation timelines in a proposed rule that would eliminate more than half of the requirements in the federal health IT certification program.

The Medical Group Management Association, which represents more than 70,000 medical practice administrators and executives across more than 15,000 medical groups, submitted a comment letter Feb. 27 in response to the Health Data, Technology, and Interoperability: ASTP/ONC Deregulatory Actions to Unleash Prosperity proposed rule, known as HTI-5. The 60-day public comment period closed the same day.

The proposed rule, published in the Federal Register on Dec. 29, would remove 34 of 60 existing certification criteria and revise seven others, altering nearly 70% of the ONC Health IT Certification Program. HHS estimated the changes would save certified health IT developers more than 1.4 million compliance hours in the first year and $1.53 billion in total savings over time.

ASTP/ONC framed the proposal as carrying out President Donald Trump’s Executive Order 14192, "Unleashing Prosperity Through Deregulation." The rule would eliminate requirements that the agency called duplicative or outdated and refocus the certification program around Fast Healthcare Interoperability Resources-based application programming interfaces and AI-enabled interoperability.

The most contested change would eliminate model card requirements for AI-powered clinical decision support tools. Those requirements, introduced under the Biden administration, required health IT developers to disclose how their AI tools were developed, tested and validated. ASTP/ONC said it found no evidence that the transparency requirements had led to positive impacts on patient care. The rule would also remove all 14 privacy and security certification criteria and scale back real-world testing obligations.

MGMA’s concerns

In its letter to Thomas Keane, M.D., the assistant secretary for technology policy and national coordinator for health information technology, MGMA said the proposed removal of 34 certification criteria risks shifting technical, operational and compliance responsibilities downstream to medical groups. The changes could lead to increased product variability and force practices to renegotiate electronic health record contracts to maintain capabilities they rely on, the group wrote.

MGMA asked ASTP to set longer timelines than the proposed effective dates of either the date of the final rule or Jan. 1, 2027, calling the compressed deadlines potentially disruptive to care and operations.

On AI transparency, MGMA called the rollback premature, writing that practices would be left independently assessing vendor AI tools and managing clinical and legal risk without access to standardized information about how those tools were developed and validated. An MGMA Stat poll conducted Jan. 20 of 328 medical group leaders found that only 20% had formal AI governance policies in place, with 56% reporting none at all.

On the shift away from Consolidated Clinical Document Architecture, MGMA urged a phased transition grounded in demonstrable FHIR readiness, citing research documenting uneven adoption and interoperability challenges with legacy systems. The group noted that more than 484 million Direct Secure Messages were exchanged in the last quarter of 2025 alone, with more than 6.5 billion exchanged cumulatively since 2014, and warned that removing related certification criteria could undermine that infrastructure.

MGMA also warned that certification changes could leave medical groups accountable to Centers for Medicare & Medicaid Services reporting requirements, including under the Merit-Based Incentive Payment System, without certified tools to support them. The group called for a coordinated ASTP/CMS transition strategy.

Broader reaction

The American Hospital Association, which also filed comments Feb. 27, called for a minimum 24-month transition period and warned that removing C-CDA-based exchange criteria could jeopardize data sharing in rural and underserved areas. The American Medical Informatics Association cautioned that removing privacy, security and AI transparency criteria could introduce unintended risks.

The health IT industry was more receptive. Oracle Health said it was encouraged by the burden reduction efforts, and the EHR Association had written to HHS Secretary Robert F. Kennedy Jr. earlier in 2025, calling for fewer regulatory requirements. Michael Lipinski, ASTP director, told reporters the changes were based on reasoned, rational decisions and should not be seen as gutting the program.

ASTP/ONC will review comments and could issue a final rule later this year. The letter was signed by Anders M. Gilberg, MGMA’s senior vice president of government affairs.