Health data interoperability — HTI-1 USCDI v4 and decision support controls

The ONC HTI-1 final rule (88 FR 85928) locks 1 January 2026 compliance dates for USCDI v4 adoption and decision-support intervention (DSI) transparency. Certified developers must ship production-ready FHIR API builds, trustworthy DSI documentation, and information-blocking-aligned deployment plans before year-end to avoid certification risk and customer churn. Use this playbook alongside the pillar hub, the HTI-1 setup guide, and related briefs on TEFCA FHIR readiness and NYDFS cybersecurity hardening to coordinate governance, engineering, and clinical adoption.

HTI-1 scope and deadlines

HTI-1 timelines build on existing Information Blocking and API Conditions of Certification; all upgrades must be deployed without reducing interoperability or patient access.

Workplan for developers and providers

1. Architecture freeze. Finalize FHIR US Core v6.0.0 setup guides, SMART 2.0 scopes, and security headers. Lock dependency versions and conformance testing tools by 15 August 2025.
2. Data expansion. Map USCDI v4 additions (for example, SDOH, functional status, provenance) to source systems, reconcile code systems, and add validation rules for required vocabularies.
3. DSI library build. Create standardized, versioned documentation packets for each decision support intervention: intended use, training data provenance, evaluation datasets, bias testing results, limitations, human-oversight expectations, and rollback paths.
4. Clinical safety and governance. Stand up a DSI review board (clinician, data science, safety, compliance) to approve interventions, track post-deployment feedback, and coordinate corrections with Information Blocking exceptions.
5. Integration partner readiness. Provide sandbox endpoints, synthetic test decks that mirror real vocabularies, and change notes for payers, public health, HIEs, and digital health apps that consume USCDI v4 payloads.
6. Customer enablement. Deliver release notes, short video walk-throughs, and FAQ sheets for providers; update training to cover new data classes, patient education, and DSI fact-sheet access.
7. Evidence and audit. Capture conformance reports, test logs, traceability matrices linking requirements to code/configuration, and help-desk tickets for regulator or certifier spot checks.

Visual — rollout swimlane

        [Jul] Architecture freeze ──┐
        [Aug] USCDI v4 mapping ─────┤
        [Sep] FHIR/SMART QA ────────┼─▶ [Oct] Pilot go-live
        [Oct] DSI fact sheets ──────┤
        [Nov] Customer training ────┤
        [Dec] Full deployment & evidence room
         

Freeze architecture early so governance and training can follow; avoid end-of-year change freezes that block deployment.

Data quality and API conformance

Decision support transparency package

• Fact sheet template. Purpose statement, intended patient population, clinical workflow location, known contraindications, and human oversight expectations.
• Training and test data lineage. Source systems, collection dates, exclusion criteria, demographic balance, and data minimization decisions.
• Performance metrics. AUROC, sensitivity/specificity, calibration, fairness slices (for example, age, sex, race/ethnicity), with references to validation datasets.
• Risk management. Identified failure modes, mitigations, fallback pathways, and monitored leading indicators (alert overrides, false positives, model drift).
• Update governance. Versioning, change approval, rollback triggers, and notification protocol to customers.

Key metrics

Testing and validation path

1. Unit and integration. Validate USCDI v4 resources and SMART scopes in CI with HL7 Inferno or equivalent.
2. End-to-end. Run scenario scripts (for example, medication reconciliation, care plan update, lab ordering) against sandbox and partner environments.
3. Performance and resiliency. Load-test API endpoints; verify circuit breakers, retries, and graceful degradation.
4. Safety drills. Simulate incorrect model output, override workflows, and clinician feedback loops; confirm audit trails capture decisions.
5. Certification dry run. Assemble evidence room: conformance statements, screenshots, logs, and customer attestations.

Implementation risks and mitigations

• Late-breaking vocabulary changes. Mitigate with evergreen value-set service and governance-approved change windows.
• Partner readiness gaps. Offer parallel USCDI v3/v4 support during migration with clear deprecation dates; publish mapping guides.
• Model drift. Automate drift detection with population stability indices; pre-authorize rollback to previous model versions.
• Information blocking conflicts. Crosswalk DSI transparency obligations with exception policies to prevent blocking perceptions when disabling unsafe features.
• Documentation debt. Assign owners for each DSI fact sheet and require update on any model retrain or feature change.

90-day countdown checklist

• All USCDI v4 data classes mapped, validated, and exposed in production FHIR APIs.
• SMART 2.0 implemented with fine-grained scopes and app registration docs published.
• DSI fact sheets completed, reviewed by governance board, and accessible in clinician workflows.
• Customer training and communication plans executed; support staff briefed on change impacts.
• Evidence room populated with test logs, monitoring dashboards, and governance minutes.

Interoperability dependencies

• TEFCA readiness. Align USCDI v4 payloads with TEFCA QHIN testing scripts; ensure endpoint directories and security certificates are updated before nationwide query goes live.
• Public health reporting. Validate electronic case reporting, immunization, and syndromic feeds include USCDI v4 elements where required; coordinate with state agencies on transport protocols.
• Third-party developers. Refresh terms of service for app developers to reflect SMART 2.0 scopes, patient consent flows, and DSI transparency obligations.

Procurement and contracting

1. Update customer contracts to reflect new certified capabilities, service-level targets, and support commitments for USCDI v4 fields.
2. Add DSI transparency schedules that list delivered interventions, fact-sheet access methods, and change-notification SLAs.
3. Include right-to-audit clauses covering model governance, logging, and safety mitigations.
4. Pre-negotiate fees for upgrade deployments and clinician training to reduce year-end friction.

Scenario playbook

Training curriculum outline

• Overview of USCDI v4 fields and where they appear in clinical workflows.
• How to access and interpret DSI fact sheets at the point of care.
• Procedures for feedback, override, and error reporting.
• Privacy and security reminders (consent, break-glass, audit expectations).

Resourcing and budget

Allocate budget for FHIR upgrade engineering, vocabulary licensing, governance operations, and clinician time for training and feedback. Tie funding approvals to milestone burndown (architecture freeze, QA exit, pilot completion) and track actuals weekly to avoid year-end spending freezes delaying deployment.