Electronic Case Reporting Certification Criterion Enforcement Discretion Notice

Dated: July 31, 2025

On January 31, 2025, President Donald J. Trump signed Executive Order (EO) 14192, “Unleashing Prosperity Through Deregulation.” Section 1 of EO 14192 states that it is the policy of the Administration to significantly reduce the private expenditures required to comply with federal regulations to secure America's economic prosperity and national security and the highest possible quality of life for each citizen.

In consideration of potential future deregulatory actions under the Assistant Secretary for Technology Policy (ASTP) and the Office of the National Coordinator for Health Information Technology (ONC) (collectively, “ASTP/ONC”) authorities and consistent with EO 14192, ASTP/ONC has identified certain regulatory requirements for which the exercise of enforcement discretion would reduce burden and costs for regulated entities.

In the Health Data, Technology, and Interoperability: Certification Program Updates, Algorithm Transparency, and Information Sharing (HTI-1) final rule, we finalized an updated certification criterion under the ONC Health IT Certification Program (“Certification Program”) for electronic case reporting (eCR) to public health authorities (“transmission to public health agencies – electronic case reporting;” (45 CFR 170.315(f)(5)). Specifically, in paragraph (f)(5)(ii), we incorporated by cross-reference the use of either the HL7 clinical document architecture (CDA) eICR standard or the Fast Healthcare Interoperability Resources (FHIR) eCR standard for certification to the criterion with a required effective date of January 1, 2026 (89 FR 1226-31).

In relation to these new requirements, ASTP/ONC is exercising the following enforcement discretion:

For Calendar Year 2025

ASTP/ONC will not exercise its direct review authority under 45 CFR 170.580 for any non-conformity, potential or actual, that arises solely from certified health IT not complying with the adopted standards finalized in 45 CFR 170.315(f)(5), so long as the certified health IT remains conformant with either 45 CFR 170.315(f)(5)(i) or the requirements in (f)(5)(ii) as follows:
a. (ii)(A) Consume and process case reporting trigger codes and identify a reportable patient visit or encounter based on a match with a trigger code value set (e.g., table).
b. (ii)(B) Create a case report.
c. (ii)(C) Receive, consume, and process a case report response.
d. (ii)(D) Transmit a case report electronically to a system capable of receiving a case report.
ASTP/ONC will not take any enforcement action under 45 CFR 170.565 against an ONC-ACB based on non-compliance with 45 CFR 170.550 for certifying a Health IT Module that is presented for certification to the “transmission to public health agencies – electronic case reporting” certification criterion (45 CFR 170.315(f)(5)), where the Health IT Module demonstrates and maintains conformance with paragraph (f)(5)(i) or the requirements of paragraph (f)(5)(ii) as specified in paragraph 1a through d above.

For Calendar Year 2026

ASTP/ONC will not exercise its direct review authority under 45 CFR 170.580 for any non-conformity, potential or actual, that arises from certified health IT not conforming to the adopted standards finalized in 45 CFR 170.315(f)(5)(ii), so long as the certified health IT remains conformant with the requirements in (f)(5)(ii) as follows:
a. (ii)(A) Consume and process case reporting trigger codes and identify a reportable patient visit or encounter based on a match with a trigger code value set (e.g., table).
b. (ii)(B) Create a case report.
c. (ii)(C) Receive, consume, and process a case report response.
d. (ii)(D) Transmit a case report electronically to a system capable of receiving a case report.
ASTP/ONC will not take any enforcement action under 45 CFR 170.565 against an ONC-ACB based on non-compliance with 45 CFR 170.550 for certifying a Health IT Module that is presented for certification to the “transmission to public health agencies – electronic case reporting” certification criterion (45 CFR 170.315(f)(5)), where the Health IT Module demonstrates and maintains conformance with the requirements of paragraph (f)(5)(ii) as specified in paragraph 1a through d above.

The intended practical effect of this enforcement discretion is that a developer with a Health IT Module currently certified to 45 CFR 170.315(f)(5) will remain in compliance with the Certification Program until December 31, 2025, if its Health IT Modules maintain compliance with either the criterion as defined in 45 CFR 170.315(f)(5)(i) or the requirements of 45 CFR 170.315(f)(5)(ii) as outlined above. Developers with a Health IT Module already conformant to 45 CFR 170.315(f)(5)(ii) may continue to be have its Health IT Module certified to the certification criterion without any further action. Additionally, in calendar years 2025 and 2026, health IT developers may pursue certification of their health IT to 45 CFR 170.315(f)(5)(ii) with or without adherence to the referenced standards.

This enforcement discretion will be in effect immediately, and will remain in effect until December 31, 2026, or until the Department of Health and Human Services completes a deregulatory action to revise 45 CFR 170.315(f)(5), whichever comes first.

Artificial Intelligence

Certification of Health IT

Health Information Technology Advisory Committee (HITAC)

Information Blocking

Interoperability

Patient Access to Health Records

Clinical Quality and Safety

Health IT and Health Information Exchange Basics

Health IT in Health Care Settings

Health IT Resources

Laws, Regulation, and Policy

ONC Funding Opportunities

ONC HITECH Programs

Privacy, Security, and HIPAA

Scientific Initiatives

Standards & Technology

Usability and Provider Burden

Electronic Case Reporting Certification Criterion Enforcement Discretion Notice

Connect with us: