EHR Deregulation or Disruption? Inside EHRA’s Vision for a Leaner Certification Future

The EHR Association’s recent letter to ONC/ASTP, sent amid a broader deregulatory wave from the Trump administration, outlines an ambitious overhaul of the federal Certification Program for health IT. Framed as a call for “real-world value and feasibility,” the recommendations cover everything from simplified testing to the removal of entire certification criteria — and they raise pressing questions about where the line lies between strategic deregulation and systemic risk.

For health IT leaders, this moment is not just about compliance checklists. It’s a bellwether. Certification, once the keystone of federal oversight in digital health, may be entering a new era — one where market trust, rather than federal mandates, does more of the heavy lifting.

What EHRA Is Asking For

The EHRA’s letter proposes a three-pronged recalibration:

1. Reduce vendor burden via streamlined reporting (e.g., Real World Testing and “Insights”) and fewer attestations.
2. Remove low-value or redundant criteria, especially those not tied to interoperability (like family history, behavioral data, and implantable device lists).
3. Modernize process mechanics — including moving from live testing to “evidence-based attestation” and reducing ACB surveillance activities.

The intent is clear: make certification leaner, faster, and less expensive.

A Sea Change in Certification Philosophy?

Certification was born from the HITECH era’s need to drive adoption and trust. Over time, however, its role expanded into everything from usability testing to API transparency. EHRA’s proposals effectively ask ONC to narrow its scope back to core interoperability and let the market determine other values — like safety, UI/UX, and advanced decision support.

This introduces a key tension: if certification doesn’t protect the end user — the clinician or the patient — then who does?

The Risk of Fragmentation and Fatigue

EHRA argues that some criteria (like EHI Export or the Safety Enhanced Design requirement) create more confusion than value. But removing them may inadvertently shift the burden downstream to providers and health systems, who will now need to vet and validate tools on their own.

Moreover, the push to remove real-world testing and simplify predictive AI requirements lands just as the industry is trying to build trust in clinical decision support and AI transparency. Is this the right moment to ask for less oversight of these tools?

Market Consolidation and the Procurement Dilemma

There’s also a market consequence to consider: larger vendors are more likely to thrive in a system where certification is lighter and internal QA is king. Smaller vendors — especially those targeting niche clinical areas — may struggle to prove trustworthiness without the federal “seal.”

Buyers, meanwhile, face a strategic pivot: procurement teams will need deeper internal expertise or third-party validation partners to assess software that no longer carries the same certification rigor.

Be Careful What You Unbuild

Deregulation may be the right move in some areas — particularly where legacy requirements no longer reflect real clinical or technical value. But it cannot be a blunt instrument.

The health IT ecosystem remains fragile, with burnout, trust, and interoperability still in recovery. If ONC loosens too many threads at once, we risk unweaving the very fabric of digital safety and consistency that certification was built to provide.