Information technology (IT), or the use of devices such as computers to handle electronic data, has existed for decades, but it has only recently become accessible to many Americans in a health care context. The federal government has tasked the Assistant Secretary for Technology Policy/Office of the National Coordinator for Health Information Technology (ASTP/ONC) with developing an IT framework for the use and exchange of health information that is interoperable, equitable, and accessible to all Americans. ASTP/ONC's mission is to systemically improve the American people's health "through the access, exchange, and use of data." ASTP/ONC is a staff division within the Office of the Secretary for the U.S. Department of Health and Human Services (HHS).
Organization and Programs
ASTP/ONC's organizational efforts are unified by two objectives. First, ASTP/ONC endeavors to "advanc[e] the development and use of health IT capabilities." Second, ONC strives to "establish ... expectations for data sharing." ASTP/ONC comprises four offices under the overarching Immediate Office of ASTP/ONC (IO): the Office of Policy (OPOL); the Office of Standards, Certification, and Analysis (OSCA); the Office of the Chief Operating Officer (OCOO); and the Office of the Chief Technology Officer (OCTO). The IO broadly leads and advances the interoperability of health information efforts and coordinates related policies and programs across HHS and other agencies. OPOL is responsible for health IT policy and rulemaking activities domestically and globally, the coordination of related efforts with stakeholders, and operation of the Health Information Technology Advisory Committee (HITAC). OSCA leads and coordinates stakeholders to implement and advance nationwide interoperability for health and human services initiatives, executes selected provisions of relevant acts, and administers the ONC Health IT Certification Program. OCOO manages necessary ASTP/ONC resources and provides centralized, agencywide strategies and services. Finally, OCTO oversees technology, data, and AI strategy and policy across HHS and other agencies.
Selected Focus Areas
ASTP/ONC offices broadly coordinate nationwide health IT and electronic health information exchange efforts. ASTP/ONC initiatives involve multiple ongoing endeavors, including the following key activities:
Interoperability. Many of ASTP/ONC's activities center on advancing interoperability. Under the Medicare Access and CHIP Reauthorization Act of 2015 (MACRA; P.L. 114-10), interoperability is defined as the "ability of two or more health information systems or components to exchange clinical and other information and to use the information that has been exchanged using common standards as to provide access to longitudinal information for health care providers in order to facilitate coordinated care and improved patient outcomes." Interoperability in health care, particularly of electronic health records (EHRs), presents myriad potential benefits, including increased safety, efficacy, and personalization of clinical care, as well as enhanced accessibility to individual health information to improve the management and coordination of care. ASTP/ONC organizes interoperability efforts nationwide.
Trusted Exchange. ASTP/ONC's Trusted Exchange Framework and Common Agreement (TEFCA) went live in December 2023. TEFCA is an ASTP/ONC initiative designed to create a baseline governance, legal, and technical framework for a nationwide, interoperable network-of-networks capable of securely and seamlessly exchanging health information. Under TEFCA, authorized health data can be shared with health care providers, patients, public health agencies, and payers. Data exchanged through TEFCA may be transmitted for multiple reasons, including facilitating treatment, payment, health care operations, public health, government benefits determinations, and individual access to services. TEFCA is a voluntary initiative available to participants across the country.
ONC Health IT Certification Program (Certification Program). Begun in 2010, the Certification Program is an initiative under which health IT developers may voluntarily obtain health IT certification. The Certification Program incentivizes conformity across EHR systems through a combination of evolving standards, implementation specifications, and certification criteria issued by the HHS Secretary. This conformity is meant to promote interoperability through access, exchange, and use of electronic health information (EHI), especially through the use of open application programming interfaces (APIs). An API is a tool that, in part, allows multiple software applications to communicate with one another and share information, regardless of how each of the applications was designed.
Information Blocking. An efficient health care system relies on the sharing of EHI among authorized parties. Activities that interfere with, or are likely to interfere with, the lawful access, exchange, or use of EHI are considered information blocking under the 21st Century Cures Act (Cures Act; P.L. 114-255). Per the Cures Act, actors, including health care providers, health information networks or health information exchanges, and health IT developers of certified health IT, are forbidden from practices constituting information blocking. However, pursuant to direction in the Cures Act, ASTP/ONC has, via rulemaking, identified exceptions to the information blocking prohibition. Regulated actors who commit information blocking may be subject to civil money penalties and other disincentives.
Artificial Intelligence (AI). ASTP/ONC is responsible for the oversight of technology, data, and AI policy and strategy across HHS. The Chief AI Officer for HHS is organizationally located within ASTP/ONC and is responsible for setting HHS AI policy and strategy, coordinating HHS's AI approach, and supporting the safe and appropriate use of AI technologies within HHS. Via rulemaking, ASTP/ONC has introduced requirements meant to increase transparency when certain algorithms, including some AI, are contained within technology certified under the Certification Program.
Authorities
The position of National Coordinator for Health Information Technology within the HHS Office of the Secretary was created by President George W. Bush via Executive Order 13335. The Office of the National Coordinator for Health Information Technology (originally ONCHIT) was then legislatively mandated under the Health Information Technology for Economic and Clinical Health Act of 2009 (HITECH Act; P.L. 111-5) to promote the creation of a national health information technology infrastructure capable of electronic data use and exchange. Much of ASTP/ONC's duties and related authorities are outlined under Title XXX of the Public Health Service Act (PHSA, as amended; 42 U.S.C. §§300jj-300jj-52), as originally added by the HITECH Act.
ASTP/ONC's duties were further augmented and amended by the Medicare Access and CHIP Reauthorization Act (MACRA; P.L. 114-10) in 2015 and the Cures Act in 2016. Under MACRA, ASTP/ONC was delegated the task of promoting EHR system interoperability. Under the Cures Act, key ASTP/ONC initiatives and powers were authorized, including conditions of maintenance and certification for the Certification Program, the creation of TEFCA, the formation of HITAC, and the identification of reasonable and necessary activities not constituting information blocking. In response to the COVID-19 pandemic, ASTP/ONC was charged under President Biden's Executive Order 13994, issued on January 21, 2021, with advising the HHS Secretary on gaps in public health information systems (E.O. 13994 was rescinded by President Trump under Executive Order 14236 on March 14, 2025; how this may affect ASTP/ONC's future actions is, at the time of this In Focus's publication, unclear). Most recently, in July 2024, HHS was reorganized and ASTP/ONC's authority was expanded to include technology, data, and AI policy and strategy oversight for the department; this expansion also resulted in the renaming of ONC to ASTP/ONC.
Regulations
ASTP/ONC administers many regulations, sometimes in conjunction with the Centers for Medicare & Medicaid Services (CMS). Most of ASTP/ONC's regulations address topics such as meaningful use, interoperability, information blocking, and the Certification Program. Among the primary regulations ASTP/ONC implements are its Cures Act Final Rule, as well as CMS's Interoperability and Patient Access Final Rule. From 2023 to 2024, ASTP/ONC published a series of final rules under the title Health Data, Technology, and Interoperability (HTI) addressing topics related to the Certification Program, algorithmic transparency, information sharing, patient engagement, and public health interoperability, among others.
Selected Policy Considerations
Determination of Information Blocking Practices
What precisely constitutes information blocking is often difficult to discern; in guidance, ASTP/ONC has stated that such determinations will be made on a case-by-case basis. For several years in its budget materials, ASTP/ONC has requested that HHS be authorized to create an advisory opinion process capable of issuing binding opinions to requestors about whether a specific practice may violate information blocking provisions.
TEFCA Implementation
Because TEFCA is meant to function as a network-of-networks and is voluntary to join, its success hinges in large part on the number of parties who choose to participate. According to ASTP/ONC, although there has been great interest in TEFCA, some health care providers and networks remain unaware of, or uncertain about, TEFCA. To bolster TEFCA participation, ASTP/ONC has suggested that technical assistance and grants may enable uncommitted parties to join and make ongoing investments in the initiative.
AI Policy
ASTP/ONC seeks to address an ongoing challenge related to AI in health care: how to effectively capitalize on the potential of AI, machine learning, and related algorithmic technologies, while avoiding risks related to the use of invalid, inappropriate, unfair, or unsafe predictions. ASTP/ONC leaders have participated in discussions regarding the creation of public-private nationwide AI assurance laboratories that would objectively evaluate and assess AI models used in clinical health care settings to ensure they adhere to uniform standards and best practices. While frameworks for responsible AI use and regulation have proliferated, some stakeholders have expressed an interest in building a consensus framework, an initiative in which ASTP/ONC could play a key role.