The new federal Health Technology Ecosystem that President Donald Trump announced from the White House on Wednesday is designed to kill the need for faxed patient records and open up app-based innovation and data sharing between patients and the wider healthcare system.
According to the U.S. Centers for Medicare & Medicaid Services, which is spearheading the effort, the new interoperability framework will enable the sharing of patient medical records through a new initiative called the CMS Aligned Network.
Meanwhile, numerous health IT vendors, health information exchanges and others, including Big Tech firms and healthcare provider systems, participated in the ecosystem's planning and attended the "Make Health Tech Great Again" event at the White House.
While the big-picture goals of the interoperability projects are aligned with what the federal government, technology companies, providers, payers and others have been working on for years – consumer-grade healthcare experiences that use open standards supported by federal policy – some have raised questions about patient privacy and Big Tech's plans for all that data.
Digital health advocates, academics and others raised concerns this week about issues ranging from the monetization of protected data to basic cybersecurity protections.
Empowering patients
Even after landmark efforts like the 21st Century Cures Act, with its interoperability provisions and information blocking prohibitions, U.S. Department of Health and Human Services Secretary Robert F. Kennedy, Jr., on Wednesday claimed that patients have waited "decades" to have more access to and control over their health data.
"We’re tearing down digital walls, returning power to patients and rebuilding a health system that serves the people," said Kennedy in a statement.
"We have the tools and information available now to empower patients to improve their outcomes and their healthcare experience," added CMS Administrator Dr. Mehmet Oz. "For too long, patients in this country have been burdened with a healthcare system that has not kept pace with the disruptive innovations that have transformed nearly every other sector of our economy."
Technology problem solvers
CMS said that 60 tech companies, 21 health data exchange networks, 11 providers – including Intermountain Health, Providence and Sanford Health – and five payers have pledged to participate so far, and agreed to voluntary data exchange criteria that serve as a foundational piece of the new Health Technology Ecosystem.
As of press time, seven electronic health record vendors are committed to the initiative, while Qualified Health Information Networks, which exist under the Cures Act's Trusted Exchange Framework and Common Agreement program, are pledging to become CMS Aligned Networks.
According to CMS, the larger effort is meant to foster new secure tools such as apps for diabetes and obesity management, new AI-based chatbots and conversational AI to help patients check symptoms and navigate care, and other technologies to "kill the clipboard" by replacing paper intake forms.
Watertown, Massachusetts-based athenahealth is one of the companies that will become a CMS Aligned Network.
"We are pledging to work collaboratively to implement the CMS Interoperability Framework and continue to march towards a vision of a thriving healthcare ecosystem that helps patients and providers," an athenahealth spokesperson said by email after the announcement.
(Earlier this week, the cloud IT vendor migrated to TEFCA, giving patients a no-login, digital identity-based access system to control their health data.)
eHealth Exchange, the healthcare data network, said the new CMS health interoperability ecosystem would advance efforts already underway.
"This was an easy decision for eHealth Exchange to make," said Jay Nakashima, the health interoperability network president, in a statement sent by email.
"Our network was born out of federal interoperability initiatives almost two decades ago, and we know firsthand the power the federal government wields in moving things forward. The fact that it’s CMS leading this initiative, the largest payer in the country, makes it even more exciting."
Nakashima went on to say that he thinks that the new system will help advance payer participation, something the network has worked on for two years, he said.
Certifying APIs, making data usable
CMS wants more problem solvers and innovators focused on interoperability barriers to join the voluntary system, while patient participation is expected to be opt-in.
"We are calling on the healthcare industry – data networks, [EHR] systems, health app developers, providers and innovators – to voluntarily align around a shared framework for data and access that empowers people, improves care and accelerates progress," CMS said on the new Health Technology Ecosystem website.
For its part, the EHR Association said it welcomes efforts to accelerate health data interoperability and information sharing, "and commends the developer community’s proactive commitment to this voluntary pledge."
"By expanding access pathways – from patient-facing applications to provider EHRs to payer claims management systems – and encouraging adoption of advanced AI and digital tools, the 'Make Health Tech Great Again' initiative promises to accelerate progress toward a more connected and transparent healthcare ecosystem," said Leigh Burchell of Altera Digital Health, chair of the EHR Association's executive committee, in a statement.
eClinicalWorks is another participant. "We pledge to work collaboratively and become a CMS Aligned Network," Girish Navani, CEO of eCW and cofounder, said by email. "This will empower our providers and patients to have real-time access to health information."
APIs are at the root of the ecosystem's functionality.
"CMS is doubling down on the modern 'API first' world and starting to put patients in charge," former National Coordinator for Health IT Dr. Don Rucker, who's now chief strategy officer of 1upHealth, told Healthcare IT News on Wednesday.
Requiring modern identity proofing and combining that with a national provider directory allows apps of the patient's choosing to directly leverage the patient's clinical data, he said.
"Apps providing innovative digital choices for care can now avoid many of the blocks system incumbents have put up in the name of 'protecting privacy' since patients can directly control their own data."
But pivoting to an API-based exchange is not a silver bullet solution. More work needs to be done, said Dr. Mitesh Rao, CEO and cofounder of OMNY Health, a clinical research platform vendor.
He noted that something missing from the Health Technology Ecosystem pledge is any promise around data usability.
"Interoperability doesn’t equal usability – we have a lot of heterogeneity and incompleteness across our data, and connecting into messy, incomplete information doesn’t benefit anyone," Rao said by email. "Once we get frameworks in place, we still have to address the tougher issue of transforming the data into a usable grade."
Trust and security questions
The involvement of Big Tech companies that have had mixed track records on data privacy over the years, alongside a federal government that has elicited concerns over its ability to both properly and lawfully manage and secure the privacy and security of health data, has raised questions for some civil rights advocates.
The new Health Technology Ecosystem plan could open the door to weakening privacy protections and commercial harvesting of health data, according to the nonprofit Center for Digital Democracy.
"This scheme is an open door for the further use and monetization of sensitive and personal health information," said Jeff Chester, the center's executive director, in the organization's social media post on Wednesday.
Beyond that concern, API-based data exchange does, by its nature, pose a risk of patient data exposure.
HHS strategic advisor Amy Gleason said earlier this month that CMS wants patients to have the ability to scan a QR code at the doctor's office and share their medical history. That functionality, however, has its cyber flaws.
While QR codes improve data transfer, they can also enable patient data breaches.
Of note, CMS also had to inform more than 100,000 beneficiaries earlier this month that malicious actors had fraudulently created new accounts between 2023 and 2025 using their information collected as part of a data breach stemming from a fraudulent letter-based 1-800-MEDICARE campaign.
HHS agencies, however, are confident that privacy can and will be protected under the new CMS-led health data exchange ecosystem.
"The Office of Civil Rights supports actions that improve the timeliness in providing individuals with access to their electronic protected health information, without sacrificing health information privacy and security," said OCR Director Paula Stannard in the CMS announcement on Wednesday.
"If an individual receives another individual’s electronic protected health information in error, generally, OCR’s primary HIPAA enforcement interests are ensuring that the affected individual and HHS receive timely HIPAA breach notification."
Andrea Fox is senior editor of Healthcare IT News.
Email: afox@himss.org
Healthcare IT News is a HIMSS Media publication.
