The Trump administration’s initiative to boost health data sharing could be a boon for interoperability, but the plan so far lacks detail — and challenges like data security, under-resourced providers and slow technology uptake could be barriers to success, experts say.
The initiative, announced late last month at the White House by leaders of the HHS and CMS, aims to improve long-standing challenges with health data exchange through partnerships with more than 60 companies, including firms like Amazon, Google, Epic and UnitedHealth.
The plan includes two large focus areas: encouraging adoption of a voluntary blueprint for data sharing called the CMS Interoperability Framework and increasing the availability of digital health tools, like products for chronic disease management and care navigation.
The companies pledged to “deliver results for the American people” in the first quarter next year, the CMS said.
But that’s a quick turnaround — and though the initiative has set out criteria on how the interoperability framework should work, it isn’t clear yet how the plan will function, experts say.
“It appears to me that most of the work is dependent on these 60 companies who’ve signed up, but I’m not actually sure how this is all going to get done,” said Beth Mosier, a director on consultancy West Monroe’s healthcare M&A team. “It seems to be, you volunteer and you figure it out. So I think there’s a lot left to be defined on how this is actually going to work.”
Improved data sharing can’t hurt
Still, the initiative has a worthy goal, given the healthcare sector’s challenges with data sharing, experts say.
Interoperability and information sharing is a long-term problem for the industry, made harder by siloed data that doesn’t easily flow between providers and a reliance on dated technology like fax machines.
Many patients likely go to multiple providers who utilize separate patient portals, so consumers are piecing together their health data from several different places, Mosier said. Giving patients easier access to all their information could be empowering, allowing them to make data-driven decisions about their healthcare, she added.
The plan likely won’t hurt interoperability, and getting the CMS involved — the nation’s largest payer that processes more than one billion Medicare claims annually — could facilitate data sharing and accessibility, said Alex Nisenbaum, partner at law firm Blank Rome.
Plus, the ease of data flow is more important now than ever, as the sector tries to shift more care into value-based payment arrangements and adopt artificial intelligence tools, said Jennifer Goldsack, CEO of the Digital Medicine Society.
AI needs to be trained on vast troves of data to function. Meanwhile, providers need access to data to adequately predict risk in value-based care arrangements.
It’s likely less risky for the companies involved to work together with the CMS and the other pledged firms than to try and figure things out on their own, Goldsack said. Plus, the initiative, and the names of the companies who decided to sign on, have been very visible, which might incentivize them to commit to the project.
“If someone down the line then wants to take their toys and leave the sandbox, it’s not a good look,” Goldsack said. “And so I would imagine that there’s some commercial pressure to stay the course and deliver.”
A high bar for patient access
The “million dollar question” is how the initiative will work in practice, Nisenbaum said.
One possibility is the data sharing pledge could build upon and enhance the Trusted Exchange Framework and Common Agreement, a governance framework for health data exchange that went live at the end of 2023, he said.
TEFCA has built up momentum in recent years. Ten organizations have been designated as qualified health information networks, or QHINs, increasing from just five at TEFCA’s launch.
Several QHINs, including CommonWell Health Alliance, eClinicalWorks, eHealth Exchange and Health Gorilla, have pledged to implement the interoperability framework and become CMS Aligned Networks.
However, the new initiative places an emphasis on putting data at patients’ fingertips, while TEFCA focused more on sharing among healthcare organizations to improve care coordination, Nisenbaum said.
The expectations for patient data access are pretty high, Mosier said. Some of the criteria under the CMS’ framework include ensuring patients can access their electronic medical information through apps of their choice, as well as find their claims, explanations of benefits, prior authorizations and clinical data from current and past payers.
“BYOD or bring your own device is basically what they’re talking about, and that has not been solved almost anywhere elegantly in healthcare, right?” Mosier said. “Patient portals and provider portals exist for a reason. [...] To support every device anyone may bring is a big commitment.”
Typically, when BYOD is implemented successfully, it uses a pretty basic interface, she said. And healthcare data can be complicated: What if clinical data from your doctor and your insurer don’t clearly match up? What if that information is confusing?
Even if the data is structured and complete, it can be hard to understand. For example, lab results can be confusing without a clinician at hand to explain what the tests mean.
“It’s really hard for most people to digest and consume really complex healthcare data,” Mosier said. “I think it will create another level of support that will be needed for these healthcare consumers.”
Data security, technology barriers
Additionally, there are plenty of challenges to overcome in health data sharing, including reticence from providers about adopting new technology and concerns about data privacy, experts say.
The Trump administration wants networks to facilitate access to data using the Fast Healthcare Interoperability Resources standard, or FHIR, a set of rules that defines how health data can be exchanged between computer systems regardless of how the information is stored.
However, adopting FHIR can be challenging, Mosier said. Providers might implement the standard differently, and they could use different versions of FHIR — potentially complicating exchange as versions change over time.
Data security is another concern. Some apps tasked with giving patients control over their health data might operate outside the HIPAA privacy and security law, Nisenbaum said.
“I think that is going to put the onus on patients to really understand the commitments that these companies are making with respect to collection, use and disclosure of health information,” he said.
That could prove challenging for patients. A 2022 survey from the American Medical Association found just 20% of respondents indicated they knew the scope of companies and individuals with access to their health data.
Plus, companies will have to shoulder a burden of their own when managing a complex and fragmented landscape of data privacy laws. Many states have their own data laws, and some have health-specific requirements, like California’s Confidentiality of Medical Information Act.
The initiative could spur more states to ink their own privacy legislation, as it only takes a few players using data for suspect purposes, like advertising, to draw regulatory scrutiny, Nisenbaum said.
“The majority of states don’t have these comprehensive privacy laws, right?” he said. “So, still room for regulation, assuming the federal government doesn’t pass something, which it has not been successful at for many years.”
Will under-resourced providers have a seat at the table?
Several health systems and providers have signed onto the pledge, including Cleveland Clinic, Intermountain Health and Providence, promising to participate in a CMS Aligned Network and accept patient data electronically.
However, the number of participating providers is small compared with the amount of health systems operating in the U.S.
And several of the entrants are fairly large providers — which isn’t surprising, given that smaller physician practices are often “pulled along” when it comes to technology adoption, Nisenbaum said.
Managing technical change at healthcare organizations can be challenging, and small practices often look to their vendors to meet data sharing requirements, he added.
And the experiences of large institutions likely won’t match health systems with fewer resources, like rural providers or financially struggling facilities. These health systems usually don’t have the bandwidth to participate in a working group, leaving the particular challenges they face by the wayside, Goldsack said.
“Rural hospitals don’t have a chief innovation officer or a chief digital officer or a chief AI officer or a chief technology officer,” she said. “It’s the CEO doing it off their desk on a Thursday evening, and their tech budget is very small.”
Next steps
For now, the initiative has been clear about its goals, and has brought together a large group of organizations that have signed onto the pledge, Goldsack said.
One indicator of the plan’s progress could center around how the companies involved are integrating the initiative into their development plans, Mosier said.
“If we are hearing Amazon and UnitedHealth talk about this on a consistent basis and what they’re doing, then that’ll lead us in one direction,” she said. “And if this comes out as this big thing, and we don’t hear much about it three and five months later, that’s going to tell something else.”
