Except instead of one volunteer for tribute, we got 21
For better or worse, we tend to think in binaries. Yes/no, left/right, black/white. Binary thought is the distillation of simplification. It is the way we build consensus without overly burdening others with thought. Nuance takes time and requires effort.
So in light of this week’s unique interoperability events, it’s easy to default to one of two takes:
“This is unprecedented. It is something entirely new and novel. It fixes the problem.”
“This is more of the same. We’ve seen this before. Nothing will change.”
We’ve already seen both by smart people that I respect. How can they possibly be reconciled?
The answer is, of course, that neither is right, at least in absolute terms. The Make Health Tech Great Again event is both atypical, anomalous, and new, but also absolutely a continuation of what’s come before. It is simultaneously a monumental step forward and also an iteration on the same trajectory we’ve been on.
Understanding why is simply a function of realizing we’ve been asking the wrong question. Interoperability is infrastructure - imagining it as a solvable checkbox problem rather than a series of ongoing investments towards new functionalities and features is your problem. “Why haven’t we solved interoperability?” has the same energy as “Why haven’t we solved roads?” or “Why haven’t we fixed privacy?”
The arc of progress when building infrastructure across tens and hundreds of thousands of organizations means the change of a decade is taken for granted, while the change of a year is nearly invisible.
As mentioned before, interoperability is not a single problem. It encompasses provider-to-provider exchange, patient access to provider data, e-prescriptions, referrals, prior authorization, transfers between pharmacies, and numerous other cross-organizational workflows that require national, ubiquitous infrastructure.
Two decades ago, every prescription was printed on paper. We solved that interoperability problem with regulatory nudges and the victory of Surescripts in that domain. A decade ago, providers didn’t have access to the longitudinal record from other providers. That’s way closer to being solved today via Carequality and our Frankenstein of networks that connect 80% of providers today.
This is a new tactic to solve problems for which we don’t have ubiquitous infrastructure yet. It will move things forward, it may solve some things, and yet there will still be more to be done thereafter.
So we’ll cover:
What: The CMS Health Technology Ecosystem in plain English
How: Why CMS chose a pledge over rules or mandates
Why: What history tells us about where this goes
Who: The players, from payers to patient apps
What’snext: Four possible endings to this story
Paternity Break
The Keeler family grew as of July 16th! My son, Julian, and my wife are healthy, but I’ve been off work changing diapers, taking my daughter to and from daycare, and other life tasks while my wife recovers (C-sections are no joke).
As a result, although you all don’t know Bailey, please appreciate her and give a round of applause at this time. In light of the fundamentally unique and fairly unprecedented actions of our regulatory agencies, while going to DC wasn’t in the cards, she has gracefully allowed me to break away from paternal duties briefly to write this piece.
Given the unique timing and nature of this post, it’s a bit lighter on memes and humor. I hope you’ll indulge me - I promise to make it up to you next time.
Me to the CMS and ASTP after a monumental week during my paternity leave
What
The event at the White House this week announced the CMS Health Technology Ecosystem (aka Make Health Tech Great Again), a new blueprint for health data exchange and patient empowerment. In its simplest terms, the initiative plants two (familiar) stakes in the ground:
Patients get universal digital access to their health data. This takes the mantle of TEFCA Individual Access Services and looks to scale it more rapidly and (not not necessarily yoked to TEFCA).
Payers gain the ability to pull necessary clinical data from providers. The CMS proposes to pick up where TEFCA Operations has been dead in the water and get standardized channels to obtain information for claims, quality reporting, and care coordination.
It’s familiar, but not the same. The framework pushes beyond the TEFCA Individual Access Services and Operations concepts it echoes. It aims to:
Collapse identity barriers. Digital identity is aggressively included for both patient and provider pieces.
Bake in real‑time expectations. It has call-outs to subscriptions and notifications that current query-based networks don’t accommodate today
Digital check-in. The most experimental piece that is net new to the conversation is the idea that patients can check in using a QR code or Smart Health Card. While it’s very obviously derived from the Leavitt Partners “Kill the Clipboard” proposal, no networks, EHRs or providers had really jumped at those technologies yet.
In short, from a content perspective, this isn’t just regurgitation of TEFCA or other prior art. It’s “let’s sprint ahead and tell TEFCA and others to catch us” - an explicit roadmap that the CMS is challenging the industry to meet.
How
The heart of yesterday’s announcements was not regulation, new legislation, a mandate, or a rule. It follows on the heels of some standard regulatory patterns - the Request for Information (RFI) comment process we saw last month, but it’s a very different format - a voluntary collaboration centered on a pledge.
That pledge is actually six pledges (more on that below) that all tie to a framework of criteria to be a “CMS Aligned Network". The framework is simultaneously more prescriptive than your average pledge, but also infinitely less detailed than the usual federal rule spanning hundreds or thousands of pages. They’re pretty clear there’s still ironing out and definition of the criteria to come, likely as the output of workgroups:
The below criteria are meant to be visionary and to illustrate the goals of the initiative. For criteria that are less mature, early adopters will collaborate with CMS to document and publish implementation guidelines.
The CMS is also doing the work to both lead by example and support the initiative with action and not just words, as noted in their press release:
Enhanced Plan Finder: CMS will update its own tools to enhance the beneficiary experience, such as the Plan Finder that helps Medicare beneficiaries select which plan is best for their personal needs. This update will ensure that beneficiaries can select plans that have their preferred providers and hospitals in network. All proposed plans would protect privacy, secure personal health information, and comply with HIPAA requirements.
National Provider Directory: CMS has begun building a Fast Healthcare Interoperability Resources (FHIR)-based Application Programming Interface (API) to enable apps to find provider networks, participants and relevant endpoints, while also improving data quality and mapping complex provider hierarchies. The agency will be launching initial functionality of the new provider directory and expand iteratively starting later this year.
Modern Identity for Medicare.gov: CMS is working to add modern digital identity to Medicare.gov this year, exploring approaches that enhance security without disrupting current user accounts and services.
Faster Blue Button Data: CMS is developing infrastructure to reduce the time between when claims are received and when they become accessible through Blue Button, accelerating data availability for patients and developers. Additionally, FHIR-based digital insurance cards will be available as soon as this year to app developers and Medicare.gov users.
Data at the Point of Care (DPC): CMS is working to integrate digital identity and National Provider Directory validation into DPC during its continued development.
Trusted Exchange & CMS-Aligned Networks: As a major step forward, CMS announced today the new CMS-Aligned Networks concept based on the CMS Interoperability Framework. CMS is leading by example and plans to participate in trusted data exchange by responding to patient and provider queries and sharing Blue Button claims data through CMS aligned networks as early as the first quarter of 2026. For the first time, patients will be able to access their data using modern identity solutions, without needing to set up accounts and remember usernames and passwords for each healthcare website. This leap will dramatically improve how patients can securely access and share their records across the healthcare ecosystem.
While all of these are cool, the National Provider Directory and Trusted Exchange pieces are their immediate contributions backing the project - they are setting up the necessary infrastructure and offering their participation to those that can meet the high bar they set
Why did they choose this format?
A pledge, compared to rulemaking, is quick. It is significantly more top-down, without the latency and regulatory baggage of more required steps, alignment with all prior art, and resulting delays. All indications from the CMS signal that speed is their prerogative, that they do not want to get to year 2 or 3 with nothing to show (especially if midterms may change the overarching political landscape to some degree). There’s the looming deadline of sorts of the 250th anniversary of the United States next July, which has been a focal point for the administration to achieve outcomes by. So the RFI had a shorter comment period. The CMS Listening Session was rapidly designed and executed. And now they choose to use this pledge format.
As a contrast, look how long the ASTP’s HTI-4 took to crystallize - the provisions were proposed last summer. The deadlines for compliance (via CMS rules) are in 2027 and 2028. So that byzantine path, even expedited, wasn’t going to hit the deadlines the CMS wanted.
Outside of the speed, we also operate in what is supposed to be a deregulatory environment in this administration, so there’s a tension for wanting to add more guidance, goals, and controls with that principle hanging from above. The pledge is a means to the same end that avoids undesired questions about government overreach. All this is voluntary!
The other alternative, especially given the President’s involvement, would have been an executive order. I personally thought this might be the path they pursued when I heard about the initiative, but reflecting a bit, an EO is still compliance. And implementing compliance measures across all of a fragmented industry can only be done over the course of years, not months. Furthermore, we’ve seen this administration have some challenges with EOs forcing organizations to do things they don’t want to without incentives or regulatory teeth (such as the most favored nation changes they proposed with the pharmaceutical industry)
Haven’t we seen this before?
As a few news articles have highlighted, we’ve actually seen pledges before. In 2016, we saw EHRs, HIEs, providers, and provider advocacy groups pledge to offer consumer access, to not information block, and to use interoperability standards.
“That pledge must have failed, right? It mentions consumer access,” is a logical follow-up question. The skepticism and cynicism is unwarranted - consumer access is something we continually reinvest into:
In 1996, we gave the right of access to patients by law via HIPAA. Why didn’t we go further and prescriptively outline the digital format it should be exchanged? Simply put, most health records were not digitized at the time and wouldn’t be until the HITECH Act.
With Meaningful Use, we required EHRs to make patient data available in a downloadable, computable format (CDAs) from portals. Why didn’t we do APIs instead? Almost certainly because Meaningful Use predates the widespread use of APIs.
With the Cures Act, the Trump administration required EHRs to expose APIs to patients to allow them to pull their data with the app of their choosing. This was when the pledge above was made. Why didn’t we avoid portal credentials and use digital identity proofing instead? Digital identity was in its infancy, with CLEAR rebirthing from the fires of bankruptcy and ID.me only certifying with Kantara in 2018.
It’s easy to retrospectively look back and wonder why we didn’t just jump to whatever is cutting-edge today. But as seen with the cursory review above, the necessary technologies (IAL2 identity proofing, for instance) and infrastructure (ubiquitous national networks) didn’t exist a decade ago.
All this to say, that prior pledge and the regulations achieved an outcome - ubiquitous patient access APIs across all certified EHRs. We are taking the next step to overcome the new obstacles uncovered, informed by the progress that we’ve made. The cycle of continual regulatory investment repeats, layering in the next functionalities needed to reduce the friction of access, expand the data included, and digitize the remaining analog workflows. This push will make progress, and that progress should be celebrated. But it will only uncover new problems to be solved that we did not anticipate and the next generation of infrastructure to be improved or built.
Wait, where are the incentives?
This is indeed voluntary. This could be a nothingburger - a bunch of pomp and circumstance and selfies with organizations just ignoring their commitments. Maybe nothing changes at all!
Your skepticism betrays you again, young padawan. A few thoughts:
Naked self-interest is a real motivator! Networks notoriously calcify and struggle to change policy or technology. This represents a compelling event for large, existing networks to effect change that is otherwise hard to wrangle across stakeholders. I expect them to selfishly use it.
It’s a race, it’s a race. It’s not just a pledge. It’s a competition. The CMS is pitting networks against one another in a race to achieve this status and reap the benefits of their participation and favor. The FOMO effect is already quite strong - I had quite a few people messaging and emailing asking whether they should get involved.
The CMS can always do more. The night is young in terms of the arc of this administration. CMS has plenty of time to add incentives and do more. They're not done doing things that could add further carrots or sticks.
This is a unique administration of deal-making. Suppose you'd like to think creatively (or nefariously). In that case, it's worth considering how this administration has motivated other industries (media, higher education, law firms) sans regulation and pattern matching a bit here. Perhaps they will look to deploy their arsenal against healthcare technology companies if they don’t get the results they want. Not saying that's what will happen, but they have a tool (information blocking) that is specifically designed for use against three of the five groups of organizations outlined (providers, EHRs, health information networks). And there are always more traditional financial and antitrust threats.
Who
Sixty companies ranging from payers, providers, health technology vendors and more general tech companies committed to the CMS’s goals. There was quite a bit of confusion about how the list of organizations came together:
For me, it made a lot more sense when you look a level deeper than an alphabetized list of signatories and Sorting Hat the organizations into the respective pledge groups. The CMS defines seven types of entities that are involved:
We’re looking for early adopters in the following categories to pledge to collaboratively meet and aim to showcase the objectives in the first quarter of 2026.
We pledge to work collaboratively to implement the CMS Interoperability Framework and become a CMS Aligned Network. We commit to empowering patients, providers, and their apps—and, where appropriate, payers—with real-time access to complete and secure health information, in ways that protect patient privacy and follow applicable standards and regulations, without friction or delay.
This category includes many existing networks and QHINs, which is logical. There’s an obvious opportunity for existing networks to use this pledge as a tailwind and compelling event to move the ball forward much faster than via the existing levers they have.
Beyond that, we saw on-ramps to Carequality and Commonwell, like Particle Health and Zus Health, and state HIEs like CyncHealth (an HIE in Nebraska and Iowa) and MyHealth Access Network (which oversees Oklahoma’s HIE). Carequality itself is also listed as a network, which is an improvement in their own self-awareness, given prior resistance to the moniker.
The most interesting parts here, though, are the new entrants:
b.well: At first blush, most people think of b.well less as a network and more as a tool for providers, payers, and life sciences to build better consumer experiences (as that’s how they market themselves). They’ve always been heavily invested into and strong proponents of interoperability, but the shift of messaging to being recognized as a network is a good evolution (for them and for any point solution).
Datavant: Datavant is known for its deidentified data network, but since they merged with Ciox, they have used that technical talent to digitize the largest release of information network and make it FHIR native. They use MedAllies as an on-ramp to the national networks, but haven’t fully jumped into the Carequality and TEFCA world until recently. This, along with other moves, signals their intent to move closer to the wire here. They’re well-positioned to thrive here, as they’re unequivocally a network - it is one of the most comprehensive today for the Operations use case, and they facilitate robust free access for patients to their records at a high volume.
Innovaccer: Again a solution that hasn’t traditionally been thought of as a network, as their growth was on selling SaaS/point solutions (originally population health tools, but now a truly wide portfolio of care mangement, ) to providers, payers, life sciences, government, and more. However, their products are intrinsically dependent on data, so getting more involved is a prudent move. Bringing on talent like Lisa Bari (former leader of Civitas) and Dave Cassel (former leader of Carequality) signaled such intent here. With resilient beachhead products at leading healthcare organizations nationwide with strong data depth, they are well-positioned to facilitate interactions across their customer base and be a network in their own right.
We will see additional HIEs and on-ramps pledge or commit to different networks over the coming days and weeks, like the quick follow-on of Arcadia.
We pledge to participate in a CMS Aligned Network and work collaboratively to enable the CMS Interoperability Framework goals together. We believe in a future where seamless care coordination and data-sharing for the patients’ needs are the norm, not the exception and commit to ensuring our patients’ health data is accessible wherever and whenever it’s needed for the benefit of the patient.
AND
We pledge to “kill the clipboard” by enabling our systems to accept inbound patient data via QR codes or Smart Health Cards/Links using FHIR bundles and, where possible, return visit records to the patient in the same format. We commit to making it easy for patients and providers to exchange information securely and efficiently without requiring the patient to recall and repeatedly write out their medical history. We are committed to eliminating the clipboard, one encounter at a time.
As you look at the different pledge types, there’s supply (data sources), demand (data users), and facilitators (the networks). So participation by supply is critical to the initiative’s success. Providers (the next category) are that supply, but EHRs supporting the necessary capabilities is a prerequisite for unlocking them.
The list are the big, leading EHRs that have been lynchpins of interoperability networks previously (athenahealth, eClinicalWorks, Epic and Oracle Health) and two smaller players that are fun to see (TruBridge, Elation Health). The mysterious/interesting inclusion is Amazon - is this just for One Medical’s EHR?
We pledge to work collaboratively to implement the CMS Interoperability Framework and enable our provider customers’ participation in CMS Aligned Networks. We commit to promptly respond to patients, providers—and, where appropriate, payers—with complete and secure health information, in ways that protect patient privacy and follow applicable standards and regulations, without friction or delay.
AND
We pledge to accept patient health information via “kill the clipboard” tools and to stop requiring patients to remember or write out their health history. When possible, we will return visit records to patients using the same tools. We commit to making check-in easier for patients and commit to using the provided data to eliminate the clipboard one encounter at a time.
Again, providers are critical to this initiative. They need to share data with other entities and patients. They will need to change their workflows - buy scanners, train their staff to scan QR codes, add QR codes to after visit summaries, and more.
The list here is both heavy hitting with typical forward-thinking big names like Intermountain, Providence, and Cleveland Clinic, but simultaneously is in some respects light - shouldn’t every provider organization be signing on?
We could see the rumored incentives (like faster payment) to accelerate pledging but my guess is that the CMS just wanted a few leading organizations to guinea pig things (especially the workflow changes). My expectation is that the CMS puts the screws on the networks and EHRs to act as enforcers and distributors here to roll things out more broadly.
As an aside, in terms of the members of the list, Amazon and UnitedHealthcare both stand out as unique entities. This is likely for One Medical and the 90,000 or so employed or affiliated physicians of Optum Health, but I’m interested to watch their announcements and moves.
As an aside, I’m wondering if the CMS accidentally flip flopped the first pledge for providers and EHRs. This sounds more like an EHR pledge:
We pledge to work collaboratively to implement the CMS Interoperability Framework and enable our provider customers’ participation in CMS Aligned Networks.
We pledge to participate in a CMS Aligned Network and work collaboratively to enable the CMS Interoperability Framework goals together. We believe in a future where seamless care coordination and data-sharing for the patients’ needs are the norm, not the exception and commit to ensuring our patients’ health data is accessible wherever and whenever it’s needed for the benefit of the patient.
Solving Operations and Payment in a national, ubiquitous way is the interoperability challenge of this decade, along with Individual Access.
This should be overly obvious, but in order to facilitate payer-provider data exchange, you need payers. Existing national networks had struggled to get any payers to use or give input directionally on their plans for facilitating payer-provider data exchange.
So the CMS has done just that with the biggest names you’d want to see to get the ball rolling: Aetna, Elevance Health, Humana, UnitedHealth Group, and (of course) the CMS themselves as a payer.
Patient Apps
I ordered the categories in this way based on their importance to the success of this initiative. The patient-facing apps are exciting, but frankly and candidly, their proposed value is contingent on and can only be realized with the other entities participating. I cannot walk into a hospital or clinic and offer my QR code if they don’t have a scanner. I cannot provide truly tailored guidance to diabetes patients in the way the CMS wants without data from providers and payers.
While I appreciate these public commitments, demand side was never the problem. There’s nearly infinite demand to create patient facing conversational AI apps - we see many of these already trying to use the existing networks (via secondary use) to achieve their goals.
We pledge to build conversational AI assistants that connect to CMS Aligned Networks or personal health record apps, and with patient consent, securely access relevant health information and use this information to deliver personalized, helpful support. Our tools will clearly distinguish educational content from clinical guidance, assist patients directly when appropriate and guide them to care from a health professional when needed.
Conversational AI assistants are portrayed as avant garde, but they’re really a sexy rebrand of Personal Health Records. This is not to diminish their potential, but we must call a spade a spade - you previously aggregated longitudinal data and then looked at it. Now you aggregate longitudinal data and run it through an LLM.
To recap from “Indiana Jones and the Personal Health Record”, PHRs have not been viable as a category because data access, even with Patient Access APIs, have been too hard for your average relatively healthy patient to care about. As we switch to digital identity-backed access, we potentially fix that blocker.
It then becomes a DTC race, where the cost of user acquisition will be a main metric. My guess is that means:
Huge advantages to existing consumer technology companies with pre-existing user bases and innate distribution, like Anthropic, Google, Microsoft AI, OpenAI, and Oura
Opportunity for small, highly tailored conversational assistants specific to disease states or niche populations, like Citizen Health or Polygon Health
Conversational assistants that are “embedded health”, where aggregation and analysis is just a feature adjacent to a broader set of services, like Curai Health, Ellipsis Health, or K Health
Once this is complete, we’ll suddenly be very eager to build the next set of rails - not just data aggregation for analysis and conversation, but pipes that allow for subsequent action - finding in-network providers, understanding availability and scheduling, understanding and paying bills.
We pledge to connect to CMS Aligned Networks or personal health apps and, with patient consent, securely access relevant health data to deliver personalized support. Our diabetes and obesity tools will use this history to provide tailored guidance—offering direct assistance when appropriate and directing patients to care from a health professional when needed.
I don’t have a ton of commentary here - it’s a grab bag of companies, many of whom overlap with the conversational AI category.
We pledge to empower patients to retrieve their health records from CMS Aligned Networks or personal health record apps and share them with providers via QR codes or Smart Health Cards/Links using FHIR bundles. When possible, we will return visit records to patients in the same format. We commit to seamless, secure data exchange—eliminating the need for patients to repeatedly recall and write out their medical history. We are committed to “kill the clipboard,” one encounter at a time.
The last category is the most intellectually and academically compelling as a very visual, futuristic vision. It also has more barriers to success than other parts of this initiative. Whereas the other patient apps are only gated by ubiquitous support for the individual access data pull, the Kill the Clipboard workflow also has significant provider organization workflow and education changes to be effective. Equipment needs to be purchased, staff need to be trained, and a statistically significant amount of patients need to understand and feel motivated to use the workflow so that it’s standard operating procedure rather than an occasional one-off.
Other Questions
What doesn't it do?
It’s all about accelerating nascent initiatives (like individual access), rebooting ones that weren’t working (like payer access), and piloting entirely novel things (like QR codes when checking in). However, taking the pledge in isolation, it’s not driving them to ubiquitous adoption.
Notably, it’s not hitting the long tail of providers and EHRs, so it’s not addressing the many CMS RFI comments that asked for expanding network coverage to behavioral health, dental health, oncology, physical therapy, and other specialties. The long tail doesn’t have the resources for voluntary pledges - they struggle to keep their head above water for basic features and workflows. So I would expect other levers and subsequent nudges by the CMS and other agencies to be used once the market proves things out and gets a decent level of adoption.
How does this relate to the HTI-4?
The Assistant Secretary for Technology Policy released a new rule regulating EHRs and relating to provider/payer data exchange on July 31st. It must be related, right?
Hard to say definitively, but all indications say no:
The criteria HTI-4 updates are related to e-prescribing, real-time benefit checks, and electronic prior authorization capabilities. While those are networks, they aren’t called out in the CMS Health Tech Ecosystem, which focuses on clinical data exchange.
There are some clues that they worked on/wrote HTI-4 in May. It’s also apparent that different forms of HTI-4 were in progress throughout Q1 and Q2
My general guess is this is clean-up from the pre-Keane era. The ASTP wanted to use more of the hard work they put into the sweeping HTI-2 proposed rule, so they funneled it towards the core functionalities to support the CMS. We’ll see a reboot and refocusing next from them around information blocking enforcement, a new API certification program (rather than an EHR certification program), and overall slimmer regulation.
Is your company interested in joining? Please email HealthTechRFI@cms.hhs.gov your company name and which category you are interested in pledging to.
Next question.
How did this group of early adopters get chosen?
No insider baseball here, but my read on this is that, as noted above, the CMS made the decision to move fast here and do something new, rather than use an existing network. When you do something new, you need to build a broad coalition with resources. So it’s unsurprising to me that it’s a lot of usual suspects that they invited to the White House - they wanted to get as many patient lives committed as possible, which entailed pulling in the big players: the dominant EHRs with wide market adoption, the networks that are scaled, the national payers. There are a handful of puzzling additions, especially in the patient app categories, but as mentioned earlier, they’re somewhat secondary in importance.
Why wasn’t I invited?
That’s your ego talking. You have full agency to pledge. You know what’s way better press than hanging out with Trump and Dr. Oz because you made a commitment along with 59 other organizations? Being announced as the first organization actually to meet the CMS goals and influencing the actual framework criteria by doing so.
Who are the winners from this?
Overall, it’s hard to say at this point until we move from pledges to execution. However, it’s hard not to see this as a big victory for digital identity vendors like CLEAR and ID.me. Even if nothing else pans out as planned, the initiative is pushing them for both patient and provider use cases in a way that advances awareness and their cause.
Who does this present challenges to?
Existing ADT networks like Bamboo Health, PointClickCare, and state HIEs might be a little worried, given the requirement that networks support notifications:
Appointment and encounter notifications will be provided for outpatient, telehealth, ED, and inpatient encounters using FHIR subscriptions, where such notifications are permitted by existing law.
If they are not the solution backing this for the CMS Aligned Networks, these other networks will be incentivized to build technologically competitive offerings. They should be scrambling the jets to partner to be the infrastructure behind the major networks that are vying to become CMS-Aligned (or to pledge to be CMS-Aligned themselves)
What about TEFCA?
There are several aspects to this question and angles to unpack.
So if that’s true, couldn’t the CMS have joined TEFCA, skipped this initiative, and possibly achieved the same outcomes? Sure! However, that would have put them in a subordinate position, attempting to convince other QHINs and influence policy. This path would undoubtedly have been slower than the one taken.
No, instead, the choice by the CMS was to also set the bar well beyond where TEFCA or any network is. The choice was to create competition between networks to rise to the occasion and allow for a meritocracy rather than an anointing.
TEFCA, Carequality, Commonwell, and other existing national networks are honestly fairly close to the CMS’s criteria! They are well-positioned and, by my rough, sleep-deprived count, probably 95% of the way there.
Their challenge, of course, is the ability to close on the remaining 5%. Can these collaborative organizations herd the horde of cats that is their membership and move at the speed necessary?
To that extent, the private networks like Datavant and Innovaccer, while perhaps further off technically, might be able to outcompete the consensus bodies by virtue of top-down execution and fewer dependencies.
In short: TEFCA isn’t being replaced (unless we hear the ASTP say something to that extent). It’s being dared to keep up.
A competition, a bakeoff, and a race! The bar has been set, so let’s get ready to rumble.
What are the possible outcomes?
Short term, we’re going to see the race ensue. It will advance the ball. It will prove out a lot of technologies. It will help many networks take policy leaps. Multiple networks, startups, and incumbents will sprint to capture market share. Pilots and proofs of concept will demonstrate viability, draw in early adopters, and stress‑test policy frameworks. That’s largely what this pledge will do in isolation, with no further action by the CMS.
Longer term, as the CMS continues to throw its weight behind it via rulemaking, incentives, executive orders, and/or behind-the-scenes pressure, there are four possible outcomes based on our prior experiences:
Interconnected, ubiquitous network: HIPAA mandated X12 for claims in the early 2000s. Clearinghouses like Availity, Change, Office Ally, etc. sprang up but had to interconnect to reach full coverage.
What it would look like here: Multiple sub-networks meet the criteria but create an interoperable network so that, from a provider’s perspective, it’s all one fabric. Competition exists behind the scenes (pricing, value‑adds), but the front‑end experience feels universal. This could be if TEFCA or Carequality falls into place here, or could form in a spontaneous fashion and new form if various CMS Aligned Networks succeed and then connect.
Winner-take-all ubiquity: With Part D mandates, Meaningful Use, and state laws all pushing in one direction, one network (Surescripts) became the default pipe for prescriptions.
What it would look like here: One network wins both policy favor and market share, becoming effectively the only path. Everyone plugs into it because CMS rules and certification criteria make it unavoidable. This doesn’t seem likely, but if one of the private networks can achieve the CMS's desired outcome and the broader cooperative models cannot, it’s possible.
Parallel, competing, fragmented networks: With the ADT Event Notification requirements that came from CMS’s May 2020 Interoperability and Patient Access Final Rule (CMS‑9115‑F), we were supposed to solve ADT notifications. However, hospitals and payers joined whichever care‑coordination network their region favored. Coverage was patchy, and interoperability wasn’t guaranteed.
What it would look like here: A checkerboard map of individual access and payer/provider data exchange with some regions and use cases covered deeply, others not at all. Users constantly hit dead ends because their counterparty is “on the other network.”
Parallel, competing, ubiquitous networks: We don't see this in healthcare a lot but it's how many payment rails work. Credit cards, ACH, wire transfers, real time payments - all have multiple duplicate rails that coexist, often interoperating only minimally, but each is ubiquitous in its own right. Sometimes competing private networks, like Visa, Mastercard and AmEx. Other times there’s a “public option” (like FedACH) alongside private industry rails (Electronic Payments Network).
What it would look like here: Two or more heavyweight networks each reach near‑total coverage, but they don’t merge or fully interconnect. End users might have to support both rails - think “accepting all cards” at a point of sale. However, this is actually a great outcome - it forces networks to compete on price, features, and quality. There’s also better resilience to having multiple networks - think about how beneficial another self-contained clearinghouse network would have been during the Change outage.
Will this be a success?
It's just a matter of defining what your bar for success is and what your time horizon is. As noted before, one of the main goals is to allow patients to access their data with less friction than before and use it with apps for conversational AI, diabetes management, and transitions of care to new providers.
There’s a lot of comparison by some of the leaders (such as Dr Oz during his remarks) to Netflix, grocery stores, and other industries with modern experiences. I think these analogies undercut the message a bit - Netflix is a big centralized service by one company. That’s certainly not the structure of healthcare today nor does it map to the solutions we’re proposing. Grocery stores are a closer comparison, in that there are tens of thousands nationwide, but they have tremendous technologic variability across the US. The goal here is so much more audacious - to level up all of healthcare organizations nationwide to a standard set of technology.
If your bar of success is “will we have solved interoperability?”, the unfortunate reality is that you’ll never be satisfied.
If your bar of success is whether patients will be able to access every provider in the country, you are correct that this alone won’t achieve that by next year.
For me personally? If they accelerate the adoption of individual access services so the major EHRs all support it fully by next year, that's a huge win. If they get any payer exchange, it's a win. If it proves out digital identity in a scaled way or shows QR codes can work, it’s a win.
What else is interesting about the CMS’ framework?
Oh, you’re interested in pedantic levels of technical aspects and finer details of the CMS’s proposal? I’m glad you asked. There are a few other things from my initial reads that are worth calling out.
Data Depth
Chart notes and clinical documents (e.g., radiology reports, scanned/faxed labs, external specialist notes) are returned in machine and human-readable formats (PDF, TIFF, JPG) as specified in United States Core Data for Interoperability, Version 3 (USCDI v3)
There’s some internal contradiction in what’s proposed here. The initial thrust of it appears aimed at broadening the set of data beyond what is already available via networks by mentioning scans, external specialist notes, and such. The set of clinical documents in USCDI is fairly limited:
This is exciting, as it’s felt like they’re trying to push the data set further to information they know is missing but necessary for their patient-facing application use cases.
However, they then go on to close by limiting it to USCDIv3! I wonder if they actually meant the US Core Implementation guide - USCDI is a dataset, whereas US Core defines the data format.
HIPAA Breach Risk
The inclusion of this quote from the OCR is worth highlighting:
“The Office of Civil Rights (OCR) supports actions that improve the timeliness in providing individuals with access to their electronic protected health information, without sacrificing health information privacy and security,” said OCR Director Paula M. Stannard. “If an individual receives another individual’s electronic protected health information in error, generally, OCR’s primary HIPAA enforcement interests are ensuring that the affected individual and HHS receive timely HIPAA breach notification.”
The main reason that provider organizations have resisted the next generation of individual access is the risk of HIPAA breach liability. In the event of erroneous sharing of data, providers believed HIPAA breach risk would fall back to them. Advocates for patient access have been pushing for a waiver of such liability when shared over networks using digital identity. While it appears the CMS could not get such a waiver over the hump, the quote here signals that they’ll exercise some enforcement discretion in those edge case scenarios, if and when they occur.
Delegates and Reciprocity
Delegated model supported: Providers may use any application or delegated technology vendor/partner of their choice to execute transactions in the network. When acting on behalf of a provider, such vendors are considered business associates under HIPAA and must have an executed Business Associate Agreement in place. These delegated actions are treated as equivalent to direct provider actions. Delegated vendors/partners are not required to provide reciprocation within the network unless otherwise contractually agreed.
Delegated applications have a long and winding history (which we unpacked in detail here), but essentially aim to give providers the ability to use non-EHR applications with nationwide networks. TEFCA adjusted this designation quite a bit and, in doing so, added a lot of friction to onboarding delegates. I was optimistic coming out of the CMS RFI sessions and hearing about early drafts of the CMS Health Technology Ecosystem that they’d somehow find a better balance there.
However, the insertion of the “no reciprocation needed” aspect is distinctly not that solution and seemingly adds several problems without solving any. TEFCA’s rules around delegates’ reciprocity were the right ones, in my mind - they required reciprocity but allowed for a special process for the rare case that a delegate truly had nothing new to contribute back. If providers can use applications without reciprocation, that is what they will choose to use.
This clause will hurt efforts to get full EHI on the networks and build a longitudinal patient record. I’m sure that wasn’t the intent, so it needs to be revised. It will almost certainly be the focus of contention, debate, and the workgroups that are coming.
Conclusion
Interoperability isn’t a finish line or a checkbox. It’s a road system under perpetual construction. The CMS Health Technology Ecosystem isn’t a magic wand that will “solve” anything overnight, but it’s also not a hollow stunt destined to fizzle out. It’s a shove forward. It’s a sign that the most powerful payer in the country decided not to wait for TEFCA, for another round of rulemaking, or for the industry to self-organize, but instead to set a higher bar and challenge everyone to jump.
Whether this ends in a single dominant network, a web of interoperable ones, or a chaotic checkerboard that takes another decade to smooth out, progress will happen. And the proof won’t come from the White House photo ops or the pledge signatures. It’ll come when a patient actually walks into a clinic, flashes a QR code, and their doctor has their full record in hand. When a payer finally gets the data they need without twenty faxes and a phone call. When a diabetes app delivers real, personalized guidance because it knows the person using it.
For the skeptics, yes! We’ve been here before. We’ll be here again. Every wave of interoperability work uncovers the next set of problems to solve. That’s not failure; that’s the nature of infrastructure.
So yes, it’s both new and not new. It’s both catalyzing and iterative. It’s both a pledge and a dare.
Now we see who takes up the challenge and how fast they can run.
Can I pledge? Yes.
Will they reply? Yet to be seen.
Big congrats! And a salute to Bailey! 🙌