Brittany Trang of STAT News released a follow-up piece to the CMS’s Make Health Tech Great Again pledge that did a deep exploration of the conversational AI.
I appreciated it digging into some of the more obscure companies on the list more comprehensively than I did. My main pushback: the article misses the key blocker for OpenAI and other tech giants like Anthropic, Google, Apple, or Meta. The implication in her piece is that the main challenge for OpenAI under this pledge is to create a new health-focused app. But they don’t need that.
That framing reminded me of something Nikhil Krishnan of Out-of-Pocket posted, not necessarily about the CMS pledge, but about the broader consumer and healthcare intersection:
These consumer technology companies don’t need to build an app - they already have one! OpenAI has ChatGPT. Anthropic has Claude. Google has Gemini, AI Search, Bard, and whatever else they’re doing. Their strategic play isn’t to start from scratch, but to embed health data into the products that millions of people already use every day. Launching a separate health app would squander their biggest asset: the massive, built-in daily active user (DAU) base that makes distribution a solved problem.
Again, rereading the pledge:
We pledge to build conversational AI assistants that connect to CMS Aligned Networks or personal health record apps, and with patient consent, securely access relevant health information and use this information to deliver personalized, helpful support. Our tools will clearly distinguish educational content from clinical guidance, assist patients directly when appropriate and guide them to care from a health professional when needed.
Nothing in it precludes OpenAI from using ChatGPT as their entry into the conversational AI assistant category. They’re already doing the back half of the pledge, as exemplified by the story of the cancer patient in the GPT-5 announcements yesterday. So they just need to connect to CMS Aligned Networks, collect consent, and continue what they're already doing. Surfacing a “link your health records” button in ChatGPT is trivial, but only once the underlying connectivity to do so is ubiquitous and easy.
It’s that italicized part that really matters. Historically, Nikhil’s thesis has actually been wrong when applied to consumer tech companies (rather than individuals, as he refers to). Consumer products taking on healthcare has a long and torrid history akin to marching into Russia in winter. When you work in the world of advertising dollars, the TAM of vertical products is a rounding error. Consumer tech companies (and horizontal B2B companies) generally lack the stomach for prolonged, gritty vertical-specific work.
And so “ubiquitous and easy” has always been the gating factor for consumer tech companies looking to make a PHR or otherwise pull health data into consumer experiences. We’ve have had patient access to data via many different rails previously, but it’s been too hard and healthcare-specific. Google and Microsoft’s well-noted failures were functions of the “healthcare part” (getting data from healthcare providers) being too hard and “healthcare-y” in the era of downloading a CDA from a patient portal. Even Apple lacked the wherewithal to aggregate all the patient access API endpoints of the hundreds of thousands of providers nationwide, instead adopting a “come to us” model.
What makes things different now is that if the CMS pledge can iterate patient access to its next form and scale that new infrastructure nationally, the “healthcare parts” become trivial. In that world, the equation is flipped, and the consumer part becomes the challenge. For companies like OpenAI and Anthropic, that’s great, as they’ve already solved it.
The consumers that care about and manage their health are not your average American. Your average American generally mismanages the hell out of their health, which is why we perform so poorly in regards to health metrics. We don’t eat right, we don’t work out enough, and we don’t have the right checkups. If these consumers do happen to use technology, they primarily seek additional convenience out of any tools or applications they use for their health, helping them achieve good outcomes (spend less money, do the right appointments, perhaps be healthier) with minimal effort on their part. A PHR doesn’t help them achieve these goals in a concrete way.
Extremely healthy patients have a slightly higher incentive to track their health. Whether they follow a strict diet or work out regularly, aggregation of data and metrics helps them achieve these goals. However, the data sources are primarily ones close to that lifestyle - Fitbit or other consumer fitness electronics, diet management applications, etc. The clinical data aggregation of PHRs is not necessarily core to solving their problems.
Extremely sick patients, especially with chronic conditions, are the main benefactors of PHRs. Tracking medications from multiple providers, understanding the outcomes of visits at various practices, and building the overall narrative becomes increasingly important as the frequency of engagements increases across disparate sources.
Overall, by overlaying a bell curve to represent how the population is spread across these groups, the market you address ends up looking like this:
In a world where the “healthcare part” is easy and ubiquitous, the powers of consumer are pronounced. Specialized tools for fitness and longevity will harness this new infrastructure on one end of the curve, while a thousand niche apps tailored to specific disease states will aid the sickest patients. But what about the middle of the bell curve? While my prediction of Facebook in the PHR article feels dated, it’s directionally correct:
Beyond that, consumer touchpoints with high innate distribution may also start to utilize embedded health. We’ve already seen Facebook add some vaccination reminders into their notifications and tout the billions of lives they touch. It would be logical to see them reduce manual input and automate that more with embedded health.
Dominant tech aggregators like Google, OpenAI, and Apple will own the middle of the bell curve by virtue of meeting those patients in the consumer experience they already are. For that population, embedded health or “healthcare that shows up just when you need it” will be the manifestation that wins.
That future is not contingent on building a new app. It’s contingent on putting health data in the one they already have. That’s only possible on healthcare infrastructure that’s easy and ubiquitous. And so I wasn’t being flippant here:
The patient-facing apps are exciting, but frankly and candidly, their proposed value is contingent on and can only be realized with the other entities participating.
The pledge initiative will live or die by the CMS's ability to get all providers onboard. Supply matters far more than demand in this equation, given how trivial it will be for consumer apps to meet their part of the pledge.
Anywho, since we’re here, it’s worth noting that I absolutely nailed it with the closing meme of that 2019 article and called one of the other major categories of patient apps. Please let me know where I go to pick up my prize.
Here is July’s monthly review. As a reminder, this is a regular round-up of various short(er) form content on social media (LinkedIn with a smattering of reposting to Twitter) is to surface things you may have missed across regulation, litigation, interoperability, and beyond.
Regulatory:
ASTP’s TEFCA Priorities: ASTP released priorities for TEFCA's remainder of 2025, including QTF v2.1 for improved "targeted" retrieval and expansion to payment/operations/public health use cases. They released a new FAQ targeting Epic, Oracle, and eClinicalWorks for potentially information-blocking "QHIN bundling" practices. Language also shifted from TEFCA being "the" solution to supporting "other non-TEFCA networks," which now seems it was hinting at the planned CMS-Aligned networks.
Interoperability Angles in the 2025 Medicare Fee Schedule: CMS's 2026 fee schedule shows massive FHIR momentum with 135 references throughout. Key changes include shifting PDMP and public health measures from attestation-based to performance-based reporting, proliferation of quality implementation guides across agencies, and 53 TEFCA mentions focused on public health exchange.
The Return on Federal EHR Investments: Federal EHR costs vary wildly - VA's Oracle implementation stands at $16B (projected $30-50B over 25 years) while DoD's successful MHS GENESIS served similar population for $5.5-6B. IHS has a $2.5B Oracle project underway. Fun to compare those to Meaningful Use's $40B that achieved nationwide adoption.
ICE wants a new EHR: ICE released an RFI to replace eClinicalWorks, serving 131,000+ individuals across detention facilities. They want a single integrated system to replace multiple subsystems. VA ties give Oracle at least a chance.
The FAA’s TEFCA use case: FAA could use Individual Access Services to auto-populate pilot medical examination forms with consent, streamlining fitness-for-duty assessments. Similar opportunities exist across safety-critical industries like DOT drivers and DOE nuclear workers. Just another example of how embedded health via the easy and ubiquitous patient access mentioned earlier could be useful!
HTI-4 Drops: ASTP embedded HTI-4 in the CMS IPPS final rule as tactical updates supporting CMS priorities. Adds limited CDS Hooks (order-sign hook only for PA), FHIR subscriptions (EHR as client for PA notifications), Da Vinci Prior Authorization requirements, updated NCPDP SCRIPT, and real-time pharmacy benefit checks.
CPSC Wants EHR Data: Consumer Product Safety Commission seeks to automate review of 4 million medical records annually using AI/ML to identify consumer product injuries. They want fresh de-identified data within 10 days of ER visits - another example of universal EHR data demand requiring trusted intermediaries.
Court cases:
Real Time Medical’s Response: RTMS focused on procedural arguments against PointClickCare's motion to dismiss, arguing injunctions have higher bars than dismissals and that PCC is inappropriately fact-injecting at the 12(b)(6) stage. They avoid substantive debates, confident in procedural grounds while Count I (Maryland's Nursing Home Records Act) remains a wild card.
CureIS’ Refocus on Antitrust: CureIS amended their complaint, repositioning as "Managed Care Middleware," dropping trade secrets claims, and adding federal antitrust claims targeting Epic's EHR dominance (60%) and Tapestry's CAPS monopoly (76%). Despite avoiding formal tying claims, the credible market definitions and exclusionary conduct allegations likely survive motion to dismiss.
PointClickCare sues CRISP: Audacious Inquiry filed patent infringement suit against CRISP over encounter notification tech. CRISP collaborated on development, sold IP rights in 2014, licensed back for a decade, then launched competing 'CEND' after license lapsed in 2024. Highlights software patent issues but CRISP faces legal reality regardless of validity concerns.
Reflections on the FTC v. Surescripts: Carl Dvorak's deposition reveals Epic's historical third-party approach - avoiding forced vendors, allowing customer choice, building adapters not bundles, staying out of funds flow. This contrasts with current QHIN bundling allegations, suggesting a return to vendor neutrality principles could address Epic's challenges.
EHRs:
The Many Interfaces of Epic: Epic has 353 documented interfaces covering various standards, but do they really count, given the poor developer experience? This represents the best integration practices of a previous era struggling to meet modern partner expectations.
Epic’s Terrible Maternity and Paternity: Epic offers just 2 weeks at 75% pay for first child, reduced benefits for subsequent children, nothing for third child or beyond, and requires payback if you leave within 12 months. For the largest health technology company in the country, this policy is shockingly regressive compared with their peers.
Epic Launches “Supplies on Time”: New Health Grid category connects surgical implant manufacturers with health systems for just-in-time inventory management, as Epic continues to expand beyond traditional EHR into supply chain and operational workflows.
New Epic Toolbox categories: July brought increasingly niche categories, including Staff Duress, Employee Identity Management (Login/Reauthentication), Remote Interpretation over Telehealth, Total Parenteral Nutrition Compounding, and Shipping Management Systems.
athenahealth’s VBC play: Athenahealth is making some interestng strategic plays by expanding capabilities to help independent practices succeed in value-based care. This bet on "decentralized in structure but centralized in coordination" models like ACOs and CINs directly challenges Epic's Community Connect model of forced standardization.
Epic’s Own Scribe: AI copilots are inherently sustaining innovations. They are also valuable to provider organizations in achieving their business goals. As a result, it’s logical that EHRs will have competitive offerings there, as Oracle, Elation, athenahealth, and many others already do. Epic is the outlier here, but that will change (and did! See the Politico bullet below)
Industry Analysis
Copilots and User Interface Integration: Clinical copilots need real-time awareness of what users are viewing, not just database access, driving massive demand for RPA and screenscraping solutions. With standards like SMART on FHIR and FHIRcast poorly deployed outside Epic, tools like Chrome extensions and computer vision offer faster implementation with zero vendor involvement.
The E-prescribing Landscape, 2025 edition: Beyond Surescripts' dominance, new entrants are emerging. Vela offers direct competition with eRx-only coverage, Photon treats medication fulfillment as consumer choice, and D2C telehealth builds direct pharmacy connections. Surescripts' recent sale to TPG could catalyze innovation as PE firms love operational efficiency projects.
The Truth of Infrastructural Retrospection: Each generation of healthcare IT standards becomes obsolete not because they fail, but because underlying assumptions change - HL7v2 assumed intra-enterprise messaging, FHIR assumes human-readable resources, and the next generation will likely assume AI-native unstructured queries. Today's infrastructure investments will look foolish in 3-5 years.
Au Revoir to Healthjump?: Datavant is allegedly winding down Healthjump's iPaaS offering for business associate application use cases, which specialized in direct database connections for claims, financial, and quality data. As they focus Healthjump and their broader efforts on payers, VBC, and other core competencies, there may be an opportunity for another direct-to-database iPaaS.
Cross-industry Comparisons:
The Death of Open Banking: The CFPB's rollback of Section 1033 open banking rules shows healthcare's regulatory advantages are real - while JPMorgan Chase now charges fintechs fees that can exceed revenue by 1000%, healthcare maintains free patient access APIs through information blocking rules. This reversal in financial services highlights the fragility of consumer data rights and reinforces that healthcare is actually leading, not lagging, in interoperability policy.
Peering into Palantir: Palantir's healthcare expansion (serving clients like MEDITECH, Oscar, and Tufts Medicine) demonstrates their core value proposition: unified data extraction across fragmented systems through forward-deployed engineers who build on-site solutions. Their willingness to scrape interfaces and tap databases directly, combined with operational workflows beyond just analytics, makes them uniquely valuable for complex healthcare organizations that lack unified systems of record.
Oh yeah, that’s why
The Perils of Regulatory Capture: The ASTM v. Public Resource Org case reveals an ironic twist - when standards become incorporated into federal law, courts increasingly rule they must be freely accessible to the public, threatening traditional pay-per-access revenue models. Healthcare SDOs like X12, NCPDP, and potentially even AMA's CPT program may need to pivot from charging for access to monetizing participation in standard development and value-added services around open standards.
Other News:
Speaking at MEDITECH LIVE: I'll be part of a panel at MEDITECH LIVE 2025 (September 17-19 in Foxborough) alongside an impressive speaker lineup. It's exciting to see MEDITECH continuing to push forward on developer engagement and interoperability
Bulk FHIR community hype: The Bulk FHIR Applications Community has grown to 14 organizations and 33 individuals, collaborating on shared troubleshooting across diverse use cases from clinical trials to patient engagement. We're planning a report summarizing implementation experiences and challenges across different EHRs, with the community proving valuable for both tactical solutions and strategic insights about this powerful but underutilized standard.
External Media:
CMS RFI on Health Tech with Brendan Keeler (HIPcast): I joined Shannon and Seth on HIPcast to discuss the CMS Request for Information session in DC, where all HHS agencies convened to focus on healthcare data exchange - a gathering signaling CMS's expanded role in health technology (that was further solidified with the late July “Make Health Technology Great Again” event. We covered the five key initiatives announced (including data at point of care, national provider directory, and Blue Button expansion) and the urgent need for information blocking enforcement, with nearly 2,000 complaints still awaiting action.
Plaid of Healthcare (Out of the FHIR Podcast): Eugene Vestel had Jason Kulatunga of Fasten Health and I on to explore how healthcare data aggregation compares to Plaid's financial model, discussing the unique challenges of 300,000+ healthcare organizations versus a few hundred banks. We emphasized that while healthcare has stronger regulatory backing than fintech (especially with open banking rules being rolled back), success requires both excellent developer experience and high patient conversion rates - an aggregator’s value proposition is only as good as its success rate in actually retrieving patient data.
Epic Takes Notes (Politico): Sometimes you will it into being. After posting on LinkedIn about why Epic will undoubtedly make a scribe from a strategic perspective, Politico reported just that and reached out for some comment.
Posts I Liked:
Homage to Lucy (Joe Warbington): Epic is shutting down MyChart Central (aka Lucy), their Personal Health Record. It’s their only standalone patient product unaffiliated with any health system client and was launched in the advent of the Meaningful Use era to help patients aggregate their CDA documents across MyChart instances. There wasn’t a ton of investment over the years, the usage was low, and with the purported coming of a single unified MyChart login, it became even less useful.
Celebrating Steve (Alya Sulaiman): Steve Posnack has been a stalwart presence at the ASTP/ONC for over two decades - that’s a long time! He’s the man - I remember first meeting him at the HIMSS Northern California API Studio in 2019 when we both presented and I’m convinced he does not age.
Regulatory Reading Rigs (Lucia Savage): Reading regulations is fun! Appreciated Lucia sharing her setup and soliciting the community’s.
Great takes, as always
Interesting point, thanks. Agreed that incentives have to be aligned for AI to improve things significantly.