For about a decade, people have worked to expand the exchange of health data nationwide. Why are policymakers, providers, and technology organizations working for expansion? To support better care, lower costs, and improved patient access.
When TEFCA (Trusted Exchange Framework and Common Agreement and the broader interoperability framework established under the 21st Century Cures Act) entered the picture, progress was pushed closer toward those goals. But the operational realities of today’s exchange ecosystem reveal structural gaps that can no longer be addressed through fragmented oversight or private enforcement.
Networks have been tasked with preventing fraud and misuse, enforcing information blocking bans, and protecting patient privacy. That’s an intimidating list of requirements, but there’s still more. They must also expand nationwide access to health information.
And there are obstacles in the path. The governance model still depends heavily on distributed onboarding, inconsistent credentialing practices, and limited operational coordination. Added to this, there is no sustainable infrastructure or funding model that would allow these responsibilities to scale.
So who is filling this gap? Private actors that serve simultaneously as market competitors and gatekeepers. Through litigation, public narratives, and unilateral policy interpretation, these entities shape the practical rules of nationwide exchange . This all happens in the absence of a neutral governance framework.
Things are starting to change, however. Delegation transparency and dispute resolution have improved. While this is constructive, it’s only a starting point. It’s time to ground governance in federal leadership that oversees structural neutrality, operational realism, and balanced enforcement.
The Assistant Secretary for Technology Policy and the Office of the National Coordinator for Health Information Technology (ASTP/ONC) can preserve the profound value that interoperability already delivers to patients and providers every day by strengthening the trust in the infrastructure. Here’s how it can be accomplished.
First, participating organizations need uniform credentialing and disclosure standards. Currently, a fragmented onboarding environment creates inconsistency and uncertainty. It doesn’t have to be this way. Standardized federal requirements would improve accountability while reducing operational burden across the ecosystem.
Second, enforcement frameworks must recognize the disparity among intentional fraud, negligent misuse, and legitimate security incidents. Not every failure reflects malicious conduct, and governance systems must recognize differences in intent, remediation efforts, and operational complexity. A graduated enforcement model would improve both fairness and predictability.
Third, nationwide exchange governance should align operationally with HIPAA’s established definition of treatment. Ambiguity surrounding treatment-based exchange creates avoidable disputes and inconsistent interpretations across networks. Clear federal guidance can provide greater certainty for providers and those acting in good faith.
The industry also needs an industry-funded, federally overseen credentialing authority. This entity can centralize participant vetting, monitor onboarding, and support enforcement. Interoperability is growing at such a speed and scale that operational infrastructure must replace the burden of individual participants’ attempts at independent replication.
ASTP/ONC should establish standardized representations for entities asserting treatment-based exchange purposes under TEFCA. Eligibility and exchange assertions must be reviewable and subject to meaningful consequences where knowing or reckless misrepresentation occurs.
Congress also has its role to play. Federal law should establish clear statutory consequences for intentional misrepresentation within federally supported exchange frameworks. At the same time, providers, particularly rural and resource-constrained organizations, need safe harbor protections when they rely in good faith on federally credentialed participants while satisfying reasonable monitoring and escalation obligations.
Finally, building long-term trust in interoperability will require stronger national infrastructure. That includes modern digital identity tools, patient-facing audit capabilities, and scalable consent frameworks that help people better understand and manage how their information is shared.
These investments will have ample return in the form of efficient treatment-based exchange and improved transparency and confidence for both patients and providers.
Patients, providers, and innovators all benefit from secure, trusted, nationwide data exchange. But this trust cannot sustain itself on fragmented governance or competitive enforcement dynamics.
The foundation has already been built. The next step is to build the safeguards, accountability, and trust infrastructure needed to secure it for enduring confidence.
Photo: eichinger julien, Getty Images
Mr. Watson joined Health Gorilla in April 2024 as an independent director; shortly thereafter he stepped into the executive chairperson role and subsequently, the CEO in October 2024. Bob has over 45 years of experience in the healthcare information technology industry as a CEO, board member and advisor to multiple HCIT companies.
This post appears through the MedCity Influencers program. Anyone can publish their perspective on business and innovation in healthcare on MedCity News through MedCity Influencers. Click here to find out how.
