Administration Launches New Health Data Access Initiative

Action: On July 30, the Administration announced a new initiative aimed at giving Americans greater access to their personal medical records and enhancing interoperability across health care platforms. The CMS Health Tech Ecosystem initiative encourages a shift from paper-based health systems toward digital access to medical records. It aims to allow consumers to schedule appointments, use AI tools, and share health information with providers through platforms operated by private companies and the Centers for Medicare and Medicaid Services (CMS). Though the event welcomed participation and partnership pledges from the health care and technology sectors, key questions remain on implementation, oversight, data protection, and the role of private firms in sensitive medical information.

Trusted Insights for What’s Ahead^®

The new initiative focuses on two specific areas. The first introduces the CMS Interoperability Framework, a voluntary initiative that designates “CMS-Aligned Networks” composed of participants that meet criteria for secure, low-friction data exchange using FHIR APIs, digital identity credentials (IAL2/AAL2), audit transparency, and standardized clinical terminology.
The Framework is intended to foster a patient-centric health technology ecosystem by advancing real-time access to clinical and claims data, streamlining provider connectivity, and aligning incentives across the health data landscape without imposing new regulatory burdens.
The second part of the initiative focuses on providing “personalized tools” for patients seeking greater information and resources “to make better health decisions.” With support from private sector partners, new patient-facing apps will fall under the following areas: conversational AI assistants, diabetes and obesity, and ending use of paper records (“kill the clipboard”).
HHS officials indicate that proposals will not amount to a government-run central database and will comply with relevant privacy and security health data rules under HIPAA. Currently, patients have the right to access their medical records, request corrections, and receive an accounting of certain disclosures when interacting with covered entities under HIPAA, such as hospitals, clinics, and insurers. In the past, critics have argued that companies have failed to provide patients timely access of their medical records as HIPAA requires. In contrast, health data used by third-party apps is often governed only by general consumer protection laws, with few enforceable limits on sharing or reuse.
Some industry stakeholders, including app developers, electronic health records (EHR) platforms, and payer networks, welcomed the push toward greater interoperability and modernization. Several have already supported past efforts—including Medicare data modernization, Blue Button 2.0, and mandates organized through the Health IT Data portal.
The Administration has not released a formal implementation timeline or roadmap for the next phase of the initiative. The announcement also did not include any new rulemaking or statutory mandates. While voluntary industry commitments offer some direction, it remains unclear how CMS and private-sector partners will move forward.
Some government agencies already engage in this work and will be key for successful implementation, including officials overseeing the Trustee Exchange Framework and Common Agreement (TEFCA), the data network designed to standardize interoperability across systems, and the Office for the National Coordinator for Health IT.
The initiative has not yet defined specific mechanisms for consent and downstream governance have yet to be defined. Digital privacy advocates have expressed skepticism, cautioning that sharing health data with companies not covered by existing laws poses significant privacy and security risks.

Administration Launches New Health Data Access Initiative

August 07, 2025

Trusted Insights for What’s Ahead^®

The new initiative focuses on two specific areas. The first introduces the CMS Interoperability Framework, a voluntary initiative that designates “CMS-Aligned Networks” composed of participants that meet criteria for secure, low-friction data exchange using FHIR APIs, digital identity credentials (IAL2/AAL2), audit transparency, and standardized clinical terminology.

The Framework is intended to foster a patient-centric health technology ecosystem by advancing real-time access to clinical and claims data, streamlining provider connectivity, and aligning incentives across the health data landscape without imposing new regulatory burdens.

The second part of the initiative focuses on providing “personalized tools” for patients seeking greater information and resources “to make better health decisions.” With support from private sector partners, new patient-facing apps will fall under the following areas: conversational AI assistants, diabetes and obesity, and ending use of paper records (“kill the clipboard”).

HHS officials indicate that proposals will not amount to a government-run central database and will comply with relevant privacy and security health data rules under HIPAA. Currently, patients have the right to access their medical records, request corrections, and receive an accounting of certain disclosures when interacting with covered entities under HIPAA, such as hospitals, clinics, and insurers. In the past, critics have argued that companies have failed to provide patients timely access of their medical records as HIPAA requires. In contrast, health data used by third-party apps is often governed only by general consumer protection laws, with few enforceable limits on sharing or reuse.

Some industry stakeholders, including app developers, electronic health records (EHR) platforms, and payer networks, welcomed the push toward greater interoperability and modernization. Several have already supported past efforts—including Medicare data modernization, Blue Button 2.0, and mandates organized through the Health IT Data portal.

The Administration has not released a formal implementation timeline or roadmap for the next phase of the initiative. The announcement also did not include any new rulemaking or statutory mandates. While voluntary industry commitments offer some direction, it remains unclear how CMS and private-sector partners will move forward.

Some government agencies already engage in this work and will be key for successful implementation, including officials overseeing the Trustee Exchange Framework and Common Agreement (TEFCA), the data network designed to standardize interoperability across systems, and the Office for the National Coordinator for Health IT.

The initiative has not yet defined specific mechanisms for consent and downstream governance have yet to be defined. Digital privacy advocates have expressed skepticism, cautioning that sharing health data with companies not covered by existing laws poses significant privacy and security risks.

CED Newsletters & Policy Alerts

Trusted Insights for What’s Ahead^®