White House pledge puts HIEs on the clock as ‘patient-centric’ era arrives
- Laura Young
- 2 days ago
- 4 min read
The White House and the Centers for Medicare & Medicaid Services (CMS) used a July 30th event to unveil a voluntary “patient-centric” interoperability pact and coax more than 60 technology, EHR and network firms to sign it. CMS Administrator Dr. Mehmet Oz called the commitments “a paradigm shift” that will “return power to patients” by 2026.
What the pledge adds
CMS will bolt three new pieces onto existing exchange infrastructure:
a FHIR-based National Provider Directory so apps can auto-discover endpoints;
modern OpenID-Connect credentials for Medicare.gov that work across sites;
faster Blue Button claims feeds and “CMS-Aligned Networks” that promise access to both claims and clinical data within days rather than months Centers for Medicare & Medicaid Services.
Those upgrades aim to let a single patient consent unlock multiple apps, taking interoperability past the hospital firewall and into the hands of the person receiving care.
Real-time alerts still matter
None of the new features replace the 2021 Conditions of Participation that require every Medicare or Medicaid hospital to send admission-discharge-transfer (ADT) alerts “at the time of” the event (Centers for Medicare & Medicaid Services.) HIEs remain critical for real-time alerts and local consent management – the “last mile” where care actually happens. CMS still requires hospitals to push ADT alerts for every inpatient admit, discharge or transfer. Those alerts usually ride the HIE rails, which clinicians use to coordinate care long before a patient launches an app.
Will QHINs carry the load?
The federal Trusted Exchange Framework and Common Agreement (TEFCA) went live in late 2023 with seven designated Qualified Health Information Networks (QHINs) such as Epic Nexus and eHealth Exchange. These national hubs handle record-location and routing, giving local networks a cheaper on-ramp for interstate queries (Fierce Healthcare.)
But the new CMS pledge lives one layer above TEFCA. QHIN services do not yet include consumer digital identity, granular SMART-on-FHIR scopes, directory federation or bulk-FHIR exports. Local HIEs will still have to install those functions inside their own perimeters to earn the “CMS-Aligned” label.
Workstream | Mostly QHIN | Still the HIE’s job | Why the HIE matters for the last mile |
Nation-wide query / patient-match | Federated record-location and query routing are baked into the TEFCA QHIN Technical Framework. | Maintain accurate local MPI and provider-relationship files; reconcile false positives. | Community attribution and fine-grained consent are local knowledge problems. |
Digital identity & SMART scopes | Some QHINs plan to accept CMS credentials once available. | Host walk-up kiosks or remote proofing for patients without smartphones; map OAuth scopes to local consent flags. | Underserved populations may never reach a cloud portal without local help. |
CMS provider-directory sync | QHIN can expose a national endpoint list. | Build nightly ingest and de-duplication into the HIE directory so small clinics appear in look-ups. | Rural and behavioural-health sites are often missing from national lists. |
Real-time ADT alerts | Not in TEFCA scope today. | Continue to aggregate HL7 feeds and push alerts to care-team apps. | Alerts trigger care-coordination long before the patient opens an app. |
Bulk-FHIR export | Some QHINs may offer payer bulk export as add-on. | Tune Flat-FHIR exports for local quality programs and social-risk analytics. | Regional payers and ACOs still need jurisdiction-specific cohorts and SDOH tags. |
Real-time notifications will keep flowing to physicians, home-health nurses and post-acute teams—that mandate predates the pledge. The question is who carries them once the industry pivots to patient-centric, FHIR-based exchange. HIEs that add FHIR gateways and consent mapping keep their role; those that stay HL7-only risk losing the trust of both providers and the new generation of patient-facing apps.
Readiness gap
Recent federal survey work suggests only a minority of HIEs can meet that bar. The 2023 National Health Information Organization Survey found 90 operational exchanges; 76 responded, and researchers said just one-third could cover operating expenses without external help (HealthIT.gov.) Interviews at last year’s Civitas meeting indicated that only a handful of HIEs – notably in California, Utah, Arkansas and Washington – run production-grade FHIR with consumer scopes today.
What most HIEs still need
Production SMART-on-FHIR gateway with granular OAuth scopes
OpenID-Connect broker or a contract with a state credential service
Nightly feed that merges the CMS provider directory into local lists
Flat-FHIR bulk export refreshed every 24 hours for payers and ACOs
Developer sandbox with rate limiting and usage metering
Streaming audit logs into a security information and event-management tool
Until those pieces are live, last-mile providers – EMS crews, behavioral-health clinics, social-service agencies – will keep faxing and phoning for records that patients believe they already control.
Why bother to comply?
Data gravity – Consumer apps are expected to default to CMS-Aligned endpoints. HIEs that are not aligned risk being bypassed.
New revenue lines – Identity proofing, consent services and API traffic can offset shrinking interface fees.
Regulatory hedge – CMS has a history of turning “voluntary” frameworks into payment or quality prerequisites. Early movers avoid future scramble.
The bottom line: TEFCA may handle the interstate highway, but HIEs still have to pave the neighborhood streets. Those that finish the upgrades by early 2026 will own the patient-facing trust layer and can come closer to closing the last mile of interoperability. The rest may find the traffic – and the revenue – flowing around them.
Commentaires