HTI-5 and Information Blocking: Your Bots Are Covered, and Your Excuses Are Getting Smaller

HTI-5 and Information Blocking: Your Bots Are Covered, and Your Excuses Are Getting Smaller

by | Jan 2, 2026 | , , , ,

HTI-5 is calling out two things the market already knows: EHI is increasingly accessed through automation and AI, and “infeasible” has been doing suspiciously heavy lifting in some corners of the ecosystem. If you are an HIE/HIN, a developer of certified health IT, or a provider, these proposed information blocking changes tighten the exception playbook, put contract gating on notice, and make it harder to hide a “no” behind nicer paperwork.

read more
From Dragging Feet to Dragged Along: The Uneven March Into TEFCA

From Dragging Feet to Dragged Along: The Uneven March Into TEFCA

by | Aug 8, 2025 | , , , ,

On August 6, 2025, ONC unveiled the first public TEFCA Organizational Map, a tool that makes it possible to see which health systems are stepping into the national interoperability framework—and which are not. For some, this marks a milestone in transparency and progress; for others, it raises questions about strategy, governance, and whether more national data sharing is always a good thing. The uneven pace of adoption, particularly among Epic’s vast customer base, shows just how complicated the march into TEFCA has become.

read more
Audacious Inquiry Sues CRISP: A Patent Showdown with National Interoperability Implications

Audacious Inquiry Sues CRISP: A Patent Showdown with National Interoperability Implications

by | Jul 15, 2025 | , , ,

Audacious Inquiry has filed a patent infringement suit against CRISP, Maryland’s state-designated HIE. At issue are core encounter notification and care coordination tools that providers nationwide rely on daily. With high-stakes infrastructure and TEFCA participation on the line, the outcome could reshape how HIEs balance public good with private innovation.

read more
Does the TEFCA Exception Hinder Participation?

Does the TEFCA Exception Hinder Participation?

by | Jun 9, 2025 | , , , , ,

HHS has opened the door to one of the biggest questions in health information law: should the TEFCA exception to the information blocking rules stay or go? The May 16, 2025 RFI asks whether this carve-out encourages participation in TEFCA or instead creates confusion and double standards for networks like Carequality, which already impose requirements stricter than HIPAA. With comments due June 16, stakeholders have just days to weigh in on a decision that could reshape the balance between nationwide interoperability and local control.

read more
Do Recent Changes to the Carequality Framework Policies Implicate Information Blocking For Some?

Do Recent Changes to the Carequality Framework Policies Implicate Information Blocking For Some?

by | May 14, 2025 | , , , ,

Carequality’s new Version 3 Framework Policies add stricter requirements than HIPAA and could expose participants to Information Blocking risks. At the same time, TEFCA alignment creates a paradox: practices permitted under the new TEFCA Exception may still be questioned outside of TEFCA. This article unpacks the double standard—and what it means for HINs, HIEs, and nationwide interoperability.

read more
Preventing IAS from Becoming a Trojan Horse

Preventing IAS from Becoming a Trojan Horse

by | Mar 9, 2025 | , ,

Last week, I attended HIMSS 2025 in Las Vegas and came away with four big themes that stood out for me: the industry’s growing focus on Individual Access Services (IAS) and rock-solid identity verification, the push to expand non-treatment use cases for interoperability (like payment and healthcare operations), the urgent need for modernized consent management, and the overarching importance of trust to tie it all together. Yet of all these, for me, IAS is the real showstopper: if we don’t get identity and access right, the rest of our digital transformations—from AI-driven insights to cross-network data sharing—could quickly unravel. In today’s post, I want to zero in on IAS—where it fits into HIPAA’s right of access, where personal representatives enter the picture, and why it risks becoming a Trojan Horse for unauthorized data if we don’t take the proper safeguards.

read more
State HIE Sued for Alleged “Unauthorized” Use of PHI for Research

State HIE Sued for Alleged “Unauthorized” Use of PHI for Research

by | Jan 31, 2025 | , ,

On January 3, 2025, a significant lawsuit was filed against a state HIE. The case was brought by a former employee and whistleblower who alleges that the HIE permitted unauthorized access and use of PHI for research purposes in violation of federal and state law, as well as operational policies. Although the facts that are currently known to the public are not sufficient to conclude whether or not HIPAA’s standards applicable to research were met, this case has the potential to influence not only the immediate parties involved but also broader interpretations of HIPAA compliance and enforcement in research settings. At a minimum, the case serves as a reminder that HIEs should be taking proactive steps to ensure that their internal policies, data use agreements, and HIPAA BAAs explicitly address research-related and similar activities in compliance with federal and state laws, including HIPAA.

read more
HIPAA’s Security Rule Glow-Up: What’s Changing and Who’s Affected

HIPAA’s Security Rule Glow-Up: What’s Changing and Who’s Affected

by | Jan 12, 2025 | , ,

On December 27, 2024, the Office for Civil Rights (OCR) at the Department of Health and Human Services (HHS) decided it was time to give the HIPAA Security Rule a much-needed cybersecurity makeover—and let’s just say, it’s not just a light touch-up. These proposed changes mean stricter security rules, fewer loopholes, and a whole lot more paperwork for covered entities, business associates, and especially Health Information Exchanges (HIEs) and Health Information Networks (HINs).

read more
TEFCA Anticipated to Grow in 2025

TEFCA Anticipated to Grow in 2025

by | Jan 6, 2025 | , ,

Since TEFCA went live in December 2023, eight (8) organizations have been designated as Qualified Health Information Networks (QHINs). Each QHIN is a large information network that represents up to hundreds of HINs, health systems, public health agencies, payers, and IT vendors. Epic and Carequality recently announced that they would align their frameworks with TEFCA. TEFCA’s growth will be further supported by regulatory measures to incentivize network participation, such as the Information Blocking Rule.

read more
Health Data, Technology, and Interoperability Rules, HTI-1, 2, & 3

Health Data, Technology, and Interoperability Rules, HTI-1, 2, & 3

by | Dec 16, 2024 | , , ,

The landscape of health IT regulation just took another significant leap forward. In the final days of 2024, federal regulators dropped two game-changing rules—HIT-2 and HTI-3—adding to the foundation set by HTI-1. Together, these regulations are reshaping how healthcare organizations approach interoperability, data sharing, and compliance in an era of rapidly evolving technology. But what do these latest rules really mean for healthcare providers, developers, and patients? Let’s break down the impact and key takeaways you need to know.

read more
Unmasking the Issues: The Final Resolution in the Epic v. Particle Health Dispute

Unmasking the Issues: The Final Resolution in the Epic v. Particle Health Dispute

by | Oct 30, 2024 | , ,

In a decision that will have lasting implications for interoperability and health information exchange, earlier this month Carequality issued its Final Resolution in the dispute between Epic and Particle Health. This follows months of deliberation, multiple rounds of evidence submission, and deep scrutiny of the rules governing data sharing. This latest resolution delivers much-needed clarity on several key concerns—but it also introduces fresh questions around enforcement, reciprocity, and how trusted exchange will continue to evolve.

read more
Lessons Learned from Real Time vs. PointClickCare: Mind your Information Blocking Ps and Qs

Lessons Learned from Real Time vs. PointClickCare: Mind your Information Blocking Ps and Qs

by | Aug 16, 2024 | , , , ,

A federal district judge has granted preliminary injunctive relief to Real Time Medical Systems, Inc. (“Real Time”) barring the defendant, PointClickCare (“PCC”), from deploying unsolvable CAPTCHAs that interfered with Real Time’s ability to access the data of its skilled nursing facility customers that utilized PCC. As Judge Xinis wrote in the opinion, “No evidence supports that PCC had any legitimate good faith use for wholly inscrutable CAPTCHAs which, by definition, blocked Real Time from getting the very records it needs to exist….But even more damning is the timing of such deployments, which support that PCC used those CAPTCHAs as a device to hamstring or eliminate Real Time as a competitor.” Keep reading for additional details regarding Real Time’s complaints against PointClickCare.

Update: On August 19, 2024, PointClickCare filed a Motion to Expedite Appeal with the United States Court of Appeals for the Fourth Circuit.

read more
The 2023 HITECH Report to Congress: Big Steps in Interoperability—No April Fools’ Gimmicks

The 2023 HITECH Report to Congress: Big Steps in Interoperability—No April Fools’ Gimmicks

by | Apr 1, 2024 | ,

The latest HITECH Report to Congress, released earlier this month, outlines the evolving landscape of health information technology and the continued push toward a more connected, interoperable health care system. With electronic health records (EHRs) now a staple in most clinical settings, the focus has shifted from adoption to enhancing how data is exchanged and used. The report highlights major achievements, persistent challenges, and future priorities in the journey toward seamless health information sharing.

read more

Archives