The Trump Administration Unveils Plan to Enhance Patient Data Sharing
This week, the Trump Administration unveiled a new initiative aimed at enhancing interoperability and healthcare data exchange. The effort has secured commitments from leading healthcare and technology companies to lay the groundwork for a next-generation digital health ecosystem designed to improve patient outcomes, reduce provider workload, and increase overall value.
The announcement took place during a White House event hosted by the HHS Centers for Medicare & Medicaid Services (CMS), titled “Make Health Tech Great Again.” This initiative builds on years of bipartisan efforts to boost interoperability and eliminate information blocking to improve care quality and reduce waste. HHS Secretary Robert F. Kennedy, Jr. stated, “For decades, bureaucrats and entrenched interests buried health data and blocked patients from taking control of their health. That ends today. We’re tearing down digital walls, returning power to patients, and rebuilding a health system that serves the people. This is how we begin to Make America Healthy Again.”
At the event, CMS detailed its plan, which includes voluntary criteria to enable trusted, patient-centered, and practical data exchange across all network types—including health information networks, exchanges, electronic health records (EHR), and technology platforms. The initiative focuses on two main goals: promoting a voluntary CMS Interoperability Framework to facilitate seamless data sharing between patients and providers, and providing personalized tools that empower patients with the information and resources needed for better health decisions. Over 60 companies, including tech giants like Amazon, Anthropic, Apple, Google, and OpenAI, have pledged to collaborate and deliver results by early 2026.
The initiative has been positively received by the HHS Office for Civil Rights (OCR), which has been enforcing HIPAA compliance for several years through its Right of Access enforcement efforts. As part of this, over 50 healthcare providers have faced financial penalties for failing to give patients timely access to their medical records, as mandated by the HIPAA Privacy Rule. Although patients have the right to obtain copies of their health records under HIPAA, challenges remain in easily sharing that information with others. This new initiative aims to simplify data sharing by introducing tools that make it as easy as providing a QR code to a new healthcare provider to transfer medical records.
“\[OCR] supports efforts to improve the speed at which individuals can access their electronic protected health information, while maintaining the privacy and security of that information,” said OCR Director Paula M. Stannard. “If someone mistakenly receives another person’s electronic protected health information, OCR’s primary enforcement focus is ensuring timely HIPAA breach notifications are provided to both the affected individual and HHS.”
Over 21 networks have committed to adopting the voluntary criteria to become CMS-aligned networks, and 30 companies have pledged to develop apps that use secure digital identity credentials to access electronic medical records from these networks and facilitate data sharing. These apps will support key areas such as diabetes and obesity management, provide conversational AI assistants for symptom checking, appointment scheduling, and care navigation, and offer “kill the clipboard” solutions to replace paper intake forms with secure digital check-ins.
One participating tech company is CLEAR, a secure identity platform provider. “We’re excited that identity services like CLEAR are enabling patients and providers to use verified, secure identities within CMS’s Health Tech Ecosystem,” said Amy Gleason, Acting Administrator for the U.S. DOGE Service and Strategic Advisor to CMS. “Checking in at the doctor’s office should be as simple as boarding a flight. Patients should be able to scan a QR code to instantly and securely share their identity, insurance, and medical history.”
The HHS has confirmed that all proposals will comply with the HIPAA Privacy and Security Rules. However, once a healthcare provider gives a patient a copy of their records, those records are no longer protected under HIPAA. Patients need to be cautious when sharing their records with third parties, as the use and disclosure of that information may fall outside HIPAA’s protections.
“Enhancing health tech interoperability can reduce frustrating inefficiencies and empower both patients and providers. But health data is among the most sensitive information people share—and it must be safeguarded responsibly,” said Andrew Crawford, Senior Counsel for Privacy & Data at the Center for Democracy & Technology. “The U.S. lacks a comprehensive privacy law, and HIPAA only protects data held by specific entities like healthcare providers and insurers. Many health and AI apps, including some supported by the Trump Administration, are not covered by HIPAA, which could put sensitive information at significant risk.”
