Steven Lane, Chief Medical Officer, Health Gorilla
The national push for interoperability is entering a pivotal phase, defined not just by technical standards but by trust, governance, and economic alignment. In this strategic Q&A, Steven Lane of Health Gorilla outlines why TEFCA and the emergence of QHINs are more than a compliance checkbox. They represent a reengineering of how health data moves across the ecosystem. Unlike previous efforts like Carequality that relied on narrow use cases and loosely enforced policies, TEFCA introduces enforceable rules, patient-directed data sharing, and the leverage of future CMS incentives. Lane addresses the sector’s uncomfortable truths: from legacy business models built on data hoarding to the cultural erosion of trust in HIE. But he also maps a path forward, grounded in regulatory pressure, market demand, and the inevitability of patient-centered control.
How much of a difference do you expect TEFCA and QHINs to make in terms of improving interoperability?
TEFCA and QHINs represent a significant leap forward in the evolution of health information exchange. Unlike previous frameworks such as Carequality, which primarily enabled treatment-based data exchange using Clinical Document Architecture documents, TEFCA introduces modern technical standards like FHIR and expands the permitted purposes of use beyond treatment into areas like public health, payment, and healthcare operations. This shift, combined with a new trust framework built in collaboration with HHS and ONC, addresses long-standing issues around data governance and security, which had previously limited participation and use cases.
By introducing higher levels of technical and policy assurance, TEFCA and QHINs will allow for a more standardized, scalable, and inclusive ecosystem. This will help transition much of the currently fragmented and inefficient data exchange — particularly between payers, providers, and public health entities — into a cohesive national framework. This could result in a 10x increase in data exchange volume in the coming years, significantly improving both the availability and quality of healthcare data.
You point to lack of trust as being one of the biggest barriers to interoperability today. Can you expand on that and explain how it might be reversed?
The lack of trust in health data exchange stems from historical practices and perceived misuses of the system. Under frameworks like Carequality, organizations often stretched the definition of “treatment” to justify accessing data for healthcare operations or payment purposes. While this wasn’t necessarily unlawful, it undermined trust among participants who felt the system was being manipulated. This was particularly troubling for large provider organizations wary of compliance risks and skeptical of alternative care delivery models that threatened traditional business paradigms.
Rebuilding trust requires not just better technology, but also clearer, enforceable rules and shared understanding among stakeholders. TEFCA’s trust framework is a step in the right direction because it explicitly defines purposes of use and incorporates robust governance. As enforcement of the information blocking provisions in the Cures Act gains momentum, and as organizations begin to see the benefits of secure, standardized data exchange, I believe trust can be restored. This will require cultural as well as technical change, with a focus on transparency and collaboration across historically siloed sectors.
There is an inherent tension in the healthcare industry in that some companies’ business models are built on data liquidity while others are built on data restriction. How can this industry tension be resolved?
This tension is rooted in the different ways organizations monetize data. Some entities rely on exclusive access to data as a competitive advantage, whereas others advocate for open access frameworks that emphasize value creation through insights and services. The Cures Act and its information blocking provisions were specifically designed to reduce the profitability of data hoarding, signaling a policy shift toward more equitable and patient-centered data access.
Resolving this tension requires aligning economic incentives with public health goals. Ultimately, the key is encouraging companies to pivot from models that depend on restricted access to those that provide real value — whether through analytics, care coordination, or improved patient outcomes. Regulatory enforcement, combined with market forces like patient demand for control and payer interest in value-based care, will eventually compel even the most resistant players to adapt. In the long run, business models based on adding value rather than restricting access will prevail, which is an overall positive for the industry, as well as patients.
With TEFCA moving from oversight by ONC likely to CMS, do you anticipate anything will change? If so, what?
The potential shift of TEFCA oversight from ONC to CMS could be a game-changer. While ONC has played a crucial role in shaping the vision and technical foundation of TEFCA, CMS, because it is the largest payer in the country, has far greater influence through its ability to implement financial incentives. CMS has both the tools and motivation to accelerate TEFCA adoption, whether through faster payments, new billing codes, or other operational incentives.
This kind of “carrot-and-stick” approach could break the inertia that has slowed TEFCA’s adoption to date. With CMS’ broad reach across Medicare, Medicaid, and other programs, any shift in policy or reimbursement could quickly ripple across the healthcare ecosystem. While the specifics will depend on CMS’ leadership and policy direction, the opportunity to tie data exchange directly to payment models could significantly hasten TEFCA’s integration into everyday clinical and administrative workflows.
If we truly put patients at the center of interoperability initiatives, what would interoperability look like?
Putting patients at the center of interoperability means reimagining the system so that individuals — not institutions — are the stewards of their health data. Today, most patient data is controlled by the entities that generate it, such as providers or payers. While patients can access fragments of their records via portals or download limited information, they lack comprehensive, real-time control. In contrast, we envision a model similar to financial services, where consumers can access, share, and manage their data with the same ease and confidence they do with their bank accounts.
In this ideal model, patients could use APIs to connect their data across providers, payers, and digital health apps, determining when, how, and with whom to share it. This would require not only technical infrastructure, but also a cultural shift to view patients as empowered participants rather than passive recipients. While there are challenges, such as the complexity of health data and the need for consumer education, we believe this evolution is both necessary and inevitable for a more equitable and effective healthcare system.