Why is healthcare still struggling to share data despite decades of regulation? 

Key takeaways from The Sequoia Project’s 2025 Annual Meeting to speed up healthcare data interoperability

I recently attended The Sequoia Project's 2025 Annual Meeting in Nashville. The Sequoia Project was formed in 2012 with the launch of its first initiative, a federal health information network. They help healthcare organizations and government bodies accelerate the meaningful exchange of healthcare data.

In my second year of attendance, while the topic of data exchange and its significant challenges largely remained the same, the level of dissatisfaction at the slow pace of adoption was felt more keenly than the previous year. Frustration is mounting, and in truth, accelerating innovation and intensifying enforcement.

Nearly 10 years have passed since the Information Blocking Rule was introduced as part of the 21st Century Cures Act, and almost 30 years since HIPAA was enacted. Since then, several federal and state agencies have adopted healthcare data interoperability rules, with the Centers for Medicare and Medicaid Services’ (CMS) Interoperability and Patient Access Final Rule (CMS-9115-F) and Interoperability and Prior Authorization Final Rule (CMS-0057-F) being some of the more widely known. Despite these efforts, the meaningful exchange of clinical data for the health, experience, and outcomes of patients remains disjointed and challenging. Let’s explore a few reasons based on first-hand conversations from the Annual Meeting and the actions of some government and non-government bodies.

HIPAA and the 21st Century Cures Act

As someone who has been in healthcare for the last 23 years, the Health Insurance Portability and Accountability Act (HIPAA) has always been at the forefront of the work I do, particularly during my time providing patient care. Protecting patient data was as much a part of my job as the care itself. Less commonly known to me, however, was that HIPAA was also enacted to enable the electronic flow of data to the patient and their care providers. Thirty years later, the industry is still struggling with sharing data while complying with the privacy regulations of HIPAA. So, did HIPAA, designed to facilitate data exchange, accidentally restrict it?

Twenty years later, the Obama administration passed the 21st Century Cures Act and with that the Information Blocking Rule, requiring healthcare providers, payers, and health IT developers to ensure patients could easily access their own data. Interestingly enough, according to officials that spoke during the Annual Meeting, the Information Blocking Rule was created to counteract the very restrictions HIPAA may have accidentally instituted.

And so, the key question and theme of the Annual Meeting became…

Why, after 30 years, are we still struggling to make data easily and securely flow across the entire healthcare ecosystem despite MANY efforts to resolve this issue, including the creation of a plethora of health information networks? And what are we doing about it?

Why are we still struggling to share data across the healthcare ecosystem?

Lack of enforcement = limited data sharing

When the 21st Century Cures Act was passed, the Information Blocking Rule was one of its most significant initiatives. At that time, officials didn’t feel enforcement was needed for payers, providers, and healthcare IT vendors to start sharing data with each other since it would be for the betterment of the healthcare consumer. Now, nearly 10 years later, many organizations are still failing to share patient data with each other as required. But why? Is it due to a lack of strict enforcement for information blocking or effective enforcement for HIPAA?

Strict enforcement = limited data sharing

As someone who could lose their job for sharing a patient’s data outside the mandated use cases, I’m more incentivized not to share data than I am to share it. Organizations are also heavily penalized when they accidentally or purposefully violate patients’ rights and privacy under HIPAA rules. Since not sharing data comes with little enforcement, it’s a lot easier to default to not sharing data as required than to unintentionally or incorrectly share data.

Poorly defined use cases = information blocking

During last year’s Annual Meeting, there was a session called “What is treatment?” The moderator read various scenarios to the panelists and asked after each scenario if it constituted “treatment.” There wasn’t a single scenario in which all panelists agreed. Treatment was the first official use case identified by the Trusted Exchange Framework and Common Agreement and is one of six for which healthcare entities are mandated to share data. Yet, those same entities can’t agree on what treatment is. This year, there was a session titled, “What is a provider?” Once again, we couldn’t come to consensus. While governing bodies identified who needs to share data with whom for what reason, they failed to create a shared definition of the who’s and the what’s. This lack of agreement has resulted in 1,483 information-blocking claims submissions to the Office of the National Coordinator for Healthcare Information Technology (ONC) between 2021 and 2025. Sadly, most of those claims, roughly 800, were submitted by patients.

While this inability to agree on simple definitions creates a foundational problem for data exchange, many more barriers exist, including outdated systems and technology, the inability to capture real-time patient consent, state-specific laws, lack of patient education, and limited utilization of Fast Healthcare Interoperability Resources (FHIR®) standards.

What is being done to speed up the exchange of healthcare data to empower patients, improve healthcare outcomes and experience, and reduce burden?

Stricter enforcement for information blocking is inevitable

While speakers at this year’s Annual Meeting didn’t provide a lot of detail on what stricter enforcement measures by the ONC, the Office of Inspector General, or CMS will look like or how they will be enacted, enforcement is inevitable. Does that mean they’ll also provide a common definition for use cases or offer concessions for those who act in the best interest of the patient but may not always get it right? I honestly don’t know, but the Assistant Secretary for Technology Policy (ASTP) does plan to vouch for providers so they can stop debating what is treatment.

Empowering patients may be our best accelerator to data interoperability

The ASTP is exploring ways to deliver a patient’s data directly to them via private-sector apps. Patients can then share the data they want with their providers directly. This helps bypass some of the disputes over what can and can’t be shared and with whom between healthcare entities. But this has its challenges as well and is largely what CMS-9115-F was intended to solve through the Patient Access application programming interface. Unfortunately, CMS-9115-F didn’t work as intended due to low patient adoption, inconsistent payer implementations, and limited integration into provider workflows. Regardless, many speakers agreed that patient education and empowerment are necessary to accelerate an interoperable healthcare ecosystem.

Disputes are helping us evolve toward a more interoperable ecosystem

Despite the negative connotations of the word "dispute", panelists argued that disputes are imperative to our evolution as an industry. One speaker even noted that the dispute process is a vehicle for everyone to be honest with each other and to shine a spotlight on what’s not working. Once we can identify the issues, we can start to mobilize the processes, technologies, and mandates needed to address them.

The adoption of FHIR is foundational to an interoperable ecosystem

As the industry continues to adopt FHIR as the primary standard for data exchange, the speed and scale at which data can be shared, consumed, and implemented into core processes and systems will accelerate to the point of enabling real-time, meaningful data exchange. While payers are mandated to adopt FHIR and providers are moving to FHIR, we still have a way to go.

While the Annual Meeting lasted only two days, I feel like I walked away with a broader and more contextualized understanding of the complexity and challenges our industry faces. While I can appreciate just how far we have come, I can’t help but wonder if we are moving fast enough?

About MedeAnalytics

At MedeAnalytics, we believe data can tell stories that helps improve experience, cost, and outcomes – and applied analytics can empower healthcare stakeholders to be the author of those stories – and effectively change lives for the better. That’s why this ongoing work as part of the Sequoia Project is important. Discover more on MedeAnalytics impact now.