Health Gorilla Issues Recommendations for National Interoperability Modernization

Chairman and CEO Calls for Governance Grounded in Federal Leadership, Structural Neutrality, and Balanced Enforcement

Health Gorilla Chairman and CEO, Bob Watson, today issued recommendations to modernize America’s interoperability system, expressing support for a stronger, more neutral, and operationally realistic federal role that is consistent with the stated priorities of the ASTP/ONC. In a letter to the Assistant Secretary for Technology Policy, Watson identifies a gap in existing governance frameworks that highlights the urgent need for a durable trust infrastructure that protects individuals, gives confidence to providers, and preserves the benefits of nationwide interoperability.

“Today’s networks are expected to simultaneously prevent fraud and misuse, enforce information blocking prohibitions, protect patient privacy and security, and expand nationwide access. Yet they still rely on distributed onboarding, inconsistent oversight, and no sustainable funding for this increased effort,” Watson writes. “This gap in the governance frameworks is increasingly filled by private actors that are both market competitors and gatekeepers. They are using litigation, public narratives, and market influence to change policy outcomes and to define acceptable rules for data exchange and access. That is neither durable nor ethical for infrastructure of this national importance.”

Watson continued: “Recent improvements to delegation transparency and dispute resolution have been constructive, but they are only a starting point. The path forward is modernization of governance, grounded in federal leadership, structural neutrality, and balanced enforcement.”

Health Gorilla recommends a set of governance modernization actions that ASTP/ONC can advance under its existing authority alongside additional initiatives it can pursue in partnership with Congress:

• Establish Credentialing Standards and Disclosure Requirements: ASTP/ONC should establish and enforce uniform credentialing and disclosure standards for all entities seeking to participate in nationwide exchange.
• Distinguish Fraud, Misuse, and Security Events: ASTP/ONC should formalize distinctions between intentional fraud, negligent or reckless misuse, and security incidents. A graduated enforcement model, with escalating consequences tied to intent, harm, remediation, and repeat conduct, would improve fairness and predictability.
• National Definition of Treatment: ASTP/ONC should align nationwide exchange governance with HIPAA’s existing definition of “treatment” and issue clear operational guidance on how that definition should be applied in TEFCA and other nationwide exchange contexts, in order to reduce disputes and improve compliance.
• Industry-Funded, Federally Overseen Credentialing Authority: Congress should authorize the creation of a federally overseen, independently operated credentialing authority, funded through industry user fees, to support centralized participant vetting, onboarding, ongoing monitoring, and enforcement support.
• Attestation and Accountability for Exchange Purpose: ASTP/ONC should establish standardized participation representations for entities asserting the treatment exchange purpose under TEFCA. Assertions of treatment within a federally endorsed framework should be reviewable and subject to appropriate consequences for knowing or reckless misrepresentation.
• Statutory Enforcement for Misrepresentation: Congress should establish clear consequences and an enforcement mechanism for knowing or reckless misrepresentation within federally supported exchange frameworks, including misrepresentation regarding eligibility, exchange purpose(s), or downstream use(s).
• Safe Harbor for Providers Acting in Good Faith: Providers, especially small, low-resource, and rural providers, should not face network sanctions or federal penalties solely for relying in good faith on federally credentialed participants, absent actual knowledge or reckless disregard, provided they satisfy reasonable monitoring, documentation, and escalation obligations.
• National Consent and Identity Infrastructure: Congress should support digital identity, patient-facing audit trails, and scalable consent frameworks to support and complement treatment-based exchange and individuals’ access, and to strengthen patient trust.

About Health Gorilla

Health Gorilla, a designated Qualified Health Information Network under TEFCA, provides interoperability solutions delivering secure, real-time access to deduplicated, AI-ready health data. Health Gorilla supports EHR vendors, value-based care organizations, and digital health innovators with data-driven workflows that enable more informed, connected, and efficient care.

Click here to learn how Health Gorilla helps organizations securely access and exchange patient data.

View source version on businesswire.com: https://www.businesswire.com/news/home/20260331675272/en/