The Information Exchange

We are back, but we’re trying something a bit different this time. Given a little Memorial Day lead-up lull afflicting the industry, we decided to give a primer and run-down on the successes and failures of America’s only statutorily blessed nationwide health data exchange: TEFCA two years in, with what's actually working, what isn't, and what the rails really do at this point. Lot of fun this not-a-pod:* The first iteration of our new “Pryce Transparency” segment* Brad as a Trusted Exchange Guinea Pig* Five generations of patient access policy and technology in five minutes* Where Epic stands alone on a FHIR flow that's now an exhibit in active antitrust litigation.* The authentication vs. authorization debate that's becoming the most consequential architectural question in patient access.* Diagnostic imaging’s role in all this (and interop broadly)And of course, what we’re putting on our Memorial Day burgers. Hiring NoticeHTD is hiring! We are looking to bring on Associates to our Interoperability Practice.If you have experience with EHRs, interoperability, and/or consulting and want to:* Work on the deepest, darkest arts of integration and health information exchange* Help the full range from startups to the largest tech companies in the country understand and play in the interoperability landscape* Help EHRs become their better selves (both via collaboration and pressure)* Learn and use regulation deeply as a strategic lever to enable the businesses we work with* Collaborate with a scaled development team across multiple geographies (US, Poland, Argentina)Then respond to this email with your resume and the one big interoperability problem in America you’d solve if you were a policy maker.Relevant Articles* HTI-5: When the Scorpion Learns to Swim: We briefly discuss how HTI-5 is proposing to remove the main “incentive” to join TEFCA, the TEFCA Manner Exception.* Individual Access Services Open Forum: An oldie but goodie primer on how Individual Access Services works and the history behind it.* The Rise of Consumer Health On-Ramps: Detail about the “Big 4” consumer health and patient access on-ramps* Epic’s IAS Implementation: A rant from a year ago about frustrations with Epic’s Individual Access Services implementation* JG Wentworth: Pryce’s mention was like a sleeper activation codeword for me. Real nostalgia rush.* Authorization Tradeoffs: A chart I made when discussing the tradeoffs of different authorization architectures* SMART Imaging Access: Josh Mandel’s reference implementation for patient access to diagnostic images that we talk about* Much Ado about Diagnostic Images: Discussion of the ONC’s RFI on Diagnostic Imaging and a detailed overview of the space* AADJ v. Epic: The Motion to Dismiss: The antitrust case against Epic related to TEFCA IASChapters* Intro and HTD Hiring PSA (0:00 – 0:44): Brendan, Pryce, and Brad pitch HTD’s interoperability associate roles across EHR integration, HIE, payers, clearinghouses, and information blocking strategy.* Pryce Transparency (0:44 – 3:19): A foundational walkthrough of the Trusted Exchange Framework, QHINs as the Verizon and AT&T of federated clinical data, and the difference between treatment queries and Individual Access Services.* Measuring TEFCA Against Itself (3:19 – 8:06): Adoption looks lukewarm next to Carequality on document volume, but two years ago IAS was zero. Pryce’s broken query to his Athena PCP illustrates the fingerprinting problem when something fails and no one can tell whose fault it is.* Five Generations of Patient Access (8:06 – 15:35): From HIPAA right of access through View Download Transmit, scrapers, Cures Act G10 APIs, and now IAS. Each generation solved the prior bottleneck and surfaced the next. Portalitis, Kristen Valdez’s term, and why IAS still falls back to G10 like Apple Pay falls back to cash.* Diagnostic Imaging and the Limits of TEFCA (15:35 – 21:31): Brad’s CD-to-NYU story opens the question of whether new data types ride TEFCA or get their own networks. PACS unregulated, files enormous, 30 competing standards, proprietary vendor incentives. The Dutch precedent with XDS-I and TWIIN shows it can be done, and there are real reasons clinicians want pixels not just reports.* Authentication vs. Authorization (21:31 – 27:39): Pryce walks through how IAS jams identity proofing and data-release consent on rails not designed for the distinction. Epic alone runs the FHIR redirect flow, every other QHIN hands back the treatment CDA with an IAS header, and the antitrust litigation against Epic now treats that architectural choice as an exhibit.* The HIPAA Liability Math (27:39 – 30:37): Why Cleveland Clinic’s general counsel sees only downside without OIG safe harbor. The CMS Health Tech Ecosystem is pushing authentication out anyway, leaving authorization as the more interesting question, including what hospital-side authorization could have unlocked for proxy and caretaker scenarios.* The GDPR Cookie Banner Problem (30:37 – 33:44): Brad’s prediction that patients will accept all and dump the whole record into whatever app asked. Trade-offs of authorization on the app, the credential service provider, or the health system, and what gets replaced with legalese and CARIN-style certification when the technological barrier comes down.* Memorial Day Burger Toppings (33:44 – End): San Antonio sausage wraps, Dutch mayonnaise jokes, and a closing reminder that HTD is hiring.TranscriptWe ran the transcript through an LLM to smooth it out. So it’s a rough approximation of the conversation (and in many cases significantly clearer than our rambling), but notably diverges from the word-by-word blows quite a bit.Brendan Keeler (00:00): All right, we’re back. The Information Exchange. Ryan is unable to make it today. So we got Pryce and Brad and Brendan. and we have a PSA to kick things off. HTD is hiring. So we are looking to hire interoperability associates. if you are interested in EHR integration, health information exchange, data migration, referrals. If like working with point solutions, like working with payers, like working with clearing houses, big tech, small tech, non-tech, law firms, PE. We got it all. If you want to work on data exchange, if you want to use information blocking practically, not use information blocking, but wield the powers of regulation strategy with these fine gentlemen and the broader HTD team, then reach out to us. And with that, with that, we’re going to kick things off and it’s Memorial Day. It’s the government’s day. We all have off, butBrad (00:45): Come hang.Brendan Keeler (00:55): Let’s talk about what the government’s been doing with TEFCA, the Trusted Exchange Framework and Common Agreement. Pryce, where are we at? What’s going on? What are you excited about? About where are you less excited?Pryce (01:03): Yeah. Well, so real quickly, sometimes I feel like we dive into topics and I think we should have just spent 30 seconds explaining what that is for folks who aren’t hearing about the Trusted Exchange Framework and Common Agreement all the time. So this is a segment, maybe we can call it Pryce Transparency. Shout out to Nathan Von Colditz that’s for naming that. So TEFCA, the Trusted Exchange Framework and Common Agreement. So it was written into the Cures Act that the ONC would find a coordinating entity to manage this nationwide federated exchange framework for clinical data. The way that it was built and sort of the framework itself is that there are various QHINs, Qualified Health Information Networks, like Kno2 and SureScripts, and then Epic built their own called Nexus, and then Oracle’s got one now, and MedAllies has one, and KONZA has one, apologies for any that I’m leaving out. But these Qualified Health Information Networks have sort of very... like bold obligations to the network. And they’re almost like the Verizon and the AT&T and the Sprint of this nationwide network. And when I say it’s federated, what I mean is the data is everywhere, right? So data is in electronic health records, data is in payer systems. And we’re not pumping it all into one big server that sits in a mountain in Colorado or something like that. These are federated databases and TEFCA and the QHINs, these, you know, maybe eight now health information networks allow us to onboard to them to query for Brendan Keeler’s data. Maybe Brendan has an appointment tomorrow and an EHR can say, I want to know more about Brendan before he comes in. Or maybe Brendan himself is saying, it’s my data and I want it now like JG Wentworth. And he goes to do what’s called an IAS, Individual Access Services query to the network. tons and tons of nodes that are helping you on ramp into this network of QHins. So think of it more like a phone book or a spider web than a big database. But TEFCA has been around for years now. It’s been live for years now. Adoption is, I would say lukewarm. It’s like not, it’s not mandatory for any reason, right, Brendan? There’s no, it’s completely voluntary to join. There’s no. incentive structure that’s bringing entities except for added usability for their users, right?Brendan Keeler (03:19): Well, there was the TEFCA exception within information blocking, is an interesting route for the last administration to push it forward. With HTI-5 proposed rules it looks like that will be ripped out. I want to push on what you’re saying. What is your measure for lukewarm?Pryce (03:36): That’s a good question. Good question.Brad (03:38): More than 500 million records.Pryce (03:41): I would say... If you’re familiar with Carequality or Commonwell or eHealth Exchange, which have been the nationwide networks that are around longer, those are still being used to exchange CDA documents, clinical document architecture standard documents, which were generally patient summaries or discharge summaries, things like that. Those networks are being used to exchange a much higher volume of documents for the purpose of generally transitions of care. All of these networks. pretty much only allow treatment use cases. Like you have to be a provider querying other providers to get data. TEFCA has recently introduced that individual access service use case that I talked about and they all have trouble introducing other use cases because it’s hard to trust, know, thousands of nodes on a network that you don’t actually have agreements with, business agreements with. And so I guess TEFCA has seen a lot of adoption in that Athena’s on TEFCA Epic sites are on TEFCA, if not completely, they’re trying to roll out to make sure their endpoints are available. Who else is already on there?Brendan Keeler (04:41): So MEDITECH, Athena, ECW, Epic are all on there. Oracle has a few sites, right? Because they gave them a QHIN later of the 11 QHINs that are participating. so, yeah, think Lukewarm, the measure metric, there’s always like, what’s our bar for success is the way I think about it. And...Brendan Keeler (05:01): Relative to Carequality, it’s like, look, the numbers, just doesn’t match up. But exchange in a decentralized network is exponential in terms of growth, because then the number of connections goes up exponentially with each new participant in terms of linking between them all. And so I think it’s like, okay, is that successful? Well, by treatment, if you’re measuring against Carequality it’s like, well,Brendan Keeler (05:26): It’s not even close, but should we be or should we be looking at it as a net new network because it’s facilitating Individual Access Services, which was zero before. And so by that measure, you might say, wow, what a stunning success because it’s doing something at scale with some problems that we can talk about. So the measure and metric, think I’m putting it relative to where it was two years ago, which was zero.Pryce (05:41): Yeah. Right. Right. Well, and you know, it’s funny, we had the same conversation just on the last podcast towards the end. said something about the CMS Health Tech Ecosystem and is it going to be successful and how much, how much work are they getting done? And Brendan was like, they’ve gotten so much work done considering it’s only been nine months. So that’s a good point, Brendan. You know, if I was building something, building an electronic health record and I wanted to connect to a nationwide network to pull charts. TEFCA might not be my first, might not be the first entity that I connect to, but even the fact that it’s going to exist and hopefully supersede Carequality and in use cases is a great success. I guess I’m just saying it’s not quite like the king of electronic health data exchange. And particularly, guess something that sours how I feel about it is that I have a terrible Individual Access Services experience every time I use a little bit per implementer. know, there’s from an IAS provider perspective, there are these different companies that have built mechanisms for you to authenticate that you are yourself, usually using like a CLEAR or an ID.me, which is IAL2 level authentication, saying I’m looking at your face and I’m looking at a government issued ID and I say, this must be Pryce. And then you can send a query to your QHIN that says, go look for Pryce’s charts. But man, get, mean, I’ve got a Athena based doctor down the road that doesn’t respond to my IAS queries. You know, when I go to the network and say, I need my charts for, you know, for my Oura app. Like I want it to be tied to my sleep score and things like that. I never see the North San Antonio Healthcare Associates. And I don’t know if that’s Flexpa’s fault. Just that’s an example of an IAS implementer. I don’t know if it’s their QHIN’s fault. I don’t know if it’s Athena’s fault. I don’t know if it’s my site on Athena’s fault. Like if it’s my particular provider who just, who’s like, ⁓ our council doesn’t like the idea of that. Don’t turn it on for us. And so. Yeah, it’s hard. Again, like as far as success goes, I’ve never built a trusted exchange framework and common agreement. So props to the folks who’ve done it. But, ⁓ you know, it’s, it’s been disappointing so far for me. And I’m like wanting to know how to push the ball forward.Brendan Keeler (08:06): Yeah, Brad, what about you? You tried it out?Brad (08:07): Well, as I think all the listeners should know, whenever there is a new opportunity to test one of these, I think I’m one of Brendan’s trusted exchange dummies. ⁓ You got guinea pigs? Most, I mean, the weird part about this for me is my healthcare for the past, let’s call it nearly a decade, has been at two health systems, the random third one in there that weBrendan Keeler (08:18): Guinea pigs if you will. You’re my guinea pig.Brad (08:31): Don’t need to talk about. So the request pattern for me is like pretty straightforward. And if I use somebody, you know, if I test somebody who’s also using G 10 APIs, then I can just log and like I get everything. Honestly, this isn’t really a critique of the network, but if I had to critique. One part about my experience is my problem list or my conditions just never gets cleaned up. And so for somebody, I’m not living with any, aside from being morbidly obese and every sort of after visit summary, I’m not, yeah, it says I have a torn calf that happened six years ago and why has nobody taken that off? I don’t need to access, I don’t need IAS to really change anything about my life, but it is frustrating as a patient. to suddenly be able to see everything and feel like, it almost makes me feel like I have less agency, which I know is, that’s like a tangent that we don’t necessarily need to go down. I have lived in the same city, I have gotten the same care from the same set of providers for a really long time. I hear stats about people not moving more than two zip codes away from where they were born or like not a super mobile population. I sometimes come back to like, how big is the problem that we’re solving or can we define specific use cases that house an actual documentation or transparency problem instead of saying, can we get 7 billion records exchanged across TEFCA?Brendan Keeler (09:57): If you look at other network based problem sets like payments, there are ubiquitous networks like cash, right? Cash is a ubiquitous network in terms of being able to go and bring it to most places historically and use it. And even with the advent of check and credit card and other technologies, cash still prevail because of ubiquity, flexibility, et cetera. And so as we think about Carequality, Like will it be sunset or something? Well, there’s ubiquity to it. So maybe it persists. As we think about prior patient access networks, you hinted at one Brad that I think we should illustrate further is that Individual Access Services is the fifth generation of us attempting to give patients access to their data. And so it started with HIPAA in terms of the patient right of access, a very manual but ubiquitous process that I can go. satutorily with a statutory right and request my information from any hospital. That is ubiquitous, It applies to all covered entities.Pryce (10:57): But that was like a right, not a process. It was ubiquitous.Brendan Keeler (11:00): but it establishes a ubiquitous, sans HIPAA in that right, you go to your hospital, they’re like, hey, get the hell out of here. And so it’s not ubiquitous. So it built a ubiquitous, albeit manual network like cash. And so it’s persistent. It’s still the fallback. We then had View Download Transmit, which for all certified EHRs, they needed to give a capability in the patient portal to download a CDA document. And so, not as ubiquitous, but pretty far along the pattern in terms of certified EHRs are a lot of, are many, many different providers. And as a result, scrapers built, know, HumanAPI and other scrapers built the capabilities to reach in there and built a network, right? A network to allow for programmatic access to those CDA documents. Pryce, your hand was up. So you got a thought, I think.Pryce (11:45): I just gonna say, I just wanted to clarify, I think View Download Transmit was like Meaningful Use or something. So what era are we talking about? Like 2015-ish or something? Okay. And then the output, just to be clear to the layperson, I mean even myself, because I’m not an engineer, a CDA is like an XML formatted blurb of.Brendan Keeler (11:53): 2012, yeah, 2010.Pryce (12:10): confusing information to the layperson. And so it was available programmatically, but maybe not immediately usable unless you were using one of these aggregators like ⁓ OneRecord who could figure out how to make it usable for you.Brendan Keeler (12:23): The hypothetical benefit was that CDAs also were both computable formats and also with a renderer, you know, could be rendered visually. Like that was one of their benefits and like why people liked that format. so hypothetically, was beneficial in that way. The bigger barriers were typing in your username and password to individual patient portals. And so...Pryce (12:43): which is authentication. That’s proving that you are who you’re saying you are. If I say I’m Pryce and I know Pryce’s username and I know Pryce’s password, then the system just has to assume that I am Pryce.Brendan Keeler (12:55): Yep. And so that persisted, we assumed that the problem with that generation, the CDA and View Download Transmit generation of patient access was the format that it wasn’t programmatic enough, that it wasn’t an API. And so with Meaningful Use 3, but really the Cures Act, we said, okay, certified EHRs need to make available APIs with core clinical data that can be surfaced to third-party applications. So we assumed from a regulatory and policy perspective,Brendan Keeler (13:22): that would fix it. That was the big problem. And then people aggregated those APIs, notably 1up Health, notably b.well notably OneRecord were some of the big push people to push that. Yep. And we encountered another problem. What’s that problem? Username and password is, for Brad, is not challenging. But for some populations, if you have chronic illnesses, if you’ve moved around a lot, you might have a lot of portals. You may not have activated those portals with username and password.Brad (13:49): Yeah, the activation. I know you did. There’s a great piece, if you want to know how psychotic Brendan is, of him signing up for every MyChart. And the one health system that is not in New York City that I have records at has this like insane, you have to get a PIN code. And they mailed me a postcard and I didn’t get that postcard fast enough for the... I was like, why am I going through a three month process to create a username and password for a health chart that like I don’t care about? And I will say I can now get access to those records. So that’s positive. Thank you, TEFCA.Brendan Keeler (14:20): What is security if not a three month friction-filled process? The bad guys can’t get in either.Brad (14:26): No? You better have the key to my mailbox. You better have... It was wild. Yeah.Brendan Keeler (14:32): But that was the barrier perceived by our regulators, ⁓ Kristen Valdez of b.well has termed it portalitis, right? For these frequent flyer chronic illness or sickos like myself that go and sign up for all the portals. by whatever means, whatever it means if you’ve gotten so many portals, it takes a lot of time to log into the 57 portals. Literally it takes me half an hour. And so they,Brad (14:47): That’s a different form of chronic illness.Brendan Keeler (14:59): Stefka Individual Access Services supersedes a fairly ubiquitous capability, the Cures Act G10 APIs with less friction-filled experience where you take the CLEAR, ID.me or Persona, ID proofing, selfie and such, and then can hypothetically pull from the network, the problem being it’s not at the same ubiquity. And so I think of it like Apple Pay or Google Pay where you’re like, sweet, I can use that sometimes, but. I can’t use it all the time. And so we still fall back to check. We still fall back to ACH. We still fall back to cash when we want to get ubiquity.Brad (15:35): Question for you guys. So I get excited about new capabilities and diagnostic imaging. one part about getting my records when I had a weird illness, I had to take a CD into NYU for them to put my imaging and then mail that off to somebody else, which was like,Brad (15:56): I mean, I figured out how to do it, but like, had I not had time to take off work, those images would have never gotten out of NYU. Is the, is ONC, and maybe we don’t know the answer, but when ONC considers new data types to be exchanged, is TEFCA the default network that they’re gonna use or will we establish different networks?Pryce (16:16): I think it remains to be seen, right? mean, like, so the CMS put out an RFI for diagnostic imaging this year. Brendan Keeler (16:21): It was the ONC, actually.Pryce (16:22): It was the ONC. Okay. did they say we should do this on TEFCA? No. And if they, if they were to try to do that, it would probably require a lot of new technology because right now TEFCA is largely CDA and XCPD still, which isPryce (16:37): HL7 version 3, FHIR sort of HL7 version 4.Brendan Keeler (16:40): the history here, there’s a couple commingled factors that make it challenging. So diagnostic images aren’t in the EHR typically, right? They’re in the PACS system, which is unregulated. So that’s challenge one is like, how do you get Sectra and AGFA and all these other PACS to build the capabilities and to play in the ecosystem when they’re not regulated? That’s challenge one. Challenge two is these are big. files, right? Terabytes potentially, depending on the type of diagnostic image that’s produced, let alone video for like endoscopies and such. Three is, you know, like what are we doing matters? Like, because just surfacing in the USCDI data sets as this is a core piece of clinical data. And then it’s like, are we doing patient access to that data? Are we doing B2B networked exchange? Are we just making it available for point solutions? Like there’s different problem sets to be solved. And so the RFI was inclusive. It was sort of like a poking around at all of them. was like, all right, how would we do it for provider to provider? How would we do it for patient access? The nice thing for patient access is that brilliant HL7 geniuses, particularly Josh Mandel have already done like an implementation guide and planned out how you do it for that problem set. Like what are the. ways the EHR would interact with the PACs. For B2B, what’s interesting is there’s like 30 different standards. So like there’s been many different cuts at Wado RS over DICOM or all these different obscure acronyms for like how could you translate it or transmit it rather? And no one, we a consensus. There was even in CareQuality and Commonwell implementation guides for diagnostic image exchange. And they tried to engage different vendors like AGFA and Ambra and Life Image. they were like, well, why would we do this? We want to do our proprietary private networks for diagnostic image exchange. And so it’s challenging. It’s challenging for all those reasons, but precedent, international precedent shows it’s possible. So the Netherlands does diagnostic image exchange. They use what’s called XDS-I. So basically, an extension of the technologies used for Carequality and, um, CDA exchange. And they do it, they do it, uh, not ubiquitously, in read like regional health information exchanges, they, they have what’s called TWIIN, um, which is a national initiative and they’re, they’re making tremendous progress there. So just about picking it, incentivizing it and getting people to play along.Pryce (19:05): You know, it does matter what the use, the use is here. Like, like we think, okay, so why are images not flying across this network as well? And then my first thought is kind of like, well, generally the moment an image is taken, it’s for, it’s diagnostic imaging. Then a radiologist who is affiliated with where the image was taken, interprets the image and writes all about it. And then it’s back in the EHR. So in a lot of ways you could say like, well, the juice, the value of the image has already been extracted and somebody should have access to that information via CDA exchange or, or FHIR APIs things like that. Of course, I guess it makes sense that a lot of physicians or radiologists or whomever would say, well, I would actually like to see the image myself as well and come to my own conclusions. Is that what’s happening here? Is that why people are always like, I want the image instead of just the, diagnostic study, is sort of the outcome of what we thought of the image.Brendan Keeler (19:57): Brad, you look like you have a thought.Brad (19:58): I would guess that there’s this is a trust issue and like whether or not I think somebody read the diagnostic study correctly. My opinion is slightly tinged by like, has the ability to get those records between systems, the diagnostic studies improved over the last five years when I had to deliver a CD to the hospital or?Pryce (20:20): you’re saying like, would it be more likely nowadays? Yeah, yeah, yeah. Would it be more likely nowadays that the doctor to whom you’re going next is like, well, I already get the gist of what the image, what that MRI said or, yeah.Brad (20:22): Like has it changed? Yeah.Brendan Keeler (20:32): There’s just a lot of workflows where it’s valuable. A second opinion is just an obvious one where it’s like, think this radiologist is s**t, let me go down the street and suddenly you gotta go get another MRI or something, that stinks. It could be like you get injured again, right, you break your leg again, and they’re like, okay, well, let’s go see what the break originally was last time. looking at the...Brendan Keeler (20:55): the radiologist report might not give the information to the new radiologist of like, okay, what happened here? How did he all like there? And then there’s value to these diagnostic images, right? If you could build a big data set, you could start to do nifty things about, you know, with radio AI radiologists and things like that. So there’s a variety of reasons that yes, the, the diagnostic reports that are produced from the, these images. are transmitted or should be transmitted at least, but still there’s voracious demand to understand and see the actual raw images for reinterpretation or different reasons.Pryce (21:31): So to build on this, we’re saying we have is live. Trust Exchange framework has tens of thousands of hospitals on it, and you can send a query up to a QHIN that says I’m looking for Pryce. He has an appointment with me tomorrow. then queries go out to all the other QHINs that try to locate me based on my demographics and my identity, not based on some sort of universal identifier. and then notify, not yet, not until I get my imperial chain code, Star Wars reference. ⁓ great weekend, just saw the Mandalorian and Grogu last night. at first, really tough code was like, okay, covered entities are going to exchange data with covered entities and they will authenticate against each other.Brad (21:55): Not yet.Brendan Keeler (22:01): It’s a good weekend for that. It’s a good weekend for that.Pryce (22:15): you will know that it is Hopkins making the query when Hopkins makes the query. And then the authorization, the next step authentication is, I know the server making the query authentication or authorization? The second Z there is like, do they have permission to access this data? I believe they are who they say they are. And now what data do they have access to permission or permission to access? And by and large, you know, providers should have access to clinical data when they’re treating someone and and the whole chart except for maybe behavioral health information would be exchanged so long as patients opted in and things like that. But we’re talking about how using the same framework for multiple use cases can be challenging. How do you implement this if it’s a slightly different use case? And so with Individual Access Services, we see an interesting debate happening. I guess I’m not sure the history of this debate in TEFCA, but I can tell you it’s certainly happening. or people are thinking about it lot with regards to the CMS HealthTech ecosystem and CMS Aligned Networks. When we do Individual Access Services, like I said, I might take an app that’s gonna help me query TEFCA for my records and it will use CLEAR to verify that I am who I say that I am. And it’ll go off and query the networks, the QHINs and say, it’s for sure Pryce looking at his phone. He wants to give his data to Oura. because he is an Oura user and he wants to allow them access to his charts at his Athena PCP. The question then is, okay, I’ve authenticated that I am who I say I am. Typically, I would then need to authorize some sort of release of data from the system that actually has it. So just as an example, when you go to sign in to Instagram and then it says, do you want to sign in using Google? You click yes, then it takes you to Google and Google says, do you want Instagram to have access to your name, your birthday, your email, et cetera? And you say yes. And that is you authorizing. You’ve authenticated that you are, you say you are, and you authorize the exchange of data for a certain time period or for a certain scope of information. And right now, That’s not exactly happening with TEFCA. The author is, or the authentication is saying, okay, this is definitely Pryce return his chart. And only Epic I think is at the moment on TEFCA then redirecting. this is pissing a lot of people off because they think it’s Epic sort of blocking the liquidity of data. But Epic then says,Brendan Keeler (24:36): There’s literally, let’s be clear, there’s literally an antitrust lawsuit by the AADJ against them for alleging that. yeah, I would say some people think it.Pryce (24:42): Well, it’s for a lot of things. Yeah, I could go on about that for a minute too. so yeah, it’s just like, is Epic right or wrong by saying, well, okay, I believe that it’s Pryce on the line. Now I want him to log in and tell me, here’s your records from Hopkins, you know, which uses Epic. How long do you, you do you want us to give them your allergies, your meds? Do you want to give us all this? How long do you want them to have access to it? And so in a way, Epic thinks that they’re being pragmatic and, and, ⁓ usefully, I guess, limiting the, unlimited exchange of healthcare data without my permission. But in a lot of, in a lot of ways, people are like, no, if Pryce took his picture and he asked to fetch his records, he wants the whole thing. And so authentication and authorization at the moment, they’re hard to implement separately because people wanted them to be jammed together, but we’re doing this on rails, you know, that didn’t account for this kind of very nuanced piece of the workflow. So yeah, where have we landed with that, Brendan? Maybe you could tell us like, is there an official recommendation from TEFCA or from the CMS Health Tech Ecosystem as to how we’re handling that for Individual Access Services?Brendan Keeler (25:53): Yeah, a couple of things I’ll layer in. Epic alone is doing the FHIR-based flow, right? So when data is retrieved for Individual Access Services, it’s going through and doing this, what’s called an XCPD first, right? Which is not FHIR. It’s a patient search to all the QHINs. It says, hey, do you have Pryce? Do you have Brendan? Do you have Brad? Here’s the identity token that they proves that they proofed with CLEAR, proofed with ID.me, proofed with Persona. And then those different QHINs say, yup, here’s where they’ve been seen. So for me, it’s like 50 Epic sites, one ECW site, some random HIE that I’ve never been seen at, which I don’t know why it’s happening. And anyway, and then they go and they can do one of two things. They can either go and do a CDA retrieval, if that’s what’s supported, or they can go and do the FHIR flow. And so for all the other Individual Access Services implementations thus far that we’re aware of, it’s been, they just said, okay, well, if you include Individual Access in the header of your CDA retrieval, we’ll give you back the CDA that we give for treatment. So it’s a very blunt old school approach, but probably more simplistic to implement for than full new FHIR flows.Pryce (27:00): Well, and admittedly, 95, 98, 99 % of the people who are taking a picture of themselves on CLEAR to fetch their patient records probably just want the whole patient record to come back. They’re not looking to then talk to Epic and say, yeah, it was me. Here are the pieces that I want. But go on.Brendan Keeler (27:15): I don’t, does the end user care? Like they care that the job to be done that they’re doing is done is the way I think about it. Does the app care? Well, I think there’s a lot of people out there that would say, well, we need to get to a FHIR, a new FHIR native network. And in that way, the only person pushing on that right now, thus far is Epic. so props to them. We have to give... what was it? S**t sandwich, right? Like the positive, the negative and the positive. So the,Pryce (27:20): Right, that’s what I’m saying.Brendan Keeler (27:39): The s**t part, the middle part is authentication and authorization. With the CDA flow, you’ve already identified proof, great. You got authorization, you got authentication baked in, you pull those documents, have fun. For the Epic flow, from a privacy perspective, from a security perspective, they’re saying on behalf of their health systems, we need to have a layer of authentication and then the authorization to prevent security breaches is the argument that’s been posited. Until they can get government relief from the OIG saying, hey, until if we release this pattern, we’re not gonna be liable for a HIPAA breach, then they have been pushed saying, we don’t wanna do this because there’s no upside. What is the upside to doing this except somebody suing us when a breach happens in this pattern? And make no mistake, people sue about these things all the time, all the time. And HIPAA doesn’t afford the right private action, but they find patterns and ways, right? We see this with the lawsuit where there’s all these class actions that are brewing. And so there’s a reality that people need to at least understand that that is the math for, you know, Cleveland Clinic’s general counsel. The ship is sailing there though, because ⁓ the CMS Health Tech Ecosystem. All these trends are saying we gotta get rid of authentication. Optically, it’s not looking good for Epic. So authentication is at least consolidating down to MyChart Central, right? One login for Epic and probably looking to get rid of it at some point later this year in the future. so authentication goes away, but authorization is interesting because it’s like, well, if I have authorization, and it’s on the health system side, then I can do nifty things like deal with caretakers or deal with other proxy situations so that Pryce, after he’s identity-approved and starts to pull records, could then select and say, okay, I want it for my son or for my mother or somebody, you know, a proxy situation. And so that could be accommodated in a slightly more straightforward fashion with hospital-side authorization. But I also think the ship is sailed there where people are like, well, we want authorization outside of the EHR, outside of the provider, which means that we have to go reinvent something to deal with proxies.Pryce (29:53): Also really quickly, Epic actually does enable health systems to turn on, either respond directly to the IAS query or ask for authorization from the patient by not only requiring the IAL to OIDC token from Clear, but also get them to log in and say which part. Those health systems, those Epic using health systems can allow either path. And to your point, Brendan, all of their, you know, regulatory compliance and legal officers are saying, make it as hard as possible to access this data unless it’s Brendan, unless he knows he remembers his password and his username, things like that. So it’s interesting, like they can develop something, but they’re not implementing it. It’s these providers who are implementing it the way that they want to implement it. Brad, did you have something to say?Brad (30:37): I was gonna say for the lay listener, like we’re talking about whether or not consumers want GDPR cookie banners, like do you want to accept all, do you want to go through and experience wise, I think as long as IAS is an accepted paradigm, most patients, based on other industries, most patients are just gonna take the whole record.Brad (31:00): if they can get it and not be discerning about it. this is a can of worms that I don’t think we should open, but that leads to likely a lot of leakage of that health data. It’s going to entities that are not covered by HIPAA. I mean, Equifax lost all of my information a long time ago, so I’m constantly locked down. But we’re going to see... we’re probably going to start having to go through a CLEAR identity process for like billing purposes because the chance for fraudulent billing with our health records is going to explode dramatically. This is just law of unintended consequences, which is a hard thing to open towards the end of our time that we can talk together. I do think, regardless of what businesses try to do, patients are going to look for the easiest solution. And the easiest solution is dump everything and let let the vendor who’s getting this data figure out what to do with it.Brendan Keeler (31:55): Yeah. And it’s why, look, I think of everything in trade-offs. it’s like all these architectures we’re talking about where author, you know, where all legalized, processized, technologies, technologize it. you know, you think about the trade-offs of like, what does it mean to put authorization on the health system side? What does it mean to put it on the credential service provider, like clear and what would it mean to put it on the app? And there’s just trade-offs that are very clear about those architectures. And we have to consider, okay, what are we, what are we optimizing for?Brad (32:00): Legalize it.Brendan Keeler (32:22): like we would in a product management. It’s like a product management hat of for this national product, this national architecture, what are the trade-offs? And so the trade-off, the biggest trade-off with app-owned authorization is you no longer have separation of church and state, right? There’s, have to control and constrain the behaviors of the app by legal, by legal terms, by saying, you need to, you’ve certified the CARIN code of conduct. You’ve been certified by this group. You’ve signed this thing. Whereas if another entity, CLEAR or ID.me to own authorization or the health system, then suddenly, you know, the vector for abuse is mitigated by separation of who is asserting something and who has certain prerogatives.Brendan Keeler (33:07): It seems like we’re choosing to move it to the app layer and that’s fine. We just need to be really, really honest with there’s going to be apps that want to have a different, there are good apps today, like B.well or like Fasten right? That are good and honest and think, think thoughtfully about how they’re treating patients. There are less scrupulous apps that will come and how do we constrain them from abusing it when their intention. and their goals differ from the patient’s. We can do it with legalese, can do it with certifications, we can do it with all those behavioral things, but it removes the technological barriers towards abuse.Brad (33:44): Well, it’s Memorial Day weekend. We’ve told you a lot about TEFCA, but what’s everybody putting on their burger this weekend?Pryce (33:52): Ooh, I think I still need to buy sausages and tortillas because that’s how we roll down here in San Antonio. A little sausage wrap.Brendan Keeler (33:57): Dang, we gotta get down there for a team trip. That’s what’s up.Brendan Keeler (34:01): I’m gonna go, I’m doing it Dutch style, I’m gonna do mayonnaise on my burger. Just kidding. Brad (34:05): What?Pryce (34:07): Is that Dutch?Brendan Keeler (34:08) But anyway, no just kidding, I’m not a sicko, I’m not a sociopath, at least in that facet of my life. alright, well have a great Memorial Day. If you’re interested in working with this crew on TEFCA, on IAS, on all the good things, please reach out and we’ll talk to y’all later. Get full access to Health API Guy at healthapiguy.substack.com/subscribe

Make sure to follow and listen to The Information Exchange on the podcast app of your choice! For instance, you can find the Spotify version here. The stars have aligned. The crew is back, full strength and four-deep, with (somehow) no one traveling, sick, or on a plane. We covered some choice material pondering the nature of not just Epic, but systems of record, antitrust, information blocking, and competition writ large. Some highlights:* Judy did Freakonomics and Katie Couric (after Acquired and Forbes in the past year). We dig into why a company that spent 40 years letting the work speak for itself is suddenly hiring marketing people and putting its 82-year-old founder in front of podcast mics.* API counts don’t measure openness. Why athenahealth’s developer experience runs circles around Epic’s, and why information blocking changes the co-opetition math for every system of record vendor.* Epic Cinematic Litigative Universe mini-tour: Particle sits waiting for a potential motion for summary judgment in a May of rapid litigative developments. Plus the SSNIP test and why antitrust law is structurally a bad fit for systems of record.* CMS announced electronic prior auth as a new pledge category. The pledging networks (b.well, CommonWell, eHealth Exchange, Kno2) are all clinical data networks. Were clearinghouses snubbed? Why CMS just tipped the X12/FHIR scales with seven months left on CMS-0057.Also: a fashion heat check from our local New York correspondent, Patagonia as Epic’s spirit animal, and the case for Judy on Joe RoganRelevant Articles* How Leeds avoided relegation: We’re happy for Brad. MOT.* Judy Gets Her Freakonomics On: Discussion of the Freakonomics interview and the insights it brings into Epic* Katie’s one-on-one with Judy Faulkner of Epic Systems: A longer interview by the famous journalist that pushed on Judy a bit harder* Organic Beer by Patagonia Provisions: I can’t believe this exists. Please comment on quality if you’ve tried.* Epic Opens the Door Wider for Developers: A post from last September about Epic’s incremental progress in changing how they treat developers* The Prodigal EHR: A previous article about how athenahealth leads the pack in terms of developer experience* The Iceberg Fallacy: Some further discussion of the cool developer experience and features athenahealth is releasing beyond the basics * AADJ v. Epic: Antitrust case referenced briefly in the episode. Epic’s motion to dismiss was filed on Friday, as mentioned.* 2025 EHR KLAS Report: Fierce Healthcare’s summary of the annual EHR research, which mentions how many Oracle Health customers want to switch but can’t. Mentioned in the article in reference to the SSNIP test.* Epic Litigative Universe: Prior article explaining all the lawsuits against Epic.* Electronic Prior Authorization in CMS Health Tech Ecosystem: Announcement of the new category and early adopters* CMS-0062: An Intra-Agency Cold War Goes Hot: Previous discussion of how prior authorization sits in the middle of the Venn diagram between administrative and clinicalChapters* Intro and Travel Catch-Up (0:00 – 0:44): The crew reunites after time apart and trades notes from Palm Springs, the NBA playoffs, and a trip across the pond.* Judy’s Media Tour (0:44 – 5:16): Judy Faulkner’s recent Freakonomics and Katie Couric interviews mark a sharp break from Epic’s historical posture of silence, raising questions about what’s driving the shift.* Epic Projects Outward (5:16 – 7:20): Why a company that long relied on word-of-mouth is suddenly investing in external messaging, and who inside (or outside) the company might be pushing it.* APIs, Co-opetition, and Athena (7:20 – 12:13): Counting APIs is the wrong measure of openness. A look at what real developer-friendliness looks like and why information blocking changes the economic calculus for system-of-record vendors.* Defense or Real Change? (12:13 – 16:27): Are Epic’s recent openness efforts durable, or a defensive crouch that ends if the lawsuits do? The crew debates how much of the company’s posture toward outside developers is cultural versus strategic.* Boomerangs and the Chief Meme Officer (16:27 – 18:16): Predictions on where Epic’s external-facing energy goes from here, plus a modest proposal for a certain alumnus to make a triumphant return.* The Epic Cinematic Litigative Universe (18:16 – 23:11): A tour of the active litigation against Epic, with attention to why antitrust law is poorly suited to systems of record and where information blocking gives plaintiffs more to work with.* The New Prior Auth Pledge Category (23:12 – 27:22): CMS adds electronic prior authorization to the Health Tech Ecosystem pledge structure, with conspicuous decisions about who’s invited and who’s left out.* Administrative vs. Clinical Rails (27:22 – 29:12): Prior auth has always lived at the intersection of two standards worlds, and the new pledge structure tips the scales toward one. The implications, with the CMS-0057 deadline approaching fast.* The Clipboard Is Still Breathing (29:12 – 31:50): A reality check on whether any of this regulatory motion is reaching actual patients yet, and a debate over how to measure progress when the deliverables are rules rather than experiences.TranscriptWe ran the transcript through an LLM to smooth it out. So it’s a rough approximation of the conversation (and in many cases significantly clearer than our rambling), but notably diverges from the word-by-word blows quite a bit.Pryce (00:00): All right. Welcome back everyone to this not-a-podcast that we call The Information Exchange. We four are glad to be back together. It’s been a long time since we’ve all been in town. We had travel to Palm Springs, which was really rough. Brad and I, Brendan and I had to, you know, suck it up and go enjoy Southern California. And I’ve been busy with, you know, this like, it’s really hard to watch all the Spurs games because hopefully by the time we release this, they’ll be in the Western Conference finals. So, and Brad, with your football team behind you, was in England for a little while checking out the EPL.Brad (00:33): For all of our big audience in Leeds. They’re very excited to see this.Pryce (00:37): Yeah, exactly. Shout out. Shout out to Leeds United. Well, Brad, why don’t you get us kicked off? What’s first on our agenda today?Brad (00:44): Well, you know, I was in England, so I missed some things and I came back to it’s been a flurry of lawsuits at the beginning of the year as Brendan has hopefully covered. Seems like Epic is active in the courts and now they’re active in our newsrooms. We got podcasts, Freakonomics with Judy and then Katie Couric, a former coworker of mine. If you want to hear that story. Yahoo and AOL merged. We don’t need to go into that section of my life. But I did ride the elevator with her one time, and she was very lovely. Yeah, Judy’s out there at the young age of, am I right in saying 79? Does anybody know for certain?Ryan Tucker (01:18): I think they said 82 on the interview.Brad (01:20): 82, oh man. Well, one thing I’ll say is she was at HIMSS in a leather jacket and she looked sick. So 82 looks good on Judy. And she’s not slowing down. Maybe President is next.Brendan Keeler (01:33): Are leather jackets, I’m not trendy as evidenced with Waldo here, are leather jackets in? Is that a trendy look?Brad (01:38): Well, though, yeah.Pryce (01:44): I think if you’re rich enough...Brad (01:45): Did leather jackets ever go out? It’s just that you have to have the vibe. Yeah.Pryce (01:49): Meaner, yeah.Brendan Keeler (01:50): New York Man is the trendy one of the four of us. We’ll take that word. Ryan, what do you think? Did you see any of those interviews?Ryan Tucker (01:57): Yeah, I watched the Katie Couric one. You know, the whole time we were at Epic, very reserved in terms of anything external facing. Judy did meet with folks internally quite a bit and would regularly talk at our monthly staff meetings. And so we heard from her a lot, but there was never really anything publicly facing. Now that all these lawsuits have started happening, maybe some perceptions that were a little brighter have started to turn. It’s interesting that she starts to speak up. Maybe that’s the more cynical side of me talking there. She, in my opinion, does not have the best media training. I think the lack of like the past 30 or 40 years of doing any public-facing interviews is quite evident. Katie Couric was like very amicable to start. She was even trying to draw some lines between like her path and like the difficulty of being a woman in an industry where it’s really surrounded by men and how they’ve kind of both succeeded. And so she was trying to like maybe find some camaraderie there that felt pretty flat. And then my favorite portion of the interview was she started to talk about like Epic’s culture and it was a true like s**t sandwich tactic by Katie Couric where she talked very highly of the campus, of the art around the campus. And then she mixed in, it seems to be a bit like Lumon on steroids, which if you all have watched Severance is like not at all a compliment, but I don’t think Judy got the reference at all.Brendan Keeler (03:35): Just blew right by it and there were laughs and I was like wait a minute. And I think that’s something worth noting. Freakonomics was kind of a puff piece, was really positive. Katie Couric one, definitely she dug in, but like with that zinger but also some questions.Ryan Tucker (03:53): Yeah, I do wish she followed up a little bit more, like held her a little more to the fire, but also she’s at the Epic conference. I wouldn’t be able to do that personally. There’s also like definitely some analogy to be drawn there about Lumon internally, the Innies versus the outside world. You might see Lumon as kind of a corporate business that’s succeeding. I do think there’s tales to be told about Epic there. So yeah, it’s just very interesting how this is all playing out, especially for someone who worked there for five years and there was nothing at all that would ever be put out like this during that time.Brad (04:30): We have three former Innies right here.Ryan Tucker (04:32): Yeah, exactly.Brendan Keeler (04:34): Brainwashed.Pryce (04:34): Yeah, what’s the opposite of severance again? Re-assimilation or something? That’s what we must have done.Ryan Tucker (04:40): Yeah, yeah.Brendan Keeler (04:40): Yeah. What I’ll say about it all is that they are changing, right? They’ve hired marketing people. They started to allow outsiders to come to UGM. They have somebody who’s like chief meme officer, not that title, but is running the restarted Twitter account and social media since last fall. So clearly something is changing. And then they’ve done, you know, some of the biggest podcasts in the industry, right? Katie Couric’s huge. Freakonomics is a household brand. And then they had acquired last spring. All they need is Joe Rogan and like, you know, we’re set.Brad (05:16): Calling it here, Judy smoking a blunt on Joe Rogan. It’s gonna end health tech.Brendan Keeler (05:20): It would be tremendous, break the internet. I mean, even on, I think it was the Couric interview, Katie said something to Judy like, hey, what’s changed for you recently? And she’s like, I never had to do these sorts of interviews. So I think she’s being pushed by maybe some of her policy people, maybe some of her marketing people to start to project outwards more. She’s done that Forbes interview a year ago. All of this to say is that they’re trying to actually shape their external opinion because they have strong belief in the good things that they’re doing in this world and the good things they’re doing for healthcare, and realizing that now with their posture in the industry, they need to project outward and influence those perceptions that are out there because otherwise the lawsuits continue to pile up and just the sentiment becomes a thing of its own, well, and its own snowball effect.Pryce (06:09): When I worked at Epic from 2015 to barely 2017, you know, the theory was like, we let our work speak for itself. Our customers will speak highly about us, other customers. What more could you need, you know, in the way of marketing, especially because it’s not like you run a Super Bowl ad about your electronic health record. But it’s funny to think like, well, now that the sort of perspective on Epic, a perspective about Epic, has saturated the market. Everyone has heard of it. Everyone either has it or they’re being forced to move to it or they want to move to it or they hate it. And now it’s like, yeah, all of a sudden it’s like, well, word of mouth has kind of run its route in terms of a marketing strategy. And Brendan, you were saying maybe the internal team at Epic is pushing her to be more public. I was just thinking, customers are probably saying, listen, if we’re going to be an Epic shop, if Mayo Clinic is going to be an Epic shop, if Cleveland Clinic is going to be an Epic shop and the CMS is always banging on our door and et cetera, et cetera, we’re named in lawsuits because of data that was leaked through a nationwide trust framework, et cetera, et cetera, et cetera. Are those CIOs or those CEOs, you know, approaching Epic and saying like, you all got to get a handle on this.Brendan Keeler (07:20): Okay, so we had Lumon in the Couric interview, and then in the Freakonomics interview, they’re like, we tried to find companies that were like Epic, and the only one that kept coming up was Patagonia. And I’m like, what? Patagonia.Ryan Tucker (07:31): That’s like the totally opposite direction to me.Brendan Keeler (07:34): Which kind of makes both food now and beer. They have beer in the beer aisle. And I’m like, this is a conglomerate. I didn’t know that, was diversifying it. I don’t think Epic’s doing any of these things. Because I would definitely try an Epic beer. I have no idea what it would be like. Digging into the interviews, there were some nuggets, particularly in the Freakonomics one, where it just showed how Judy and also Epic perceive themselves, right? She said something to the extent of, well, we’re interoperable. We make the most APIs, maybe more APIs. We look at all the APIs. We’ve got so many APIs and HL7 inputs and things like that. And I don’t think she’s wrong. I know she’s right, right? Because we have a little Claude Code script that pulls down all the APIs and stuff from the different EHR vendors, and it’s more. There’s more out there. More FHIR inputs and outputs and more HL7 interfaces than the other EHR vendors. But that’s not the point. The count of APIs and stuff is only one measure in the whole equation of are you friendly to third parties? Like, is that easy to use? Is the documentation there to support people in understanding what it really does and how it interacts with your software? Are you inviting people into the ecosystem? Is the water warm? And I think if Epic continues to believe that just the sheer count is enough to change the opinion from really the developer crowd, the venture capital crowd that has a strong hold over Washington, has a strong hold over this administration and a loud voice and influential voice, that’s got to change. They’ve started to with the Vendor Services Open@Epic conference, right? That got restarted last year and was a really good step to rebuilding a relationship with developers. But they have to do more. They have to continue to do more and push themselves for a model of co-opetition of inviting in what are sensibly competitors in many respects and competing with them, but also making the ecosystem where they can thrive. Like that’s hard. It’s hard to strike that balance, but it’s what other vendors do. It’s what athenahealth does quite well, right, as a comparison point.Pryce (09:45): I was about to ask if you had an example. It’s hard within a capitalistic society for a company to say, let’s spend resources on helping other companies. But you think Athena does that well, what, just because of their API? It’s not like they, it’s not like.Brendan Keeler (09:59): Yeah, yeah, and you don’t capture. Not just the API, the way they invite you in, right? The way that it’s documented, the way that they consistently have a change log that says what’s changed, that they have a partner program where they’re trying to engage with you. The challenge is that any company, maximal capture of revenue from a provider client or from any client as a software company is when they use all your products, right? If you’re selling a CRM, you can capture 100% of their CRM spend. If you are taking a cut of API transactions to a CRM third party, you’re only capturing a smaller portion of that. From a pure math perspective, system of record are biased towards building your own software and foreclosing third parties. That’s why things get bundled in every vertical. Information blocking changes that equation for EHRs, for healthcare. It’s a strong reason, beyond the morality and ethical reasons of co-opetition, to just lean towards co-opetition. Epic and other EHRs should take that to heart, lean into this idea of co-opetition because they’re still going to win a lot of these battles because the bundle still is appealing because defaults are appealing. You can sort of piece together some of the mentality in the responses from Judy. And she was even a little bit more pointed later in the interview for Freakonomics where they asked about antitrust. Are you worried about it? And she says, well, how can we possibly support all these, if there’s 50 developers for this dermatology app and there’s 10 of those apps, that’s 500 programmers, that’s a waste. And so from an economic efficiency standpoint, vertical integration, and it makes sense and there’s a math there that’s true, capitalism is inefficient. The inefficiency of redundancy and different things means there’s a lot of wasted effort, but the net outcome is better than a single top-down approach. And that tension surfaced in the interview. She has to realize, Epic has to realize, that the information blocking statute changes the equilibrium and the math here in a way that they should lean into and we see different platforms starting to lean into.Brad (12:13): So. No disagreements. But I also think it’s tough to not look at, Judy is out here doing publicity for the first time since any of us have been alive. They’re also just facing an onslaught of lawsuits left and right, but they’re getting wins. None of us can read the tea leaves or know the future. I guess we can read the tea leaves and be wrong. How much of this feels like a defensive position that as they start to win in court, if they do start to win in court, they give up on these efforts of being more open? Put Judy’s interviews aside, does Vendor Services stop being important to them if they’re able to win in court?Pryce (12:50): I want to take that because I have an opinion about Epic here. To Brendan’s point, the most functionality with regards to interoperability, they’re the first to release things when a regulation comes out that says they’re going to need to release this by this date. They’ll beat the deadline by a long shot. And yeah, they’re up against a bunch of folks who are angry that they’ve got a walled garden right now. I feel like the biggest mistake that Epic makes, I guess the thing that frustrates me the most, and Brendan, I think this speaks to why it feels like they’re not in co-opetition. It feels like they’re just exclusive. When you work at Epic, you just assume that everyone else doesn’t know what they’re talking about. And that’s the part of their culture, in my opinion. “Well, you don’t understand how Epic works. So you probably can’t help with my sepsis algorithm” or something like that. And when in fact the matter is like, if you just gave this other company a little bit of data, they would have a sepsis algorithm that far, you know, exceeds the capabilities of Epic, which I think was notoriously bad. And so anyway, that’s the frustration. It is not like the efforts that they put into enabling developers. It’s like the posture that they have towards those developers. It’s like always one of distrust, always one of, “You’re gonna mess this up.” And I don’t see that changing anytime soon.Brendan Keeler (14:06): Epic is not a homogenous, a heterogeneous, large organization of 15,000 people and some people are being... So I struggle to be like assigned to any company of any size, those things. But in general, people’s greatest strengths also are their greatest weaknesses. And their paternalism in a pejorative sense is why they’re so...Pryce (14:18): Well, it just got compared to Lumon. Yeah.Brendan Keeler (14:33): Freaking effective at their installs and always hit their implementations as they come in opinionated and somehow train these 22 to 25 year olds to go and lead these really messy implementations that in every industry at system of record implementations take two years to install the ERP for the state of Kansas or something, and just delays and delays and whatever doesn’t happen. Their culture drives them to their success. But it also leads to, now that they’ve achieved that success, some real risks in terms of the antitrust posture, right? In terms of foreclosing competition, which by and large, I think antitrust law isn’t well suited to go after them, as we’ve discussed before. And that these cases, I think they’ll escape the antitrust ones. But information blocking, that’s a much more poignant, pointed risk for them. It really does tackle some of their weaknesses and forces them to say, what’s the new equilibrium here in terms of that co-opetition? And I see positive incremental change over the last two years in that regard, in terms of the Open@Epic vendor services, in terms of the Open@Epic conference. They just released 100 or something new Kit APIs in Vendor Services publicly. So there’s positive changes, but it’s not a one, do this one thing and solve, it’s a continued change of culture, of ways of engaging.Pryce (15:57): It’s not a module you develop. It’s very operational and an operational drain. But yeah, that’s a really interesting point that you make. I was just looking at someone working in Cerner or Oracle earlier today and thinking, technology looks fine. Looks just as boring as every EHR. And it got me thinking, man, are the services at Epic just that much better? Like the install team, that much more effective than 50 people from Deloitte, and is that paternalism to your point, Brendan, really what keeps them focused and creating best practices and things like that.Ryan Tucker (16:27): There’s a big difference between the anti-competitive behavior and the anti-openness to development. I think, like, Brad, you’re asking for a prediction of what will happen. I think the antitrust stuff, if that starts to die down, maybe we’ll see Judy be pulled back a little bit. Like the executive, like, you know, overall market facing side of the organization, I think that might start to shrink a little bit. The vendor services side, I’ve never personally felt that they were anti-being open to integration. It’s just they want to control the route that it takes. And so anything that ends up landing into their software, they very much want to control how that looks. And I think that comes from, Pryce, as you said, just skepticism when it comes to the other side’s development and what that might look like coming into their products. And I think they have some rights to want to control that too. I see them keeping with, especially if info blocking sticks around, which it looks like it will, sticking with the Vendor Services stuff, like more openness towards integration, not so much the marketing side. And also just before we get off of this topic, Epic. One thing you learn as you’re an employee there. Most folks will kind of go through it. There’s like a big calling around the two year mark and then the five year mark where people leave. Every once in a while you have a special case where somebody will actually come back and they call that a boomerang. And I just want to say, I think it’s a big missed opportunity if they did not reach out to our Waldo here for that chief meme officer. Did they ever contact you, Brendan, because that would be the opportunity for a Brendan boomerang that I think would make the most sense.Brendan Keeler (18:10): You know, I have, I’ve not received anything yet. Maybe it’s gone to spam. We’ll have to see.Ryan Tucker (18:14): Gotta check it. Gotta check it.Brendan Keeler (18:16): In terms of tactically, Brad, the court cases, right, we are, we’re in a period of like regulatory slowdown. We had like a real flurry of CMS Health Tech ecosystem, CMS 0057, CMS 0062. And before that, HTI-5, we’re in the lull of like them finalizing HTI-5 and HTI-6 coming up. But the litigation is hitting a bunch of interesting points, right? Particle and Epic has been in this phase one discovery that they just sort of wrapped and now they’re butting heads saying, well, Epic’s saying, “We want to do a summary judgment. We want to close this puppy off. Market definition sucks. Let’s get out of here.” They’re trying to end that case. And Particle’s saying, “No, we proved what we had to. Let’s move to phase two, the broader discovery.” And so we should see a decision there coming up, which will be exciting. I think the judge will hear the summary judgment motion and then may choose to move forward is my guess. But Epic does have pretty good grounds if they get the trial in terms of the market definition. Antitrust is really hard to use against systems of record because systems of record rarely get to the size and market penetration of 70% or 80% that is usually indicative of traditional antitrust. And antitrust is changing a lot right now, but still.Brendan Keeler (19:32): If you only have 41% market share, it’s a tougher case to make, especially if you’re in front of a judge with a more traditionalist view on what markets are.Pryce (19:41): And just to be clear there,Brad (19:41): 56.9% of hospital beds though. KLAS, yeah.Pryce (19:45): Ooh, but not 70.Brendan Keeler (19:46): Still low by antitrust measures. And so just antitrust as a tool is really well geared towards network-based businesses, like the train networks, right? Break up the train networks because networks tend to move towards ubiquity, move towards really strong market control. Like Surescripts, right? Surescripts had antitrust against them.Pryce (20:07): Well, and they specifically, as a virtuous cycle, continue to succeed if they, you know, close off competitors or purchase competitors. And all of a sudden it’s a special type of differentiation. If you have the ubiquitous network instead of a network, that’s useful.Brendan Keeler (20:25): Right, it’s not linearly tied. Every new node is exponentially more valuable in a network-based business.Pryce (20:31): And I want to clarify too, you’re saying systems of record rarely reach that 70% threshold that maybe is arbitrary, but sort of indicates potentially a monopoly. But they get blamed for antitrust all the time because of how challenging it is to switch away from them. Is that the idea? Like how challenging it is to be a new market entrant and compete effectively? Lock in.Brendan Keeler (20:50): Yep. Yeah, the switching costs for these type of software, it’s again, nonlinear. It’s like the bigger they are, then it’s the exponential switching costs. And so these types of software, EHRs, but also ERPs, systems of record fail what’s called the SSNIP test, right? The small but significant increase in price. And so in traditional economics applied to antitrust, if you were to change the price of a product and increase it a small significant amount, would that cause people to switch to an alternative? And to like a bottle of Pepsi? You’d switch to Coke, right? And so then that hypothetical monopolist test fails. In the case of systems of record, well, you could raise the price a little bit and you’re like, man, the cost of me moving is 10x that, it’s 100x that. And you see that in KLAS reports, not just for Epic, but for EHRs where they say, yeah, I’d move my EHR, but it’s too expensive. Like the KLAS report just came out and a bunch of people said that about Oracle. Said, I would change off of Oracle like 33% or something, but I’m not going to because it’s too much work. And so this type of software almost uniformly, even for non-market dominant EHRs and systems of record, fail this test. It’s the paradox of antitrust applied to systems of record that it can be both not hitting the metrics needed for market penetration, but also kind of universally failing the SSNIP test. All this is to say, I’m not optimistic in just a general principle towards the Particle case, towards the Texas versus Epic case, which is another antitrust case. And then CureIS, CureIS versus Epic is an antitrust case, but also an information blocking case. So it’s a little bit, got more levers to pull there potentially.Pryce (22:38): The spinoff movie and the Epic cinematic litigative universe.Brendan Keeler (22:41): Yeah, the collab, right? You know, the crossover event we’ve been waiting for. But we should see action on most of these, right? CureIS is having some interesting developments on their discovery. And AADJ, the American Association for Disability Justice that sued Epic for antitrust, the brief by Epic is due today. So we should have a juicy response from Epic by midnight tonight.Pryce (23:11): Can’t wait.Brendan Keeler (23:12): Alright, enough about litigation. What if we cut over and talk a little bit about the CMS?Pryce (23:16): Ooh, yeah.Brendan Keeler (23:17): What’s happened, Pryce? Do you know?Pryce (23:19): You’re talking about the CMS Health Tech Ecosystem adding a new vertical of workflow, you know, new bodies of participants, but this is for the electronic prior authorization, which by the way, shout out, Caitlin Owens. Apparently one of my good friends from college was on stage with Dr. Oz when he made this announcement at the CMS. She works for Axios and she’s really badass. So Caitlin Owens will not listen to this, but she’s great. So they announced this past week that they’re adding electronic prior authorization to the list of use cases that the CMS HealthTech ecosystem is for. Is that right?Brendan Keeler (23:52): Yeah, they’re creating a new pledge category.Pryce (23:55): Pledge category. Ryan, what did you take away from this? Have you read through it?Ryan Tucker (23:59): I have a bit. I think the main takeaway is who it’s for. The provider, payer, provider side is very much included. Clearinghouses, I think, were snubbed out of this, maybe purposely so. But I thought that was interesting because most of the transacting that happens on that level that I’m aware of and that the folks who are preparing for electronic prior authorization, lots of clearinghouses. So it seems like the government is actually trying to direct away from the usage of clearinghouses based on what they’re trying to incentivize here.Brendan Keeler (24:30): So you can be an EHR, you can be a provider, you can be a payer, or you can be a network to pledge into this use case. Okay, maybe a clearinghouse could pledge as a network, but not in the way the health tech ecosystem is structured. If you do the pledge as a specific category, like a data network, it’s kind of all or nothing. You have to go and do facilitate patient access, you have to go and provide treatment, the treatment exchange, you have to facilitate the operations exchange from payers to providers. You have to go full bore into all of the pledge pieces. So, okay, so then if you...Ryan Tucker (25:10): Which they’re just not positioned at all to do so.Brendan Keeler (25:13): Yeah, yeah, right. Totally. You’re asking an administrative network to be a clinical network.Pryce (25:19): I pulled up the press release here. We’ve got providers that are committing and then we’ve got electronic health records that are committing. So presumably that’s the submitting system of the electronic prior authorization would be the EHR instead of point solutions or clearinghouses who could help out. And then the networks are b.well, CommonWell, eHealth Exchange, Kno2. Those are CMS aligned networks. They’re already, you know, used to exchanging clinical data and sort of easier for them to tack on Da Vinci type transactions with regards to prior authorization requests. You’re saying that’s easier than like a clearinghouse (like Change) all of a sudden becoming a full on FHIR network and CDA network. Is that what you’re saying, Brendan? Like one of them is easier to transition into both administrative and clinical.Brendan Keeler (26:08): Yeah, I mean, so prior authorization is one of those use cases that if you squint from one vantage point, you’re like, well, it’s always been in HIPAA administrative transactions. It’s an administrative transaction. It’s in the clearinghouse and payer provider data exchange lens. But then you squint from another vantage point and you’re like, wait a minute, this is a clinical transaction because inherently you need to be sending a bunch of clinical information across the wire. For a while, there were these two domains that the administrative transactions did a lot of X12 and were very payer-led workgroups like AHIP or WEDI. And then you have the HL7 and other workgroups doing the clinical stuff, CDA and the HIEs, and never in the middle shall they meet. Well, now in the middle, they’re meeting time and time again, and it’s leading to friction points as the different players want to use different standards, right? Maybe use X12 or use FHIR, as well as this. This is a manifestation of this where it’s like, okay, this is kind of gearing things to run over the clinical data rails, right? All the networks that are pledging are clinical data networks. So the ones that pledged to prior auth, b.well, CommonWell, eHealth Exchange, and Kno2? All clinical data networks.Pryce (27:22): As a network pledging to the prior auth section, don’t you also just need to be a CMS aligned network, meaning they have to serve all of the use cases. So they’re particularly, given that they’ve been doing this for the past year, they’re particularly well positioned to say, yeah, we’ll do that one too. When in reality, like a clearinghouse might already have the infrastructure that’s prepared to serve this use case a lot better, actually.Brendan Keeler (27:44): Yeah, and that’s the tension, right? That we’ll see play out. The thing that I like about what the CMS HealthTech ecosystem is doing is saying, “Okay, everyone’s off like building in their little corner to meet CMS 0057 or HTI-4. We’re going to convene.” And that’s been a theme of the Health Tech Ecosystem is convening and building a space for dialogue at a very rapid pace. Plus for that, but at the same time, you’re kind of squinting, you’re implicitly maybe building winners and losers or trying to orient towards the clinical data side of the house, which I don’t know if that’s right or wrong, but it certainly seems like the outcome that is being affected. And so there’s a tension there between, we only have nine months left of this bad boy until CMS 0057 is required for CMS plans, right? Medicare, Medicaid, CHIP, and ACA plans. Oh boy, it’s May, not March. I have two kids. That’s my brain is scrambled. But yeah, so seven months and the convening might be happening a little late given the balls that are in the air. Is that the right metaphor? Seven months, right?Pryce (28:52): Yeah, yeah. Well, really, the die have been cast is what it seems like. I’m kind of like, I hope nobody is still picking their prior auth vendor for the regulation date.Brendan Keeler (29:04): Well, we know that they are. Given the various prospects and the RFPs we’ve seen out there, there’s certainly a lot of things to be finalized in the market.Brad (29:06): Yeah, I was gonna say.Ryan Tucker (29:07): Definitely.Pryce (29:12): Well...Brad (29:17): Jumping in, this is all exciting. We’re friends with a lot of people that work at these companies and it’s good to see the collaboration. In fact, it makes any conference that much spicier and interesting, but the clipboard is still breathing. And so every new one of these to me is an increased chance of failure. In all things, a lack of constraint means you can’t focus. Every administration has a clock running against it, right? Like the day they get into the office, they know that there are, okay, Ryan, success. Let’s pretend.Ryan Tucker (29:53): Well, we hope.Brad (29:54): Okay. Reasonably, everybody at CMS should understand that there is a time when they will leave working for the government and they would like to show something for it. But like, are we actually changing something for patients? And I can tell you, I went to NYU just recently where I get all of my healthcare, and they have everything about me and they’re still handing me a clipboard to ask me like, is everything right? So.Brendan Keeler (30:19): It’s been six months. They’ve been super effective.Brad (30:22): It’s not been six months, it’s been almost a year, we’re almost at the 250th birthday party!Brendan Keeler (30:26): They kicked off a year ago, in reality, everything got going October, November, December. That is warp speed for doing stuff in the government. And so I give a lot of credit to the Health Tech Ecosystem for advancing identity-proofing discussions, advancing patient access discussions, prototyping and putting stuff out into market, which is a necessary prerequisite for the ONC and other regulatory bodies to require things in rules. And so did it get rid of the clipboard at NYU? No, but did it prove stuff out in, if it proved stuff out in market, then they can go and require it in a rule. And that is what the whole point is, is not to get to ubiquity, it’s to prove stuff out in market such that they can go and say, “Thou shalt” via HTI-6 or another rule.Brad (31:15): All right, I’m gonna argue with you about this, but.Brendan Keeler (31:19): Next time we’re together with a beer, we can fisticuffs or something.Brad (31:23): Maybe Amy Gleason is Simone Biles and she’s gonna get all-around gold. We are all hoping for it. We are all hoping for it. But like, you know, sometimes I just wanna see a gymnast that is fantastic at floor routine and we’re confident they’re gonna win a gold. That’s all I’m saying.Brendan Keeler (31:39): Well, that is a great metaphor for us to end on today. This has been a great episode of The Information Exchange. See you guys next week.Brad (31:41): Hahaha.Pryce (31:47): Wild ride. Thanks all.Brad (31:50): Tens all around.Ryan Tucker (31:50): See ya. Get full access to Health API Guy at healthapiguy.substack.com/subscribe

The Information Exchange does not sleep¹, because, well, CMS is absolutely dialed in lately:* Brad recaps the CMS Aligned Networks launch event in DC: CLEAR, ID.me, TEFCA rails, and Humana’s senior care demo all got stage time, but the question is what happens on the non-patient-access tracks before July* ACCESS approved its first cohort. Brendan plays optimist on CMMI’s willingness to swing big on outcome-aligned chronic care payments while Brad plays pessimist on lemon-dropping and the 50% withhold that could empty out year two. A Polymarket line gets opened at 60%.* CMS-0062 was supposed to be a tidy little drug rule. It is not. We walk through why it’s bigger than 0053, layers onto the 2024 prior auth rule, and in some places contradicts the claims attachments rule from three weeks ago, including the buried RFI to certify payer technology (HTI-2’s ghost returns)* Russian doll payers, Succession-level CMS subplots: why a single payer name hides 15 claims systems, why ERISA keeps TPAs out of reach no matter how well you wire things up, and whether HIIG and the HIPAA standards group are copacetic or knife-fighting over X12 vs. FHIR* John Deere lost its right-to-repair fight. Brad flagged it and Brendan connects it straight to the antitrust and information blocking playbook, diabetes device jailbreaking, and every system of record’s eventual discovery of platform rent extraction* Salesforce went headless. Agentforce opens the UI, APIs, and MCP layer. Brendan argues it’s a per-token pricing play, not altruism. Brad counters with the DoorDash problem and why Epic’s moat is the hospital’s local politics, not the software. Brendan plays foil: in some fraction of the multiverse, this looks as dumb in retrospect as cable companies building streamers.Are you curious about Brad’s Wisconsin farming roots? Wondering about the novel gambling-based business model for the podcast? Or wondering why Missingno is in your inbox? Listen to hear more.¹ Aside from the two week breaks between episodesRelevant Articles* CMS Health Tech Ecosystem First Wave Event* ACCESS Model Accepted Applicants* CMS-0062: The Entrée Has Arrived* CMS-0062: Same Drug, Two Standards* CMS-0062: An Intra-Agency Cold War Goes Hot* “Have you heard about the Pope?”* The Great Beheading Begins* The Infinite Rare Candies Glitch (Missingno)* The Door Dash Problem* How Interoperability Won on the FarmChapters* CMS Aligned Networks Takes the Stage (00:00): Brad reports back from Amy Gleason’s DC showcase, where CLEAR, ID.me, and a parade of startups demoed patient identity, TEFCA-powered history pulls, and QR-code check-ins. Payers and EHRs showed up, Humana ran a senior care coordination demo, and the crew reads the tea leaves on how much of the non-patient-access agenda is actually moving ahead of July.* ACCESS Approves Its First Cohort (03:20): CMMI’s outcome-aligned chronic care model (Advancing Chronic Care with Effective Scalable Solutions) lands its first participants. Brendan plays optimist on why ambitious failure is the point; Brad plays pessimist on lemon-dropping and the 50% withhold pushing providers out in year two. A Polymarket line on success gets opened at 60%.* CMS-0062, Not Just a Drug Rule (09:14): The rule that was supposed to be a tidy RTPB cleanup turns out to be bigger than 0053, layering onto the 2024 prior auth rule and contradicting the claims attachments rule from three weeks prior. The gang maps the scope: Medicare Advantage, Medicaid, CHIP, parts of ACA, and why ERISA keeps employer plans out of reach no matter how well the TPAs wire things up.* Payers as Russian Dolls (13:16): Why a single payer name can hide fifteen claims systems and five acquired Medicaid plans, why PBM and plan rails look nothing alike, and why CPT-2 codes keep haunting Brad’s career. Pryce makes the case for shifting regulatory focus from EHRs to the entities actually holding the risk and the purse strings.* Certifying Payer Tech (16:14): : The ghost of HTI-2 returns! An RFI buried in 0062 proposes extending health IT certification to payer technology, a ZombieHTI-2 idea that would turn payer vendors into potential information blocking actors. Brad and Pryce go thumbs up; Brendan predicts a deafening “no way in hell” from payer tech comment letters.* Step Therapy, ADT, and Succession-Level CMS Subplots (22:28): The other RFIs get a quick pass: step therapy portability as the killer payer-to-payer use case, ADT notifications getting another look, and the telling fact that 0062 tells you to use FHIR Da Vinci for prior auth while 0053 just blessed X12 for attachments. HIIG vs. the HIPAA standards group: copacetic swap or internal knife fight?* John Deere and the Right to Repair (23:59): A Wisconsin boy’s late-night text turns into a clean antitrust parallel. Farmers buying forty-year-old tractors to escape dealer lock-in, diabetes devices getting jailbroken, and why every system of record eventually rediscovers platform rent extraction. Brendan lands it on interoperability as the throughline.* Salesforce Goes Headless (And So Will Everyone Else) (26:38): Agentforce opens the UI, APIs, and MCP layer, and Brendan argues this isn’t altruism: per-token agent pricing beats per-seat licensing at scale, and systems of record would rather capture the agent economy than get scraped by computer-use bots. Pryce extends it to EHR nurse-bot licensure and the commoditization of the front end.* Why the Moat Probably Holds (31:14): Brad counters with the DoorDash problem: operational embeddedness is the real moat, and Salesforce opening up mostly makes it harder for four dudes in a garage to dislodge decades of Fortune 500 data. Epic’s value extends past the software into the hospital system’s local politics, ordinances, and employer relationships.* The Cable Companies Building Streamers Risk (33:59): Brendan plays foil: SaaS has maybe four assets (UI, data, schema, business logic), and Salesforce is giving away two to four of them with only a legal agreement standing between them and an upstart. He doesn’t have conviction, but in some fraction of the multiverse this looks as dumb in retrospect as the streaming wars.* Kalshi Bets and Signoff (35:57): Closing odds, a final pitch for the podcast’s gambling-funded future, and the observation that the American economy is now just healthcare and gambling anyway.TranscriptWe ran the transcript through an LLM to smooth it out. So it’s a rough approximation of the conversation (and in many cases significantly clearer than our rambling), but notably diverges from the word-by-word blows quite a bit.Brendan Keeler (00:00): Ladies and gentlemen, we are back. This episode is going to be CMS-titled, because we’re going to talk a lot about the Centers for Medicare and Medicaid Services. Brad, last week you were boots on the ground in DC. There was an event. What went down?Brad (00:12): Yeah. We missed you all last week because CMS had a big event to celebrate the first launch of applications leveraging CMS Aligned Networks. Amy Gleason brought together a couple hundred people in DC. Much of it was to reiterate the goals of CMS Aligned Networks, introduce some potential new avenues that they could push on, and then allow vendors to show what they were doing with the new rails that CMS is trying to put in place. A ton of it was focused on patient access. That’s something Amy’s been very transparent and consistent about. So we saw CLEAR and ID.me get a lot of screen time, showing patients being able to verify their identity through those solutions and then use the TEFCA rails to pull down their patient history, along with some of the workflows that enables: patients getting faster answers for care questions from AI, checking in and providing a longitudinal patient record at the front desk using a QR code, some scheduling solutions. It really covered the map. Oura did a demo, yes. That was a particularly excellent use case or demo that they showed. One of the things that’s clear is that many of the major payers and EHRs were represented and consistently shown.Pryce (01:22): Wearable technology, you know.Brad (01:38): But there also are a number of startups that are finding quick paths to market access. So overall, some of the things I took away: Amy has been hard at work for the last nine months trying to get people going on these. And while there’s progress, there’s still a long way to go to get this to tie together into a cohesive strategy.Pryce (01:52): Thank you, Amy.Brad (02:01): CMS, just across the board, with the number of things they’re trying to do, has really pushed their technical team to be able to support things like claims data, provider networks, patients pulling all of their medical history. Nobody expects the government to be at the forefront of those things, and I think they’re showing that they can move quickly and they want to.Brendan Keeler (02:22): One question I think is pretty prevalent in the industry, and I certainly have it: we’re seeing a lot of success via the CMS Health Tech Ecosystem for patient access and Kill the Clipboard. That’s where a lot of those demos are focused. What about the other things? You said payers were there. Did they demo? Were they showing participation, or was it more silent wait-and-watch and maybe do stuff as we get closer to the July date?Brad (02:49): Humana had a couple of demos. There was an application for senior care coordination that’s AI-driven. And they showed scheduling through their Medicare providers. It was nice to see some providers trying to expose their networks and enable scheduling.Brendan Keeler (03:06): CMS is kind of firing on all cylinders. They have the event, and the CMS Health Tech Ecosystem continues to rip and do things, but CMS is big and sprawling and multifaceted. Pryce, what else is going on?Pryce (03:20): ACCESS, right? We just heard this week about the first participants who were approved to participate in the ACCESS program. And this is, as we mentioned in the last podcast, one of those brilliant backronyms. ACCESS stands for Advancing Chronic Care with Effective Scalable Solutions. That one’s good. I like that a lot. But this is one of those payment models CMS released earlier this year. And then they said, hey, if you want to participate in this new program, the payment model whereby we say, hey, we will give you payments if your organization participates in ACCESS and proves outcomes with members that are being cared for by traditional Medicare. So these are outcome-aligned payments. This isn’t like, well, we’ll give you a payment if you give Pryce an Oura ring, or we’ll give you a payment if you see Pryce for an encounter. It’s: we will give you a payment if you can prove to us that Pryce’s blood pressure was X and has fallen to Y. They’re trying to incentivize the fact that, especially with the proliferation of these tools that can automate a lot, like AI, or these tools that are literally in the hands of people, if everyone can care for themselves and reduce the burden on a provider, it might take five minutes to look over these numbers. But really, Oura or Whoop, these companies can start participating in a way where they say, I’m going to sign up as a Medicare Part B provider in some form or fashion. I don’t think Oura was even in the initial list of accepted applicants. But the point here is that the groups who have been accepted are planning to use distribution of technology to relieve the burden that is otherwise centralized on one provider to care for a thousand people who are all over 65 and trying to be cheap, in terms of healthcare costs. So that was exciting from this week, but I didn’t go much deeper. What did you all hear?Brendan Keeler (05:11): Well, just a piece of color: a couple of weeks ago, when they released the financials, there was all this controversy of, how could it be so low? It’s so low. But that is really freaking cool. Because if it works, even if it works for one or two of these groups, then we’ve proven something. We’ve proven finally that we don’t need to take status quo pricing or slightly adjusted pricing. We can do something extremely ambitious and achieve better outcomes. People’s bar for success is, oh, it has to math out to be what it is today. And it’s like, no, no, no. CMS is saying this is an experiment, because that’s what CMMI does best: experiments. A lot of times failures, but sometimes successes. And this one in particular is very ambitious by saying we’re going to take a big old swing at this in ways we haven’t before. So I get why people are not happy that it doesn’t pattern-match prior structures they have in the employer market or with CMS and other types of programs. But that’s why we’re doing it this way. And if it doesn’t math out, you don’t want to take that risk, Godspeed, go some different direction, do what’s being done today. But if you do and you can make it work, well, you’ve just changed healthcare maybe.Brad (06:23): We have to have an optimist on this podcast. So I’m nominating Brendan for that. There are some things about this that are really cool. We called out the usage of nationwide rails, HIEs or TEFCA, for reporting this data back. Really cool. I’m not going to make everybody sit through my story about trying to run an HbA1c testing program with one of the largest payers in the country, and they wanted CPT codes, CPT-2 codes, but they couldn’t actually ingest those codes. So they knew they were getting HbA1c tests, but not what the actual risk of their patient population is.Brendan Keeler (06:59): I think you’re making us sit through the story.Brad (07:02): No, well, it’s much longer. It’s much longer. We are going to get some data about these patients, but I think there are difficulties with CMS trying to be the one to drive innovation models, in part because of who the patient population is. I’ve tried to get my parents to use Apple Watches, and they know how to put it on the wrist, but they’re not setting up any health monitoring.Brad (07:24): There are incentives to enroll specific types of patients, which is probably a really small percentage of the patient population. And if you enroll a patient into the program and your cohort is non-compliant, or you’re not seeing the outcomes, 50% of your payments are being held till the end of the year. And there’s a very strong incentive for those providers to just pull out of the program. It’s probably not going to be one of these extremes, but I think we could see year two of ACCESS being barren and not having a whole lot of people who want to participate in it because there’s too much uncertainty about the payments. And then the question is, did we actually get enough data to say this is an effective type of program for us to run? Or do we find that digital health providers are really good at lemon-dropping? They’re very good at selecting the patients who know how to use technology, who are going to be very compliant. And we see reductions in HbA1c and depression and anxiety and MSK pain scores, which make the model seem way more effective than if it were rolled out to a larger population. Which is not to say we shouldn’t be doing these things. CMS has taken a lot of bets right now, and I want to see ACCESS succeed. I am more on the pessimistic side here than Brendan is.Pryce (08:43): Who wouldn’t?Brendan Keeler (08:46): Well, we’re turning on the Brendan-Keeler-patented probability market, or whatever it’s called. Pryce (08:54): Polymarket.Brendan Keeler (08:46): We’re going to Polymarket this b***h and do it at like 60% to start. So if you want in, let us know, because that’s what we’re, that’s what we’re monetizing and paying for ACCESS with, actually.Brad (09:05): That’s how we’re funding the podcast. Pryce (09:06): That’s great. Yeah. It’s going to, we’re going to reduce everyone’s hypertension, increase gambling addiction. That’s the goal.Brendan Keeler (09:14): We’re not going to go down that rabbit hole because I have a lot to say about bringing back one of the oldest sins of mankind.Brad (09:22): Speaking of sins, have you heard about the Pope? Sorry, go ahead. Go ahead, Pryce.Pryce (09:16): Hahaha. Okay. Well, speaking of CMS being so busy, speaking of CMS being so busy, Brendan wrote a slew of amazing articles, I thought, regarding 0062. CMS 0062 is the newest proposed rule from CMS. Tell us a little bit about that, Brendan. I particularly love that multiple people have called out that it sort of came out under the guise of real-time prescription benefits, but it has way more than that in it. So what’s on the menu?Brendan Keeler (09:53): Yeah, it’s fun because we just had a CMS rule three weeks ago, 0053, the claims attachments. So it’s like, oh, they must be good for a minute. But no, no, 0062. It’s been waiting in the wings for almost a year. It’s been chilling with OMB since the spring 2025 unified agenda, OMB being part of the agency that reviews rules to make sure they’re compliant and they stitch together and no one’s going to sue them. It sat around for a year, which is a long time, but the Trump admin had a deregulatory order that meant no new regulation, which this is. But they got through now. And in the interim, the person really pushing it from the CMS side, Alex Mugge, went to work for Oracle. So this rule, you’re kind of squinting at it. It was coming, the last remaining bit, it seemed like, from 9115, the CMS patient access rule, which added the ability to pull claims data from payers. This is the first rule that regulated payers to say, hey, add interoperability, sort of clinical interoperability. And then we had 0057, the prior auth rule, which in 2024 said, okay, now we’re going to do payer-payer data exchange, we’re going to do payer-to-provider data exchange, we’re going to do prior authorization for medical procedures. It’s all FHIR-based. And so then the last remaining thing is, well, what are we going to do about drugs? What are we going to do about medications? And so this rule on paper was just going to be a little tiny rule to say, here’s what we’re doing about drugs. But no, no, no, no, no. This is a big one. This is bigger than 0053. It compounds and expands and really takes some big cuts layering on top of the prior auth rule of 2024, and in some ways contradicts the rule we saw only three weeks ago.Pryce (11:38): Quick reminder: all of these rules, because they’re written by CMS, really just apply to payers who are taking on risk from CMS, AKA Medicare Advantage. And they would apply to providers who want full reimbursement or MIPS incentives and things like that from CMS. So we’re still talking about a massive market-shifting trend, but affecting 40% of payments or encounters or however you want to split it down the middle. Is that right?Brendan Keeler (12:04): More specifically, I mean, only small parts of this really even touch providers. The ADT notifications of 9115 touch providers. Most of it, almost all of it, is CMS plans. Medicare, Medicaid, CHIP, ACA, but only parts of ACA, because if it’s state-run or state-based exchanges, the same regulatory hooks aren’t in there. So that ends up being 48, 49% of insured Americans, but certainly not all the employer-based plans, certainly not even all the federal plans. FEHB is not regulated by this because CMS doesn’t have authority. You’re like, wow, we’re going to have electronic prior authorization everywhere. And it’s like, well, will we? Maybe not. But it’s really, really hard to regulate employer-based plans in any capacity because of ERISA kind of making them immune in many ways to regulation, or requiring what’s called Tri-Agency coordination between the Department of Labor and CMS and others.Brad (13:00): The hope here is that if they have to make this change for a TPA who can do this for the federal government, they can also expose it to their employers. Fingers crossed.Pryce (13:10): Okay, I’m checking off TPA and tri-agency something on my bingo card.Brendan Keeler (13:16): I mean, you would assume that’d be the case, but if you actually think about payers, they’re like the Russian dolls. What are those called? You pull them back and there’s just another layer and another layer, and they have 15 different systems. They acquired their employer plans they acquired five years ago and have totally different systems than their Medicaid plans, which have totally different systems. So you wire it up for just the CMS plans, and you’re not technically set up to communicate and do those things with the systems they might use for employer-based.Brad (13:44): Yeah, remember when I was talking about CPT-2 codes earlier? Yeah.Brendan Keeler (13:48): Full circle.Pryce (13:50): Galaxy brain.Brendan Keeler (13:51): Pryce, when you were reading it, did any of the articles or topics stick out to you?Pryce (13:56): Gosh, a lot of it did. I was basically Slacking you the entire time because I was so excited by it. Just from a broad-strokes perspective, you were just saying a lot of this doesn’t really affect providers. For the majority of my health IT career, it’s like, we regulate EHRs, we regulate EHRs, open up EHRs. And still today, people love to be mad about or excited about what any EHR can or cannot execute on as it pertains to interoperability and what’s regulated. But I love to see this turn and focus towards payers for a lot of different reasons. From my perspective, payers have much, much less detailed clinical information about patients, about their members, than the actual acute care facility that I spent 10 days in. Hopkins EHR is going to have a lot more provider notes, vitals. They’re going to have all my lab results, who was the nurse working when I was in the middle of the night or something like that. But payers are the one ultimately carrying the risk for each of these patients, or members as they would call them. And therefore have this nice, especially if they just received claims, they have this nice sort of linear story to tell about, at least for anything that needed to be reimbursed by insurance, what service was provided, for what reason, what diagnosis. And that information starts to piece together the bones of a very clear clinical story that my psychiatrist and my endocrinologist and my PCP each only have a third of. And then you layer on the fact that, since they are holding the purse strings and they are the one who decides when and why you would be allowed to get an MRI through utilization management and prior authorization. I do like to see that CMS is acknowledging that these folks need to be as involved in patient care and turning the inflection point of healthcare costs in the other direction. Because they see it all. Even if they’re not getting detailed information, they’re trying to. They’re getting more and more through these evolving utilities that we have coming into place, like the prior authorization rule and Da Vinci exchanges, or eventually TEFCA will support Operations use. Maybe you’re not an optimist on that one, Brendan, but I thought it was sweet to see them.Brendan Keeler (16:07): We’ll figure it out somehow. We’ll figure it out somehow.Pryce (16:10): Yeah, turning the focus to payers was exciting for me.Brendan Keeler (16:14): One of the RFIs in there was to certify payer technology. And that was a big deal because that was proposed last administration in HTI-2. Then we said no, no, no, all the ideas in HTI-2, that is verboten. Like that is gone. We’re wiping away most of it. And then we see a lot of them sneaking back up into HTI-5, probably more in HTI-6, in terms of FHIR Subscriptions, which were proposed in HTI-2. And here we see the proposal to expand the certification criteria to potentially hit other types of entities beyond certified health IT / EHR type tech for providers, to payers. There’s a lot of implications, but yeah, are you for or against? Thumbs up or thumbs down?Brad (16:56): I know we talked about payers being Russian nesting dolls. This administration is focused, and I guess last administration was focused, a lot on drug pricing. The payers own PBMs. Maybe the answer to this is they acquired them. It’s a completely different tech stack. One of the things that stuck out to me, because I really haven’t spent much time on the payer side at all, is the different exchange methods between the plans and the PBMs with providers. One of the places that honestly I got stuck reading the pieces is understanding why there are such different communication rails between PBM, payer, and provider. And I don’t know if either of you can speak to that for other people who sort of got lost in the sauce reading Health API Guy.Brendan Keeler (17:39): They’re different because they’re different entities. They just do different things and interact with different types of, like, interact with pharmacies instead of with providers. And so as you have different business types, different software emerges to support them. Just because organizations are vertically integrated and just purchased, conglomerate style, all these other types, doesn’t mean that suddenly their software is homogenous. Quite the opposite. As they become very conglomerate-y — conglomerate-y is not really an adjective, but we’re going to make it one — then they hit the limits of what commercial off-the-shelf software can provide. And they need to glue together disparate software, which doesn’t always go well, which is quite difficult. And so you see integration platforms as a service. You see Redox is in the provider space. You see Flume Health, I think, is in the payer space to stitch things together. Rhapsody. And that’s just when you’ve hit the boundaries of there being enough of the type of entity that you are, with all the business needs, where you could have one piece of software. And we’re lucky or not lucky, depending on your view, that on the provider side, the systems of record have developed to encompass a ton of the functionality that business type needs. But that’s not the case in every industry.Brad (18:50): And so do you expect that Da Vinci, NCPDP, those standards will continue to exist in a health IT-regulated, like the payer world falls under regulated health IT?Brendan Keeler (19:03): That would be to cement it in, and also turn the makers of payer technology into potential information blockers. They could be actors under the information blocking statute. And so I think we’re going to see a ton of payers who make tech, and payer technology vendors, comment on this rule and say, no way in hell, do not do that. We’ll do anything else. You want us to submit to CMS directly, we’ll do it.Brad (19:24): Okay, now I know my answer. I’ll let Pryce answer first.Pryce (19:28): Do I want them to have to do it? Yeah, I guess so. I mean, I’m not like a big fan of creating more regulation, but I am a big fan of playing whack-a-mole with whoever’s dominating the market or driving up costs. If we’re going to force the provider side of this equation to be so compliant and own so much of the costs of care, like total cost of care, and own so much of the burden, the administrative burden of utilization management, then yeah, I would love to see the other systems that are deciding when and why, and they seem like a total black box. I could go on for 20 minutes right now about Cigna and how they never reimbursed me appropriately, well, my wife appropriately, for her perfectly healthy home birth. So yeah, I’m big, shaking my fist like, you’re going to play ball the way that the rest of us want you to. Just because you have the most money right now doesn’t mean that you get to call the shots on what technology gets used and how. And to Brendan’s point, I mean, it would be a huge regulatory burden on them because their systems are so fragmented. One payer could really be 25 Medicaid plans that had been bought over the last 10 years and shoved under one name. And they all have 15 different claims adjudication systems. But damn it, I want people working together. And I don’t really care. I don’t really give a damn about capitalism when it comes to that. So sorry, Kat McDavitt and whoever.Brendan Keeler (20:54): What about you, Brad? Brad (20:57): Hey, listen, if it puts them under information blocking, then Cigna, Epic, John Deere, they’re all in the crosshairs. I’m for it, yeah. So many of the entrenched players did not capture market share purely through ingenuity. So much of it was driven by regulatory capture already. This feels like it is evening the playing field and introducing players who can drive down costs. Let’s go back to ACCESS. It’s been impossible for Oura or Whoop to find a way in. If they truly think that they can reduce chronic care costs, great, let’s give them a path in. So now I guess I’m pro-ACCESS.Pryce (21:45): Let me flip this back to you, Brendan. Take out your crystal ball. There’s no chance we’re going to start certifying payer technology as a result of this proposed rule, right? What do you think?Brendan Keeler (21:57): Correct. This is just an RFI. So in the rule, there are requests for information to inform future rules. That was one interesting one. There was one about step therapy. So step therapy being whether that could transfer between payers if you’re on these regimens, and you don’t have to go restart and change things over. And so that would be a killer use case for the payer-payer data exchange, if that’s able to be enabled through there.Pryce (22:25): You’re like, that would be a killer use case if we could even get it off the ground in a meaningful way at all. Keep going.Brendan Keeler (22:28): That’s right. That’s right. And then ADT notifications, I think they’re revisiting what they’ve done before and saying, is this good enough in terms of where we need to be with a nationwide capability for ADT notifications? So yeah, we had the rule itself that’s proposed. It says use NCPDP here, get rid of X12, use FHIR Da Vinci, which contradicts in some ways the 0053 rule from only a couple of weeks ago. And that’s because this rule comes from different parts of CMS. So much like payers are Russian dolls with many parts, so is CMS. CMS has different groups with different mandates, different authority, and different prerogatives. And so Amy Gleason’s group, the CMS Health Tech Ecosystem, is very different from the group that owns the HIPAA Administrative Standards, which released the 0053 rule a couple of weeks ago that chose to go and promote X12 as a standard there.Brendan Keeler (23:21): And here we see HIIG and this interoperability group that started under Seema Verma and the first Trump admin and grew into this mandate of promoting interoperability for payers. They’re very pro-FHIR, as we can see. And they’re saying actually not just let’s go do more FHIR. They’re actually saying, let’s take something that’s X12 prior authorization, let’s make it full FHIR. You can create Succession-level subplots of what’s going on in CMS, or it could just be, you know, they’re copacetic and they just agreed to do a little swap there. Who knows?Pryce (23:51): Who knows, we’ll have to get the dirty deets from someone. Reach out to us if you were listening to any of those crazy conversations about X12 and FHIR. Go ahead.Brendan Keeler (23:59): Brad, you mentioned randomly John Deere. What was that all about?Brad (24:03): Well, I have to have some random things to text you about late at night. And I come from the great land of farming, Wisconsin. A John Deere article about the right to repair came across a feed of mine Sunday, maybe? And I had been seeing stories about John Deere forcing farmers to use their dealerships for any sort of maintenance. I wouldn’t say I’ve been tightly following it, but huge decision basically forcing John Deere to open up their drivers. I don’t know that they have to open source anything, but they have to allow third parties to do repairs on the machinery, which is probably a huge hit to their business, but a boon for people who have bought this machinery and then just been screwed when it broke down in the middle of the field. I felt like it was a very natural corollary to information blocking in our industry, and also used car dealerships. But yeah, threw it over the fence to see whether or not it said anything to you.Brendan Keeler (25:03): I mean, right. I was rock-solid. I have an antitrust and information blocking presentation that I give, and in there, well, there’s this parallel to this right-to-repair movement that is out there. So you nailed it. Brad (25:17): Have I seen this? .Brendan Keeler (25:30): No, I don’t think you’ve seen it, it is crazy. I went back and looked, but totally, it is the ability to share diagnostics from the software of John Deere with independent repair men and women. It was not enabled. You had to go get the certified John Deere technician. And so that sort of lock-in occurs in software of all varieties. You have it with diabetes devices that people have to jailbreak to even just fix it themselves or understand their data. And you certainly have it in software of all kinds, of all verticals, for all systems of record, where they lock it in to try and maintain a platform advantage. And they sometimes do it for good reasons, security or privacy, but oftentimes for self-serving reasons. So tremendous win in terms of antitrust and against John Deere, enforcing openness for our farmers as they have many other burdens on them at this time. And just a great win for interoperability, that we hope to see replicated, that we hope to see open ecosystems promoted to allow for co-opetition, cheaper prices for consumers and users of different devices. Yeah, send more over my desk of that variety.Brad (26:25): Bye! Did you actually find the reporting? Would this apply to other manufacturers like Caterpillar, or was John Deere just so egregious in their behavior that they got singled out?Brendan Keeler (26:38): John Deere was so egregious in their behavior that people were going off-market to go buy 40-year-old tractors so that they didn’t have the lock-in. Let’s go broader. We just saw another ecosystem changing dramatically. Did any of you read today’s article about Salesforce?Pryce (26:46): Mmm, you got to get that jailbroken tractor, you know.Brad (26:50): Remote market distortion.Pryce (27:05): I saw enough to know what’s going on. When Brendan starts talking about headless software, he’s getting excited. Doesn’t matter what industry it’s in.Brad (27:13): We’re making a little stretch here, but now that anybody can have access to John Deere diagnostics, is the John Deere tractor not going headless?Brendan Keeler (27:21): HeadlessTractors.com. So we did see Salesforce make this announcement about their Agentforce platform, where they said, you don’t have to use our UI. We’re now going to, we realized we have to open up. We have to be really open and headless with our CRM. And you can connect at the UI layer and integrate whatever custom components and visuals you want. You can integrate your agents to have them running over our software via RPA or APIs or MCP, you name it, we did it all. At first blush, you’re like, whoa, sweet. That is awesome. But let’s make no mistake. Marc Benioff likes making money just as much as anyone else. So he’s not benevolent. He’s got to keep that tower going. So it’s not benevolent altruism. It is because systems of record see the writing on the wall and see that...Pryce (28:00): Probably more.Brendan Keeler (28:12): ...I can charge you a per-seat license and make X per seat, or I can charge you a per-token, per-action agent pricing. And then if I make your business successful, that line is exponentially higher over time than the per-seat licensing. So the shift is to make more money. The shift is to enable these businesses to be successful for sure, but to capture the value that’s coming from agents manipulating systems of record. Because if they don’t provide that tooling, which Salesforce now has, then people are just going to run roughshod over it with computer use and computer vision. And guys, we see it all the time in terms of browser-based EHRs already getting scraped up the wazoo. So I have to think EHRs and other systems of record are going to follow suit. They’re going to build these ecosystems to do the same thing.Pryce (28:54): Mm-hmm. Or at least in their policies and procedures, they have to say, robotic process automation or agentic AI is permissive only if you have special user accounts that are for these robots, which maintain certain security points and maybe get charged a different licensure level. Because to Brendan’s point, it’s one thing to say every nurse license costs this much. Well, what if you have a nurse that does 10 times as much work, 24/7, because really it’s just Claude in the background or something? Well, you got to change the pricing model a little bit. And that’s okay. I still want to see these groups adapt to realize so much of my value has traditionally been tied up in how the user interacts with sort of the backend that they don’t see. And now it’s like, everyone needs to realize the front end is becoming commoditized. I am starting to be in my car all the time and thinking, I don’t want Google to search things. My son’s asking me how to do the glitch in Pokemon Blue so he can duplicate his rare candies. And I just want to be like, hey Claude, how do you do this? I don’t even want to interact with software, really. I want to think that I’m just saying a question out loud and getting an answer in response. And that’s what people are going to continually want from their Salesforce, from their EHR, from their tractors. They don’t want to have to go to the brand-new platinum John Deere dealership to get a diagnosis that says your spark plug’s out. They’re like, let me do it. All of these different industries sort of dance to the same beat here of, we’re going to have to change the way that we imagine humans and software interacting. And there will be fewer pinch points. Like, you have to go to Humana to ask permission for this MRI, or you have to go to John Deere to figure out what’s wrong, or you have to open up your phone to ask a question. There’s going to be fewer of those. And the more the data is opened up, the more that databases are opened up, the easier they are to interact with. I mean, everything has to change from a commercial perspective to support that.Brad (31:14): There’s just a lot of businesses where the way that they were able to price isn’t necessarily driving value. Nilay Patel from The Verge talks about the DoorDash problem all the time. Parts of the business of getting delivery drivers or drivers on the road to do these tasks is incredibly complicated. Uber and Lyft have to incentivize people. Sometimes they take a loss on the trip just so that they know they have enough drivers on the road. The task of what food is available down the street at every single restaurant is a fairly solved problem. And if DoorDash’s value of charging a management fee is that they created that database, well, LLMs can just use it for now, but it’s a fairly easy service to replicate. Whereas you have something like the systems of record, I think are in a very strong place. Like the restaurant industry: Toast or Square are in operations of that business. They’re doing something. They’re helping that business be more effective. I think for tools like Salesforce or EHRs, the reason to open up is if they are embedded enough in driving the P&L of that business, they’re not going anywhere. And there are probably more ways for them to make money. They’ll have a ton of seats, they’ll have a bunch of agents. Salesforce moving on this is only going to make it harder for upstarts in the industry who are saying, we’re an agent for CRM, to break through. We can obviously watch their earnings and they’ll probably go up. But more than anything, a lot of these major players opening up, they are just making it harder for anybody to come in and introduce a competing piece of software, and helping their customers who are already entrenched in whatever industry they are stay there. Which is, I’m not saying that’s bad. This cycle, it may look like Salesforce is in trouble or Epic might be in trouble, but the reality is the ecosystem in which they play, the way that the hospital system knows their local population, they know their local politicians, they know the ordinances, they’re participating with employers in that area, that is value that extends beyond the use of Epic. But they have designed Epic to help them more deeply integrate with those systems. So I don’t know what my...Pryce (33:29): Hmm. You’re saying that the skeleton of all these systems is already customized. Like, who cares what it looks like? Put makeup on it. Yeah. Yeah.Brad (33:37): Yeah, and right, it’s great for them in the short term. I don’t know, Salesforce sells 20% less seats, but the reality is, there’s not some CRM that four dudes in their garage are building today that suddenly all of the Fortune 500 companies are going to decide, let me dump decades and decades of data.Brendan Keeler (33:59): I do want to just play foil, and where that’s optimism, maybe be pessimism here. How does this become like all the cable companies running to build a streamer during the pandemic? It could be something like that, where now in retrospect, how dumb were you? You just gave away your business model. Well, if you are allowing it and becoming open, and your data schema is open, and you are giving away the user interface layer, then at a certain point, it is trivial to vibe-code a replacement for software. When you intrinsically understand workflows and data concepts.Brad (34:31): Well, that’s the part that’s different. What is the workflow for me consuming content? I pick up my remote and I click around. The barrier to entry in B2B software is just so much higher than building a streamer. They bought a shitload of content and they made it really easy to access.Brendan Keeler (34:49): I just meant less that it will be exactly like that, and more that if this action of all these systems of record saying, yeah, we’re going to monetize by opening up and giving away the layer, it could look as dumb as them all moving and creating a streamer rather than using the bundle on cable. I think that reality is because there are only three assets to SaaS. There’s the user interface IP. There’s the data and database layer IP (I guess four assets, that’s everything), the data layer as data and also the structure. And then the middle layer being workflow, the business logic. And the more you give up of them, the less you actually have that is unique to you. And right now I’m hearing Salesforce giving away two or three or four of those layers that give a lot, it’s a lot of trust that only a legal agreement is in between an upstart and their disruption. So that’s just something to think about. I don’t know if I believe it. I don’t have conviction there. I actually think everything you said is probably how I view the world and what I’ve written before. But some fraction of what might be possible here in the multiverse is disruption.Brad (35:57): So what are our Kalshi bets for this part?Brendan Keeler (35:59): Yeah! 5%, 5%!Pryce (36:02): You know, they’re opening all of this up and they’ve got an MCP layer and the API layer. But each of those, they’re not opening up the database layer. They’re opening up some abstraction of the business logic’s interaction with the database layer. So you don’t really necessarily know which columns you’re writing to and when and how, and what the CRUD logic and things like that is. If you’re using an MCP call, it’s just kind of like, and then on the backend, yeah, on the front end, I kind of got to talk to an LLM and said, or an agent did this. But then on the backend, these companies are purposefully abstracting plenty of their secret sauce for...Brendan Keeler (36:40): Ultimately, is openness building dependency with your surrounding ecosystem? Or is it allowing one of them to slide the knife in easier? We shall see. But there’s an argument to be made either way.Pryce (36:52): Yeah. Let’s bet on it.Brendan Keeler (36:54): Okay. What should the name of our betting site be, since the American economy is only healthcare and gambling now. Anyway, on that very positive note, I think we’ve gotta wrap. Everyone have a great week or weekend, whenever you’re listening to this. See ya. Get full access to Health API Guy at healthapiguy.substack.com/subscribe

We're back after a few weeks off, and we came in hot:* OpenEvidence landed its first B2B deal at Mount Sinai! So we talk about what happens when a PLG darling tries to grow enterprise muscles, the competitive landscape as they do so, and whether the real moat is product or sales. * Then we pivot to MEDVi and the New York Times piece that has everyone talking: can you really vibe code a billion-dollar telehealth business for $20K? (And should you?) * We wrap with some wonkery — the ONC is the ONC again, the O-PIMP is born, and I walk us through why the Henry Schein v. Vyne case might redraw the line on what counts as a health information network in America.And yeah, you’ll have to listen to understand why this exists (and why it goes so hard):Relevant Articles* OpenEvidence Announcements* Mount Sinai to integrate OpenEvidence AI enterprise-wide* OpenEvidence and Tandem Partner to Streamline Evidence-Based Prescribing and Prior Authorizations* OpenEvidence launches Coding Intelligence* Abridge and clinical decision support* OpenEvidence’s Gambits: Some analysis of where OpenEvidence might go after PLG from last summer, including the enterprise motion* From Alert Fatigue to Approval Fatigue: An oldie showing how it was always logical ambient scribes would infuse CDS, another attempt beyond the pop-up* When Horizontal Meets Healthcare: A piece about OpenAI and how their healthcare business model differs and threatens different players* One Copilot to Rule Them All: The copilot convergence, which OpenEvidence is now rapidly joining* Abundance and Agent: A discussion of how AI-powered software development’s marginal costs mean players sprinting to build it all* The PLG Trap: The OpenEvidence v Doximity cases shows how the sword of openness (PLG) cuts both ways, as we discussed on the show* How A.I. Helped One Man (and His Brother) Build a $1.8 Billion Company: The NY Times article on MEDVi* Healthcare at Internet Scale: An article from last summer about the OpenLoop lawsuit that mentions MEDVi* Rik Renard’s MEDVi post* Death to ASTP, Long Live ONC* The Battle for the Soul of HIE (or at Least the Definition)Chapters* OpenEvidence’s Enterprise Pivot (00:00) - OpenEvidence lands its first B2B sale with an enterprise-wide deployment at Mount Sinai, embedded directly into Epic. The crew unpacks the tension between product-led growth and enterprise sales in healthcare (BAAs, PHI access, institutional sign-off) and how this move finally brings OpenEvidence into UpToDate/Wolters Kluwer’s competitive set for real.* The Great Convergence: Scribes, CDS, and RCM Collide (04:28) - Abridge partnering with Availity and UpToDate, back-office co-pilots moving upstream, front-office co-pilots moving downstream. Brad flags clinical trials enrollment as the next obvious adjacency, and the group debates who wins the “wedge into the chart” race.* PLG in Healthcare and the BAA Problem (08:21) - Why product-led growth has historically been almost impossible in healthcare because of PHI and HIPAA. OpenEvidence may be the closest thing to a Figma for healthcare, but the harder, more valuable use cases require enterprise contracts — and that’s a different muscle entirely.* Vibe Coding the Roadmap: OpenEvidence’s Shipping Velocity (13:03) - OpenEvidence is announcing something major every month. The group attributes this to LLM-assisted development and frames it as a wake-up call: if you’re not adopting Claude Code or Codex-type tools, you’re behind. But speed cuts both ways — if anyone can build an LLM wrapper on the same corpus, is velocity a moat or a vulnerability?* MEDVi, OpenLoop, and the GLP-1 Gold Rush (18:40) - A deep dive into MEDVi, a telehealth front-end on OpenLoop’s white-label MSO infrastructure reportedly generating $1.8B in revenue. Brendan connects it to an older lawsuit alleging fraudulent oral tirzepatide marketing. The real question: when website creation, content generation, and national distribution all approach zero marginal cost, harm scales faster than regulation can respond.* AI Doctors and the Guardrail Question (25:51) - If the provider layer also becomes marginal cost — AI doctors on top of white-label infrastructure — the need for guardrails becomes existential. The group draws parallels to Cerebral, opioids, and the recurring pattern of technology outpacing oversight.* ONC Is Back: ASTP Reverts to Its Original Name (28:25) - The ASTP is reverting to the Office of the National Coordinator. The mission doesn’t change, and the pattern is familiar — Democrats expand, Republicans slim down. Pryce mourns the logo, reveals the internal Office of Policy is now the Office of Programs and Implementation (”the O Pimp”), and the group riffs on missed merch opportunities.* What Is an HIE/HIN? Vyne Dental v. Henry Schein One (34:50) - The episode’s deepest policy cut. Henry Schein withdrew from ONC certification, arguably to dodge information blocking. Vyne is trying to use the HIE/HIN actor definition instead — but that definition is famously ambiguous. Brendan breaks down the three exchange topologies and how the ONC preamble’s carve-outs could let nearly every network argue it’s not an HIE/HIN. A Maryland judge’s ruling in 2–3 weeks could reshape actor status for every clearinghouse, ADT network, and API platform in the country.TranscriptWe ran the transcript through an LLM to smooth it out. So it’s a rough approximation of the conversation (and in many cases significantly clearer than our rambling), but notably diverges from the word-by-word blows quite a bit.Brendan Keeler (00:00) Ladies and gentlemen, we are back. It’s been a bit, a few weeks. We got Pryce, we got Brad, we got Brendan. And we’re here to talk about — let’s start with some of the buzzy stuff. OpenEvidence making moves. Pryce, what are you hearing?Pryce (00:02) We back.Yeah, so diving right in, some of the news coming out of this week was that OpenEvidence has seemingly made its first B2B sale or engagement with Mount Sinai in New York. Apparently they’ll be embedding their application directly into the EHR, which is interesting.Makes sense from a workflow perspective, but interesting for a lot of the things that we’ll talk about shortly and how that allows these products to sort of work in and around each other or compete with each other. And that EHR at Sinai is Epic, if that’s not self-explanatory to anyone. So yeah, OpenEvidence to me is sort of the evolution of UpToDate and the idea that clinicians leverage it to see recent studies, verified research, get help in coming up with a care plan for the patients that they’re treating. And now they’re gonna have this AI tool, which Healthcare IT News is reporting as Mount Sinai’s first enterprise-wide AI deployment across clinical roles.Which was surprising to me considering I think they’re live with Microsoft’s dictation tool. But yeah, first B2B sale for OpenEvidence. It’s interesting, it’s cool. It also means a lot about where the market is headed, where they’re headed, what other companies who might not have had OpenEvidence on their radar will need to do in order to continually compete for physicians’ attention. And for value.Brendan Keeler (01:41) Yeah.Pryce (01:42) What do you all think about that?Brendan Keeler (01:43) What’s interesting is you said they’re competitive with UpToDate. They were doing a similar job to be done — they were providing clinical evidence, they were providing studies — but their go-to-market motion to date until this was totally different, right? They were ad-supported PLG. And so this is a new muscle that actually finally brings them into the competitive set.Pryce (02:06) PLG being product-led growth for those who aren’t like Brendan and Brad, always plugged into the…Brendan Keeler (02:14) You don’t love acronyms? We’re not going to just toss acronyms left and right? CDA, HL7…Pryce (02:18) I mean, well, those I do love because I understand them well. Yeah, so you’re saying OpenEvidence sort of went to market as like, hey, if you’re a physician, you should download this app. It’s free and useful to you, but I’ll make money off of ads. Whereas UpToDate was always — was that Wolters Kluwer? And it was a B2B sale? Is that right?Brendan Keeler (02:42) Yeah, you’re charging a couple hundred bucks a seat, enterprise contracts with a totally different motion that’s just hard, right? Like if you’re used to just saying, hey, pick this up, make it really frictionless for Dr. Smith — or actually you or me, like it’s actually not that hard, as proven by the Doximity lawsuit, for anyone to sign up for OpenEvidence and use it. You can just sign up.You do that and you’re building a very different muscle. What are ads? How do we do ads safely? How do we go to pharma and monetize via pharma? That’s what they’ve historically done. It’s always been a question of, okay, when they get popular enough, how will they lever over into enterprise markets to sell? Do they have the muscle to go to the CIO, CISO, chief medical officer and say, hey, you should rip out UpToDate and put us in? That’s been the question — do they have that sales motion?Brad Thorson (03:31) Yeah. It’s a really nice natural experiment of what is the right sales entry point for these AI-enabled enterprise products, because every time somebody gets a strong enough foothold with a large enough client, they are looking for — okay, yeah, I’m doing your ambient note taking, but now I need to look at, can I do ICD-10 and CPT code generation?It does feel like in the chart, OpenEvidence is competing against Wolters Kluwer / UpToDate, but they’re also competing against the scribes and they’re also competing against HCC coding applications.Do we have evidence of the RCM tools moving up into the chart? And then we have patient engagement and whether or not that’s going to continue to follow the patient into the visit. It’s really a question of who can sell and what partnerships look like.Brendan Keeler (04:28) Right. And this is the great convergence that’s been happening, right? You have Abridge partnering with Availity for prior auth and partnering with UpToDate for clinical decision support.So the convergence of all the jobs to be done for the provider — not just note taking. Abridge has expanded to be a full clinical co-pilot, but they’ve always been B2B. And then, like you’re saying, the back office co-pilots are moving upstream, the front office co-pilots are moving downstream, and now you have this heavy weight of the product-led growth market saying, actually, I’m gonna try and lever over and compete in the enterprise market. That’s gonna be challenging.Because they are well funded if nothing else, and they are aggressive if nothing else, and they launched multiple things. They launched prior authorization in partnership with this.Brad Thorson (05:12) I was just going to say, some tools may not even have an enterprise sales motion directly into systems of record or the care delivery organizations. Tandem is just going to go in with OpenEvidence.Brendan Keeler (05:27) Yeah, yeah. And I think the two things that come to mind for me — I don’t know if you guys have an opinion — but we think a lot about integration. I’m curious what their integration looks like with Epic and EHRs and if they need help with that. I mean, who could help them with that? And two, ads. They can’t possibly go sell to Mount Sinai and then be surfacing ads. Can they? But I don’t really see…Pryce (05:40) I don’t know who would help with that.Brendan Keeler (05:55) You would assume not, but…Pryce (05:57) It’d be sweet to be like in Epic and then if you click a button you can buy tickets to the next game that night, because I would. OpenEvidence is getting paid.Brendan Keeler (06:05) Yeah.Brad Thorson (06:05) Wait, they don’t even have to serve ads. I mean, who knows what the contract says, but all they need to know is that these podiatrists are commonly following this care path and ending up at a certain decision. That data enriches the free product that they have. And ultimately, pharma is looking for better attribution. Okay, I sent my reps into Sinai, and they’re telling me that I have to pay their expense bill of $20,000. How come my providers aren’t ending up on a care pathway that recommends my drug? I’m not saying that’s the motivation, but that’s a very easy product to build. And there’s going to be a lot of pressure from the people who are putting up the money for OpenEvidence ads to get better attribution.Pryce (06:51) Yeah.Okay, so I have two quick thoughts. One is just the product-led growth concept where OpenEvidence started by convincing — gosh, I feel like it was some absurd number — 30% of physicians in the country are leveraging it.Brad Thorson (07:11) Insane success. Would have never, ever, ever predicted it.Pryce (07:14) I think a lot about tools that want access to clinical data and how if they were patient-facing tools, then the patient would just need to authorize their access to clinical data. But guess what? No way in hell can you convince a million, 10 million, 50 million patients to download something.So the wedge of being like, well, my end user is the provider. And then once you have a couple of million providers using your software, then it’s like, go tell your organization to just put this in your EHR. And then to Brad’s point, you’ve got a business associate agreement set. Somehow maybe Epic and Oracle and MEDITECH maintain the rails of the clinical documentation or the RCM work because that’s what EHRs are so sticky for — really that enterprise business that they’re driving. But does the brain of the EHR and the insight of “If this care pathway, then this” and selling data to pharma or clinical trials start becoming a little bit more of a battleground?Brendan Keeler (08:21) What I would say is one tension here — when you are just doing clinical decision support, PLG, like PLG in healthcare is almost impossible because of PHI and HIPAA. You have this tension of needing a business associate agreement. So if I go to Dr. Smith, who’s part of Mount Sinai, and say use my tool — it’s just clinical decision support. Well, great, fine. I can pick it up and use it. And Doximity previously had success with that for just doctor social networking, right? And then some call/SMS stuff to prevent them from having to use their own phone line. Those are all non-PHI use cases. Well, now they’re tacking on PHI use cases. And that inherently has to be enterprise in nature because Dr. Smith, by and large, can’t sign a business associate agreement on behalf of Mount Sinai and give access to Mount Sinai’s patient data.That tension of the subjugation of providers to increasing layers of hierarchy in the consolidation of providers in America means that historically PLG products have struggled or just not been really possible. We all want the Figma of healthcare and now we have one.But really you’re just seeing them mature into enterprise because you have to do the harder, more valuable things. You kinda need business associate agreements and to sign agreements with institutions in America in terms of healthcare. And so that tension’s there. And I’m curious if they run into that as they try and offer these products and still maintain their roots as PLG, but also offer the really meaty stuff.Brad Thorson (09:55) I just want to circle back — I think Pryce just came up with two incredible business ideas. Pryce, I think you’re suggesting UpToDate should get into the IAS space and use patients as their sales channel to providers. Pull down your records and then UpToDate can tell you exactly what to drop into MyChart to ask for something.Brendan Keeler (10:23) Well, here’s the thing — OpenEvidence had patient-facing capabilities. They got rid of it. They got rid of it because it commoditizes themselves in some way when the patients can go and access that clinical information and it dilutes their ability to attribute ads and decision-making for pharma. And so I’m curious if they try and relaunch that in some capacity, but at the end of the day, we’re just sort of putting LLMs over the corpus of scientific information in America.But like if I’m a doctor and I can go just be a doctor or access it as a patient, maybe I do that, to avoid that. So it’s just a weird — that business model, that third business model of patient-facing clinical decision support, which I want for my potential thyroid thing. Like I want to go look it up and understand the same way my doctor does.Brad Thorson (10:52) Isn’t that what the economy is right now?Brendan Keeler (11:17) Can you have both? Can you have your cake and eat it too? They’re seeing if they can have their cake and eat it three in terms of patient-facing, PLG, and enterprise.Pryce (11:27) Eat it three.Pryce (11:29) Yeah.Brad Thorson (11:30) Also Pryce, we should expect an announcement shortly — if OpenEvidence is not working on it — that they find a clinical trials enrollment partner, right? Because that feels like the obvious next thing to slap on here. Hey, we understand the clinical pathways and the relationship to drugs. We can help get prior auths done so that patients get on these drugs and we can help with the discovery and development.Pryce (11:31) Yeah. Yeah.You know, we are taking a big leap here. Just to be clear, when I first read “Mount Sinai to integrate OpenEvidence AI enterprise-wide,” I’m like, so there’ll be a SMART on FHIR window in Epic where you can read about lymphoma, like recent lymphoma studies, right? But I’m expecting that they use this as a wedge to say, well, we don’t have this yet, but if you let your providers launch the SMART on FHIR app and they can read my content, but you also let me read the patient’s chart, then it’ll be easier for me to serve what’s relevant to you. And then if you let me read what the provider orders, I can make clinical decision support recommendations in real time. And before you know it…Like I said, we made a jump from right now — this has nothing to do with PHI and they’re putting it into an EHR — and we’re assuming that they’re going to start letting actual chart data influence their care provision and their clinical decision support and then eventually their models or their business motion. But yeah, I don’t expect that to happen next month. We’ll see.Brendan Keeler (13:03) That’s why they need someone who can help them do deep bi-directional integration work. Nadler, you know where to find us. I got one more thought here, which is they are shipping so much. They must be adopting LLMs to accelerate — not vibe code, but to accelerate development.Pryce (13:06) Yeah.Brendan Keeler (13:22) The marginal cost of development is dropping and you can see it with companies like this that you’re just like, how are they doing an announcement of this magnitude every month? And I think it’s a wake-up call for everyone in the industry that if you’re not adopting real Claude Code type products or Codex type products in your institution, you’re behind because you can really expand your roadmap as they’re very clearly doing. It doesn’t mean all these shots on goal are gonna work, but clearly they’re shipping a lot with their war chest of money. And I think it’s because behind the scenes they’re using LLM-assisted development practices.Pryce (13:58) And to me, that’s a double-edged sword. I’m far from an expert in training AI models and understanding differentiation there. But sometimes I hear about things like this and I’m a little bit like, well, if this is an LLM wrapper on the corpus of scientific research that maybe is otherwise accessible, how quickly could an OpenAI or a Claude or a Doximity replicate this? They can do all this so fast, and so can everyone else. What is the — this is like when Americans moved west and people were rushing into Oklahoma. The Sooners. Getting dysentery.Brendan Keeler (14:36) Yeah!Brad Thorson (14:26) Yeah, I mean… Manifest Destiny.Well, I think that’s why the sales nexus, the enterprise sales motion, is the important thing. Because once you have that space, once you’re in that workflow, it’s easy to bring partners along and just say, hey, we’re going to take care of this, because they have to fight for integration priority. That is the…Pryce (14:49) Yeah.Brad Thorson (15:02) The ability to quickly roll out a new feature means that sales is — this is great for me — sales is quickly becoming far more important than product and engineering. So you guys now work for me, which is great.Brendan Keeler (15:15) Shots fired. Shots fired. One thing there is — in the PLG market, “Competition is a click away” is the saying. And that’s true, but look at Google. On the corpus of information available on the internet, we can go build a search tool. And yet 80% of people use Google. And so that’s why they’ve always positioned themselves as the Google of clinical evidence.But I think they look at it and they’re like, s**t, Doximity is shipping exactly that, and others are shipping competitive products. So we need to lever over into enterprise so that competition is a contract away. Competition is a two-year, three-year contract away. That’s a moat. And that’s the moat that they jealously look at UpToDate every day and go, I wish we had that, to prevent the existential dread. So I think it’s astute to call that out by both of you.Brad Thorson (16:03) Here’s my galaxy brain take for this podcast. If anybody can build this — well, I am constantly frustrated with getting my GLP-1 from my excellent PCP and his very responsive staff, but it takes — there was nobody making sure that I’m getting that drug that is coming from their 340B pharmacy and making them a ton of money, except for me. And if I wasn’t invested in getting my healthcare from an unnamed institution here in New York City, it would be really easy for me to just go online and find somebody who has a consumer experience to do that.And it turns out we now know that the cost of developing that is $20,000 because the New York Times is giving MEDVi maybe too rosy of coverage for what they’ve built, but allegedly generating — was it $1.8 billion? Is that right? In revenue?Brendan Keeler (16:58) Yeah, yeah. But if you think about it, their operational costs are quite high. So MEDVi is one of many front ends on OpenLoop, a sort of white-label telehealth provider that allows for you to set up a provider practice of sorts with any branding you want.Their operational costs — a large part of whatever, if 1.8 is true — much of that is going to pay OpenLoop and pay for costs. But make no mistake, they’re making a bunch of money.Brad Thorson (17:31) Yeah, but they’re competing against brands. 30 Madison got bought. They’re brands who had to put together all of this infrastructure. We didn’t have the idea of a 50-state PC that was focused on telehealth. It took a decade of digital health pushing on that door to develop it. We didn’t have the idea of mail-delivery compound pharmacies. There’s all these things that had to go in place. And then the part that really blows my mind is the cost of development of the website. It’s a form, right? They’re gathering information, they’re shifting it over to OpenLoop who’s providing an asynchronous visit, and then a drug is showing up at the patient’s door. Everything is LLM generated. They’re not hiring actors.Brendan Keeler (18:15) Have you seen the form, by the way? It’s like, what’s your height? And then there’s six options or ten options that say 1, 0, 1, 2, 3, 4, 5, 6, 7, 8, 9, 10. And then what’s your number of inches? And it lists them all out. It’s a UI atrocity. It’s like a war crime. So yeah, maybe LLM generated. Also not the ideal flow. But somehow, through a variety of tactics, converting people.But Pryce, you had something you wanted to say.Pryce (18:40) Well, I was going to say — yeah, we changed this from OpenEvidence at Sinai to “you can vibe code anything now, including a $1.8 billion revenue business.” Shout out CMS, ONC — you’re doing God’s work because apparently there’s a lot of organic competition that’s shoving its way into these software ecosystems with their elbows, saying I have the right to that data as well and I’m gonna use AI to build my product. I’m gonna use AI and what my product spits out. So it’s happening. That’s what we wanted. And in some cases it might be a little bit sketchier than in other cases as we shift to the MEDVi conversation.Brad, you were talking about PCs and I was just learning about PCs and what’s their counterpart?Brad Thorson (19:30) MSOs.Brendan Keeler (19:31) MSOs.Pryce (19:32) MSO. Yeah. So explain to me the organizational structure of OpenLoop. How are these physicians staffed, and is the founder of MEDVi the one who is staffing all of these physicians or just leveraging their services to create his pipeline of prescriptions?Brad Thorson (19:57) Yeah, I mean, think of OpenLoop — the front door of the MSO — as collecting a bunch of services that are needed to enable telehealth businesses, whether that’s licensing, an EHR or telemedical service, or the actual providers that are going to see patients. OpenLoop does not employ them directly. They contract with professional corporations.And then those providers are delivering care under their own discretion. And they will continue to become — it is equivalent to like, I open a coffee shop, I use Square as my POS, and then after I’ve done enough sales, Square Capital can make loans to me because they know what my cash flow looks like. They’re just going to continue to hang tools on their toolbox, and a question arises — at what point does the collection of those tools start to look a little bit questionable?Brendan, I don’t know if you want to jump in and touch on something you’ve written about.Brendan Keeler (21:15) Yeah, I mean, this article came out and I’m like, man, this name sounds really familiar. We don’t do a ton in the GLP-1 space at HTD, with a few customers historically, but yeah — I’m ready for peptides.Brad Thorson (21:26) You guys are just skinny by nature, okay?Wait, wait — that’s the other part about the story that was crazy, is the speed at which they could — okay, they hit GLP-1s and then they rolled out hair loss and they just looked at any other business and were like, we can build a cheaper mousetrap, and just rolled. It was crazy.Brendan Keeler (21:51) I think that’s the article I wrote last summer, because this lawsuit — like most things that prompt me to think about healthcare — a lawsuit came out against OpenLoop that alleged that they were masterminding this sea of fraud, these fraudulent websites across the internet that were spun up to prescribe oral GLP-1s. This particular compound is not oral. It can’t be consumed orally. Tirzepatide-megalutide… I don’t know. We can look at the article.Brad Thorson (22:18) It’s blue time.Brendan Keeler (22:19) But I am not a doctor. Not a lawyer. Not a doctor. And so I went back and looked at that article and lo and behold, one of the “shell websites,” “shell companies” that was named in the lawsuit — as in, OpenLoop set up a fake website — was this company MEDVi. And so we now know that’s not true, that there are one or two guys behind this. They are a real company making some amount of real money.But that means that the allegations about fraudulence need to be directed probably at MEDVi and not at OpenLoop. They’re not named in the lawsuit, but there’s a lot of chatter on Twitter and some good threads. Rik Renard posted a great post breaking down that, okay, they’re making real money, they’re real — but there are tactics, things, the way they’re appealing to patients, that could be deceptive. And that’s fraud. Fraud is not the existence or realness of a company. It is: are you deceiving the consumer? They could be breaking — many people are pointing out that they may be breaking FTC, FDA, and other regulations and laws.We’re not gonna adjudicate that. We’re not lawyers, we’re not judges. But there is plenty of banter about that out on the market today.Brad, what were you gonna say?Brad Thorson (23:38) It seems like one of the major issues is that many brands were marketing oral tirzepatide. The fact that the product catalog was the same across all these brands seemed like the part of that lawsuit that the prosecution was most focused on, because tirzepatide cannot be delivered orally as far as we know.Brendan Keeler (24:00) It’s not trisibuclopetide. I think you’re right.Brad Thorson (24:03) Why do I know how to pronounce these drugs? This does not need to be space in my brain.Brendan Keeler (24:08) I just think one takeaway, and this was in the original article, is that the power of the internet is the ability to reach national and international audiences for trivial amounts of money. The marginal cost of building global or national businesses has dropped dramatically. And so if you and I wanted to set up a business doing fraudulent behaviors, historically it was like, okay, let’s go prescribe ADHD meds en masse — but we’re just doing it in our geography. We’re bound by geography. In the age of the internet, you can spin up and reach entire audiences at a national scale instantly. And so long as you can utilize that potential audience and get a meaningful percentage of it, the potential harms you can do are much larger, much quicker.We’ve seen it with ADHD meds and Cerebral back in the day, we see it rear its head here again, we’ve seen it with the opioid scandals. We see this all the time.Brad Thorson (25:18) I think the difference is — the internet compresses the cost to distribute information. But whoever wrote the paper about the transistor that led to LLMs, we now have technology that greatly reduces the cost to generate content. And that collision of super easy to distribute and super easy to create the content to distribute — that’s what makes the acceleration of this business possible but also fascinating.Brendan Keeler (25:51) And think about it — if we have AI doctors, imagine there’s some doctor behind the scenes of OpenLoop, but now we don’t need that infrastructure because we have AI doctors and they’re fully legalized. This highlights the need for guardrails as we go down that path, because all of a sudden, can you spin up a doctor and can you spin up a website? Great, you can do the full chain for marginal costs.I don’t think I know the answer — potentially you guys know the answer — but it just shows that the harm can be done very, very quickly, very, very broadly.Pryce (26:23) Well, in Rik’s post, it says that in their software, you can enter a birthday of February 31st, and then the app will tell you you’re quite likely to hit your goal weight of 200 pounds, even if you’re 7’11” and 350 pounds. So it’s like Shaq hoping to cut himself in half.Brad Thorson (26:31) Thank God. Have you guys seen how thin Charles Barkley is?Brendan Keeler (26:44) Yeah.Brad Thorson (26:46) He looks great.Brendan Keeler (26:47) Good for him.Pryce (26:47) Well, he’s got the Ro.You know what else this is making me think of? That you can build things so fast — the law and the repercussions of fraudulent activity or poorly designed software and clinical consequences now lag how fast you can build it and distribute it. And it’s making me think of how executive orders keep on happening in our country. And then a year later, we find out — we can’t erase the last year, but that wasn’t, you can’t actually do that.There’s a lot going on in the world right now that’s like, boom, the internet plus LLMs lets people create so fast that we’re having trouble keeping it safe. And sometimes it’s awesome. It’s productive. It should be a release valve on the healthcare system, which is way overburdened. It should be deflationary. I was listening to the CityBlock CEO, Toyin, speak about this.Brendan Keeler (27:27) How can we keep up?Pryce (27:49) On the HTN podcast — you want to see these things be deflationary in healthcare. And instead, oftentimes they’re used by folks who are like, well, how quickly can we prop up a lot of profit? And so we’re seeing a lot of inflation instead of a release of the burden of not having enough providers in the country. Instead it’s like, well, for the providers we do have, can we help them up-code all the way? So the government owes everybody more money. Anyway, this is just another example of — I don’t think this is helping the crisis that we’re having.Brendan Keeler (28:25) I had posted nine months ago, twelve months ago, where I was just feeling that exact thing. It is far easier if you’re an entrepreneur to make money off of making new money versus reduction of cost. It just is. And so the technological innovations we see go towards activating healthy consumers and patients to do new things, to spend more money a lot of times.Even the patient empowerment stuff we see via the CMS HealthTech ecosystem — all of a sudden you’re activating the healthy middle that never engages in their health. That’s really good, but the short-term effects of activating this population to use more healthcare is gonna increase costs. More people that were just not doing things — which probably long-term is bad for their health — well, if they’re utilizing all their benefits and spending out of pocket on all these different things, that’s more cost short term.And so I got kind of depressed a while ago because of that, because I was like, well, how are we ever going to fix this? And maybe Chris Klomp is the answer. He’s being thrown around all over the CMS as the person who’s going to make things deflationary. And I do have faith in him.Brad Thorson (29:46) Yeah, we gotta give the law heads what they want. The people come here for the wonkery. Let’s get — is there a new acronym?Brendan Keeler (29:46) Let’s segue in, given the Chris reference there.For wonkery. Wonkery. Pryce, what are you hearing?Pryce (30:01) Well, we’re back. We are so back. We are the ONC again. The HHS, Department of Health and Human Services, has many offices within it. One of those is the Center for Medicare and Medicaid Services, which uses a lot of the U.S. budget. Another one — much smaller and maybe I would say scrappier — is the Office of the National Coordinator, which was first named the Office of the National Coordinator for Health IT when Bush W had created it with an executive order. And then the last Biden administration changed it to the ASTP. So if you’re familiar with that acronym, that was the Assistant Secretary for Technology Policy. I’ve got my ASTP name tag right here. Amazing logo for the ASTP.Brendan Keeler (30:47) Vintage stuff. Hold on to that. That’s gonna be worth a lot.Pryce (30:56) I got my vintage Redox swag.Yeah, this is gonna go on eBay in like 20 years. Holographic ASTP name tag.Brendan Keeler (31:04) If they were smart — look, they don’t have much budget. They get 50 million, ever since Bush. If they’re smart, they would have sold swag at the ASTP annual meeting. That was a golden opportunity. They know this is coming. They know they’ve been working on it. They could have sold it. Everyone would have bought it. Problem solved. Deficit solved.Pryce (31:18) Do we think — is it legal for government offices to become like a…Brendan Keeler (31:23) What has legal ever been a problem for this administration? We’ll figure it out in court. The t-shirts. Should we sell the t-shirts?Pryce (31:31) I was thinking we should get Dr. Keane to do a collab with Supreme or something. Just super expensive clothes with ASTP — or now ONC — on them. That would be great.Brendan Keeler (31:44) It’s like the original LLM era a couple years ago where the Pope had the puffy jacket on. You know, we should do that sort of thing, but ASTP.Pryce (31:52) Yeah. Super swag.So with the change of this office from its name being the ASTP back to being the ONC, what else is happening? They divvied up some responsibilities.Brendan Keeler (32:08) It’s really not that much of a change. What Micky Tripathi did in summer 2024 is he pulled together a few other divisions so he could do more with AI — basically that was his goal. He had the chief AI officer or something as part of his title or under him, similar C-suite type people within the agency. And now they’re kicked over to another part. So it’s reorged out, and their mandate and mission doesn’t change.Even the verbiage that Micky Tripathi added in that change is maintained. So it doesn’t change much. And historically, I wrote a post about this, but almost every head of the ONC has done a reorg or multiple reorgs. Usually Democrats have added more sub-agencies and things like that, and then generally Republicans, especially Trump, tried to slim it back down.So it’s not crazy. And if the pendulum swings and Democrats get elected, guess what? Maybe we see similar additions to the ONC. I don’t know if we’ll do a name change again. But the ONC, let’s go through it. Office of the National Coordinator versus Assistant Secretary for Technology Policy. The former is better. Objectively better. ONC versus ASTP.Brad Thorson (33:31) ONC is easier to say for sure.Pryce (33:35) ASTP way better. ASTP’s logo is way better. No offense.Brendan Keeler (33:38) Wait — hot take — you like Assistant Secretary for Technology Policy better than Office of the National Coordinator?Pryce (33:46) I always liked saying — I don’t know, I think those words roll off the tongue if you can say them quickly. I also loved saying, oh yeah, hanging out with Steve Posnack is like hanging out with the assistant to the Assistant Secretary for Technology Policy. You get a little bit of The Office vibe. So I’ll miss those jokes.Something else that happened — I’ve got a friend that works at the ONC and I found out that he’s within the Office of Policy. That was historically called the O-Paul, I think, internally. But they just changed the name of that to the Office of Programs and Implementation, which I think should be called the O-PIMP now. So they’ve changed that name and I’m a huge fan of that change if we want to start abbreviating it.Brendan Keeler (34:34) I think we should. This administration has also been really focused in the CMS world on things like ACCESS and fun backronyms. Why not the ONC? Let’s dial it up here.Pryce (34:42) Backronyms, backronyms.Pryce (34:49) What do we call it? Oh gosh, we’ll come up with a good name.Brendan Keeler (34:52) So we got a few minutes left. Do we want to cover anything else before we close out?Brad Thorson (34:57) I mean, the people are asking, what is an HIN? And I think we have to tell them.Pryce (34:59) Brendan, you wrote about this. Maybe you want to tell us what you wrote about and then I’ll start commenting on my thoughts.Brad Thorson (35:08) I’ll just throw this in there, Brendan. I don’t really care about the Henry Schein case. I know you’re deep into it, but when you create grids, I’ll read every one of those posts. So if you could just lead with the grids, I’ll fight through the rest.Brendan Keeler (35:09) Sure.Brendan Keeler (35:18) Okay, the Excalidraw — that’s the tool I use, it makes it look hand-drawn. Yeah, Henry Schein versus Vyne is just a vehicle and a vessel for a very important conversation, which is: what is an HIE?So why are we having that conversation when Vyne, a point solution, a clearinghouse for dental, and Henry Schein, an EHR for dental — neither of them on paper are what we think of when it comes to HIEs. Well, it’s because the point solution, looking to use the Cures Act information blocking rules against Henry Schein the EHR, was unable to because Henry Schein backed out of the certification program to ostensibly avoid information blocking burden.Pryce (36:01) So just to be clear, there was an EHR who was certified by the government. And that’s important. Lots of EHRs do that because oftentimes you need to in order to get reimbursement from CMS and things like that. Lots of reasons to voluntarily certify your electronic health record. But if you do so, you immediately become susceptible — you are considered an actor as a developer of certified technology that could commit info blocking, which is really broadly defined as discouraging the exchange of electronic health information.So unlike most other industries where competitors fiercely hoard data and don’t share it at all, within the healthcare industry, the Cures Act says you have to share that data because it’s the patient’s data and other providers need it. And so we’re seeing this expanding ecosystem of like, you better share that data or you better make APIs.And you’re saying Henry Schein, being a dental EHR, had pulled away from being certified. It was after this lawsuit was filed, wasn’t it?Brendan Keeler (37:04) Yeah, and that’s one of the things — I’m not a lawyer, but what seems obvious is that the behaviors that were information blocking occurred last March 2025. They were a certified EHR. They were a developer of certified health IT — Henry Schein. And so you could claim that those behaviors were information blocking. Then they decertified, they withdrew in August or July. And the case was in September. So behaviors after that are nebulous. But it’s like, why didn’t you go harder in the paint on that one? Because that seems like slam dunk stuff.Brad Thorson (37:38) Yeah.Pryce (37:39) Right. Vyne, who’s suing Henry Schein, didn’t call it out.Brendan Keeler (37:46) Yeah, they did lightly in their opening brief and then in these transcripts they just talk about HIEs and HIEs. And we’ll talk about why they go there next, but instead — do the easy slam dunk, no nebulous definition route!Pryce (38:00) So within information blocking, there’s three different types of actors. These three types of organizations need to be very careful that they’re not committing info blocking. One being providers. Not really a way to skirt around that — if you’re a provider, you’re a provider. The second being a certified developer of electronic health technology, which would include a lot of major EHRs. And the third actor type, which is very nebulously defined — as Brendan loves to pull apart — is health information networks.Brendan Keeler (38:40) HIE slash HIN.Pryce (38:41) Okay, so the point being here, Vyne might have missed an opportunity to say, well, obviously they were an actor who could commit info blocking because they were a certified electronic health technology. And now they’re sort of saying, well, maybe they’re an HIE. This is an EHR that they’re saying was acting as a health information exchange. Let’s go into the details — what makes an HIE? Tell me about the preamble and all of that stuff, Brendan.Brendan Keeler (39:09) So essentially when you’re exchanging data, there’s only three patterns. One is decentralized. Everyone’s a node on the network and you send from point to point. So that could be a network that sets rules for exchange between their participants — could be a health information network. And many of those types of networks — DirectTrust, Datavant, Carequality — those are all point-to-point between nodes. Those could be.Pryce (39:36) Meaning all of the nodes trust each other, but you don’t get all of the healthcare information in the world and put it in one centralized server. Instead, the network is that you have a phone book, basically. And everyone in that phone book has a cert that proves, I’m in the phone book and you can trust me.Brendan Keeler (39:57) Yeah, in the preamble they mention — they carve out and the ONC says, actually, if you’re doing bilateral exchange between two parties, then you’re generally not going to be an HIE/HIN. And so most of those networks with that topology, even if routing through a central thing like Datavant or something, say we’re doing bilateral exchange and we’re good. We’re not an HIN because we’re not storing the data. We’re not facilitating a fan-out.And so the other end of the spectrum is what we think of when we think of state health information exchanges — stored in a big database. Everyone pushes data up and then when they need it, they pull data down. That model — that’s what Henry Schein is actually saying. Well wait a minute. We, as an API provider with an API program — people push data up to us, different apps that don’t know each other, to a single provider’s system, and they can pull down the data between them. One app pushes up, another can access it.And so Henry Schein is saying, no, no, no, that model — we’re not an HIE/HIN either. But if that’s right, then state HIEs of that model aren’t HIEs or HINs. And so the only remaining class of network that would actually fall into the definition would be ones where you send up a query and it goes to many participants, right? One to many, inherently not bilateral.But then at the end of the day, you just keep squinting at this. And I bet you every HIE, HIN, EHR — they look at this and their lawyers say, we’re not in this definition. And that can be fine. But right now it’s very ambiguous, because if Henry Schein is wrong, then everybody is an HIE or HIN if you offer an API.Pryce (41:52) If you offer an API and have multiple parties connected into you and you receive or share or reconcile the data, yeah, I see what you’re saying.Brendan Keeler (42:03) Yeah, where is the line? I don’t like this one, I hate it, because it’s so infuriating. And so in two to three weeks, we’re going to have a judge make the first call on what’s an HIE/HIN in this case. And that’s what’s important. That’s when we know if non-certified EHRs get looped in. I swear to God, every clearinghouse, every ADT network, every network in America — their lawyers are hyper-focused on this case, because it could draw them into actor status.And if they’re not paying attention, they better be.Pryce (42:34) Do we think this judge who’s going to make this decision has clerks or is he or she themselves calling the ONC and being like, what were you writing about here? How should I interpret it? Is that something they do? Because there’s so much ambiguity.Brendan Keeler (42:49) Yeah, the judge is showing a really strong grasp of these concepts. They’re thrown all over the board. They are federal judges.Pryce (42:58) I think they’re subscribed to Health API Guy. It’s crazy.Brendan Keeler (43:03) Yeah, I haven’t seen any of those domains come in. But he shows a strong grasp. He’s showing a very traditional view on computer fraud and abuse, the CFAA, which is what Henry Schein is accusing them of. And he’s really diving into the bilateral thing when interrogating Vyne. But at the same time, sometimes judges go really hard in the questioning and then they go and read the statute and the guidance and stuff that the agencies have released.I don’t know if they phone them up. I don’t think they do that. I think they generally rely on public artifacts and the law. And they’re gonna make a call. And he could make a call that really redefines this line. So we shall see.Pryce (43:50) Well, one more question — how would that redefine the line? Is it now legal precedent, and would that only be in Maryland, or would that be federal? Is it more like, I feel more comfortable making a decision like this because this judge made that decision in Maryland? Or is it, no, I can use this as a legal artifact from now on?Brendan Keeler (44:09) It’s both, right? It is limited to whatever the district court covers — Maryland and maybe some other areas. And then if it’s appealed, you see broader applicability. If it’s appealed to the Supreme Court, that’s when you get pretty uniform stuff. But yeah, absolutely there’s regionalization.But just one precedent allows for someone to point from a favorable jurisdiction. Someone in California can point and say, hey, look what happened in Maryland, and we have laws that kind of overlay on that. They can’t point to it as pure precedent, but then what you’ll see is — Vyne filed in Maryland, not in Utah, which they could have filed in because both parties have offices there. And that’s a very strategic choice to use the Real Time Medical / PointClickCare precedent.So we could see similar dynamics if it breaks a little bit towards Vyne or fully towards Vyne.But we are over time, so I think we gotta wrap. This was a fun one. See you all later.Brad Thorson (45:08) Yeah, we’re gonna go back to our normal jobs. See you guys.Pryce (45:12) Happy Good Friday! See ya! Get full access to Health API Guy at healthapiguy.substack.com/subscribe

Healthcare’s biggest conference has come and gone, so the team is back (down a man or two) to bring you some updates there, as well as every twist and turn of a very busy week in the courts.* HIMSS 2026 felt smaller but more productive…and the sentiment was surprisingly pro-HIMSS over ViVE* AI headlined as expected, but the real conversations were about data normalization and cleanliness underneath the agentic hype* Epic subtly debuted Willow Pharmacy Network, a new “With the Patient at the Heart” product that could signal a long-term play against Surescripts* The American Association for Disability Justice filed antitrust and information blocking claims against Epic over MyChart’s fragmented login experience* A surprise stipulated agreement from GuardDog Telehealth reshapes the Epic v. Health Gorilla case ahead of April’s motion to dismiss hearing* Ryan recaps a guest lecture at Johns Hopkins and the malpractice risk thread that explains more about healthcare’s data reluctance than most people realizePlus we mentioned rumblings of a bonus class action lawsuit, which came true later that afternoon as Fox, Edward v. Epic, Beaudreau, Edgar v. Epic, and Banh, Priscilla v. Epic all kicked off. While on paper it’s not great for Epic, there’s potential upside if they’re able to consolidate effectively.Relevant Articles* Epic's AI announcements: The baseline announcements from Epic at HIMSS which were very AI focused* Introducing Copilot Health: Microsoft’s buzzy announcement of a consumer health product powered by HealthEx, paralleling ChatGPT Health and Claude Health* Epic Beyond the Provider Empire: This article explained Health Grid products and waxed hypothetical about a future pharmacy oriented product, which we saw at HIMSS via Willow Pharmacy Network* Down the Disability Data Rabbit Hole: The strange fruit of minot investigational journalism into a beef tallow influencer’s medical records videos, including one that targeted Epic* Ryan’s post on data quality: Pipes are only half the battle. As access becomes ubiquitous, it’s about what you do with it (if you even can).* AADJ v. Epic: The unexpected lawsuit that launched during HIMSS with disability advocates and patients claiming antitrust, information blocking, and disability violations, which explained Mr Beef Tallow Influencer above* Epic's TEFCA IAS plans: This details their MyChart Central / unified login plans, which seemingly contradict the AADJ claims* Epic v. Health Gorilla: GuardDog Rolls Over: The bombshell of one of the defendants in the Health Gorilla lawsuit turning tail and entering into consent by admitting various violations* Epic Lawsuit-ception: After recording Friday, the lawsuits we alluded to came to light as three separate templated class action lawsuits were filed against Epic for inappropriately disclosing PHI to Health Gorilla.Chapters* HIMSS Recap: Overall Impressions (00:00) - Brendan’s on-the-ground take from HIMSS in Vegas — attendance trends, booth culture, the cat pit, and general sentiment versus ViVE.* AI Announcements: From Chatbots to Agentic (02:48) - Epic’s Art/Penny/Emmy rollout, Microsoft’s patient access chatbot with HealthEx, Agent Factory, and the gap between clean demo environments and messy real-world data.* Data Normalization and the Infrastructure Layer (05:19) - The wave of companies tackling data cleansing, parsing, and augmentation as TEFCA and information blocking rules make data movement easier.* The Under the Radar Announcement of Epic’s Willow Pharmacy Network (06:16) - A new “With the Patient at the Heart” network product targeting specialty pharmacy workflows — and what it signals about Epic’s beachhead strategy into pharmacies and potentially e-prescriptions.* New Lawsuit: Disability Access and MyChart (09:07) - The American Association for Disability Justice files antitrust and information blocking claims against Epic over fragmented portal logins, plus analysis of why the legal claims face uphill battles.* TEFCA, IAS, and Health Tech Ecosystem Updates (16:23) - Kill the Clipboard demos, digital identity with CLEAR and ID.me, and Clover Health joining as the first payer in health information networks (plus the Wall Street Bets subplot).* Ryan’s Week: Teaching FHIR at Johns Hopkins (20:22) - A Q&A with grad students on interoperability trends, wearable data, and the signal-to-noise problem with smartwatch data flowing into clinical workflows.* Malpractice Risk as a Hidden Driver (22:28) - Why the fear of liability shapes provider attitudes toward data volume, RPM, AI summarization, and even HTI-5’s auditability certification debate.* Epic v. Health Gorilla: The GuardDog Settlement (26:35) - A surprise stipulated agreement from co-defendant GuardDog Telehealth changes the dynamics of the case, potentially undermining Health Gorilla’s procedural defenses ahead of the April hearing.TranscriptWe ran the transcript through an LLM to smooth it out. So it’s a rough approximation of the conversation (and in many cases significantly clearer than our rambling), but notably diverges from the word-by-word blows quite a bit.Ryan Tucker: So we are back with the Information Exchange — two out of the four players here, but we’re going to go strong. I would love to start with a HIMSS recap from you, Brendan. I was pretty busy myself on the other side of the country. Didn’t make it out to HIMSS. Saw some news, but I would love to hear your take. What happened?Brendan Keeler: Yeah, quite a lot. Have you been to HIMSS before? I don’t know if we’ve ever synced on this.Ryan Tucker: Yeah. So I went when I was with Epic, I think about two years in, and I was in the basement doing an Interop Showcase or whatever it was called, where I ran the same script I think 45 times in two days. So that was a very repetitive, not a great experience just in terms of personally needing to do the job there, but it was fun and Vegas was fun. It would be a very different experience now. I’ve been able to go to ViVE since then and things like that, but I haven’t been back since that one showcase.Brendan Keeler: You go to Vegas too many times and you’re in the Venetian over and over again, it just blurs the years. Booth working is different than sort of rogue agent parachuting in and having 12 meetings a day, which is the way that we typically operate when we go to HLTH and ViVE. You can more easily find ROI for certain companies if you’re setting up meetings, going and ad hoc meeting people — versus a booth that really is six figures or above as soon as you have something hanging from the ceiling.Our colleague Brad and I went out, had a ton of great meetings. Overall it felt a little smaller. Since the sale of HIMSS to Informa a couple of years ago, we’ve seen a contraction from 35,000 or whatever it is to 30. And I feel like it may have trended down — the booths were a little more spread out, it felt more spacious in terms of the throughways and stuff like that. There was all the requisite weirdness in terms of people going a little too far with marketing and putting stuff out there. There was one group that had a robot hand on their head that was going like this. That was probably the highlight of weirdness.But it was good. It was very productive. A lot of sentiment was “this is way better than ViVE,” which you don’t expect. They had a cat pit instead of a dog pit. So ViVE typically has all these puppies you can go play with, and they had kittens. I didn’t get a chance to do that, but it seemed pretty cool. They’re trying to be competitive with ViVE in that regard. Are you more of a cat or a dog person?Ryan Tucker: Definitely a dog person, but I would pet a cat.Brendan Keeler: Yeah, kittens are still cute, fluffy — anything to deal with the hangover of being in Vegas. But beyond that, what did we see? AI, all the things, right? Epic, if you look at all the press releases that went through CNBC and Modern Healthcare, it was just all Art and Penny and Emmy for Epic — their AI announcements. We had consumer-facing AI from Microsoft, which is interesting. That’s not particularly their slant versus some of these other companies, but they released in partnership with HealthEx their patient access and chatbot experience. So AI headlined, as you might expect.Ryan Tucker: Yeah. I mean, I think we see that universally all the time at this point, but that’s what I was seeing between meetings, checking on news. Epic, Amazon, Microsoft, Oracle, athenahealth — everyone had “here’s our take on AI.” Epic came out with Agent Factory. So I think we see the shift from general chatbot or LLM AI to agentic AI becoming prevalent.I did put a post on LinkedIn about this. I think there’s a big difference between what you can show at a HIMSS showcase when you have a very clean data environment and a simple workflow to say, “Wow, look at what this can do,” versus AI in the real world — especially with health system data where we know the pipes might be there, interoperability might be working in terms of connecting from place to place, but there’s a lot of bad data out there.The utilization of that data is what’s becoming important. I think especially with agentic use, being able to have a provider just type in something from a prompt and pull up the record that they’re concerned with — we need to have a lot of good data classification, normalization, cleansing of the data that comes in. So I guess I’m wondering, was there any level deeper? Starting on the Care Everywhere team at Epic, we were obsessed with raw number record exchange first. And then it slid toward how we’re actually using the data once it got there. Now with AI, do you see that start to shift — or not yet — where it’s “AI is here, but now how do we actually start to use it”?Brendan Keeler: Totally. Brad and I had maybe four straight conversations where some slant of it was data normalization, augmentation, cleanliness. And sometimes that was using an LLM — off the shelf, commercial off the shelf like OpenAI or something. But then other tools using machine learning or their own models or whatever it might be to be more healthcare specific and to get to a higher accuracy rate.So certainly, as we have Carequality and TEFCA and information blocking — all these things mean that data movement is much more accessible. The cleaning of it, the parsing of it from those data sources and others like fax — there’s a ton of infrastructural companies vying to make their play in that space. So certainly prevalent.I think the other thing, the off-the-radar announcement that I can’t even find on the internet right now — at the Epic booth, looking at “With the Patient at the Heart,” the Health Grid products, their network-based products, there was the addition of a new one which I had never seen before: Willow Pharmacy Network. It was something around specialty pharmacy workflows to start, but much like Epic Payer Platform isn’t taking on clearinghouse roles but rather clinical data exchange — so an adjacent payer functionality that gives them a beachhead to sell into payers, a beachhead to potentially go do eligibility and claims down the line.That business strategy is now being applied to pharmacies, where they already have a system of record they can sell — Willow Ambulatory — and potentially after they build this network product and get deployment, perhaps they can go do e-prescriptions. Perhaps they can do other workflows and take on Surescripts. It’s something that I posited in an article a couple of years ago, but it’s interesting to see it play out in some fashion. I’ll be excited when it’s actually on the website, when I can see it anywhere else and we can learn more details. But that was my “beneath the AI radar” announcement.Ryan Tucker: Yeah, that’s really interesting. And I think you’re right — I didn’t see news around that. So you brought it up as a networking-type side product. Are they actually thinking of the movement of data, analogous to Surescripts, or is it more the workflow around specialty medication management — prior authorization, things like that?Brendan Keeler: It was distinctly in the Health Grid. Now I keep calling it Health Grid because it’s a better name than “With the Patient at the Heart.” But the “With the Patient at the Heart” products: Epic Payer Platform, Discovery for clinical trials, forgetting some of the other ones that are in there — they’re all network products. They sell to non-provider organizations and say, “We can help you integrate with our provider base more seamlessly using these products.”Epic Payer Platform is certainly the buzziest, most well-known of those, but Aura being for labs and medical device companies, “Supplies on Time” being for medical device manufacturers — all of those are network-based products that have the dual strategic purpose of giving them sales distribution to a new customer type, and then from there, they can sell systems of record to those customer types. Potentially Tapestry for payers, ERP to supply manufacturers, hypothetically Willow Ambulatory to pharmacies.It was visually lumped with those products, which is suggestive of the network product. And then from some late, fairly hungover discussion with the team there, they mentioned it being some network-based product for specialty medication workflows.Ryan Tucker: That’d be interesting to see. I mean, Epic is everywhere all the time. What are they not getting into at this point?Brendan Keeler: Well, what they’re not getting into is avoiding lawsuits, which is another — the Rule of Conferences held true. So last week we did some spelunking through TikTok and found this interesting beef tallow influencer that was talking about medical record release. And we’re like, what is going on here with this American Association for Disability Justice nonprofit?You and I had talked about it last week with Brad and others — there was just no resolution. Well, now we have more clarity because during the conference, the Rule of Conferences held true, and that group, that nonprofit, launched a new lawsuit alleging antitrust, information blocking, and violation of disability-related laws as claims against Epic in regards to MyChart not having a single login.That is how patient portals work generally across most EHRs. But suffice to say there’s frustration in the industry — in the disability industry that helps with claims to Social Security — that they’re still unable to get medical records in a timely fashion. That frustration is real. The claims are going to be challenging for the plaintiffs just because — again, not a lawyer — but looking at them, for the antitrust claims, the market definition they state is a 40% market share, which is typically quite low for antitrust claims. They don’t properly assert in my mind some of the implications that are necessary. But we’ll see.For information blocking in particular, when we’ve seen successful information blocking claims, they’ve used what you might call state tort hooks — where they’re not saying “This is the law, information blocking law was broken, I can sue you,” because that would entail the private right of action to be detailed by Congress. Instead, they say, “Because you broke information blocking federal law, you’ve broken state tort law — unfair competition law and things like that.” You’re actually suing under breaking California’s unfair competition law or something of that nature.That’s not what they do here. They just say “You broke information blocking law. This is a claim against you.” I don’t think that’ll hold up, given the lack of private right of action. Imagine Epic will push back there.So yeah, it’s an interesting case and it just shows that there are still many problems to be solved in terms of interoperability and where we need digital, ubiquitous digital exchange in as frictionless a pattern as possible — to help disabled people get their Social Security benefits, to help all the other underserved use cases that currently people are trying to funnel through the treatment purpose of use.Ryan Tucker: It’s a really interesting space. You said you’re not a lawyer. I’m even further away from legal understanding on that spectrum. You bring up the term “torts” and I get a little hungry because I think of tortas. I read your article covering this.Obviously they make a lot of claims, and I agree that there is well-founded frustration when it comes to the fragmentation of this information, the inability to easily get this when trying to make a disability claim. You brought up the patient portal side — that they’re not having just one login to MyChart, which I think actually Epic is working on something like that, to help with accessing all of your MyCharts no matter which Epic-specific health system you’re at.But I was just curious — that fragmentation is not due to Epic. And I think we understand that pretty well. There are obviously multiple Epic and non-Epic health systems. We don’t have a federally mandated “one record to rule them all” within the country. So I think a lot of that is not Epic’s issue, and it’s certainly not an only-Epic issue. I don’t know if this is a case of going after the biggest player in the space because it’s a problem all the way down. I’m just trying to understand — is Epic really responsible? And if they are, then I feel like all the EHRs are responsible. I’m just kind of confused about how this would play out.Brendan Keeler: A couple of thoughts here. One is intuition — the way we intuit what is right or wrong, ethics, things like that. Those are all different. The law may be a full Venn diagram overlap with our intuition, or it may be zero Venn diagram overlap. So we’ll talk more about intuition. I gave some non-lawyer legal perspectives on what might happen based on analysis of those claims.But you’re right. The architecture of Epic and Cerner and many of these others is that they’re sold to hospitals, sold to institutions, and those institutions want the agency to own and control and set up the software. Part of that is their patient portal, which they brand and configure and make changes to.That historical baggage has been true. The lawsuit mentions using TEFCA Individual Access Services and, when doing so, being unable to retrieve data from the Epic sites because of portal credentials. And that is a current function of how Epic has architected their Individual Access Services that other EHRs participating today have not.To your point, Epic has announced — and they have on their TEFCA website — that by the end of the year they’re going to have MyChart Central and more single unified login, as well as the CMS-aligned networks under the CMS Health Tech Ecosystem pushing Epic and other EHRs to go further in easing authentication and removing that double authentication step.But Epic’s choices here are not by and large them saying top down, “This is what it will be” to their health systems. These health systems have strong privacy considerations that they’re thinking about. There were rumors — I’ve yet to find this online — but there were rumors that there’s another class action lawsuit against Epic and hospitals in some state courts claiming they’ve released PHI inappropriately in violation of HIPAA. So patients suing Epic and/or hospitals for HIPAA breach.That risk is what underpins, or at least is stated to underpin, a lot of the behaviors of the health systems and of Epic to serve those health systems. It’s an interesting, testy time, and we’ll see where this claim goes. If there’s any positive for the plaintiffs, the jurisdiction — Western Texas, so I think it’s Austin — where that locus is, is pretty favorable to pushing the limits on some tech-forward lawsuits. I think that was a strategic choice to file there.Ryan Tucker: Definitely. So you mentioned IAS — Individual Access Services. I think the end goal that we’d love to see, and we understand the technical logistics of how difficult this might be, is something like an application on your phone where you’re able to see “these entities have my health data” and you have levers that control access, can transfer access, those types of things. We’re a long way away from there.I was just curious — you went over the announcements with HIMSS. Anything to report in terms of the Health Tech Ecosystem and some of the main initiatives, which included patient access and Kill the Clipboard?Brendan Keeler: There were awesome demos. Participants in terms of eClinicalWorks — either for the Healow product or maybe just the EHR — alongside other parties showing that Kill the Clipboard exchange. A lot of interest and discussion of digital identity — CLEAR and ID.me as the two main credentialed service providers, but potentially more entering and certifying in order to serve the TEFCA Individual Access Services and CMS-aligned network ecosystems.And then we had Clover Health join last week as a payer — the first payer to really participate in health information networks. They’re just responding to start to Individual Access Services, but then treatment in some short order once they ascertain that the treatment queryers can actually store FHIR Explanation of Benefit bundles. That’s a new payload type that if they just throw it over the wall, probably some EHRs and other queryers will bomb out. So really cool leadership by Clover in doing this.But man, that post really cooked on LinkedIn, because the Wall Street Bets community — they love Clover Health as a public stock. So anytime you put “Clover Health,” like, “Have you read my analysis of XYZ?” I’m like, “But sir, this is a Wendy’s.”Ryan Tucker: They want Clover to go to the moon.Brendan Keeler: When the CMS RFI — Request for Information — last summer was going through the comments, I’m reading, I like to read the comments because I’m a dork. And as you see over and over again in this broad, expansive “What should CMS do in terms of tech? What should ASTP do in terms of tech in this administration?” — that was sort of the thrust of the RFI. There’s just comment after comment like, “Well, they should just buy and mandate Clover Health.” And I’m like, what’s going on here?Talked to some people over at Clover and they’re like, “Oh, no — it’s Wall Street Bets from Reddit.” So I went to Reddit and found a thread where somebody’s like, “Hey, there’s this new question from the CMS, we gotta go hype Clover Health because then they’ll go buy Clover Health.” And so you have 20, 30, 40 comments of this nature, this comment campaign.I posted about it and then I’ve never received more death threats than from the community saying, “You don’t understand the magic and the power.” And I’m like, I do. I know them very well from working with them over the years and I’m friendly with them. So every regulatory thing — HTI-5, CMS RFI — you always get some interesting, unexpected comment campaigns. But that was one where I’m like, man, that’s an intersect I was not expecting to have — the SPAC crowd from Chamath’s world come on over and get involved in a CMS RFI.Ryan Tucker: The wonderful and horrifying discourse of the greater internet there.Brendan Keeler: Anytime you add anonymity of any kind to social media, you start to get some really interesting outcomes. So yeah, that’s the rabbit hole we go down from HIMSS. But you weren’t at HIMSS. Maybe you want to tell the audience a little bit about what you worked on, because I thought it was interesting.Ryan Tucker: Yeah, definitely an interesting, busy week. One of the main highlights was Monday night — Joe Mercado from Arcadia and CareJourney invited me to speak with his class at Johns Hopkins, which is a school of medicine class that has a mixture of grad students in public health and different areas. It was a class on FHIR. Basically a Q&A for about an hour and 15 minutes, and it was just great to see about 15 students and their different perspectives, the questions that they asked. It was a joy to be there.But really, I think a lot of the things we talked about coming from HIMSS were top of their mind. They wanted to understand trends over time in the interop space. And we talked about how the record exchange then turned into data usage. They brought up wearable technology — not like blood pressure cuffs or pulse oximeters, but they’re very interested in smartwatches. There was a cardiologist there and she would like to understand how to get the data from a smartwatch to help with her practice.I think there’s a thread that could be connected to the AI side we were talking about, where there’s a signal-to-noise problem. Yes, a cardiologist may be interested in trending over time of what your heart rate looks like or within a particular stress event. But if you include every single moment of your life within that smartwatch’s data and you send that into a chart, the provider is going to be overwhelmed. There’s that signal-to-noise ratio — they’re not going to know what to do.Very similar when it comes to AI usage and prompting. If you have bad data, if you have too much that you’re not able to properly classify, sort through, search through — it doesn’t matter if you have all the data in the world. It needs to be usable.Brendan Keeler: That’s one part of it, but a lot of times when I’m looking at dysfunctions in healthcare, particularly in US healthcare, you look and you squint and you peel it back — malpractice risk is generally one of those big ones. If you start to peel back “why were they so cagey about what they said back to me,” so many times that behavior comes from the risk of malpractice.Certainly, dumping a bunch of cardiology data into a chart has some risk of “they don’t read it in time, something happens, and there’s a lawsuit.” That’s a common trope for why we don’t want all the RPM data back in the chart. And as a technologist, I’m like, we can have AI summarization, we can have alerting — there are ways to solve for it versus the Luddite “just don’t even give it to me!” Healthcare organizations should be data hungry to better care and have broader insights. And if the problem is the volume of it, well, let’s build the tools to distill it down appropriately. That’s my technologist view on it.Ryan Tucker: I’ve never really thought about that point around malpractice. You’re right — if there’s so much auditing available in the chart specifically for this, the more data they’re presented, the more they’re theoretically responsible for. And so the higher risk.That’s really interesting — we keep claiming we want more and more data. And then how does that play into when they didn’t see the source data, they only saw the AI summary, and things like that. That’s a fascinating thread to pull on that I really hadn’t thought about before.I have a lot of family in medicine. My wife’s a nurse, but I have an aunt and uncle who are like a real power couple — my uncle’s an ophthalmologist and my aunt’s an electrophysiologist. I love talking to them at family gatherings because I’m the one working in health IT. She has a practice where she uses a few different EHRs and it’s needing to chart constantly — we know about the pajama time and things like that.And then my uncle, who’s in ophthalmology, stayed away from it for as long as possible. They were a specialty that was able to stay on paper until very recently. He purposely owned his practice and said, “I don’t want to deal with this because I see my wife every weekend charting.” Basically, ignorance is bliss when it comes to that.That plays a big role too. I think he was narrowing his scope of responsibility also. It was more of the burden aspect he was trying to stay away from. But that’s such a good point — can a provider be held responsible to all this data that’s thrown at them? We need to make tools that make that easier to distinguish, but I really hadn’t thought about that before.Brendan Keeler: Everything is about lawsuits in America if you actually think about it too much. Even HTI-5 — I forget if we talked about it on a previous episode — but HTI-5 comments, the comment campaign for HTI-5 was just a big law firm push. All these law firms said, “Wait a minute, you’re removing certification criteria for auditability?” — that when somebody types in a note, it’s immutably stored, that something was written. Because if later something happens and there’s a malpractice lawsuit, if they can go back and edit that note to make it look like they were right, they could fudge things to get around it.When the ASTP said “Let’s get rid of auditability,” all these law firms who deal with that were like, “No, no, no, no.” This is the one good criteria — in a very selfish way for their own businesses. But in a way, there were poignant stories that some of these letters had about what they’ve seen, the realities of what they’ve seen shady doctors do. So — lawsuits, lawsuits as far as the eye can see.Ryan Tucker: Yeah, that’s probably a good way to sum it up. That must cover it for the week.Brendan Keeler: Well, it turns out — one more lawsuit. So yeah, just this morning we saw a very unexpected development in the Epic versus Health Gorilla case.In January, following the Rule of Conferences at JPM, we saw Epic sue Health Gorilla and a number of co-defendants, alleging that there was fraud. Epic was joined by Reid Health and Trinity Health and a number of health systems stating that these groups were using the health information networks to pull data claiming treatment, but really for mass tort purposes — identification of mass plaintiff lawsuits for PFAS exposure and things of that nature.We saw motions to dismiss a few weeks ago from Health Gorilla, from Ravilla Med, some of the defendants, that I thought were quite well done and articulate in the procedural angle of it — saying, “Hey, there is a process within TEFCA and Carequality to resolve these things that should be followed. And the only exception to that process is for preliminary injunction — if you need to move so fast to get relief, then okay, you can go around the internal processes of these trust networks.” And there was no preliminary injunction filed in the court case as far as we could see. So it’s like, all right, maybe Health Gorilla and RavillaMed have a point here.But a few of the other defendants were quite quiet. And now we know why — at least one of them was. This GuardDog Telehealth has a stipulated agreement now. They’ve settled with Epic by admitting to a number of things they’ve done wrong and potentially their counterparties as defendants have done wrong. What they say doesn’t mean it is truth — that needs to be proven in a court of law — but it is not great for the other defendants that they now have this on the record from GuardDog.That changes the dynamic of the case because it really favors Epic, obviously. It now allows them to potentially pick off other defendants and pit them against one another. Particularly Unit 387 is directly named by GuardDog in the allegations in this document. And there’s a preliminary injunctive element to this agreement that now may satisfy some of the procedural concerns.So a fairly deft update by Epic that changes the contours of this case quite a bit and just puts a pin on a very wild HIMSS week.Ryan Tucker: Definitely a lot going on. It’s such a weird one for me personally because there’s gotta be a very small crowd that has past employment history at both Epic and Health Gorilla. And I am one of those. So it’s difficult to comment on publicly.It seems like GuardDog coming out with this — the more procedural reply that Health Gorilla was bringing up last week, which you said does have some validity in terms of how TEFCA and the processes were supposed to work — it seems like that doesn’t help them, right? That’s going to be tough for them now because GuardDog is basically pushing this forward?Brendan Keeler: I think the next update we’ll see is the hearing on the motion to dismiss in April. That will be the big one. There might be some other briefs and stuff in the interim, but yeah, fascinating to see what counter move Quinn Emanuel — who represents Health Gorilla — might do to this. Could potentially maybe still push on it: “Well, that you didn’t actually do a preliminary injunction” or something in that procedural bent, or fall back to some of their other defenses they had in their motion to dismiss. In contrast to the RavillaMed motion to dismiss, the Health Gorilla and Quinn Emanuel motion to dismiss had a lot of other, more substantive arguments to fall back on. So yeah, we shall see.Ryan Tucker: We’ll see what happens in April and we’ll see if it’s a slower week next week. This was packed.Brendan Keeler: All right. Rock and roll. Get full access to Health API Guy at healthapiguy.substack.com/subscribe

Well, well, well. March came in hot. I was out thanks to the unending vortex of daycare-induced illness that plagued my home all February. So Pryce, Brad and Ryan had to carry the load - and carry it they did.On top of that, they tackle:* Jack Dorsey’s Block layoffs: 10,000 down to 6,000 at a profitable, growing company, because the AI tools made the headcount unnecessary* The SaaS-mageddon question: are we watching the first domino fall, or is the “AI replaces everyone overnight” narrative still overblown?* FDA deregulation and Harrison AI’s push to skip premarket review: speed vs. safety in a domain where the stakes are human lives* Glyphosate, Roundup, and the MAHA contradiction: how do you push preventive health on one hand and subsidize empty calories on the other?* The ACCESS Model’s brutal reimbursement math: $15/patient/month doesn’t exactly scream “invest in behavioral health infrastructure”* A galaxy brain segment on whether AI opens the door to a thousand little EHRs (spoiler: the interop team would never sleep again)Relevant Articles* Steve Posnack’s LinkedIn post: Brad mentions the episode was “inspired by” it.* Jack Dorsey’s post on X: About Block’s reduction in force from ~10,000 to ~6,000 employees, specifically citing AI/agentic tools as the reason despite the company being profitable and growing. Ryan describes it in detail.* An Epic Anthropic Alliance: Pryce references something Brendan “just wrote” about discovering Epic is leaning into Claude usage on campus for internal code development.* THE 2028 GLOBAL INTELLIGENCE CRISIS by Citrini Research: A hypothetical 2028 scenario where AI-driven unemployment triggers economic collapse, mortgage market failure, etc. Pryce notes there are “cracks in its argument” and it’s somewhat sci-fi in tone.* AI Transformation Is a Workforce Transformation: Brad cites a stat breakdown: 10% is the model’s capabilities, 20% is what you’re introducing it into, and 70% is operationalization/teaching people how to use it.* Harrison AI’s FDA exemption request: Ryan discusses Harrison AI (and possibly others) seeking exemptions from the FDA’s pre-market review process for AI devices.* Trump’s executive order on phosphorus/glyphosate production: Pryce references a signed order increasing domestic glyphosate (Roundup) production, and RFK’s subsequent cosigning of it.Chapters* Introduction and Conference Takes (0:00 - 4:30): Brad recaps ViVE, where every booth pitched identical agentic AI solutions. Ryan and Price weigh in on the real value of industry conferences.* Block Layoffs and the AI Employment Shockwave (4:30 - 9:00): Ryan breaks down Jack Dorsey’s decision to cut 4,000 employees from a profitable, growing company because AI tools made them redundant. The group asks: is this the first domino?* AI Hype vs. Economic Reality (9:00 - 14:00): Price and Brad debate whether AI will pull the rug out from the economy or diffuse slowly enough to avoid catastrophe. Brad drops a BCG stat — 70% of AI implementation is workflow, not the model — and predicts an explosion of custom software.* AI in Healthcare: Scribes, Code, and Patient Safety (14:00 - 19:30): Ryan draws a line between AI that removes friction (scribes) and AI that replaces humans writing safety-critical code. The group reflects on Epic’s patient safety escalation culture and whether AI-generated code can meet that bar.* FDA Deregulation and Harrison AI (19:30 - 24:00): The group examines the FDA’s loosening of premarket review for AI devices, distinguishing between probabilistic recommendations that need scrutiny and interface-level AI that may not.* Glyphosate, Nutrition, and the MAHA Contradiction (24:00 - 30:00): Price goes full gardener, connecting Roundup subsidies to nutrient-depleted industrial farming and questioning how HHS can push preventive health while enabling cheap empty calories.* A Thousand Little EHRs? (30:00 - 33:00): Brad asks whether AI enables a proliferation of bespoke EHRs. Ryan sees job security for interop folks; Price would rather see a million provider groups than a million EHRs.* Competition, Single Payer, and the ACCESS Model (33:00 - 37:00): Ryan puts on the socialist brain to argue healthcare competition doesn’t optimize for health outcomes. Brad closes hot on the ACCESS Model’s $15/patient/month reimbursement math and what it means for behavioral health.TranscriptWe ran the transcript through an LLM to smooth it out. So it’s a rough approximation of the conversation (and in many cases significantly clearer than our rambling), but notably diverges from the word-by-word blows quite a bit.Brad Thorson [00:00]welcome to another edition of the information exchange sponsored by HDD Health. Can you believe our employer is sponsoring us? I am back from Vive this week and this is a very special edition inspired by Steve Posnack’s LinkedIn post, no Brendan Keeler today. So, boys, you got a lot of explaining to do for me today.Pryce [00:27]This is a facial hair only podcast today. Sorry, Brendan.Ryan Tucker [00:32]that’s right.Brad Thorson [00:34]I wanted to kick off just with I think some things I saw at Vive are gonna be Well, I missed all the big announcements because everybody does their press announcements around Vive, but if you’re at five You don’t have time to check your RSS reader or linkedin But you know I would say my takeaway it was great to see my good friends got to meet some new people But because we’re gonna be spending a lot of time talking about AI My concern is every booth was about agentic AI And the marketing copy is essentially the same from booth to booth to booth and so, know, one of the problems with using AI is it can pull everything towards a mean and I don’t know if anybody wants to hire me to help them run their conference. I probably don’t want that job but I’m a little concerned that our conferences are starting to look all the same and that’s gonna make it tough. If you gotta go on the conference circuit and there’s not a whole lot that changes, it’s not gonna pull you in. But maybe that’s the direction we’re heading because this week felt like it was all about outside of Vive, the AI,Ryan Tucker [01:55]get into the ARR again, which is very relevant to this, I just wanted to ask you, since you went to Vive, we also went to the ASTP annual meeting event very recently. I’m sure we’re sending folks to HIMS. Do you feel like it’s really about the content that’s shared?Brad Thorson [02:11]we are.Ryan Tucker [02:19]during that event. course, somewhat the conversation stems around there. Do you think it’s really just an excuse for folks who are in this industry to get together in person and have some conversation? Like that’s the most value I’ve gotten out of these things is most of us work remote nowadays. We don’t really come together outside of like our internal company workings, our working with our client. And to me, it’s like a good excuse for everybody to get together in a room, have some drinks, you know, go over what’s on their mind from that time period, not necessarily what the latest and greatest announcements that came out put on by the conference and the organizations attending.Brad Thorson [03:04]Yeah, I mean, think they’re depending on the type of conference. mean, the ASTP having an annual conference is a nice forcing function for for them to like put together everything that they want to communicate. Same way I feel like when we went to open an epic, that was like, you know, a singular organization had a North Star and that felt like a forcing function. Industry conferences. mean, God, I don’t know how many have been to at this point. I think that there are three types of cohesions that they create that are valuable. One is like, yeah, I can see you guys, I can see other people that I’ve worked at our previous companies or have partnered with and like that brings us closer, it reminds us that we could work together. That’s the positive thing that I get out of it. I think it’s also, you know, for executive level attendees, it’s an easy way to smash a lot of You know, I don’t think they are not having all high value meetings, but they can have more opportunity to have a high value meeting. And so I think that continues to bring in major exhibitors and they get an opportunity to talk about their But for people that are earlier in their career, it can be really tough. I think it’s important if you can go to one and you can talk to people. But so many people that are early in their career are tied to their booth and are really given like, you know, they only have one talk track or one thing to speak about. Whereas I feel like when we were seeing people at ASDP, one of the last things we talked about was interoperability or HCD. Like we spent so much more time just getting to know those people. I think there’s tons of value in that. It’s just tough to convince an employer to spend money to send their employees to just, you know, conversate.Pryce [05:01]I mean, I’m nodding my head because I think everything you all are saying is ringing true. I know, Arc. too, thanks to the HHS.Brad Thorson [05:04]The only three times we’ve seen each other, We’re at- Yep. Thank you, Steve.Pryce [05:14]And thanks. Yeah, thanks, Dr. Keene. And where was the other one? no, in New York. Yeah. I’ve been in DC in New York for the past two weeks. But it’s so high. I love Ryan’s take there. I think it was Ryan that just said, it’s hard to the value to your employer to send you to these things. Yeah. You know, like, I think about all the badges that you’re supposed to scan and all the leads that you’re supposed to show, turn into converted into revenue dollars. And I’m like, I’m like, yeah, that stinks because of course that’s how you have, that’s how you have to convince a business. But, the real value is meeting people. mean, I was just thinking like meeting, meeting competitors and realizing we’re actually pretty similar and we’re both humans and we both want to make people healthier. And then you kind of realize that maybe we should talk to each other more often and not be, you know, so close minded with our thought leadership or, or advice and things like, so getting a person to me is hugely valuable. Conveying the value of it is really hard. And I think I was nodding, particularly thinking about how we have a similarly challenging problem in healthcare, because today I’ve been thinking about how valuable it would be to sort of. force healthy habits upon people when they’re my age so they’re not as sick when they’re on Medicare but how the hell are you gonna convince someone to throw money at that because it’s way too long of a horizon to see value on and so instead we have a lot of the programs that we’re gonna talk about today which hopefully will still still do good things but that’s my quick quick take on conferences I love people I don’t really care about Vegas never been actually soBrad Thorson [07:07]I’ll drag you there someday.Pryce [07:09]I’ll sure you will.Brad Thorson [07:11]this is not going to be surprising to anybody who even wasn’t at Vive, but every every single software solution is talking about their agent to capabilities. Right. And I think I have not read Jack Dorsey’s announcement at block. I know of it. I saw the headline.Ryan Tucker [07:32]so speaking of trying to justify company spending and basically proving your worth as an employee, Jack Dorsey, former founder of Twitter, multi-entrepreneur, founded many companies, but Latus’s Blocks, he just tweeted out, X’d out, whatever we call it nowadays, last night, a message that he had sent to his employees for a massive reduction in force where basically they had about 10,000 employees, they’re moving down to 6,000. And he specifically spoke of the company is actually doing well. The company is growing, the company is profitable, but he is making this difficult decision to do this now versus later because he’s seeing that the agentic tools, the artificial intelligence tools that they’re using at the company are getting to a point where it’s not justifying the number of employees that they have and that they’ve gained enough efficiencies that actually to become even more profitable, grow even faster, they can reduce that force and don’t feel those folks are needed. Which if you’re looking at the business sector and you’re an investor, their stock actually went way up because you obviously when you reduce by 4,000 people, that’s a big saving on the payroll and they’re still doing well. So it looks great if you’re interested in the stock price. Not so great if you’re those 4,000 people who are now out of a job. And of course also not so great if you’re just in this general industry, more of the white collar workers that really anybody could be impacted in the near future here. And I’m wondering if this is just the start, if that’s the first domino to kind of fall here. And we’ve all heard it’s coming, it’s coming, it’s coming for years, but this is, I think the first I’ve seen that’s such a clear strike and clear saying, we are growing, we are profitable, we’re doing well, but we’re deciding to lay these folks off just because we don’t need them anymore.Pryce [09:52]Was there a sort of classification of, I guess, like the types of roles that were particularly impacted?Ryan Tucker [09:58]I don’t think it went into that detail. We could definitely, I don’t know if we have show notes, but we can link to the post. But basically I think it’s more on the development side. I think the coding tools that they’re using nowadays, I suspect also more of the entry level or more junior developers would be impacted versus the ones who are reviewing the code that’s output by these agents. But yes, it’s a little bit scary.Pryce [10:12]sense. Mmm. didn’t Brendan just write about how he somehow found out that like Epic is really leaning into Claude use on campus. And I mean, it’s no doubt these tools are useful. These the Cetrine research article, which I will admit I haven’t read in full, but I’ve heard a ton about. was also news this week because it wrote about this possible future in 2028 where everything, the economy’s collapsing because everyone’s out of a job and then if everyone’s out of a job, then they can’t prop up the mortgage market. it’s, from what I have heard, you know, there are some cracks in its argument and it’s very sort of hypothetical and almost like sci-fi sounding, but it does make me think over and over again, especially as we, As we consult about product strategy and how to use AI, how to make people healthier, et cetera, et You know, I’m really starting to try to map out on a whiteboard, like where do agents remove friction or support humans versus replace them and where can they not go at all? Like, I think Brendan and I talked about the last time I was on like an agent can’t. recreating a trusted network, right? Like you can’t recreate without humans getting on and saying, I have a house and here’s my verified identity and come and stay here if you’re another human, things like that. You can’t just create sort of two-sided economies, but you can complete so many tasks. So I’m... Very impressed with AI, still a skeptic as compared to what I would say is like market frenzy. It’s gonna disrupt everything just the same way that the internet did in my lifetime.Brad Thorson [12:30]I I vibe code on the weekend. I love it. Nothing that I make is should be usable, should be used by anybody else. But I’ve noticed that the tools have gotten a lot better. I think that like it’s terrible that these people are losing their jobs, especially in a company that is increasing their revenues. But we have seen it. I can’t make a proclamation that history will repeat itself. This will be a diffusion of people that were in some ways forced to use AI energetic tools that will likely be seeking employment at like not Amazon or Google, but finding their ways into enterprises that are not necessarily AI native or enterprises that will benefit from really talented product managers or engineers and everything is tech now. But I think the diffusion of that talent, the diffusion of that knowledge takes time and I just, see so many new applications getting built just the way that like, you know, I want to track my cat’s behavior. I can spin up a little application in hours that kind of works. we will likely see that same pattern across industries, which is part of why people talk about SAS-Mageddon. But we’re just allowing people, there’s a BCG, I think it’s BCG study that AI implementation is like 10 % the model’s actual capabilities, 20 % the actual, like, what are we introducing it into, and 70 % like, operationalizing, teaching people how to use it. And we refer to that as workflow. And so I think one of the reasons that we’ll see a ton of these applets or these tiny apps is because software, SaaS software has not been responding to workflow. has been enforcing workflow. where that doesn’t work, where two softwares don’t align, we throw a human in between them and force them to make it work or we define some sort of ETL application. I don’t know. I think we’re just gonna see an explosion of custom software that allows us to explore a million different versions of workflow. And then over time, we’ll start narrowing the use cases that are, or tightening around workflows that are actually effective.Pryce [15:19]You know, it’s funny, you saying all that almost made me think like, yes, the speed, the velocity at which AI is improving and like the use cases that you could leverage it for is evolving so fast. But there are other bottlenecks that are going to prevent like an economic collapse where we all lose our jobs overnight. For example, humans are slow to learn or, gosh, you said something else that made me think like. completely different reason that it would be just hard to introduce. There’s going to be a concentration gradient, if you will, of AI users and non-AI users, and it will slowly diffuse into, we all use AI in some form or fashion. I don’t think it’ll happen quickly enough to pull the rug out from half of the economy, but maybe that’s just what I have to think to self-preserve and not quit my job and go start a farm right now. don’t have enough land forRyan Tucker [16:20]Maybe we could all buy a farm together if this just doesn’t work out. But yeah, I think, and I obviously don’t have the expertise on the full macroeconomic side of this.Pryce [16:22]The HDD part.Ryan Tucker [16:34]I’ve actually been reading lately, there’s some kind of thought that you almost hope it’s fast and not a slow burn because that might force some function to help the massive people that are, you know, unemployed all of a sudden talk about UBI, things like that. Versus if it’s more of a slow burn, there’s less likely of a response to help those folks. So that’s one interesting thing. But I think tying it more back to health care, and what we do know about. I think it’s been mainly AI recently like everything else, I think IPryce [17:07]Is this a healthcare podcast? I’m kidding. huh. huh.Ryan Tucker [17:16]a major pro and major con that the AI tools, what Brad was talking about, like being able to customize to your own workflow and also things like the AI scribes where they’re actually just totally getting out of the way of the workflow. So when we get really great scribes where now you can go back to how it used to be with a provider where you’re just having a face-to-face conversation and the AI is still doing all the charting it needs to do, still doing all the tasks that the provider actually doesn’t want to do and making the experience better for both the provider and patient, those are fantastic use cases for AI. And that’s what I’m very excited about the usage for. The negative side. I think is what we’ve talked about with the potential to actually not replace and make the workflow better, but replace the actual human being that’s doing the job. And then I also fear the jobs we’re replacing, what we talked about with blocks where they’re replacing some of their engineers. You know, when you’re moving fast and breaking things in FinTech, the the major catastrophe that could happen there is you get something wrong and there’s a massive decrease in money and how it’s tracked and things like that. But in healthcare, and we talked about Epic using quad more in their workflows, and I think there’s some positive to that, right? To get stuff out there faster, get some of these beneficial software. Yes, internal code development, yeah. And like I said, to make beneficial software,Pryce [18:49]Internal, just to be clear, this is like they’re using cloud internally. Yeah. Yeah. Yeah.Ryan Tucker [18:59]That’s great. Make that faster, get those out to the users. But the downside, FinTech dollars are affected, healthcare lives are affected. And when we were at Epic, there was a very, very strict system around code development. And we had what were called patient safety escalations, which were things that have gone wrong with code and things that have actually been a risk to the patient potentially. And there were huge procedures around that. And it was taken very seriously. The software is not sexy, but it was incredibly safe and had to be because we were in healthcare. And that’s where I start to worry as we start to replace people and the cogs in the wheel. Healthcare, especially, I think there’s a risk when there’s not as much review, there’s not as much personal code written. And of course, also maybe in the end, 50 years from now, it’s actually much less of a risk. like self-driving cars, eventually they may be safer than a human doing it. Eventually the code written may be safer than a human doing it, but there’s, I think, a threshold that still needs to be met. And right now I trust a senior engineer versus collaborating the code at this point.Pryce [19:59]Yeah, exactly. And we have no idea where that line is because we haven’t really like, we haven’t had enough at bats to see like when things go haywire. Well, speaking of, I guess, patient safety and regulating AI, Ryan, I think you had linked out something about, remind me what it was, are we moving to the FDA now with regards to topics? Because they have released something about.Ryan Tucker [20:23]Absolutely.Brad Thorson [20:45]Harrison AI just let us let us throw some AI at patient problems patient populations looking goPryce [20:46]Yeah. What was the story there?Ryan Tucker [20:54]Yeah, and so basically, so with this administration, we saw this in HDI-5 as well. Reduction in regulation. And it’s interesting because that’s not everywhere, right? But at least when we’re talking about health care, at least some of the latest things to come out, HDI-5, reducing the scope of the regulation in order to hopefully, the thought is, make it more efficient, get things out there quicker. remove some of the red tape, literally, like the red tape that existed. Same thing over here, FDA, they are implementing a path, and I will admit, I didn’t really delve into exactly what this path looks like, but a path that if you already have a solution that you’ve taken through the regulatory process with the FDA, and you have, it’s a, AI device, Harrison AI and I think some others have been looking for exemptions from that pre-market review process, which is very strict, especially around medication development, procedure development, things like that with the FDA, more traditional things we’ve seen in the past. Say for AI devices, let’s skip that. And I think it makes sense in some ways because it’s not like bringing a drug to market. But at the end of the day, it’s usually a patient-facing thing if you’re going through the FDA. And I think there needs to be some guardrails still. And I think there is nuance there. But just interesting them trying to of screw around certain things. We’re trying to make things less regulated for the sake of speed, which I think is good in some ways. But also we need some guardrails. We need some transparency, those types of things. You know, we don’t have to spend too much time on that fact, if you have any kind of thoughts on that. I think, you know, talking about the FDA, I know Price, you want to talk about making America healthy again as well.Pryce [22:49]No. Yeah, well, so let me touch on that real quick. I don’t know very much about the FDA. I would probably loathe to work at the FDA because it feels like a no-win situation. Either you’re like regulating things, everything in the market is safe, and we can all thank the government for paternalism. And really we wouldn’t thank them. We would like not think about it or maybe we would complain about how hard it is to get through regulation or how slow America is to adopt whatever, whatever. The flip side of that coin is like, we do have a worker shortage in healthcare. We have an overabundance of data that’s so underutilized. It’s incredibly difficult to access, not necessarily from a technical perspective, but definitely from like a business relationship perspective or privacy and security perspective or even just like a governance and what does this data actually mean when I get it perspective. And so this current administration keeps saying, yeah, well, let’s throw technology at it. Let’s let the private market figure it out. Let’s take away certification criteria as proposed in HTI-5. allow new payment models to exist like CMS or the CNMI Innovation Center’s access model, where they’re specifically saying, look, reimbursement rates are pretty darn low for what we’re asking for, which is to maybe lower a patient’s blood pressure. But they’re like, we don’t expect a human to do it. For the most part, we expect you to keep an eye on it. We expect you to leverage tools and AI to actually help your patient change their behavior or coach your patient to becoming healthier. And so, yeah, I’m a little bit conflicted there. I don’t know nearly enough about clearance and how software or hardware goes through the FTA to have a strong opinion, but I am like, it’s not great in either direction. If we never get good tools in healthcare or if we get them tomorrow, like there are risks to both. I don’t know, Brad, do you have any other thoughts on that front?Ryan Tucker [25:15]Yeah. Price, think just for quick price with what you said before with, you know, these paths and how strict or how open we should be. I think we need more at bats to really determine, like you said, and it, and it would be interesting to compare this beyond AI, like any crazy new innovations that have come through these processes, what that looked like back then. That’d a good comparison for a blog post maybe written by the guy that’s not here right now. But yeah, it just seems very early. And Brad, please, your take would be great.Brad Thorson [25:56]Well, we actually have an expert in the company on the FDA approval process in Veronica. we’ll have to get her on here. Time would not have worked to have tried to loop her inRyan Tucker [26:03]That’s right.Brad Thorson [26:08]The introduction of AI, when I hear AI, think probabilistic algorithms, and I think they have like great use cases. The usage of them to like generate text or to be able to take a patient query that says like, what are these lab results mean? And be able to turn that into something that a computer can execute upon, get something from the computer and turn it into language is great. But part of me feels like if the translation is not too a deterministic model, I didn’t read enough about the Harrison AI thing. So somebody from Harrison should reach out and get us updated. If somebody is bringing a probabilistic, not just like text generation, but probabilistic recommendations. I think that is something that should absolutely go through a strict process. But if the ask is like, we have a new interface that is using something that hallucinates sometimes, like, I don’t know. Well, there was some stat that like 4 % of queries in Claude’s free model include, I need to go find the actual number, but it’s an insanely high number of queries into a free chat bot asking for health information, oftentimes including their own health information and not using the HealthX extension or the B-Well extension, ChatGPT, like people are just grabbing a PDF and throwing it in there. It feels just because Pandora’s box is open or the cat is out of the bag doesn’t mean that the FDA or other regulatory bodies should completely cave. But I do think that there needs to be some response to, know, if it takes companies forever to get through the FDA process, they’re just going to find ways to introduce products outside of that.Pryce [28:07]Hmm. I love what you said. Just to like frame that within a sort of thought process that we have a lot within HTT. We run a workshop called the why what how workshop. And we might have mentioned this on the podcast before, but lots of folks come to us and say, here’s how I want to integrate. Like, is that right? Or I want it to be, it has to use fire because that’s modern. And That’s the wrong way to think about it, right? Before you think about how you do something, you sort of need to think about what you’re doing. Maybe before you think about what you’re doing, you need to think about why would your product exist, right? And if AI is the tool, it’s just a hammer, right? Like, yeah, let it drive nails. Let it, like if this request is to allow a device to sort of say, your blood sugar is low. Go get some insulin and here’s how much we think you should do. Double check or, or I don’t know, like here’s what you should eat tomorrow as recommended by the NAI dietitian. That feels very different than like we’ve prescribed a medication for you. Go pick it up. Right. and one of those needs a hammer right now. And if you took a hammer and then said, like, I’m going to knock down a wall with this tiny hammer, it’s going to be inefficient. It’s going to be dangerous. You’re going to. yourself swinging it too hard. I am like, we have to treat it like a tool. And right now it’s good at certain things. I think it’s easy for us to imagine that it’s good at everything because it is good at such a broad swath of things. But it was designed for certain things right now. We need to get used to what those things are and then implement it responsibly, I think. FDA, please, please do well. I don’t have a U like I said, but please do well. Can I jump to the other news from DC this week? I think it was this week. I guess Trump signed, IBrad Thorson [30:28]I don’t know what time is, so I trust you.Pryce [30:33]I think Trump signed some order that was meant to increase the production of maybe phosphorus in the US or something to that effect. Ultimately, the headline was that the US needs more glyphosate, which is also commonly known by its brand name Roundup from Monsanto. And this is an interesting. take to have in this administration, especially because of the installation of RFK and the Maha movement and all the people who probably think glyphosate is worse than the devil are now sort of coming to terms with, do they agree with this administration? Do they not agree with this administration? And then RFK sort of cosigned on what Trump had done and said, it’s going to help us feed ourselves, et cetera, et cetera. I just want to say I barely studied things like this in college and I now I’m a gardener, almost exclusively organic. I do use sulfentrazone on my nutsedge.Brad Thorson [31:48]This is why we have to have the podcast because we don’t go to conferences together enough and I didn’t know you were a gardener.Pryce [31:56]I love to garden. I love to garden. But here’s the thing. I actually don’t think, I mean, maybe glyphosate is a carcinogen. Maybe it’s actually proved to be a carcinogen. I don’t think it’s like, you know, actually there’s lead at my house right now. You know, we’re working through a lead issue and nobody’s going to die. There’s lead everywhere and we need to get lots of it in our system. And the same thing could be true for herbicides or, know, pesticides and things like glyphosate. But what I do think glyphosate allows is industrial farming, like huge volumes of farm on the same volume of land. And inherently, that’s going to create this sort of imbalance in the nutrients that actually make its way into food, right? So if you can just crush your corn crop every year because there are no weeds. Oh, that’s great. You’re growing corn, I guess. But every year it’s growing in soil that’s less and less nutrient dense. And then you pump fake nutrients into the soil, and then we pump more fake food. And so all this to say, this is sort going back to my point where I’m like, yes, we need to keep 65 and older healthy. We should also be thinking about how to make 32-year-olds healthy for the next 60 years, or longer, because who the hell knows what’s going to happen with our lifespan. And that probably starts with not feeding the country just empty calories that come from soy and corn and super industrial operations in farming. If there are any farmers listening to this, I apologize. I know nothing about how hard it is. But it’s just a bummer to me. I think it seems straightforward that there should be more farms that are smaller and organic and creating nutrient-dense foods. I don’t know if this was a corporate decision or a corporate. I mean, surely it was in the interest of some corporations. But I don’t know why the decision was made or if there’s actually a food insecurity crisis or a glyphosate crisis. But it’s hard for me to see the HHS put out models that are like, we have to prevent people from going to the hospital. Let’s catch it early. Let’s lower their blood pressure. We’ll incentivize you to lower their blood pressure. And then on the other hand, they’re like, don’t stop buying Doritos because those are super cheap and they’re SNAP eligible. And I love Doritos, but. I shouldn’t have almost free access to them because they’re subsidized by glyphosate production. So curious what you all think about, I guess, nutrition and health and the long-term plan here.Brad Thorson [35:03]What do I think about nutrition and health?Pryce [35:06]Took us way down a gardening route. Ellen Brown would love this conversation.Brad Thorson [35:10]That was a very like, well I don’t know what I think Price. I think I wanted GLP-1 so that I don’t have to worry about that. when you were talking, I actually had a, I want the pharmaceutical industry to cure my desire to eat.Pryce [35:26]Yeah, you know what? And you can get that with AI now probably. You don’t even need to talk to your doctor.Brad Thorson [35:32]man, perfect. I have, this is like, maybe this is not a good corollary, but since you’re both alumni of Verona, Wisconsin, do you think that we need a little bespoke EHRs everywhere? And if you guys want me to do a little galaxy brain thing like I did last week, doesn’t AI open up the opportunity for us to have all sorts of little EHRs running everywhere? To be clear, I don’t think we need 7,000 EHRs.Ryan Tucker [36:10]We need a Brad. This is a we need an official Brad Galaxy Brains segment of the not a podcast, I think, at this point. Well, you know, I think there’s more positives to the thousands of smaller farms than there are to the thousands of smaller HR’s. There’s a lot of different things at play on both of those sides. Working on Interop though, thousands of smaller EHRs, sounds like good job security because there’s so many headaches. Yeah. But does not sound good in terms of make sure everybody’s connected and getting, meeting the goals we’d actually like to hit. So that’s, that was way, way left field from prices, nutrition and food system.Pryce [36:49]for us. Yeah.Brad Thorson [36:50]Certainly for all the CN.Ryan Tucker [37:10]But Tidewell, I think.Pryce [37:13]I have a take. Finish your thought, Ryan.Ryan Tucker [37:17]just going to say I am not the best on the food and nutrition side. Personally, I love to be better with that. My understanding is that more localized food production would definitely be a net positive, but the incentive structure that’s been set up with subsidization and also just inherently how mass production in a company that can handle shipping anywhere versus a company that has trouble getting it 10 miles down the road. It’s way easier for me as somebody who has a decent income and is relatively economically stable to say, I want to buy local and great food from around here because it’s generally much more expensive and something that is not as accessible to somebody on a lower economic spectrum. That’s really...Pryce [38:06]Hmm. 100%.Ryan Tucker [38:14]I’m not an expert in this field at all. yeah, Price, I’d love to hear what thought sparked there.Pryce [38:18]Well, there’s a million variables, which is why I’m not claiming to have a solution to the problem. just sort of perpetually bummed with some of the changing opinions in Washington. The thought that had sparkedRyan Tucker [38:35]And we’re all aspiring farmers if we lose our jobs. So it’s a good, it’s very relevant.Pryce [38:39]Exactly, Yeah, sassmageddon will lead to the actually to the organic farm revolution. I was going to say, do I want a million little EHRs? Probably not. I think I would like more that are competitive with each other because over the past few weeks, know, Kat McDavitt, Lisa Berry, Brendan have been getting into my, you know,Ryan Tucker [38:48]That actually doesn’t sound so bad.Pryce [39:09]brain and talking about how American it is to have all this competition and how competition drives down prices. And while that might not be great for Epic, it would be great for providers who might be paying less for their SaaS or for their EHR platform or whatever. And then I stopped and realized I am always making the argument that EHRs are not what’s making healthcare so expensive right now. I hate when someone points to Epic and says, that’s why healthcare is broken or that’s why healthcare is so expensive because that is a blip on the radar of healthcare costs. I would love if there were a million different provider groups instead of one provider group that had a million providers and there’s only one that does. So you can go look it up if you want to figure it out. I think that would be way better for healthcare and for healthcare costs. And I think the same thing is true of payers. So yeah, obviously we’ve got the FTC and we’ve got info blocking and the OIG working on creating this more competitive, price friendly healthcare ecosystem, which is not easy to do. But that’s my, that’s my little take there. I would rather there be a million provider groups and a million payers than a million EHRs. Call me crazy. Any other thoughts that you all have?Ryan Tucker [40:40]I agree with that.Pryce [40:44]from the week, weekendRyan Tucker [40:46]just spurring on.Brad Thorson [40:46]Hopefully sleeping, I don’tRyan Tucker [40:50]I think all of us can use some more more sleep. Just spurring on the American comment and the competitiveness. So Brad’s got his galaxy brain. If if Ryan could put on his socialist brain, which might shock everyone real quickly here, generally not.Pryce [40:51]Love it. yeah.Ryan Tucker [41:14]Socialist overall, I would say. But when it comes to healthcare, I think competition is generally good in a lot of different segments when business is the goal. And healthcare, when treatment and the health of the people is your goal, I don’t think those economic models are necessarily the best way to go. There’s a lot of inherent disincentives that are set up there. We see that with the pharmaceutical industry and the pricing that they set, the payer industry, health insurance and how expensive that can be. And so I think if health and wellness of your population is the goal, it seems like there’s other countries who are less about 100 % capitalism that have done a little bit better job there. That being said, we’re in the system as it’s set now. And I do agree with you Price that If we are going to take a capitalist take at healthcare and health tech, then it does help to have that competition between those EHRs, between pharmaceutical industry companies, between health insurance companies. Because ultimately, if there’s choice among amongst those companies that are provided versus a government provision or a single payer or something like that, that is purposely driven to as low cost as possible. and we’re in this capitalistic side, then yes, we need that competition to help the consumers.Pryce [42:46]Mmm. I don’t want to take us down another rabbit hole, but I love that take. I’ve heard smarter people than I say when they all get in the room and talk about how they would fix healthcare if they could do anything. They’re it’s like single payer all the way. And I was thinking about today how, you know, I keep on harping on this. Oh, I’m 32 right now. please help me make good decisions to stay healthy so that I don’t become a cost burden to society. Well, that’s really hard to prove an economic model on when I change insurance companies and the risk bearing entity or the profiting entity of carrying my risk changes every time I change employers or perhaps changes every year if I’m on the marketplace. so, if imagine if there was one benevolent well-oiled machine that was caring for all of us and thinking on the, you know, 100-year time horizon. It would be a lot easier to solve for some of these problems.Ryan Tucker [43:56]Definitely. Yeah, the tide of employment in general is interesting, right? Like if you lose employment and you have a serious health concern, you’re screwed.Ryan Tucker [44:07]at this point, right? Like, yes, we have some Medicare options and. That’s a problem in itself, but then you’re right. The payers, the health insurance companies will sell to these employers with a one-year contract. And so when you have your open period to switch your benefits around, that is because that health insurance is sold and said, I’m just bearing the risk and modeling the financials off of just this year. And so their actuaries are only looking at that time horizon. Versus if they pick that up and extended that beyond, they’d be much more into that preventative care side, the value-based care side, that kind of thing, as you mentioned.Pryce [44:52]Well, I probably won’t solve that this weekend. I will probably watch the... Yeah, I’ll get a clod of Ico. I will probably watch the Spurs who are 11-0 in their last 11 games. so Vosper is Va. And then we’re going to go... My son is at the zoo today for a field trip. And we’re going to go to the zoo tomorrow as a family.Brad Thorson [45:20]Does that mean he’s a tour guide?Pryce [45:21]Double Zoo. He’ll be the tour guide. It’s for his birthday. He’s turning eight next week. So yeah, we’ve got to get him started right now on the right program, the right access model. Get him a bio-wearable and keep his cholesterol down.Ryan Tucker [45:27]Happy birthday.Brad Thorson [45:40]Guys, the Axis model reimbursement rates, I haven’t written about it, man, I... 180 bucks a year for behavioral health.Pryce [45:53]Is it a month or a year?Brad Thorson [45:55]Now a year. Like, do you know how big of a patient population you already have to have? Not that we need to, listen, we gotta wrap this up, we all gotta go do our day jobs, but the cost of implementing a program, a patient monitoring program, like you have to make a significant investment at the beginning of that program, and we’re talking about $15 a month, is that right? I don’t do public math, so I shouldn’t have tried to do that calculation.Pryce [45:58]That’s tough. Yeah.Brad Thorson [46:26]Like it’s not worth it to make that investment for a lot of behavioral health providers if they don’t already have an enormous population. so like, you know, good for the vendors that are already enormous, they can get another $15 per patient per month. But if anything, the access model is just going to lead to greater consolidation amongst provider groups.Pryce [46:38]Well, often. Yeah, yeah.Brad Thorson [46:53]We can’t swing all the way back around to competition, capitalism, socialism, but let me tell you, I got thoughts. They’re rooted in transaction cost economics and I do not like the reimbursement rates tied to the act. was so excited about the access program and I’ve just been out on it guys. I’m upset. So.Pryce [47:12]We’ll have to talk to Abe Sutton from the CMMI and get educated on how this could work so we can coach folks to make people healthier.Brad Thorson [47:22]I’m just a random guy on the outside.Pryce [47:26]There we all.Brad Thorson [47:27]That’s what I’m going to do this weekend. I’m going to write about reimbursement rates in the access model.Pryce [47:34]I’ll root you on from the zoo. All right. Well, thanks, fellas. I’ve got to run.Ryan Tucker [47:34]I look forward to reading that. Well, the breadth of this podcast was incredible. I think my favorite quote might be, I don’t do public math. I’m definitely going to steal that in the future. But yeah, it was great. Catch it up with you guys. Agreed. Thank you all. Get full access to Health API Guy at healthapiguy.substack.com/subscribe

Well, hot damn. Would you look at that? February slowed down. Luckily for everyone, we at HTD sent the full squad to DC for the ASTP’s Annual Meeting, which was quite the event. Did they announce a bunch of new things? Absolutely not. But that’s not the fun of that kind of conference - it’s the nuggets and the teasers (and the people, of course)On top of that, we tackle:* Information blocking, antitrust, and the coming enforcement era* HTI-6: the rule they didn’t announce but kept hinting at* Conversational interoperability (COIN) and agent-mediated exchange* The emerging questions around AI cliniciansRelevant Articles* The 2026 ASTP Annual Meeting: From Policy to Practice by Bonne Fire* Epic in the Crosshairs* Open Data, Agents, and the Next Era of Prior Authorization in CMS-0057-F by Josh Mandel* The Scribe That Launched a Thousand Takes (section on AI doctors)Chapters* Introduction and Conference Vibe (0:00 - 0:34): Brendan, Ryan, and Brad recap the ASTP annual meeting in DC, noting high vibes and the value of “hallway track” conversations.* Info Blocking and TEFCA Growth (0:34 - 2:28): The group discusses the first notices of enforcement for information blocking and TEFCA’s “hockey stick” growth to 500 million record exchanges.* ASTP Role and Regulatory Teasers (2:28 - 8:29): Brendan explains the ASTP’s history and identifies “teasers” for the upcoming HTI-6 rule, including a focus on anti-competitive behavior and dominant vendors.* Future Standards: COIN and AI (8:29 - 12:07): Brendan defines Conversational Interoperability (COIN) as an AI-driven, language-first standard that could eventually succeed FHIR by handling flexible, non-deterministic data.* The Rise of AI Doctors (12:07 - 23:02): Brad and Ryan analyze the Utah AI pilot and the broader trend of using LLMs for clinical decisions, weighing increased care access against the risks of scaling bad actors.* Closing and Regulatory Deadlines (23:02 - 23:43): Brendan closes with a call to action for listeners to submit comments on HTI-5, USCDI V7, and the AI and Diagnostic Imaging RFIs.TranscriptWe ran the transcript through an LLM to smooth it out. So it’s a rough approximation of the conversation (and in many cases significantly clearer than our rambling), but notably diverges from the word-by-word blows quite a bit.[00:00] Brendan Keeler: Look at us. Here we are. It is the podcast—the “Not-A-Podcast”—The Information Exchange. We have Ryan here to join us; Pryce is working hard. So Ryan’s joining Brad and I to talk about the Assistant Secretary for Technology Policy’s (ASTP) annual meeting in Washington, DC, which we sent the full crew to. “Sent it,” as the kids say. What do we think? What are the big takeaways? What’s the vibe?[00:34] Ryan Tucker: Longtime listener, first-time caller. Vibes are high. We sent the team in full force. I personally felt that—and this is quite often the case for conferences like this—the times outside the main sessions tend to be the most useful to me. I think we should talk about the sessions first, probably the main thing I took away, and we can start maybe with the keynote. There’s starting to be some enforcement, if you could call it that, when it comes to information blocking, or at least notices have been sent out.[01:06] Brad Thorson: Yeah, well, I’m just going to say I think that’s the biggest “pregnant pause long comma” in the entire thing. I mean, we’ve been waiting, but I would love to see some names. I definitely think we should circle back to info blocking, but keep going, Ryan.[01:23] Ryan Tucker: Also, TEFCA is becoming more and more of a thing. I think they said 50 million record exchanges...[01:30] Brendan Keeler: I thought it was more. I thought it was like 400 million now or something.[01:33] Brad Thorson: No, 500 million and more than 70,000 participants.[01:39] Brendan Keeler: “Hockey stick growth,” perhaps, is what was termed.[01:44] Ryan Tucker: This was always a thing in Epic where we would measure record exchange. At some point, that’s not really the data point that’s interesting, but for an up-and-coming network, I guess that still makes sense in terms of sharing. I’m interested in how it all plays out with the Health Tech Ecosystem, but it is good to know that exchange is happening and that 70,000 organizations—I’m assuming that’s all of Athena coming on—is really just EHRs flipping the switch.[02:28] Brendan Keeler: Let’s take a step back. For listeners who are like, “What is this conference?” or “Who is this organization?” The ASTP, formerly known as the ONC, is the health technology regulator in the United States. They oversee the voluntary certification program of EHRs. They oversee TEFCA, this health information network consortium. They oversee information blocking; their authority is derived from the HITECH Act and the Cures Act.One interesting fact is that their funding has been basically the same through multiple administrations despite inflation. At the start of the Trump administration, people thought we might get rid of the certification program, TEFCA, or the ASTP entirely. That has not proven true. One takeaway from this conference was the ASTP saying, “We are still here. We are still doing our jobs”. Did you guys feel that as you wandered the halls of the Omni?[04:23] Brad Thorson: I think there’s a lot of excitement because they’re good communicators. They’ve been very active in the last two months, which has created a lot of discourse. It feels like there’s a lot of anticipation for information blocking enforcement. Everybody’s excited, but you can feel the anticipation regarding the impact of CMS Aligned Networks and whether they’re going to increase TEFCA participation.Key Technology Teasers (HTI-6)[05:06] Brendan Keeler: When you go to these conferences, you listen for the “nuggets”. There weren’t many unplanned nuggets this time; they were very planned. One “teaser” was the surprise insertion of the FTC, DOJ, OIG, and ASTP joint panel to kick off “Information Blocking 201,” where they laid down the overlaps of their authority in stopping anti-competitive behavior. Reading between the lines, it felt like they were directing people to report anti-competitive behaviors, likely alluding to the market dominance of large software vendors like Epic.Another teaser was the heavy focus on the future of technology and standards. They spoke about several technologies:* FHIR subscriptions* CDS hooks* Bulk FHIR and bulk import* COIN (Conversational Interoperability)It’s hard not to imagine those being included in the HTI-6 Proposed Rule expected in the spring or summer.[08:29] Ryan Tucker: Would you explain the COIN methodology?[09:13] Brendan Keeler: COIN, previously called Language-First Interoperability, is a nascent type of data exchange. It’s “AI, baby”. Instead of sending a payload in a rigid, deterministic format that requires specific code to parse, you have agents that can handle arbitrary language payloads. Much like a phone call between a hospital and an insurer, agents can go back and forth negotiating and providing information. It could handle things like prior authorization workflows very flexibly. It really could be the heir to FHIR.The Rise of AI Doctors[12:07] Brad Thorson: Pairing COIN with things like the Dr. AI pilot in Utah is interesting. They had 22 million consults with a 99.2% treatment accuracy rate for diagnoses and prescription renewals.[13:23] Brendan Keeler: The rise of AI doctors is upon us. The Utah pilot is for refill requests, which are simple, but it’s a seminal moment for computers making licensed decisions. There’s been a horde of AI doctors released recently—Verily Me, General Medicine, Function. It’s a sea change in mentality; people now trust LLMs enough to perform these roles where they didn’t trust deterministic logic.[15:12] Ryan Tucker: It’s dependent on the scope of the workflow. Refills don’t need much background, but as you get higher in care complexity, these models might fail and you’ll need an expert provider. Basic office visits might eventually be done by talking to an LLM.[16:36] Brendan Keeler: The scary part is the “bell curve”. With telemedicine, we saw issues like the Cerebral case. Now with AI doctors—infinitely replicable, zero marginal cost—one bad actor scaling quickly could do quite a bit of harm.[17:59] Brad Thorson: I have a “ticking time bomb” concern that some of these access patterns—like getting Viagra on a website—discourage patients from engaging in necessary preventative care. However, these tools also allow for low-acuity care to quickly get patients life-saving medication, like HIV prevention. My “galaxy brain” jump back to ASTP is that national provider directories and data prevalence can help patients navigate to the right provider at the right time.[20:59] Brendan Keeler: You landed the plane. We have to think about whether the good outweighs the harm. The Utah pilot is well done because it’s tightly guarded and bounded with clear escalation to real providers. You have to support the government in this pursuit—to learn from the ground in a fast, iterative fashion.[22:08] Ryan Tucker: I agree. We’re comfortable with AI reducing friction for administrative workflows, but I hesitate to see a bot taking over the actual sitting down with a provider.[23:02] Brendan Keeler: Well put. We’re coming up on our 30 minutes. We’re about to see court cases from Henry Schein and Vyne. Also, the comment period for HTI-5 is closing, so get your comments in on USCDI V7, the AI RFI, and the Diagnostic Imaging RFI. We’re going to see some cool action ahead on the regulatory front. Take it easy Get full access to Health API Guy at healthapiguy.substack.com/subscribe

February is not slowing down. With Brad still on the road, Pryce and I announce the official name of this not-a-podcast: The Information Exchange! Shout out to Nathan from Availity for the inspiration here.Beyond that, we cover a dense run of platform moves, regulatory signals, and courtroom skirmishes that all point in the same direction: tighter competition at the core of healthcare infrastructure:* We dig into Epic’s ambient AI launch and what it means for third-party scribes,* Why USCDI v7 is a real inflection point (appointments included), despite the competitive angles of exposing future care* How imaging interoperability is finally getting regulatory attention* A look at Veeva v. Epic and what non-competes reveal about where system-of-record battles are headed.It’s the perfect plane ride fare as we all head to the ASTP Annual Meeting in DC this week. Can’t wait to see you there.Relevant Articles* The Scribe That Launched a Thousand Takes* Apple Earnings and OpenClaw by Dithering* Moats Matter Again by Travis May* USCDI v7 and the End of Incrementalism* Much Ado about Diagnostic Images* SMART Imaging Access by Josh Mandel* Veeva v. Epic: The Talent Battlefield* The Veeva v. Epic ComplaintChapters* Introduction and Announcement (0:00 - 0:24): Brendan and Pryce introduce the podcast and announce its name, “The Information Exchange.”* Weather and Personal Updates (0:24 - 0:54): Pryce talks about the weather in San Antonio and his excitement for summer.* Discussion on Epic’s Ambient Scribe (0:54 - 3:31): Pryce and Brendan discuss Epic’s release of an ambient scribe and its implications for the market.* Competition and Market Dynamics (3:31 - 5:25): They explore the competitive landscape, pricing, and the impact of Epic’s market presence.* Antitrust and Information Blocking (5:25 - 7:19): The conversation shifts to antitrust issues and information blocking laws affecting the industry.* Interoperability and Regulatory Environment (7:19 - 9:57): Brendan and Pryce discuss interoperability provisions in the US and Europe.* AI and Future of Software (9:57 - 14:15): They speculate on the future of AI in healthcare and its impact on user interfaces and systems of record.* USCDI V7 and Healthcare Data (14:15 - 24:29): The discussion covers the United States Core Data for Interoperability (USCDI) version 7 and its implications.* Diagnostic Imaging and RFI (24:29 - 39:42): They talk about the diagnostic imaging request for information (RFI) and its potential impact on healthcare.* Veeva vs. Epic Lawsuit (39:42 - 46:21): The episode concludes with a discussion on the lawsuit between Veeva and Epic regarding non-compete clauses.TranscriptWe ran the transcript through an LLM to smooth it out. So it’s a rough approximation of the conversation (and in many cases significantly clearer than our rambling), but notably diverges from the word-by-word blows quite a bit.Brendan Keeler (00:00): Alright, ladies and gentlemen, we’re back. It’s Pryce and I; Brad is out on travel again. So, the dynamic duo. We have an announcement. This thing—podcast, pseudo-podcast, not a podcast—it has a name: The Information Exchange. Thank you to everyone who submitted. Prize money will be going out shortly. But as we exchange some information here, what should we start with, Pryce?Pryce (00:30): Well, the first thing I want to tell you is that it is 83 degrees today in San Antonio. So we are back. I’m ready. I’m sorry to everyone else; they probably think I’m sad that I live in Texas, and sometimes it is, but today is Friday. I’ve got allergies because of it, but I’m thrilled and I’m excited for summer.Brendan Keeler (00:36): Don’t flex on them. There are poor people in New York or whatever that are freezing their bums off.Pryce (00:54): But you know what I am thinking about? A much colder place. A place where they just released their own ambient scribe—but don’t call it a scribe! According to Dr. Gerhart, it’s Epic’s release of Art. And I mean, it’s released. Is anyone using it already? Or was it just a press release?Brendan Keeler (01:17): Yeah, they said they’re piloting it, I think with the usual crew in the Madison area.Pryce (01:19): Okay. Group Health Cooperative? Thank you for delivering my first baby. Yeah, so that one’s really exciting for me.Brendan turned me on to a podcast from Ben Thompson and John Gruber called Dithering. It’s like 15-minute episodes, and I’ve learned a ton about FAANG companies and their distribution. This release of an ambient scribe—from the company everyone thinks has the walled garden and all the healthcare data—it begs the question: Do all other ambient scribes wither away?I think the answer is obviously not, but Epic does have distribution. Apart from functionality and integration, Epic has an MSA with every organization they’re trying to sell this to. They have the ability to make it a cheaper implementation because their system is already the source of record. Does that give them tailwinds? Yes. At the same time, everyone I know has an iPhone in their pocket and Apple Maps is way worse than Google Maps. I think with the evolution of info-blocking policy and the market, we’re going to see independent vendors be able to outperform incumbents on their own platforms.Brendan Keeler (03:34): Yeah, I see optimism. If you’re a vendor, you’re not psyched because your goal is to operate in a space where nobody else is. But guess what? That’s not real for real problems. Good problems have many solutions, and Art is another one.From a vendor perspective, you’d hope Epic doesn’t enter, but every EHR—except for maybe MEDITECH—is making their own scribe. Competition should be assumed. Information blocking means Epic better make their technologies available and not preclude competition on a technical level, or they’re going to be at risk of info-blocking. Another point is pricing: more competition means lower prices for providers, which is a positive. One manifestation of Epic behaving anti-competitively would be pricing competition out of existence, but they would be colossally stupid to do so right now.Pryce (05:33): Specifically because that is what the state of Texas is calling out in their lawsuit against Epic.Brendan Keeler (05:46): Right, so where is the bar? We know their pricing; it’s not per seat like many of these scribes. It’s a bucketed license of AI functionality added to your base Epic package. When does it become predatory? As a capitalist, I will always argue for the open market and competition leading to lower prices. It was inevitable this happened. The net result should be better for providers. It doesn’t kill these third-party scribes; they just have to keep doing the next thing.Pryce (06:49): Healthcare is unique in that our industry has info-blocking laws. Meta, Google, and Microsoft are competitive, but they release software on each other’s platforms. Do they have more levers to block each other, or are they equally scrutinized by the FTC?Brendan Keeler (07:19): They’re certainly scrutinized; all of them have active antitrust cases. Consumer technologies are different than horizontal B2B or vertical SaaS. In the US, there’s antitrust stuff, but not many interoperability provisions. In Europe, the Digital Markets Act specifically targets “gatekeepers” and says they must be interoperable and not self-preference.Pryce (07:57): Wait, hold on real quick. Brendan is telling you this is super interesting, but when he went to join this podcast, he accidentally pasted a message about a court addressing a motion to stay on February 11th. Brendan is reading court cases—he’s built different.Brendan Keeler (08:24): I’m built different! But that was about CureIS. February 11th, we’re going to get some decisions. I’ll buy the transcript and we’ll find some juicy stuff in the case against Epic.Pryce (08:28): I’ll let you read that while I do something else. I want to think about the stickiness of systems of record. Dithering mentioned this week that with the proliferation of AI, you can kind of build your own apps in an hour. Is software dying? At the end of the episode, they said systems of record are the safest because that database and the connections between thousands of tables are the most defensible. Do you feel like Epic is uniquely exposed to competition, or do they still have the best understanding of when and why doctors place orders?Brendan Keeler (09:56): It’s all EHRs. In terms of info-blocking, it affects everyone. Enterprise ones like Epic have astronomically higher switching costs and are more resilient. Travis May of Datavant had a great post saying that while systems of record can be disrupted by AI, networks can’t. You have to use existing networks like SureScripts. His thesis is “build network-based businesses.”Even in healthcare, there are extreme advantages to being the dominant vendor, but we made it fairer. With info-blocking, third parties can compete equally on a technical lens. If they are prevented, they can punch back. That’s a pro-competitive law that means you have no excuse except to be better.Pryce (12:19): It is interesting thinking about five years from now. Epic’s moat is 40 years of database work. But the user interface is what AI is going to change entirely. A doctor who is in med school right now at 22 will be 30 by the time she’s practicing. She might just be talking into space with AI software, not even looking at Epic. Maybe we’ll see Epic selling their database systems (like Texas claims they do) instead of their entire suite.Brendan Keeler (14:15): Enterprise software has always been about generalization. As you get bigger, you lose agency—the principal-agent problem. Deterministic software encodes workflows that everyone hates. Very few people like their enterprise software—Trinet, Gusto, Salesforce, Epic—because it’s not the exact workflow they want.But the cooler reality is that people will build user interfaces in a probabilistic way. I can do my thing, you do yours, and it still gets put into the system with data integrity. You see that with scribes: I dictate my workflow, you do yours, and it gets put into Epic in the right fields.Pryce (16:32): Yeah, speak French, speak Spanish—we don’t care, we’ll make sure it gets to the right location. Dithering made the point that even if everyone hates these softwares, they exist because they’re so sticky.Brendan Keeler (17:33): The other big one is that AI for software producers is moving toward marginal costs. The cost of production is rapidly decreasing. Before, Epic had to prioritize and say “I’m never building a PACS or an ERP.” Now, they can go in a lot of directions at once. It’s easier to build a third-party app, but it’s also easier for systems of record to do the “whole damn thing.” The competitive heat is turning up to 11.Pryce (19:40): I don’t like a dog-eat-dog world! Hopefully I’ll find a place to add value because I’ve got three kids to feed. Speaking of the government, we had some action this past week. USCDI V7 was proposed.The United States Core Data Set for Interoperability is referred to by many regulations saying EHRs need to make this data available via API. V7 includes appointments, which is exciting for me as a former Cadence implementer. To force EHRs to make appointment information available programmatically is great for value-based care. On the other hand, some additions like “medication status” seem so basic—how was that not in there before?Brendan Keeler (24:59): The intent is focusing on what’s ahead—the care plan. I’ve been asking “where are appointments?” since USCDI V2. To understand what needs to happen with a patient, you need to see what’s already scheduled. We’ve been in a “kumbaya” phase of data exchange because we were just transferring historic care data. As soon as you include planned appointments or labs, that’s a “value capture” moment. The cynical view is that someone might try to grab that spend, but the administration is trying to support CMS goals. They want to ship and iterate.Pryce (28:39): Right. If you’re a provider and you don’t want another entity to have access to your appointments, don’t sign a business agreement with them. This isn’t forced scope in TEFCA yet. It’s nice that patients can see their scheduled appointments.Brendan Keeler (29:53): The net good is far in excess of the risk. People ask all the time how to use FHIR to get appointments for enrollment triggers, and usually, we have to tell them to use HL7v2. There is a future where business associates can live “FHIR-only,” which isn’t the case today.Pryce (30:50): At Redox, only 5-10% of customers were not using a V2 feed or VPN. Now that it’s becoming a broader swath of forced functionality, this is fun.Brendan Keeler (31:59): Wait, we never said: what is Cadence for the audience?Pryce (32:03): Epic has names for everything. Cadence is scheduling and appointments. Prelude is registration. Shout out to my customers in North Carolina from when I worked at Epic; thanks for being patient with me when I was 21. Now, tell me about the Diagnostic Imaging RFI.Brendan Keeler (32:39): We’ve been hyper-focused on discrete data in the EHR, but every hospital has a PACS (Picture Archive and Communication System). You schedule in Cadence, do the MRI, and that high-fidelity DICOM file goes to the PACS. Most EHRs have a truce with PACS vendors like Agfa or Sectra. PACS systems are unregulated; they aren’t “certified health IT.” So, while the radiologist’s interpretation gets back to the EHR, the image itself is stuck in a “cold, dark room.”If you go to a different hospital, they can see the report but not the image. If you want to see your own images on MyChart, too bad—you have to go to the hospital and they give you a CD. This RFI is about the fact that we’ve ignored this space for too long. Dr. Keane is an interventional radiologist, so maybe it’s personal for him. They’re looking for comments on standards. Other countries, like the Netherlands, have ubiquitous image exchange.Pryce (39:53): We have one more topic: Veeva suing Epic. This one is about competition and Epic’s non-compete clause.Brendan Keeler (39:59): Veeva is essentially the “Epic of life sciences.” They sell CRM and clinical trial software to pharmaceutical companies. They are a big integrated monolith, a system of record. They decided to hire ex-Epic people in Madison. According to the allegations, Epic put Veeva on their non-compete list because they were tired of Veeva offering better salary and conditions.Epic’s non-compete used to include like 5,000 companies—even the YMCA. They trimmed it down to 20 or 30 real competitors. The question is: Is Veeva actually competing with Epic? Epic is starting to sell clinical trial management, and Veeva is selling things to providers, so there are competitive edges. Veeva has a long history of successfully going after non-competes.Pryce (44:58): Epic was a great first job for many, but Veeva is winning favor by going to bat against this.Brendan Keeler (45:36): In a pro-competitive sense, it’s good to allow talent to move to companies that offer better benefits. It allows talent to get what they’re worth. That’s why you see both liberal labor perspectives and the State of Texas attacking the non-compete.Pryce (46:12): Well, you’re a big fan of exchange—whether it’s employee exchange or information exchange. Thanks for joining. I’ve got to run. See ya.Brendan Keeler (46:35): See y’all. Get full access to Health API Guy at healthapiguy.substack.com/subscribe

Dry January has started out torrentially wet, at least in terms of health tech news. Brad is back from vacation just in time for us to break down the newest lawsuit and other comings and goings with Pryce and me:* Epic’s case against Health Gorilla and why this one is going after mass-tort * Anthropic (and OpenAI) entering healthcare through patient-directed data access* Why nationwide exchange networks are straining under non-treatment demand* What ambient AI and administrative networks (Abridge × Availity) tell us about where workflows are headingAs an aside - editing took a tad longer than usual, so apologies for the delay.Relevant Articles and Posts* Epic v. Health Gorilla: A New Fight Begins* Pryce’s Excellent “Epic Lawsuit 101” LinkedIn Post* Epic’s Tactical Strike Beyond the Grey Zone* The Particle v. Epic Casebook* Another One: Anthropic’s Healthcare Debut* One Copilot to Rule Them AllChapters* 00:00 - Introduction and Overview of the Epic Lawsuit* 03:07 - Understanding Healthcare Data Networks* 07:57 - The Role of Health Gorilla and Other On-Ramps* 12:46 - The Competitive Landscape of EHRs and On-Ramps* 20:18 - The Ethical Implications of Data Usage* 27:54 - The Need for Court Actions in Healthcare Networks* 29:02 - Understanding Individual Access Services (IAS)* 30:22 - The Role of Technology in Patient Data Access* 34:41 - Collaboration Challenges in Healthcare* 39:42 - Streamlining Prior Authorizations with New PartnershipsTranscriptWe ran the transcript through an LLM to smooth it out. So it’s a rough approximation of the conversation (and in many cases significantly clearer than our rambling), but notably diverges from the word-by-word blows quite a bit.Brad Thorson (00:01)Gentlemen, it’s been a while. I’m recovering from the flu, as you can hear, but I really enjoyed last week’s discussion. Sorry to have missed it. I thought we were going to talk about Anthropic’s entry into healthcare, but something bigger happened earlier this week. Pryce, talk to me about Epic and Health Gorilla. What’s going on?Pryce (00:23)I posted on LinkedIn this week explaining the Epic–Health Gorilla lawsuit for beginners.The background is that nationwide health data exchange networks have existed for a long time. For people newer to healthcare data portability—who may have just downloaded ChatGPT Health and realized they can pull their charts—doctors have been able to exchange data like this for decades.The premise is that when you request data on these networks, you generally must be treating the patient. That’s the HIPAA “Treatment” purpose of use. These networks were built primarily for providers delivering care.There are gray areas. For example, what about a provider-facing application that isn’t an EHR but is used by clinicians? The user is still a provider requesting data to treat a patient, but you start to see edge cases. Eventually, some uses cross into fraud—where no one is actually treating patients.At their core, these networks exist so physicians can query each other for clinical data. Non-physician entities often try to join, not to sell charts on the black market, but for adjacent use cases like care management or analytics. Brendan, can you walk through the prior cases that set the stage here?Brendan Keeler (02:29)In April and May 2024, Epic initiated a Carequality dispute—not a lawsuit—against Particle Health. Several Particle customers were cited, including Integritort, which focused on mass-tort use cases similar to what we’re seeing now. Another was Reveleer, which operated at the payer–provider boundary.That dispute didn’t resolve, and Particle later filed antitrust claims against Epic in September in Particle v. Epic. That case focuses on business-associate applications connecting to EHRs on behalf of providers and being blocked.This lawsuit is different. Until now, it was a category of one. It concerns nationwide networks being used for purposes outside their original design. The dispute centers on where creativity crosses into abuse.Epic is not targeting gray-area use cases that many people might defend—like patient access, clinical trials, or value-based care. Instead, this case is narrowly focused on mass-tort data harvesting. Lawyers allegedly used the networks to identify patients with PFAS exposure and market lawsuits to them.That use case has almost no sympathy across the industry. If the allegations are true, it’s clearly outside acceptable bounds. That’s why the case is structured this way: it isolates a behavior very few people will defend, unlike the broader debate over treatment versus adjacent uses that can do societal good.Brad Thorson (05:48)Let me interrupt. I’ve learned this from working with both of you, but many people didn’t start their careers embedded in EDI or health data exchange. Can we briefly describe the ecosystem? What are these networks, and why do on-ramps like Health Gorilla exist?Pryce (06:18)Historically, Epic created Care Everywhere so Epic customers could exchange data with each other using CDA documents for continuity of care.Other EHRs responded. That evolved into networks like eHealth Exchange and CommonWell. The key point is that any node querying data must be trusted to be providing treatment.Over time, these networks interconnected—Care Everywhere, CommonWell, and eHealth Exchange shared trust frameworks. Now we’ve moved into TEFCA, with QHINs acting as intermediaries. Epic’s Nexus is one. Health Gorilla is another. Kno2 is another.QHINs onboard participants and commercialize access, similar to telecom carriers. The challenge is vetting customers appropriately. Once a node is on the network, the system largely trusts that it’s acting appropriately.At scale, however, patterns emerge. Some nodes query large volumes of data but never contribute new clinical information. That raises questions about whether they’re actually providing care.If Epic brought this lawsuit, it likely believes it has strong evidence. At sufficient scale, misuse becomes visible.Brendan Keeler (10:47)Yes and no.Originally, EHRs were the only on-ramps. Over time, non-EHR connectors were allowed to simplify access and expand adoption—similar to how Stripe simplified card networks.This massively expanded the ecosystem to vendors that lacked the expertise to build CDA or XDS integrations themselves.The business incentives differ. EHRs sell software to providers; network access is a feature. On-ramps sell access itself. Their revenue levers are value-added services, better APIs or UI, price competition, and—critically—who they sell to.Competitive pressure leads to boundary-pushing. If one on-ramp sells to a questionable use case, others feel pressure to follow. That’s not moral failure; it’s capitalism.That history explains the tension between EHRs and on-ramps.As for the “smoking gun”: a complaint must survive a motion to dismiss. Epic cites traffic spikes, relationship webs, and low-value returned data. That may not be conclusive proof, but it’s enough to reach discovery. The goal is to obtain indisputable evidence and demonstrate that this isn’t hypothetical abuse.Pryce (16:22)EHRs weren’t built to monetize data; they were built to document care. But data became valuable. On-ramps then arrived to add value—similar to how Google Flights disintermediated airlines.The network shifted from universal trust to skepticism. Privacy concerns are real, but business incentives also matter. The solution isn’t to shut everything down; it’s responsible expansion so trust remains intact.Brendan Keeler (17:52)Another perspective is that these networks were designed to replace fax-based transitions of care—not to be general data collaboratives.There’s massive unmet demand: payer workflows, quality measurement, patient-directed sharing, life insurance, litigation. People look at existing infrastructure and try to repurpose it.Providers originally agreed to participate only because rules limited use to treatment. That trust is now under strain.Meeting this unmet demand responsibly could unlock efficiency, just as payer–provider exchange eventually did. But it’s a bet.Brad Thorson (24:04)I worry that patient-directed data access through AI tools could create even more fraud vectors.Brendan Keeler (24:39)Individual Access Services (IAS) change the equation. They provide a paved path where the patient is identity-verified and explicitly authorizes access. That reduces misuse routed through treatment claims.These implementations will improve over time. Importantly, any fraud here involves patient choice. That shifts the debate from “is this treatment?” to “are we enabling patient agency?”As long as treatment boundaries remain narrow, people will keep forcing non-treatment uses through them. That pressure is the catalyst for everything happening now.Pryce (27:18)So we’re cramming non-treatment use cases into the treatment box because no alternative exists.Brendan Keeler (27:28)Exactly.Pryce (28:10)Who actually solves for this? In Carequality, it would be the Recognized Coordinating Entity pushing new operating procedures to participants. But everyone has to agree. That RCE is the Sequoia Project.Brendan Keeler (28:30)No single entity is fully in charge. It’s collaborative.The federal government lacks direct authority to mandate participation. Even certification is voluntary, tied indirectly to CMS. Because of federalism, health IT regulation relies on convoluted levers.ASTP was given a limited mandate under the Cures Act to establish a voluntary nationwide network. It has no authority to compel behavior. CMS has taken a similar approach through the Health Tech Ecosystem pledge—encouragement without enforcement.Absent congressional authority, agencies can only shift incentives. They try to overcome natural competitive dynamics and the difficulty of collaboration. That’s hard enough at a regional level, let alone nationally.We already built one network for treatment. Now we’re trying to do it again for individual access, operations, and payment. These are different jobs with different stakeholders and incentives. The work is difficult because collaboration is difficult.Pryce (30:31)What I’m hearing is that these are trust networks where everyone is expected to follow the rules—yet participants are often competitors. Participation is voluntary.That explains disagreements over operations and governance, and why new networks keep forming. TEFCA feels like another restart.In the last few years, I’ve started seeing the broader policy and economic forces at work. Capitalistic incentives dominate. It’s frustrating, but that’s why ASTP and the RCE exist. We need people to accept new use cases responsibly. IAS seems like one of the better paths forward.Brad Thorson (32:27)That analogy works.Pryce (32:29)IAS feels like the next obvious step beyond provider-to-provider exchange. Everyone should be able to access their data. The challenge is building trusted rails to make that possible.Brendan Keeler (32:52)Building the rails isn’t the hard part.Implementation guides for individual access have existed for years with limited adoption because incentives weren’t there. Health systems weigh limited upside against major HIPAA risk. A breach brings regulatory scrutiny, lawsuits, and long-term damage.Without financial upside, why prioritize this over payer exchange or internal operations?What changed is the demand signal. Disputes like Epic–Particle made it clear that if no safe path exists, people will off-road. That forces prioritization.Government signaling—particularly from CMS—has also helped shift the calculus. Together, that’s enough to move things forward.Pryce (34:35)When you lay it out that way, it’s all economics. Organizations don’t move until incentives force them to.Brendan Keeler (35:15)When decisions are framed as moral choices, adoption is limited.Electric vehicles struggled when they were more expensive and less capable. Adoption increased once incentives aligned and performance matched alternatives. Most people choose economics over morality.The same applies here.Brad Thorson (36:02)We should wrap up. Let’s shift to a private network example. Availity and Abridge announced a partnership that could reduce prior authorization delays. As a patient, that’s exciting. Who wants to explain why this partnership matters?Brendan Keeler (36:44)Availity is one of the largest administrative clearinghouses in healthcare. After the Change Healthcare cyberattack, Availity is widely viewed as a primary clearinghouse, alongside Waystar and Change.Abridge is a leading ambient scribe platform. Ambient scribes started by generating clinical notes from conversations. They’re evolving into co-pilots that reduce every keystroke required of providers.Beyond notes, scribes are expanding into orders, diagnoses, coding, and now prior authorization. Prior auth is a major administrative burden. Ambient systems can pre-populate payer-specific documentation using conversation data and clinical context.Abridge piloted this with Highmark and demonstrated ROI. To scale nationally, they needed a payer network. Availity was the logical partner.This fits a broader trend: every provider keystroke is becoming contestable territory for AI co-pilots. These functions will likely converge into fewer platforms over time.Brad Thorson (40:15)What stands out is that most ambient tools rely on a single data source—the EHR. This feels like one of the first examples where an ambient tool uses an external network.Brendan Keeler (40:37)That’s a fair observation. In this case, it’s mostly transactional—sending documentation to payers.But you’re right: some scribes are already pulling longitudinal records via HIEs. Inputs, jobs-to-be-done, and UI are all competitive surfaces. Epic’s approach pushes scribes into backend infrastructure, while others aim to pull clinicians into new interfaces. That difference defines much of the VC upside.Pryce (42:01)Prior auth boils down to whether a procedure is justified based on clinical history. HL7 Da Vinci defines this through CDS hooks and FHIR questionnaires.I’m curious how ambient systems actually respond to these structured requirements. Are they using CQL? How do generative models handle this determinism?Brendan Keeler (43:13)That’s a real tension point. Prior auth has multiple parallel solution paths—FHIR APIs, portals, phone calls.It’s worth a future episode to unpack those approaches in detail. For now, we’ll leave it there. Have a great weekend.Pryce (43:59)Thanks. Get full access to Health API Guy at healthapiguy.substack.com/subscribe

With Brad in Mexico, it was left to Pryce and I to “chop it up” and discuss the recent comings and goings of the industry and our regulatory overlords. We kept it nice and tight (at least in terms of topic sprawl, if not length) to the biggies:* The implications of HTI 5* OpenAI’s ChatGPT for HealthTogether, we take stock of how HTI-5 tightens the screws on information access while simultaneously stripping away outdated certification scaffolding and whether the newest tech giant patient-driven aggregation can finally escape the PHR tar pit.Health API Guy is a reader-supported publication. To receive daily content with unfiltered and slightly uncaged memes and takes, consider becoming a paid subscriber.Relevant Articles* Indiana Jones and the Personal Health Record* July Monthly Review: OpenAI Builds a PHR?* HTI-5: When the Scorpion Learns to Swim* The End of the Standalone PHRChapters* 00:00 - Podcast Naming and Introduction* 02:56 - Understanding HTI-5 and Its Implications* 08:51- Deregulation and EHR Evolution* 15:04 - Information Blocking and Its Challenges* 21:00 - Future of Health IT and API Integration* 24:51 - The Future of Healthcare Regulation* 25:51 - Understanding FHIR and Event Notifications* 29:14 - The Developer Experience in Healthcare Data* 31:16 - The Role of EHRs in Healthcare Integration* 32:16 - OpenAI’s Recent Healthcare Innovations* 36:12 - The Implications of ChatGPT in Healthcare* 40:21 - Data Privacy and Security Concerns* 45:31 - The Architecture of ChatGPT for Health* 49:10 - OpenAI’s Competitive Landscape in HealthcareTranscriptBrendan Keeler (00:01): All right, Not A Podcast is back. We need to really think about a name or something here.Pryce (00:06): I know. I just Googled “Not A Podcast” or “The Not Pod” And there’s a thousand of them that are called that. So if we do start a podcast, we have to come up with a real name.Brendan Keeler (00:16): Yeah, for any of the audience, you got good ideas, puns, we’re open for business and we’ll give you credit. But yeah, it’s you and I, we’re in January, Brad is in Mexico, we were with him drinking tequila, but we’re not, we’re instead working. And so, what are you working on? What are you thinking about?Pryce (00:33): I’ve got tequila, but...let’s think. So very exciting week, you know, over the holidays, obviously we had HTI-5 which I want to touch on. Although it almost feels like old news now. and then this week I had, I was just deep, deep in, ⁓ like client systems documentation, which was really fun, but the, the things that kind of pulled me back to the surface of reality were the announcement about OpenAI for Healthcare and ChatGPT for Health and you’ll have to tell me what they released and how they’re different products. Yeah, I even like got on Reddit to read what people were saying about it and then I realized “Maybe that’s a bad idea” because you have like all these emotions but you don’t have anywhere to put them in Reddit. It’s just a bad idea. So we have a lot to talk about.Brendan Keeler (01:24): I’m always surprised when I go to Reddit and I’m like, man, there’s a lot of Luddite behavior here. It was like, on Reddit in particular, we can go down that rabbit hole, it was a lot of negative, extreme negative reactions on the several threads I saw of “Why would you ever do this?” “This is a terrible idea.” Not what I expected. Yeah, yeah, not what I expected.Pryce (01:41): You’re talking about chat GPT. Like, yeah, yeah, yeah.The things that I have to say about it are almost exclusively, I’m tempering expectation. It’s not that exciting yet. And here’s why. And it, they don’t have to be HIPAA compliant and here’s why. And you know, so I have like maybe “detractor” things to say about it, but it’s going to be an incredible tool. We should get into that, but maybe before we get there, because then I think we’ll just go down rabbit holes forever. I would love to hear from you. You’ve written articles about it. You’re already onto almost HTI-6 in your mind, but I want to hear your take on HTI-5. Give me the heavy hitting points. What is the ASCP thinking about writing into. regulation, (as this is this is a proposed rule, so it’s not actually regulation yet)? And how does that affect the industry? Give me your take.Brendan Keeler (02:31): We can’t let that slip that busy December slip by. so HTI-5 the fifth of the heirs of the Cures Act, right? We had the Cures Act in 2016. 2020 - they finalized the ONC Cures Rule. And then as we got past that era the certification criteria in the Cures Rule, information blocking, and TEFCA ASTP, they’re like, “Hmm. We gotta cook some things up.” Under Micky Tripathi, they did HTI-1, iterating, adding more certification criteria and changing some things in the program. And then proposed HTI-2, which was “Let’s balloon this thing up to 11. Let’s expand it to payers and public health. Let’s add tons of criteria and revise tons of criteria. And that got proposed in August of 2024 and...You know, the Democrats did not win that election. With the change of administration, they said, “Okay, let’s push out some of the things. the HTI-2 final rule was just an information blocking exception, the TEFCA, exception. HTI-3 was a Protecting Care Access exception. And then we get to the new admin. All right, what are we going to do? Trump’s in power. As we get through the summer, we actually saw HTI-4 again, another heir of HTI-2 proposed rule that said, “Okay, actually, the prior auth criteria, the electronic prior auth stuff? That’s pretty important to the goals of the CMS because they’ve already regulated it on the payer side. So we’re going to do that piece as part of the IPPS.”Pryce (04:03): CMS 0057 is saying, “Hey, payers, have to make APIs available that help us with prior authorization.” And then the complement to that on the provider side was HTI-4.Brendan Keeler (04:14): Yep. And so was in the summer. They just went straight to final. They’re like, “All right, it was in the HTI-2. You guys commented. There it is. Da Vinci and NCPDP for medical prior auth and medication prior auth.” Then tick tock, tick tock, we get to December. There’s this rumor of HTI-5 and the rumors are basically “Wow, this is a deregulatory regime, right? Like Trump’s EO Trump’s executive order said deregulate all the things, DOGE was deregulating all the things.” And so finally that impetus spread to ASTP. And so that’s HTI-5, yeah. And so they deregulated, it is a deregulatory rule. So it’s pulling things out. And so know that there’s three prongs. One is deregulating the criteria, get rid of the many criteria, because some of them are old. Part two.Pryce (04:46) Which just to be clear, we’re going to run back here in history from your historical timeline. The criteria were first created by the ACA is what created Meaningful Use which created the ASTP or ONC HITECH and then created criteria. So now we’re going almost back like 10 years ago and we’re saying, “Okay, these were important 10 years ago and ripping some of them out, right?Brendan Keeler (05:30): Yeah, and that’s the thing is like there’s actually our goals back then were “Let’s increase adoption of electronic health records because they’re on paper.” and people can say, “That was a terrible Well, it accelerated the the digitization of that industry. So like you can say, “Should it be digital or not?” Like you’d probably say yes, if you want to do certain things like AI now, but it made the EHRs powerful, which people resent and don’t like. And so.Brendan Keeler (05:56): Many of these criteria are old and have been revised incrementally over time and that there’s new criteria added. But yeah, it starts back then. And they said, let’s rip out anything that’s like workflow oriented, right? Like the things that say “Software vendors, thou shall have a screen that does X.” Anything of that variety? They said, let’s get rid of it by and large where it’s not some of the stuff’s in statute, it’s in the law. And so they have to have criteria that kind of tie back to the law.But anything that wasn’t in that category, they ripped out. And then the other prerogative was “Let’s API all the things!” which as a Health API Guy I’m like, yeah, yeah, let’s do it. ⁓ And you as an API, aficianado, I’m sure are excited about too.Pryce (06:35): I mean, 2010, I was in high school, so sorry to, to anyone who’s listening to this that’s older or younger, but, then, you 2015, I started at Epic. People would say like, oh, ICD-10 is crazy. And I was like, what are you talking about? Right. It was new just after ICD-9 right.I’m trying to think about like what was important back then. Maybe what I’m saying is like, holy cow, it’s crazy how quickly the industry moves, technology moves. And then, you know, government has to move as fast. 10 years ago, we really felt like it was important to say, “This is when the EHR needs to be able to do.” And now it’s almost like, we don’t need to regulate EHRs like the FDA regulates medical devices (although maybe that’s not the right topic right now or the right metaphor). We just need to make sure that they’re playing nicely together.Brendan Keeler (07:34): People... they’re like, oh, why didn’t we do interoperability stuff off the bat? And it’s like, it wasn’t digitized, it was a piece of paper. so like, you know, like we didn’t have the technologies or like, didn’t, had not defined anything, nor have we digitized in a way that we knew what needs to go back and forth. Like what are the workflows between digital systems? So I think rewriting history, could we have moved faster? Sure, maybe, but there’s a push towards API now and the deregulatory pieces do that by removing the cruft and throwing a bone to EHRs and saying, okay, we’re making your lives a little bit easier by getting rid of criteria, by changing the certification program to be less burdensome. And I think EHRs are gonna be, all the comments are gonna be like super psyched about this, that the Insights Condition and these other, not the criteria themselves of “thou shall have this feature”, but how do you report the measures, the metrics to prove it, or “how do you do real world testing”, those things, they’re deregulating and that’s a lot of burden and there’s reasons, know, there’s reasons for it. Right, you’re a big real world stand, right?Pryce (08:29): Hmm. I know. I’m bummed about that. I loved it. Loved searching for a health IT product on the CHPL website, C-H-P-L, and then being like, oh, they are certified. So they must support, you know, CDA exchange. And then looking at the real world testing and being like, oh, they exchanged three charts last year. That’s, uh, you know, noteworthy. Maybe it’s telling about how that system actually exchanged. So I missed that.Pryce (09:06): Okay, so we got HTI-5 and since I’m in the big Star Wars mood today, I decided I just need to be myself. Yeah, I just need to be myself on the podcast and I’m a big Star Wars fan. So I’m gonna call HTI-5 like “The ASTP Strikes Back” or something like that, you know, because it’s, yeah.Brendan Keeler (09:11): We have different aesthetics going on. I love it. And it sets us up for the HTI-6 (which we can get to). The last piece: So EHR are gonna be undoubtedly pysched. They’re going to have letters, the comment letters that say, “We support this so much. We support the ASTP’s deregulatory mission, you know, the criteria removal, the changes to the program.” And then they’re going to have “support” for this last piece. That’s not really support because the information blocking provisions that are in there.They are not deregulating the burden of information blocking, but deregulating the exceptions, removing exceptions, and thus the burden increases. And so they are removing, ASTP is saying, “These pieces? Certified Health IT and other actors were hiding behind them, the manner-exhausted clause, the Manner Exception itself in various ways, the Fees Exception.”And so they’re changing them and we don’t need to get into the details of it. I wrote a pretty long article about it we can link in the show notes.Pryce (10:20): Well, can I ask an example? Can I give you an anecdote and just hear your take? Information blocking is discouraging the exchange of electronic health information. illegal. Basically, if you’re an actor, which is like a developer of certified health IT, so a lot of EHRs, or a provider, or a healthcare information network, then you are an actor who could be blamed for information blocking. It’s discouraging the exchange of information.But of course it’s hard to exchange information because sometimes there’s business agreements and then there’s technical agreement, blah, blah, blah. And so if it smells like information blocking, it’s probably information blocking. But the ASTP said here are 10 or whatever it was, nine reasons that you’re actually allowed to do information blocking. These are exceptions, right? So if Brendan asks you for his chart via carrier pigeon, then you can be like, we don’t support that manner. Can I give you your chart in a CDA doc?There could be an exception that’s like, well, you’re protecting your patient from something by not responding, so then it’s not information blocking. So they’re removing some of these exceptions to your point, which means more things are information blocking.What happens if I go to a site and I say, I want to be able to write notes back to your electronic health record. and then that provider’s like, yeah, I want you to do that too. You’re my business associate and I want you to do that. And then together you go to the electronic health record developer and you say, I want to be able to write notes back to your system. Can you give me an API for that? Like a FHIR API, I’m going to write FHIR DocumentReference resources back to your system. And they say, well, we don’t support that. Okay. So that’s an appropriate response.It’s not a certification criteria to allow notes to be written back to your system, things like that. But we do have an HL7v2 interface that does that. It just takes six months to install and we’re going to charge you 20 grand for that install. How is the requester, the person who wants to exchange health information, like how should they respond to get what they want there? Can they just start breaking rules? Can they start suing people? Tell me how that would play out in your head.Brendan Keeler (12:22): It’s important to note that the actual like buckets of who’s a requester and who’s the actor, those are meaningful. And so a lot of times I’ll be talking about information blocking and people be like, well, I’m a patient and are you saying I can write back? I’m like, well, we should think about them in these categories. So you appropriately said, okay, the requester is a business associate. The requester in this case has the provider’s permission and the developer of certified health IT is the actor.That’s a very common scenario. That’s one of the scenarios we see in the court cases, right? Very clearly. I would say it’s priority number two. The two top priorities in terms of roles within information blocking are the patient access one. So patient is requester, provider is actor. That’s already defined in HIPAA under the HIPAA right of access, but the ASTP is like, make no mistake, that is a priority. We’re gonna double down on this. Pryce (13:06): The first, the number one like most powerful person when it comes to your chart is you. Like you should be able to access it.Brendan Keeler (13:14): And so they’re doubling down on that, but like, it’s not that like intellectually interesting, no offense meant to patients and patient advocates. I’m a patient, and I want that right. But it doesn’t manifest in kind of novel changes to the equilibrium because the HIPAA Right of Access was already there, it just strengthens things. Where it does change things is this scenario you’re talking about, which is business associate with a provider that is blocked access by a developer of certified health IT.It would be burdensome for any vendor if someone could come up with no exceptions and just say like, give me data in this way in a way that they haven’t developed, right? Like it could actually be weaponized that I could say, I wanna take down this vendor and I’m just gonna burden them with requests that they’re gonna spend all their calories fulfilling. And so the exceptions, particularly the Manner Exception gives the ability to negotiate and say, actually the manner you’ve requested? It’s infeasible, there’s a lack of security.So for instance, you come and request via carrier pigeon, I would say both those things. I don’t worry I would source a carrier pigeon. Where do you go and get them from? There’s not a local carrier pigeon store. so it’s infeasible is one possible path. There’s security, Is it really secure for me to send that data over the carrier pigeon where it feels like the man in the middle attack with hawks or something could be in play. And so I would say, okay, let’s go through this list, this pattern that’s defined in a Manner Exception to see if there’s standards based ways of exchange or other computable formats that I can offer you. that is the pattern needs to be followed with a Manner Exception.Pryce (14:49): Mm-hmm. yeah. easy.Brendan Keeler (15:07): There’s a delicate dance underpinning that back and forth where other exceptions get referenced. They say, “Hey, here’s a path, but it’s actually a revenue share.” You would then say, well, that’s actually information blocking because of the fee doesn’t meet the Fees Exception. So suffice to say, like we can go into the, the nuances of this one, but everyone’s individual situation is really important to map to the contours of this and then approach. Yeah. And, but then approach it as a dialogue with the EHR vendor, the certified health IT vendor or other actor and go through those steps, It’s not litigious. It is a collaborative discussion to find a mutual way of exchange, access and use of EHI. And if they are truly blocking, then it’s a problem. They’re gonna be in trouble. You and I have both been on calls and helped customers on both sides of this equation work through these negotiations, and it leads to typically good outcomes in terms of they get the API, or they get the access, and then they can actually go compete. And if the EHR has a competing solution, then it’s co-op petition. I expect this year, bubbling back up, now that we see HTI-5 as it gets cemented. and there’s some like wiggle room on the nuances of what they’ll change, but certainly with between that and the FAQ they put out last month. They’re signaling, “Hey, this is for real, not just court cases, we are for real.” I expect to see EHR vendors release more APIs, I expect to see them set guardrails around RPA, right, robotic process automation, that, is it an alternative integration path that the ASTP has blessed in this rule. They’ve said “AI and RPA?” That’s a pattern of the EHI exchange and access. And so… in lieu of something else, you better be facilitating it. And so you better believe that they’re going to start facilitating it in a way that they can control and monetize to at least get back some reasonable amount for their intellectual property and costs.Pryce (17:05): And to protect their customers. If you start to realize like, I’m not allowed to tell another software system to not log into my EHR and start doing tasks. And pretty quickly you’re like, well, let’s make sure it has user access and audit logs.Brendan Keeler (17:23): I mean, we want to help EHRs with this. if EHRs are interested to partner with a consultancy, come on, come forth, go forth and prosper, we’re help you. But you could imagine in the login experience when it’s you and I, it’s like, all right, here’s Brendan Keeler, here’s my credentials. And then there’s just like a toggle that says, “Is this Brendan Keeler? Or is this Brendan Keeler’s delegated bot?” You could start to track that usage independently about who is it attributed to, monetize it potentially differently in terms of getting back costs associated. But there’s artful ways that are totally unexplored territory that we’re going to see mature very rapidly over the course of this year because of the pressures of information blocking made real by HTI-5.Pryce (17:55): Love it. I love that you’re like, it’s real. real. Cause it, in a way it’s like, it’s been real since the Cures Act, right? But like not, we, should have made t-shirts before it was.Brendan Keeler (18:20): I mean, Lisa Bari and Kat McDavitt have the whole, know, “TEFCA’s not real” So like, we’d be a little too close if we said. But here’s the thing is like, it has been real and I didn’t believe it. Right, like you go back and read the stuff I put on the Substack in 2021 about like, “What is the Cures Act”?” “What is information blocking?” These exceptions feel huge. With PointClickCare you and I and others were like, oh, yeah, now it’s real.Pryce (18:26): I love that joke.Brendan Keeler (18:49): But still people are like, “Well, that’s a court case. Maybe the ASTP will think differently.” No longer, no longer. It’s very clear that the ASTP is like, “Yep, that case? We agree with what they’re saying.” It’s gonna incentivize a different set of behaviors and change the equilibrium in a way that you, if resisted, there’s no better way to be swept aside as a relic, as a legacy vendor. But if you lean in, if these vendors lean in, There’s opportunity in these hills. There’s opportunity in every change.Pryce (19:18): Opportunity, maybe not as a profit center, but at least to like guide the way that your system is going to start getting used by competitors or partners or whomever, If you write the rules and you write them well and they’re conforming to regulation, then all of sudden at least we have policy locally that sort of protects us from how we do those things.All right, well, HTI-5, anything else you want to talk about there?Brendan Keeler (19:45): Well, comment period, we’re in it, we’re in it, and so make your voice heard, whoever’s listening, make sure to comment, it’s not hard to comment. We will link in the show notes a prior little guide I did, but you go on, it can literally be just like typing two sentences in the comment, attribute to yourself, if you’re a little bit more polished, it’s for your org, you write a little PDF doc. Say your lived experience.Brendan Keeler (20:09): What you believe to be true in relation to the changes to criteria. There’s only four thus far that have been submitted as comments. I will continue to live tweet them and analyze them, but they’re thus far not that interesting. The good ones are yet to come. It’s always a spike towards the end. I think it’s like mid February. Yeah, end of February is the end of the 60 day comment period. We’ll finalize that. It’ll take some time for them to parse all those comments. They do read them all.They’ll finalize it in the spring or likely the summer. It’s not summer or fall unless they’re operating at warp speed. And then we’ll see what’s coming next is HTI 6. And that will be, if the rumors are true, all the... 6. And so it’ll be the API criteria. So, EHRs again, a little boned, but it’s gonna be, I think, changed for them in that.Pryce (20:52): Yeah, (counts to six), six, that’s next.Brendan Keeler (21:02): There’ll be API criteria. We’re going to re-criteria. There’s the bulk, slim, bulk, slim. This is the slim phase. We’re bulking back up with APIs. So FHIR subscriptions. Yeah. Yeah, exactly. And so CDS hooks, FHIR subscriptions. What do you want to see in it? What’s missing in, what would you love to see in the world?Pryce (21:08): Mm-hmm. Okay. Like intermittent fasting for healthcare regulation. FHIR subscriptions is so fascinating to me. It’s just like a very memorable moment in my career Somebody was teaching about FHIR subscriptions at FHIR Dev Days. And I was like, why do we still have HL7? Like what the heck is going on? And a mentor of mine, Nick McKenzie, love you, Nick, you’re out there. was like,Nobody’s going to build this until it’s regulated. So it’s kind of crazy. Now I’m like, regulation might be coming. It is going to be very interesting to see how that stuff gets implemented. I’m curious to see the nuances of the rules because that’s a very new concept being able to dynamically subscribe to event notifications. if you’re super familiar with event notifications.Brendan Keeler (22:04): Maybe someone doesn’t know what they are, maybe explain what they are.Pryce (22:07): So FHIR at the moment is this huge standard of how you should exchange healthcare data. There’s actually lots of written rules about here’s how FHIR does XYZ that’s completely unused in the real world. It’s purely academic and people who are thinking about how healthcare data should be exchanged are writing these implementation guides or profiles or whatever. But nobody uses them.And so subscriptions is one of the examples where like pretty much every FHIR server nowadays or FHIR facade is query based. Like if you want information, come and ask for it, which makes it really hard to say “Tell me when I should start caring about Brendan” because you can’t just poll someone’s EHR server every day. Event based notifications are still largely HL7v2This person was admitted. So I’m going to proactively push out a notification to all the systems that care about my registration information or my admission information. We’re going push you in order and you’re going to push me back a lab result, et cetera. And the idea of FHIR subscriptions is okay. Well, the FHIR server could also have this pub sub sort of architecture where if someone tells me that they want to hear about these event notifications, I don’t necessarily have to push them a pipe delimited text file over MLLP using a VPN as the authentication method. Maybe I should just like. use OAuth and the internet like HTTPS. The rest is internet too. So FHIR subscriptions would be crazy because it’s sort of the first time that we’ve as an industry would be saying, “Hey, EHRs, You need to develop a manner to push like JSON, FHIR payloads to other systems. So that they hear about events in basically virtual real time, near real time. And you can dynamically register and subscribe to these things. so instead of having like a little construction crew get together and build this HL7 feed, it’s gonna be a little bit more like the modern internet. And a lot of EHRs are probably like, “Shoot, that’s gonna make it easier for other people to get the information that’s valuable to our system.”Brendan Keeler (24:13): People see EHRs and they’re like, oh yeah, there must be these like evil villains like up in the lair or something. That’s not it. They’re just like, well, we built something that kind of does that. Can you go use that? Cause we got to go build something for our providers over here. Like they are product managers. And so like when there are underserved needs, a lot of times they’ll be like, oh yeah, let’s go do CDS hooks. We don’t have anything like that. But if when it’s like replacing, you see this resistance because they’re saying, well, what’s missing here? From my vantage point, and I think you’ll agree with me, HL7 can convey an event, right? It can say, here’s a new order, here’s an admission, but it is not the developer experience that is expected, right? Times have changed. And now I expect documentation I can go and test and play with. I expect JSON and not pipe delimits.That’s an arbitrary thing that we’ll probably grow out of it because we’ve grown out of EDI and pipe delimitation into XML. And then we grew out of XML and brackets into curly braces and like maybe Language First Interoperability is next. our little, favorite tongue de jour changes, but it doesn’t mean that’s not what’s popular right now. And so the expectations are a format, but also an experience.Brendan Keeler (25:29): By virtue of having to make this new thing, an experience comes with it that is more beneficial for creating alongside EHRs. And so that is the raison d’être, you know, know, let’s do some French here. ⁓Pryce (25:41): I thought I was working with the French companies, but you’ve been just rattling it off. You were saying “Why have these things that have been developed yet?” The answer is a customer of an electronic health record sometimes is like, Hey, electronic health record of whom I am a customer. Will you help me integrate our systems? But most of the time the people that are mad about how an EHR does or does not integrate aren’t even the customer of the EHR. So why would the EHR go develop new things? Why would they spend money and capital and calories, on developing these new things for other people to be able to join their ecosystem and potentially compete with them, but more importantly, just like not really pay them. It’s like a profit, it’s not a profit center for these EHRs to be like, Hey, let me figure out how my system, which I spent 40 years developing, can talk to every other system in the world. That’s not a priority most of the time. And so when it’s regulation and when the customer’s asked for it, it becomes a priority. They’re not evil. I agree with you.Brendan Keeler (26:45): I mean, they’re just doing what every bit, every system of record business does it. Every one operates this way. People think that healthcare is uniquely has a bunch of evil masterminds. That’s not it. It’s like your system of record. I could spend money building the APIs or I could go build the next module to serve the needs directly in a way that I can actually control the experience of. In that trade off, most product managers are like, I’m going to do that thing. unless they’re particularly API minded or open minded or using openness as a differentiator. That’s changed now with information blocking. And you know what? It allows new AI forward solutions that sell to healthcare systems to enter the scene. And so what’s happened this week, Pryce?Pryce (27:14) Segue! So, man, everyone is in a tizzy, at least on my LinkedIn, about ChatGPT having released ChatGPT Health. I mean, that’s the thing that I’ve just got in on the wait list for. But there are several things being released by OpenAI right now that have to do with healthcare. We’ve seen it coming for a while, at least you have. People who read between the lines have seen it coming for a while.I generally don’t care until things happen. It’s probably just my ADHD. But tell me, what did OpenAI release in the past week? And then we’ll start digging into that.Brendan Keeler (28:07): Yeah, I I’m not reading between lines. They signed a pledge that they were going to do this in July. Pryce (28:12): Well, yeah, yeah. A pledge, a pledge, which at the time I was like, a pledge means nothing. Nobody is on the hook to do these things. And all those companies that had signed the pledge, was thinking, I bet it looks really good for your CEO to be shaking hands with RFK right now. But you were right. They’re, they’re doing things. A lot of these companies are doing things. And, and one of them was OpenAI. So tell me what they released.Brendan Keeler (28:37): They had a big week ChatGPT Health, which is ChatGPT, the chat interface for consumers, patients to interact with health data. It is very akin to a personal health record, the PHR. It is that, right? They are housing the information. You can do a nifty thing with it. You can interact in an AI native way with it, but.It’s the personal health record that Google or that Microsoft Health Vault or that Google Apple Health Record. The first time anyone enters health, what if you could own your data? Like it’s the most popular idea, think Out of Pocket called the tar pit, right? You know, and it is because as a standalone idea, it’s not a good vehicle to gain distribution. Historically, the access methods were really friction filled.Brendan Keeler (29:22): But now we’re in an era where that’s changing for this next, the fifth iteration of patient access, the fifth generation is pretty good. And so we see them embed via an aggregator. They didn’t spend a ton of calories going doing healthcare specific work. They spent the calories to integrate with someone who’s done the hard work, b.well as an on-ramp to nationwide networks like TEFCA as a aggregator of patient access APIs, generation four, patient access ⁓ APIs, (TEFCA IAS is generation five)Yeah, TEFCA strikes back. They’ve embedded it. So the other things in this announcement, the other apps, they developed up to the app framework, the app SDK that OpenAI makes available similar to like Expedia or Booking.com. That’s out there. Both you and I got access to it. How’s it been?Pryce (29:52): Patient access APIs: I just want to really simplify that for everyone. I can download ChatGPT on my phone, which I have done. I don’t really like the LLMs, but they’re really useful. I just don’t like the fact that the rich are getting richer. That’s what I don’t like about them. But super useful, especially if you take everything you hear from ChatGPT with a grain of salt. Like you would a Google search or whatever. But it doesn’t have your healthcare data until it partners with, in this case, b.well which we love. And b.well it’s basically like Plaid in a way that they say, okay, well, you have the rights to your healthcare data. b.well doesn’t, ChatGPT doesn’t. But if ChatGPT partners with b.well, who’s already gone and fetched every year, 90 % of the country’s health systems, patient access APIs endpoints, which is to say like hit this endpoint, tell me who you are. And then I will verify if I think you are who you’re saying you are. And then if you are indeed who you’re saying you are and I have your chart, I will give it back to be well, be well, get, we’ll give the ChatGPT. Right? So that’s what’s happening is healthcare data is federated patients are becoming more and more powerful and being able to access that healthcare data in the same way that we do with Plaid. But people are freaking out. I think sort of rightfully so. There’s two main themes that I’m seeing and I want to talk through these. One of them is everyone’s like, can’t believe this isn’t regulated. ChatGPT is going to kill a ton of people who upload their charts and listen to ChatGPT for healthcare advice. And my response to that is we need to teach people to think critically. It is good for me to be able to ask my friends about like why my knee hurts. And it’s good for me to be able to ask Google. And now it’s good for me to be able to ask a ChatGPT. But if the first response is like your knee hurts, you’re probably dying of a heart attack. I should take that with a grain of salt. Like I would when I talk to anyone.And then the next step is diagnosis or treatment. should talk to a doctor. So I kind of don’t feel like people need to freak out about ChatGPT giving healthcare advice because nobody should treat it like a doctor. What’s your take on that?Brendan Keeler (32:21): Look, the balance of it is where there’s potential harm, people can think in two ways, right? One is paternalism. Let’s stop it because then we’ll stop any potential harm. But they miss the trade-offs of the potential good. The other is sort of like a market-oriented approach of, if this is not a substandard tool, then people will stop using it very rapidly. And there will be also the optics. This is a big company. If they mess up, is pretty catastrophic to their ambitions here. The idea that they’re kind of fast shooters from the hip. I don’t see that, like everyone assumes Amazon or Google or OpenAI are gunslingers - no, those are the startups. Startups are the gunslingers because they don’t have the same pressures of The Information and The Verge up their bums about every single little update. The scrutiny on big tech is immense. OpenAI for better or worse is now in the big tech leagues, they’re not startup, little scrappy startup. That scrutiny, as well as the processes of like, enterprise, big tech mean that you go through a lot of checks and balances to ship these sorts of products. I agree. Like, look, if you want to stop the harm - you could cut it off. That’s one, but two, it underestimates that most transformative change comes from something that underperforms an existing incumbent. If you imagine AI in that paradigm, like it’s going to start buy underperforming, but will rapidly. overperform at a cost benefit that is dramatic. So all this to say is like the HIPAA right access means patients can get access to data and upload it anyway. The intentionality of a separate sandbox, like separate data area for health of a model trained for it of guidance in there, like actual product management thought towards this versus people just uploading to the raw like regular ChatGPT? That’s a good iteration that we should be, you know, like happy about.Pryce (34:27): I’m like, you can decide how you want to care for yourself, but people were already using the internet and they’re already using LLMs. So now it’s a little bit more official and hopefully the LLMs understand the shape of the data that they’re seeing a lot better and maybe the security is better and things like that. But speaking of security, that’s the second thing that I feel like everyone’s in a tizzy about is that they’re like, you think I’m going to hand my data over to Sam Altman? And first of all, yeah, Sam Altman is definitely reading your vitals. He’s reading through every single one of your vitals. Okay. Like if you give you, if you give your healthcare data to open AI, I think Sam Altman is personally sitting at his computer, probably making fun of you for all of the conditions on your problem list. No, that’s not happening. Right. Like, but, but what is happening is OpenAI gathering a lot of healthcare information from people who are willingly giving it to them. And then.They’re keeping it secure, I’m sure, because they’re a huge tech company and they have a privacy policy that they, you know, that they’re probably legally obliged to follow, but they are not regulated by HIPAA. And, and I’m not freaked out by that because I understand the implications. but my expectation is also that, that they would, for every bit of data that they gather, like, why would they not de-identify it and use it in some, you know, way that’s beneficial to them commercially. Selling it.Brendan Keeler (35:50): Well, they said they’re going to use it for model training, but yeah, they did say.Pryce (35:52): They did? Well, not model training. But why would they not say, I have a million charts that I can de-identify, do I want to sell them to Optum Life Sciences? Is that not something that they could do?Brendan Keeler (36:07): There’s two things here. One is de-identified data sales, right? Is one angle and the other is identified data sales. De-identified data sales, your provider sells your charts. Like the naivety of people thinking that, oh, we don’t give it to OpenAI, like they’ll sell my charts, it’s like - your provider is selling your charts, your EHR is selling your charts. If you have problem with that, we need to go back to the legislative drawing board and change HIPAA, which allows for the sale of deidentified data. So even with HIPAA, deidentified data is a process and certainly you could imagine them monetizing this way. I think more broadly, what I saw missing from the announcement, and I haven’t gone spelunking through the privacy policy in terms of service, is like, how are they monetizing?This is something that could drive new subscriptions. Great, sure, but are they selling this in an identified fashion to parties like that scary to people? And they could be a lot crisper about what they are going to do here in a way that, you know, like every Reddit comment was like, healthcare insurers would love to get their hands on this. As a consumer company, you need to go way beyond in terms of saying what you’re going to do here. But I imagine they don’t know yet. They don’t fully know. They’re paying b.well something. They’re not paying as much as TEFCA IAS would cost. There’s a significant cost there in terms of the credential service provider costs are pretty high. And so that would trickle down into fees to open AI. And so people just rightfully are like, okay, how do they monetize this? And it scares them.We can kind of poke at the Redditors, but like, think there’s something real, realer than the other considerations to parse out there for OpenAI to be just like over communicate intentional intentionality here.Pryce (37:58): I love what you’re saying in the sense that if you’re surprised that this commercial company that’s giving you free or cheap access to almost infinite knowledge is going to try to make money off of you using it, if that surprises you, then you should reconsider how you interact with the economy. How they do it, think they need to outline clearly. Like, just as an example,You’re talking about it as a PHR and I’m kind of like, is it a PHR? I don’t know. So far the interface that I’ve used, it had access to my data. Where is it storing it? What does it look like? And I know for a fact that the data was just garbage. I don’t know if that was the EHR that responded that had garbage data. I don’t know if it was a query that was bad. don’t know if chat GPT got it and then did something wrong with it, but theThe data was bad and all that to say, does OpenAI have like a FHIR store for this information or some sort of database that they’ve created? Or is it, I don’t know, does B-well persist data and open AI is just sort of in a business relationship with them where they are using that like a clinical data repository for individuals. I didn’t even get that far with regards to the architecture,Brendan Keeler (39:07): I think from an architecture, all we know, you know, they didn’t give deep architectural nuance of like how B-well is like, well, they said it’s separate. They said it’s a separate data partition within a chat GPT. So it’s not commingled with the broader part. It’s like, it is separate. I think to your point, two points, one is they intentionally did not make a standalone personal health record. It is just a novel way from a user interface perspective in ChatGPT. That is incredibly smart. That is using the distribution advantages they have to have it as a feature. That is embedded health versus a personal health record. Embedded health, embedding these capabilities, B-Well, patient access aggregation, TEFCA IAS into existing experiences that do jobs to be done for consumer patients is the right way to approach this thing. It’s what I wrote about in Indiana Jones and the PHR back in the day is like the failure of PHR is like to imagine that “I can aggregate all my data” is actually that interesting to most people. It’s interesting to sick people and then like Whoop junkies,Pryce (40:05): And dozens, at least dozens of health tech nerds will also find it interesting. There are dozens of us.Brendan Keeler (40:22): I try every single one. I’ve tried all the apps in ChatGPT, the general purpose ones, and they all break and they all are wrong and they don’t work. And I was like, God, don’t let that happen here. And I will say that they spent calories to make it work a little bit better. The linking experience and provider search is quite nice. But to your point, the clinical data stuff’s not working for me, for my dermatologist on ECW, for my Epic site. They gotta resolve that because that’s going to really, really undermine the whole thing. the coverage that’s surfaced there, which is the leading coverage that b.well has... if it’s undermined by it not working and then people are like, all right, see you. And they won’t trust it.Pryce (41:01): When I was young and impressionable at Epic, I still, I actually love that one of whatever the first commandment or is the commandment of Epic is like software must work. And at the time I was like, what the hell? Like, kind of rule is that? Right. And now I’m 10 years in, I kind of understand the industry and monetization and, and I’ll use something that doesn’t work. I’m like, damn it.Just like get rid of it. I’ll never use it again. And so I do kind of feel bad for OpenAI. I feel bad in the sense that like, this is a good product to launch, but like, what if just low adoption of nationwide networks like TEFCA and Carequality or poor implementation by random electronic health records is creating the sense that like they’ve released this terrible productAnd that was my experience so far is that like, I didn’t get real healthcare data in there. Not that I had burning questions to ask it, That’s my take on that front. ⁓Brendan Keeler (41:59): At least we’re in the beta or the pilot or whatever, right? We got in a wait list and hopefully they haven’t rolled it out fully so they can resolve some of these issues before it goes, it gets more widely, more widespread. But we’re wrapped, we’re coming up on time here. And so we won’t even get to the other announcement from OpenAI, which were ChatGPT for healthcare. So ChatGPT is a interface for providers, competing with sort of UpToDate as a main competitor. And then OpenAI for healthcare, which is just them saying, our APIs, those are HIPAA compliant. You know, both these products are less interesting. They’re interesting because they’re pushing in, but they’re doing what traditionally horizontal tech companies always do, which is put up the shingle and say, yep, we’re HIPAA compliant with SSO. There’s the features that aren’t actually all that HIPAA is healthcare specific, but more security flows elsewhere. SSO is not healthcare specific. These features are all like reusable value add. Where horizontal tech companies struggle is to actually do the non reusable stuff. Like do the HL7v2 or maintain certain compliance rules. Always there’s this tension as a horizontal company that they struggle to resolve.Pryce (43:21): That’s why we see many iterations of failures coming from Apple, Google, Microsoft in dethroning an electronic health record or creating a PHR that’s meaningful for people.Brendan Keeler (43:33): They’ve got good leadership, right? Nate Gross from Doximity, someone else from Instagram are the two of the leaders of the healthcare unit. They’re pretty consumer focused. just, do they have the wherewithal, specifically for ChatGPT for providers to like do the things? I’m excited to see the next set of announcements of they’re using Redox, they’ve done some HL7, they’re starting to actually do a workflow that shows some true investment into the particularities of the vertical versus the things that look like they’re vertical specific that are actually just reusable across all industries.Pryce (44:09): You said you feel like this is maybe competing with UpToDate. Is it not competing with OpenEvidence as well? Like, it’s the same kind of concept.Brendan Keeler (44:17): Same job to be done, different go-to-market motions. I cannot go pick up ChatGPT for providers or ChatGPT for healthcare. I have to go sign the BAA. It’s an enterprise go-to-market motion, which puts them more into the realm of UpToDate to start until they change that.Pryce (44:20): Okay, that makes sense. was actually with my psychiatrist this morning and talking about Doximity and She wanted all the tea and I was giving it her, which is why I’m so antsy and excited right now.Brendan Keeler (44:45): We’ll have to go back to revisit that while we expect to see some updates on that court case coming up. But, Pryce have a great Friday. I’ll talk to you soon.Pryce (44:51): Love it. Thanks for hanging out. See y’all. Get full access to Health API Guy at healthapiguy.substack.com/subscribe

We had fun with our “Not-a-Podcast” last week, so Pryce, Brad Thorson, and I hopped back on a video chat to try to make sense of what felt like an entire month of health IT news compressed into a single pre-holiday week. We discussed:* ASTP’s secret new beta website that Pryce found* Steve Posnack’s post on TEFCA and CMS Aligned Networks, and what “floor vs. ceiling” means for nationwide exchange* Why appointment and encounter data are harder than they look, especially as exchange shifts from historical records to forward-looking signals* Pull-based exchange vs. event-driven workflows, and where today’s networks still fall short* Information blocking guidance from ASTP, including RPA, the manner exception, and enforcement signals* TEFCA Operations and reciprocity, and why incremental adoption may beat premature mandates* AT Protocol’s parallels to healthcare data exchange* Epic’s Community Registries, and the broader implications for registry vendors and network effects* Where HTI-5 might land, and what it signals about API-first regulation and reduced switching costsUnscripted? Yes. A little nerdy? Also yes. Unexpected tangents and rabbit holes? Okay, yes, yet again. But we do think and hope you’ll enjoy.Health API Guy is a reader-supported publication. To receive new posts and support this work, consider becoming a paid subscriber.Chapters* 00:00 - Introduction to Health Information Exchange (HIE) Dynamics* 01:00 - TEFCA and CMS Aligned Networks: A Deep Dive* 03:15 - Encounter Data and Its Implications* 06:03 - The Role of Appointment Data in Healthcare* 09:04 - Provider Steering: Opportunities and Challenges* 11:52 - Tensions Between TEFCA and CMS-Aligned Networks* 15:06 - Information Blocking and Regulatory Updates* 18:01 - Recent Developments in TEFCA and ASDP* 24:48 - Data Harvesting and Governance in Health Tech* 26:14 - The Future of Health IT Standards* 30:50 - Understanding HDI 5 and Its Implications* 34:40 - The Role of Data Portability and Switching Costs* 39:57 - The AT Protocol and Its Impact on Data Sharing* 44:02 - Epic’s Community Registries and Privacy InitiativesTranscriptWe ran the transcript through Gemini to smooth it out. So it’s a rough approximation of the conversation (and in many cases significantly clearer than our rambling), but notably diverges from the word-by-word blows in some places.Pryce Ancona All right, we are back to “Not-a-Podcast.” We’re back just talking over video, and we have Brad with us this time. All three of us are with HTD Health. I’m very excited to be chatting today because it’s been a busy week in DC. Just this morning, I was preparing for a little talk on how disparate HIEs and Health Information Exchange look nowadays, and I accidentally stumbled upon a beta website—a new website facade for the ASTP. With how much I’ve been anticipating HTI-5, it’s just nice that we keep getting little Christmas gifts before Christmas is actually here.So there’s a lot to cover. We’ve got two blogs from Steve Posnack in the last few weeks. One of them is a little more directed at how TEFCA and CMS Aligned Networks are engaging with each other. I’m curious to hear from Brendan, if I may. What was your take? I know you wrote a little bit about that. Let’s dive right into it.Brendan Keeler You may have found the beta website, but there was a whole lot of alpha in Steve’s post, if I have to go there. Steve has three posts, actually. Two weeks ago, he kicked it off saying, “I’m going to start writing again.” Then he had the TEFCA post, “The Tide and the Speedboats,” earlier this week. And then even today, another mini post saying, “Hey, check out this cool stuff we’re doing.”Like you said, we all thought from Dr. Keane’s comments in DC last week that HTI-5 is coming. ASTP is doing something. Maybe we still get HTI-5, but we get these posts first. Earlier this week, we had “The Tide and the Speedboats,” which was a statement about TEFCA, the future of TEFCA, and the intersection and overlap of CMS Aligned Networks (another government network initiative) as part of the CMS Health Tech Ecosystem.Steve’s statement was pretty clear. He said, “Look, these are complementary. TEFCA is the floor. CMS Aligned Networks is the ceiling, exploring the far edges, the outer reach, the really cool advanced stuff.”The piece that I thought was interesting? He said, “Hey, scheduling data? Not something TEFCA really does right now. Encounter? Not really something TEFCA does right now.” And that’s kind of true, kind of not. Encounters are in USCDI. You can pull them. But then you can say it’s about push notifications, which is true—TEFCA doesn’t facilitate that today. I don’t know if you guys have any thoughts sparked by that or other pieces.Pryce Ancona Brad, you go first.Brad Thorson Well, I haven’t read Steve’s post today, so it sounds like I have some reading to do right after this. Regarding the CMS Aligned Networks: staying on the Herculean task of getting co-opetition without the regulatory framework that TEFCA has is tough. If CMS Aligned Networks starts to pull in more types of care delivery information that isn’t traditional EHI, that feels like it complicates the end goals. Pryce, I don’t know if you read it and want to say anything there.Pryce Ancona The one thing I was going to say is, Brendan, when you called out that TEFCA does already support the exchange of encounter information, the way I read Steve’s post was actually, “Oh, we don’t have a concept for this proactive FHIR notification, FHIR subscription, or event-triggered push of encounter or appointment information.” That’s the way I read it because that’s item 15 in the CMS Aligned Network framework.But then upon reading your thoughts, I wondered: Is he talking about clinical information from encounters, or is he talking about appointment information that you’d be receiving before an encounter takes place?You mentioned that TEFCA is trying to create a floor and the CMS Aligned Networks are trying to create a ceiling. But I keep wondering, doesn’t TEFCA have a ceiling too, already set with the SOPs? What happens when two CMS Aligned Networks or two CMS-engaged parties in this ecosystem try to use TEFCA rails for something that TEFCA has not yet permitted or proposed? Will those things start to come to a confluence? Are they not really complementary, or will they just fall right into how people start using TEFCA? These are things that I haven’t really mulled through yet, but I have a feeling you have.Brendan Keeler I’ve got the tea, I’ve got the holiday wine—whatever kind of mulled drink you’re looking for.To the first point about encounter data: Yeah, if you read it as notifications, TEFCA doesn’t do that, right? There have been attempts to do notifications—Carequality, Commonwell, and TEFCA are all query-based networks. In the Carequality world, there was an implementation guide for notifications. They put it out there, said, “Here’s how we’ll do it,” and nobody used it. So, TEFCA doesn’t have that SOP or definitions in place. Fair.But the way he wrote it implies this other criteria. It gets to a very interesting topic. As we think about the USCDI core clinical data, we have historic data—the things that have happened: procedures, medications, notes, labs. That’s “easy mode.” “Hard mode” is when we’re thinking ahead about the care plan and what needs to be done.Unfulfilled needs are market signals. As you put a market signal onto a network, one, they’ll use it for care, understanding the care plan, and collaborating. That’s the cool part. The part that’s going to bring more tension is that it is also market opportunity. That is unrealized revenue. If I can see it, I can say, “Let me steer that towards me.”We’ve seen that tension boil over before. SureScripts has fill data and understands there are refills outstanding. If you’re a pharmacy and you know that, you can say, “Hey Brendan, come fill it over here for cheaper or faster.” For years, SureScripts prevented pharmacies from accessing med history. They caught PillPack pulling that data through an intermediary to say, “Hey, come and use PillPack,” and they cut them off.So, when you have forward-facing activities—via orders, appointments, or prescriptions—you can start to say, “Let me steer towards the things I want.” This might be good for the patient (better care plan, no cracks), or it could be more nefarious (poaching orders). I think that’s going to come to a head as we get to this world via TEFCA, CMS Aligned Networks, and USCDI iteration.Pryce Ancona Man, provider steering. It’s good and bad.Brendan Keeler It’s good and bad. Back in the day in the Carequality/Care Everywhere world, this was the main fear. Before providers were hooked up for “Treatment” purpose of use, the big discussion was, “Oh, Dr. Smith down the street is going to steal my patients.” That proved not to be true. By and large, the use case was just: “Pryce just got hit by a bus, he’s in the ER, we need to get his records.” And they realized how transformative that was.Pryce Ancona Right. Something I’ve been thinking about—as a former Cadence implementer with Epic, appointments have a special place in my heart. As far as CMS work groups go regarding notifications of appointments and the “Kill the Clipboard” initiative (where you show a QR code with all your clinical and administrative data), I keep thinking about how appointments and SIU notifications don’t have insurance information on them. You really shouldn’t be asking a patient about their insurance until they’re standing right in front of you to verify eligibility day-of.So I’m starting to think: Appointment data is not always accurate because it hasn’t happened yet. What happens when the patient doesn’t show up? How much noise is out there? Or if a patient brings their own PHR to onboard into a clinical system—are they actually going to keep that PHR up to date?We keep thinking about how to solve for this, or do we just abandon certain parts of the framework? That’s what I’ve been thinking about this week.Brad Thorson I think we should definitely talk about the clear tension between TEFCA (rails for all care providers) and CMS Aligned Networks. Potentially there’ll be some Payment & Operations (P&O) activity there.CMS Aligned Networks has a lot of participants that are PHRs or digital applications. We could talk for an hour about the tension between these two initiatives—speedboats versus raising all tides. I think what I’m most in doubt of is that we can drive co-opetition around a singular vision of what the check-in process is.I think something that CMS Aligned Networks should be doing is requiring that care delivery platforms expose what their process is. It should be less about agreeing on what the check-in process must be for everybody, and more about discoverability. It shouldn’t take a deep discovery process to understand what check-in at cardiology looks like at NYU versus Mount Sinai. Instead of trying to get competitors to define shared standards, what we really need is better discoverability of how the process actually happens.Pryce Ancona Totally. I took us straight down the rabbit hole. We were talking about CMS Aligned Networks and TEFCA generally, but in the work groups I’ve been in, as you go down any given rabbit hole—Kill the Clipboard, appointment notifications, gaps in care—you realize they’re all so niche and hard to solve because there’s a lack of trust between the parties. You realize that’s why TEFCA hasn’t accomplished these things yet. It’s not because it’s hard to encrypt data; it’s because it’s hard to convince parties to trust each other with a set of policies.Brendan Keeler It’s alignment on goals, right? If you view CMS Aligned Networks as this vehicle to roll things out nationwide, it doesn’t have the right levers. It is a convening function to say, “Hey, we’re gonna put CMS’s weight behind this initiative to convene on the really forward-facing things.” To pilot those, to rapidly iterate through QR code check-in ideas—that sets something that could then be used in TEFCA and rolled out more broadly.That’s the speedboats. The speedboats are zooming ahead. Some will crash on the island, some will find treasure. The tide will follow that, slowly but surely raising all boats.One thing I want to address regarding what Brad brought up about Payment and Operations: We got kind of an answer in another update from ASTP and the RCE this week. There was a February date for the requirement of Operations for quality, care management, and HEDIS—a mandatory response date. Since there’s very little point-to-point optional Operations volume today, everyone doubted it would happen. It would be a big blemish on the authority of the RCE to move things forward if they went to a mandatory date and nobody did it.So, they removed that in some of the proposed SOP updates we saw this week. They said, “We’re going to facilitate better exchange in the short term by allowing point-to-point operations for a couple of sub-use cases.” Some people think that’s a big “L” for them. I think the bigger “L” would have been charging towards a date that wasn’t going to happen.Brad Thorson All right, so much has happened this week. Let’s do a rundown. I feel like I need to put together my reading for the holiday break. Brendan, start us on Monday.Brendan Keeler It was really Tuesday with the TEFCA monthly call where we heard the update: new standard operating procedure iterations for Treatment, IAS, and Operations. The Operations one was the big one. They said payers and plans don’t need to do reciprocity to start. You can just pull unidirectionally with your partners. They’re trying to encourage any change to get anyone doing Operations over the network rails. Removing the requirement to put your claims back on the network is a good interim step.In that call, Steve also announced his post. And then today, we saw the ASTP put out a number of interesting information blocking notices. Pryce, you’re the one who found that—what did you see?Pryce Ancona An FAQ was added that basically says: If you are a business associate of a provider and you have a meaningful reason to access electronic health information, and the EHR says, “We don’t have an API for that, sorry, manner exception,”—now it’s clear.This is obviously a result of litigation like the PCC case. They’re saying, if that’s true, then a viable method to receive this information is to use robotic process automation (RPA), screen scraping, or whatever you want to call it. It’s okay not to support every possible data exchange permutation, but you can’t complain if somebody gets that data through a manner you don’t like (like RPA). That was hidden at the bottom of Steve’s blog post today.Brendan Keeler We also got news that Datavant might be rolled up into some mega corporation? It’s just an onslaught.Regarding the information blocking: Everything in there we kind of already knew, especially if you work with a consultancy that helps mix tech and policy. But if you don’t, the guidance from ASTP was useful to say: RPA is considered EHI unless there’s a manner exception.The crazy thing is that this is going to be challenged. We saw them challenged on this in HTI-2. They don’t have a statutory authority to say what is information blocking; they have statutory authority to say what is not information blocking (the exceptions). That nuance might be challenged here.Pryce Ancona I was going to say we got close to an actual court case where someone asks, “What source are you using?” and they would have said, “Brendan Keeler, the Health API Guy, said it was OK.” Now they’re going to point at the ASTP actual authority.Going back to the TEFCA meeting: I had forgotten that you can join the network right now and use Operations, but it is not mandatory to respond. A state Blues plan told me they specifically will never join TEFCA because of that reciprocal responsibility. Now you’re saying they can join and just harvest that data if they like?Brendan Keeler It’s all point-to-point now. “Harvest” has some connotations, but it would be testing out that pattern over TEFCA rails. In the SOP, it says the RCE will monitor this to see when it’s right to do reciprocity. The idea is: We’ve had the Operations SOP for over a year, nobody’s using it, so let’s encourage use. Getting any use and iterating is better than waiting another year.Brad Thorson There are a couple of other things that happened this week. You touched on HTI-5. Where is it? What do we expect?Brendan Keeler I am excited. I want to parse the supposedly 34 certification criteria being ripped out. Maybe we expect with HTI-6 we’ll see new API-forward criteria inserted. Dr. Keane said last week it was going to be this week, and now we’re past that. Maybe it drops at 6 PM today.We can expect de-certification of criteria that say “You must type down demographics” or “You must do quality measures with older formats.” They’re going to gut a lot of the intrinsic capabilities of the EHR certification. What will be contentious is the proposed cutting of things like DirectTrust support or quality measure support. They aren’t APIs, but they are established data transfer mechanisms. When you throw somebody’s baby out with the bathwater, that causes tension.Brad Thorson Just one quick follow-up. We see CMS programs really leaning into nationwide networks or tools like DirectTrust for ACCESS eligibility. Do you expect HTI-5 to be in line with what we’re seeing in the new CMS programs?Brendan Keeler I would say there’s strong alignment across CMS and ASTP. CMS is stepping into health technology in a leading way that we haven’t seen in prior administrations. Under the current administration, this is a major part of it. The CMS Health Tech Ecosystem has Trump showing up at it—that’s a change of tenor. And ASTP is working with the DOJ and FTC because their number one priority is information blocking.Pryce Ancona I want to make this practical. Looking at HTI-5, thinking about deregulation and the enablement of these networks—what are they trying to practically accomplish? Is the thesis that if we force health tech developers to be available enough to exchange information, we get organic competition that’s better for everyone?Brendan Keeler There are a couple of principles.* Data Portability: Consumer access is a consistent theme since HIPAA.* Co-opetition: A thriving ecosystem of tools for providers to choose from. This administration wants to allow for provider choice. If you don’t have a path to compete equally in terms of integrative capabilities, you must always choose the vertically integrated option (the EHR bundle). They want to change that.* Reduction of Switching Costs: EHI export and bulk export are geared towards reducing switching costs between systems of record (e.g., switching from Epic to Cerner).Pryce Ancona I’ve heard you preach that as data is more mobile, access to that data becomes a commodity. The question becomes: How are you adding value on top of that? We don’t want the fact that one EHR has access to data to be their competitive advantage. It’s interesting to see this commoditization of data exchange. EHRs will have to differentiate on how usable they are or how much insight they provide.Brad Thorson I’m not going to take us fully up the rails, but it sounds a bit like the AT protocol.Brendan Keeler Can you give a brief one-sentence explanation for the crowd?Brad Thorson The AT Protocol (developed at Twitter/X) allows the transportation of social media across different clients without a centralized database. Any organization can launch their own PDS (data storage) and tie up to a protocol layer.I wrote about “lexicons,” which is an AT protocol idea. If Blue Sky wanted to introduce video, they would publish a lexicon explaining how to store and represent that data. Other servers don’t have to adopt it, but if a lot of people want video, market pressure drives adoption.The challenge shifts from “I have proprietary data” to “I have a better user interface or algorithm.” The introduction of information blocking laws is opening us up to say it’s no longer about siloing data; it is about a superior experience.Brendan Keeler Two thoughts: One, Instagram and TikTok in one feed sounds like my hell. Two, it’s not unlike well-known smart configs and capability statements that FHIR Servers expose.Pryce Ancona The parallel I see is that mega-corporations used to colonize land; now they colonize your attention. It’s interesting to see patterns saying, “Let’s make the valuable asset the data exchange.” If everyone has access to the data supply, everyone has to find a different way to make it valuable. I’d love an app that was like Instagram but only showed me plants and my family.Brad Thorson We need quick thoughts. Epic Community Registries—hit us.Brendan Keeler Epic launched Community Registries. It allows registries to architect their data needs, deploy to partner health systems, and remove the pain of clinical data abstraction. It threatens third parties that facilitate registry abstraction. We’ll see if it hits the same headwinds as other Epic “Health Grid” products.Brad Thorson Ron Wyden. What happened?Brendan Keeler My boy Ron Wyden is very privacy-focused. He reached out to Epic, and they implemented controls in MyChart to allow patients to have agency over their data sharing. Now he’s putting pressure on other EHRs. There might be tinfoil hat theories about reproductive healthcare data privacy, but he’s historically a privacy hawk.Brad Thorson Last thing, heading into the holidays—you get one surprise. What is it? I’ll say: I hate defining workflows based on HL7 feeds. I’m keeping my fingers crossed for a FHIR subscriptions surprise. Pryce?Pryce Ancona Low-hanging fruit, but I would love to see HTI-5. Every time something comes out from the ASTP, I just eat it up.Brad Thorson That sounds like you’re trying to avoid your in-laws this holiday.Pryce Ancona Don’t tell them that.Brendan Keeler I’ll take an information blocking enforcement action for 500. With that, thank you everyone. That’s the end of our Not-A-Podcast. We’ll see you after the holidays. Get full access to Health API Guy at healthapiguy.substack.com/subscribe

In this emergency video meeting (we won’t call it a podcast), Pryce Ancona and I discuss the recent antitrust lawsuit against Epic by the state of Texas (detailed in “Don’t Mess With Texas: Epic Edition”). We explore the implications of the lawsuit, the political context surrounding it, and the emotional reactions from the public and industry insiders. We have all the good stuff:* Market definitions* Motivations for the anti-non-compete movement* The strategic choice of venue for the case* Ken PaxtonWe also lightly got into antitrust laws with information blocking regulations as an alternate policy tool for pro-competitive outcomes.Health API Guy is a reader-supported publication. To receive new posts and support my work, consider becoming a free or paid subscriber.Chapters* 00:00 - Emergency Podcast: Epic’s Lawsuit Overview* 03:04 - Antitrust Allegations Against Epic: A Deep Dive* 05:58 - Market Definitions and Legal Strategies* 09:00 - The Role of Public Opinion and Political Context* 11:55 - Implications of Venue Choice in Texas* 15:08 - Technical Arguments and Judicial Efficiency* 25:23 - The Challenges of EHR Competition* 26:20 - The Complexity of Electronic Health Records* 27:41 - Market Dynamics and Competition in Healthcare* 30:14 Antitrust Issues in Systems of Record* 32:42 - Information Blocking as a Competitive Tool* 35:49 - The Role of Non-Competes in Healthcare* 39:31 - Political Motivations and Industry Dynamics* 43:49 - Legal Precedents and Future ImplicationsTranscriptWe ran the transcript through Gemini to smooth it out. So it’s a rough approximation of the conversation (and in many cases significantly clearer than our rambling), but notably diverges from the word-by-word blows in some places.Brendan Keeler (00:01) All right, Pryce, we’re here. We’ve never done this before. This is sort of an emergency—I won’t call it a podcast since we don’t have one yet—but with the stunning news that came out today or yesterday about the lawsuit against Epic by the state of Texas, led by your home state, I felt we needed something visual. It’s dropping right as we’re waiting for HTI-5, which is still pending.Pryce Ancona (00:33) I’ve been Googling the ASTP every 10 minutes hoping there will be something new, but it’s all just articles written by you about HTI-5.Brendan Keeler (00:44) It’s like that meme where the guy is poking it with a stick saying, “Come on, do something.” Dr. Keane promised it this week. But instead, we get this lawsuit. You’re boots on the ground in Texas—what’s the take?Pryce Ancona (00:47) Well, I can confidently tell you that nobody in Texas knows. Nobody cares except the Health Tech Nerds, you, and I. I feel particularly divided between my former employer and my current home state. Though, living in a state doesn’t mean you have to agree with everything your state government or attorney general does.I’m excited to dive in through the lens of politics, litigation, and technology. Each provides a different answer regarding why this is happening and what it will affect. But overall, it’s just regular Christmas time here in San Antonio.Brendan Keeler (01:49) What jumped out at you? What was the first thing where you thought? I have many takes but I’m curious, from your educated perspective, what was most exciting or curious? I don’t know if you’ve read the whole thing front to back like I did to my daughter last night.Pryce Ancona (02:00) I thought my one-year-old might enjoy it, but we stuck to the Christmas books instead.For me, anytime Epic is blamed in a big antitrust or monopoly manner, I always feel that, yes, they are the biggest electronic health record, and they’re easy to gang up on. Just like when the Patriots or the Chiefs are winning everything, it’s easy for the whole NFL to hate them regardless of whether they’re cheating.At the end of the day, Epic is a software system. If their revenue is $6 billion a year, they’re in the Fortune 500, but not the Fortune 100. It doesn’t feel like the right place to attack if you’re trying to solve the problem of healthcare costs. It is probably the right place to attack if you’re trying to set precedents in healthcare information exchange.But I think this has a more pointed plan than just information blocking or monopolies. It’s about specific topics and political movements. That gets me angry because I feel like, “Don’t pick on the nerds in Wisconsin.” Honestly, 9,990 of the 10,000 are just trying to do their best. Some might be more cunning, but generally, they are good people.Brendan Keeler (03:46) It’s interesting because you’re gravitating towards these emotional topics. The things we intuit when we think about antitrust and monopoly are often: “How does it feel as a person interacting with that company?” But the reality is, market dominance isn’t about that. Market distortion is about that. Antitrust, as a tool, is meant to stop market distortions in the face of market dominance.Taking a step back for those who haven’t seen the news: Ken Paxton and the state of Texas have accused Epic of antitrust violations. This is a more direct form of antitrust regarding the markets they define than the two private antitrust cases we’ve seen, like Particle v. Epic. Those were interesting because the markets they claimed—payer platforms and managed care software—were adjacencies involving “leveraging” market dominance in one area to shake ground in another.Here, we have cleaner market definitions. They define:* EHR database software for acute health systems.* EHR database software for academic medical systems.* EHR applications.They claim Epic has a monopoly in the first two, and through tying and bundling, is monopolizing the third. At face value, that is a stronger, more straightforward path than the other cases regarding market definition. Market definition is the most critical first step for every antitrust case.Pryce Ancona (05:38) Right.Brendan Keeler (05:57) It is the barrier each case faces in the motion to dismiss. You can have a monopoly in a market—80% or 90% dominance—which is called a “natural monopoly.” That’s okay, so long as you’re not acting anti-competitively. Likewise, you can act anti-competitively, but if you don’t have market dominance, it’s not antitrust. If you have 10% market share, you can do all the things alleged in this complaint—like preclude access to APIs or charge exorbitant fees—but without market dominance, you cannot distort the market.Pryce Ancona (06:29) And if they’re not breaking other laws, like being certified health IT or information blocking, then it stands.Given the laid-out markets, what’s your take? Do you feel like those three markets are distinct? You mentioned that in your article. Unless you’re talking about a “headless EHR,” which is a tiny fraction of healthcare software, I don’t really understand this take on a “database system” versus an “application suite.”Brendan Keeler (07:15) You’re right to hone in on that. There are a number of challenges Epic will likely rebut.The first is commercial reality. As you define markets, they need to be tied to commercial realities. It’s glaring to people who have worked at Epic or in the industry that the buyer is the health system. They aren’t buying an “EHR database” separately. Very rarely do you see an EHR where you swap in PostgreSQL versus the next thing. As we shift toward the cloud and SaaS platforms, it’s yoked together. In the Athena world, for example, you don’t choose which database is under the hood. So, that nomenclature is off-putting and could affect the case—maybe it’s fatal, or maybe it just forces them to amend their complaint.The second thing regarding market definition is the categorization: EHR databases for academics, EHR databases for acute, and the apps. You’d traditionally expect one core monopolized market and then the tied market. Reading the tea leaves, you sense weaknesses in the two core markets. In the acute market, do they have dominant market share? Usually, you need 70% or 80%. Epic might have 50% or 55%.Pryce Ancona (09:38) Yeah, not even that.Brendan Keeler (09:42) On the academic side, is that a distinct market? Do academic medical centers purchase a different set of software that isn’t interchangeable with the acute market? This winnowing down is often referred to as “gerrymandering” the market—which is funny in the context of Texas.It ties back to the United States v. Oracle case in the 2000s. The DOJ said high-functioning enterprise HR software was monopolized by Oracle purchasing PeopleSoft. They lost because the judge said, “Actually, you’ve gerrymandered the market.” Precedents are there regarding systems of record.Pryce Ancona (10:38) Earlier you mentioned my emotional reaction has no legal bearing, which is true. But from this market definition perspective, I’m thinking there is a legal tactic here. If we gerrymander the markets appropriately—exclude the mom-and-pop clinics and just talk about Epic dominating the “whales,” the academics, and the pediatric hospitals—that’s an interesting tactic.From an emotional perspective, the way they talk about the “EHR database” will probably resonate with the public. It sounds like Epic holds and hoards your medical records like Smaug sits on gold in the Lonely Mountain. That’s ironic because Epic doesn’t own any of this data. Most customers are self-hosted; they aren’t even hosted in Verona. The hospitals manage the database.Even if I don’t think the definition that “Epic hoards all these charts” is true, the political implication is impactful. People are thinking, “What is this little company in Wisconsin? Why did my nephew have to move to Verona right out of college instead of staying in Texas?” I’m looking at what will hold up in court versus what is advantageous in the court of public opinion.Brendan Keeler (12:44) The court of public opinion matters. It could be a jury trial. It could go to a bench trial, which often happens in antitrust due to complexity, but you certainly want public opinion on your side. It also emboldens others to file private cases or negotiate harder with Epic.Let’s go straight into optics. Ken Paxton is an optically forward, contentious figure given his staunch conservative support of Trump during topics like the 2020 election, abortion, and trans rights.Pryce Ancona (13:48) We’re seeing a clear line from this case to trans rights, minors having access to their data, and parents having agency over everything their kid does. I started sending my kids to school this year thinking they were going to have the 10 Commandments hanging in every classroom because that was happening in Texas. There is a clear line being drawn between points in this case and the political atmosphere writ large.Brendan Keeler (14:23) They lumped it in here. It’s a pretty good antitrust case that is fascinating to follow, and then they said, “What if we throw in parental rights?”They take this angle that the “Do No Harm” lobbyist group has been pushing: that Epic and Oracle promulgate settings to hospital customers so parents can’t access their kids’ data at age 13 or 16. Maybe they’re right or wrong. But in my experience, these hospitals have lawyers and implementation staff; they aren’t going to violate state law. Setting those things up correctly is of paramount importance. The failure to do so is on the hospital in my mind.But trans rights and the HIPAA intersection have been in the news. Ken Paxton is taking advantage of that to give this the “glow” of antitrust—making it not just a culture war, but advancing a conservative agenda. This cannot be seen without the backdrop of him running for Senate. He has crusaded against Epic and tech giants pushing “liberal values.” I wouldn’t be surprised to see that dialogue pop up as he moves forward with his run.Pryce Ancona (15:49) You always talk about software bundling, and now we see “argument bundling”—sneaking certain thoughts in with others that more people will get on board with. Obviously, that’s just politics.Brendan Keeler (16:16) I’m like, “Keep my antitrust away from my culture wars.” I don’t think there is much synergy there aside from the optics.The other interesting strategic angle is the choice of venue. Did you notice it’s in Texas court and not federal court?Pryce Ancona (16:49) I don’t know how advantageous that is legally, but home-field advantage is a serious thing. When I think of Epic lawyers, I think of people who know everything about healthcare policy. But Texas state law is an abstraction away from just hometown advantage. Having it in Texas is definitely strategic. I know you can’t work for Epic and live in Texas unless you have a special position.Tell me more about why that venue is important. Judges are meant to be impartial, but they’re human. Does interpretation of law play into this?Brendan Keeler (18:25) Totally. Federal judges are appointed. You see partisan swings with Obama, Trump, and Biden appointees, but by and large, you get bipartisanship or multiple viewpoints. In states, judges are elected. Even if they are supposed to be impartial, who they are and who elects them plays into things. The jury pool is another aspect.But the bigger piece is they chose to stay out of federal court. They could have used the Sherman Act—the federal antitrust law. Instead, they used the Texas Free Enterprise and Antitrust Act. My understanding is that it gives them procedural advantages, specifically regarding the Twombly pleading standards.The motion to dismiss is the first gauntlet. In federal court, market definition faces a high bar. While state laws are supposed to harmonize with federal law, there is more discretion at the state level. I think they believe they can get through the weaknesses in their market definition via state court. This allows them to get to discovery, where they can potentially find new things and amend the complaint.Pryce Ancona (21:05) Okay, so market definition needs to survive to move to discovery.Let me ask about the proxy access to health charts. I felt like Houston Methodist and Texas Health Resources have agency to change nearly every setting in their Epic instance, including proxy access. Patients and caregivers commonly have access to MyChart for someone else.This feels like suing Toyota because I drove 90 miles an hour. Toyota made the car, but I’m the one configuring it and using it. Can the initial argument say, “This has no merit because we don’t even play a part in making that decision?” Or does that happen during discovery?Brendan Keeler (22:13) That’s a good question. The order of operations is: pretrial motions (motion to dismiss), then a formal answer to the complaint, then discovery.Typically, you see market definition as the angle of attack for dismissal in antitrust because the bar is high. For the other claim, which isn’t antitrust, any claim has to be plausible. In the pursuit of judicial efficiency, judges can dismiss claims that aren’t plausible to avoid wasting time on expensive trials.Expect Epic to push back and say, “This is not plausible, we shouldn’t waste your time, Judge.” Intuition says the hospitals control the settings, but we have to apply the law.Many people online say, “Epic is the clearest monopoly I’ve ever seen.” But by standard measures, where are they? You can feel it, and anyone who has developed in healthcare has felt blocked from competing fairly. Anyone who has developed against a system of record—in property management or banking—knows they have superpowers in cross-selling and up-selling. So, you see a lot of empathy for the claims.Pryce Ancona (24:26) That amazing Acquired podcast episode talked about Epic for four hours. Their research was well done. Their opinion was that of all the systems of record, the EHR must be one of the hardest to displace. It is ingrained in the lifeblood of the organization: billing, clinical, regulated private information. It’s survival mode.Ken Paxton complains it would take billions and decades to switch. I don’t think that’s hard to dispute. Maybe you argue where those billions are spent—labor, project management—but it is one of the hardest software systems to displace. That’s why we see the federal government pushing regulations like information blocking: if your software is compliant, it must allow for data exchange and organic competition.I want to hear what you think is advantageous to Epic versus Texas regarding market definition.Brendan Keeler (26:49) If they clean up the market definition regarding acute and academic databases, they might get to something plausible enough for discovery. The leveraged market (the apps) is downstream of that; it falls apart if the core market isn’t monopolized.Some stats they list are weak. Saying “90% of patients have an Epic record” doesn’t mean market share, because patients have records across multiple systems. It’s a “vibes-based” metric.You mentioned that healthcare is unique regarding displacement. I think this is true in every industry. Core banking systems haven’t changed since the 1950s. Tyler Technologies dominates government systems. Systems of record have an exponential competitive moat of switching costs that rises with data density.This leads to the paradox of antitrust for systems of record: they almost always fail the SSNIP test (Small but Significant Non-transitory Increase in Price). If Epic raised prices, would someone switch? No. The cost of migration is huge. By that test, every system of record is a monopolist. But when you look at market share, they are often at 30% to 50%, not the 80% or 90% ubiquity you see in network-based businesses like railroads or telecom.Historic antitrust laws are ill-equipped to deal with systems of record, which is why the DOJ failed against Oracle and Microsoft. We need different tools.Enter: Information Blocking. It is really interesting as a pro-competitive law. It allows for the outcomes we want to achieve—interoperability and fair access for apps—without the high bar of antitrust. It achieves a similar policy goal regarding the ecosystem, but it doesn’t “push Epic down” or break them up. If people are looking for that outcome, antitrust is the tool they want.Pryce Ancona (31:45) Who do you think is pushing for that outcome most?Brendan Keeler (32:00) The outcomes should be driven by thinking about what is pro-competitive. The thesis is: give providers choice of applications, and healthcare will be better.Information blocking cements the angle that innovators should have fair access. We see this playing out in cases like Real Time Medical Systems vs. PointClickCare and Intus Care vs. RTZ.If you’re looking for tinfoil hat theories, people point out Oracle is in Austin and speculate about Larry Ellison. I don’t buy that. I buy this case coming back to Paxton running for Senate.Pryce Ancona (33:32) I wonder how this ended up in his crosshairs. It’s interesting how one thing gets plucked from the bunch.Brendan Keeler (33:47) People wonder who is pulling the strings. Investigative journalists can look, but often it’s not one “Wormtongue” whispering in an ear. It’s the aggregate frustration of an industry. The frustrations regarding costs and outcomes are lumped at the feet of insurers and tech companies. It really is aggregate vibes feeding into the discourse.Pryce Ancona (34:27) If Ken Paxton doesn’t like Epic, he’s not unique for that.One more thing: Texas and California have strong political identities. In the past, Texas has favored non-competes (or at least generally enforced them). Now they’re arguing that Epic’s non-competes are detrimental to the industry. What are your thoughts there?Brendan Keeler (35:35) It’s interesting. Under Lina Khan and Biden, the FTC advanced a rule banning non-competes. That was struck down in a challenge led by Texas, arguing the FTC didn’t have the authority.Now you see this claim against Epic about non-competes, and you think, “Okay, Ken Paxton, you’re on board now?” But the motivations are different. Democrats are historically pro-labor; they dislike non-competes because they restrict workers. Texas is arguing this from a pro-business, competition standpoint: they claim Epic is suffocating potential businesses because labor can’t move.I think if you are pro-capitalist, you should favor fluid innovation and liquidity of talent. This selective application doesn’t resonate with me. But overall, no one is going to defend Epic’s non-competes.Pryce Ancona (38:28) Was the initial Texas case against the FTC ban in federal court?Brendan Keeler (38:57) Texas isn’t anti-non-compete entirely. They go after health system non-competes when they distort the local market. But the challenge to the FTC ban was based on the idea that the FTC lacks congressional authority to issue a blanket ban. That is different than targeting a specific monopoly’s use of them.Pryce Ancona (39:00) Man, there’s a lot to digest here. I’m glad you got your new court case after getting a whiff that one of your other favorite court cases might be settling.Brendan Keeler (39:23) I’m so bummed. It looks like Real Time Medical Systems and PointClickCare will settle. That is good for the companies, but from a precedent-setting perspective, it would have been exciting to see courts decide the intricacies of information blocking.Pryce Ancona (39:35) What does that rob you of? I thought we saw in that case that the exchange of health information—even via robotic process automation (RPA)—shouldn’t be legally discouraged. What else would have shaken out?Brendan Keeler (40:09) That case was in the preliminary injunction stage. The district judge decided for Real Time Medical in a precedent-setting way regarding the interpretation of information blocking and how federal statute interacts with state tort law. That was appealed and upheld.But to set hard precedent, you need to go through the actual trial. A bench trial allows for a “facts-intensive” review of security, performance, and data. The preliminary injunction is a “speed run” to decide if claims are plausible and if there is immediate harm. If they settle, we’ll never find out the deeper result. We’ll have to wait for Intus Care vs. RTZ.Pryce Ancona (41:31) Well, if what we’re hearing from HHS is true, we’re not done thinking about info blocking.Brendan Keeler (42:08) If you know any good lawyers, the OIG is hiring up to five lawyers for information blocking. They are revving their engines.Pryce, I hope you had fun with this. Let’s see if the internet loves it.Pryce Ancona (42:20) I loved it. Thanks for chatting. Get full access to Health API Guy at healthapiguy.substack.com/subscribe