Building healthcare interoperability at scale in 2026

Healthcare doesn’t need more believers in interoperability. It needs more builders.

For years, healthcare interoperability has lived in two worlds at once.

In one world, it has been a policy conversation. Lawmakers, regulators, vendors, health systems, and industry groups spent years debating governance, privacy, security, and the mechanics of how data should move — and that groundwork is what made this moment possible.

In the other world, interoperability has become more immediate — clinicians are demanding the information needed to treat a patient without delay, and patients are demanding not only access to their health record, but that it follow them across settings of care. So they won’t have to show up with a grocery bag full of printed records or call a previous provider to ask for a fax.

Over the past few weeks, discussions about interoperability have dominated the annual ViVE and HIMSS conferences and we expect upcoming announcements about the ongoing work of the Centers for Medicare & Medicaid Services' (CMS) Health Tech Ecosystem. These discussions are important and will continue, but more notably, they are increasingly translating into action.

The groundwork is done. The building has to start now.

The government has spent years convening stakeholders, setting expectations, and nudging the market toward implementation. Through efforts like the CMS Health Tech Ecosystem, that work is now serving as a catalyst for real progress. The message coming out of recent federal engagement is unambiguous: the policy groundwork has been laid, the standards exist, and it’s time for the industry to move from deliberation to execution.

Of the hundreds of stakeholders that CMS has been working with, some are already building and announcing tangible solutions, while others remain focused on letters and hypotheticals. The agency recognizes the difference, and increasingly, so does the market.

Much of the deliberation has focused on privacy and security. A more interconnected system may elevate the risk of unauthorized data access by malicious individuals. We don't address cybersecurity risks in financial services by restricting digital transactions; instead, we invest in robust safeguards. Healthcare should similarly enable secure information flow with proper protections.

That approach does not make privacy and security an afterthought. Quite the opposite. Any interoperability strategy worth taking seriously must embed both from the beginning, not as a one-time compliance check, but as an ongoing architectural commitment. Safeguards will continue to evolve because patients and clinicians deserve nothing less.

Simply put, the healthcare industry does not have to choose between connectivity and security. It can, and should, insist on both. Organizations willing to take on that responsibly are the ones that should set the pace.

What interoperability building actually looks like at scale

At athenahealth, we have done exactly that. We are the first EHR vendor to migrate 100 percent of our eligible clinicians to TEFCA, a milestone that reflects both scale and consistency of our approach. Today, more than 100,000 clinicians are live on the network, with record sharing enabled by default for every patient unless they choose otherwise. Through TEFCA, we automatically connect with more than 125,000 provider sites via CommonWell Health Alliance, significantly expanding access to critical patient information. We currently receive approximately 45 million documents per month and make a similar volume available for partners and customers to securely retrieve through the network. In 2025 alone, more than 32 billion API calls enabled seamless data exchange, empowering customers to deliver better care.

We have also continued to build the connections that expand how patients and clinicians access and use health information across settings — through our collaboration with b.well, which lets patients aggregate their health records and share them at the point of care via QR code during intake; through our integration with Google's Fitbit Personal Health Record and Google Wallet, which gives patients another trusted, familiar pathway to share their clinical and wellness data at check-in; and through additional integrations now underway.

Governance is good. It’s not enough.

We have also gone further than governance requires on the security side, and we are not shy about saying so. athenahealth has voluntarily implemented several administrative and technical controls designed to ensure that our healthcare provider clients are only making queries to networks for Treatment purposes. We only initiate a query where there is a demonstrated relationship between patient and provider. Queries are only sent in advance of a scheduled appointment or when the provider is actively reviewing a patient chart. These additional measures are not required by any law or TEFCA governance rule. We built it because it is the right thing to do.

When data does not move as freely as it should across the healthcare system, the default explanation tends to be that the technology is not ready, the standards are not mature enough, or the privacy and security risks are too great. Those concerns are legitimate and deserve to be taken seriously. But they should not be used to obscure a simpler and more uncomfortable truth.

The barrier to interoperability today is not technology, not privacy, and not security — it is business models, and the lack of will among certain participants to allow data to move in ways that do not serve their competitive interests. That is the harder conversation, but it is the honest one — and CMS has made it clear it expects the industry to act on it.

Why independent practices need open infrastructure most

Independent ambulatory practices operate at the end of the longest lever in healthcare — closest to patients, furthest from the resources that large health systems take for granted. They cannot negotiate proprietary data access. They cannot absorb the cost of chasing records across disconnected systems. And their patients do not stay in one place. This is why open interoperability infrastructure is the foundation — and the difference between a practice that can coordinate care and one that cannot.

Interoperability, at athenahealth, is an operational responsibility, not a positioning strategy. We are not waiting for every concern to be resolved before we build. We are building, testing, measuring, adjusting, and expanding — and we are working with any personal health app, any partner, any platform willing to meet us there. Healthcare doesn't need more believers in interoperability. It needs more builders.