Thomas Keane M.D., MBA, assistant secretary for technology policy and national coordinator for health information technology, appeared before the Senate Health, Education, Labor and Pensions (HELP) Committee this week to answer questions about the progress and challenges modernizing the nation’s health data infrastructure.
During the hearing, senators from both sides of the aisles brought up concerns over interoperability, prior authorization reform, cybersecurity threats facing rural hospitals, patient data privacy, and the rapidly expanding role of artificial intelligence in health care. Dr Keane highlighted federal efforts underway to improve access, exchange, and use of data but acknowledged the persistence of systemic barriers.
Interoperability gains and obstacles
Dr. Keane noted growth of the Trusted Exchange Framework and Common Agreement (TEFCA), which now connects more than 70,000 locations and enables exchange of nearly 500 million health records, up from 10 million several years ago, But he conceded that technological progress alone hasn’t eliminated one of the biggest frustrations for clinicians and patients: information blocking. He said the department is issuing notices of potential nonconformity to suspected violators and coordinating with the HHS Inspector General to enforce compliance.
When asked why interoperability is still inconsistent, Dr. Keane said that getting insurers and electronic health record (EHR) companies to communicate “is a little bit like herding cats,” even though all sides acknowledge the system’s inefficiencies and high costs.
Prior authorization progress
Sen. Roger Marshall, M.D., (R-Kan.), expressed concern with the number of patient complaints about delays caused by Medicare Advantage prior authorization processes and urged faster implementation of real-time electronic authorizations. Dr. Keane pointed to the administration’s HTI4 rule, which finalized standards for real-time adjudication at the point of care, but said adoption depends on both insurers and EHR vendors implementing the tools correctly.
Cybersecurity risks
Several senators cited rising ransomware attacks on hospitals, including rural facilities with thin operating margins. Dr. Keane warned that cybersecurity failures can devastate small providers and recalled experiencing a shutdown himself while practicing in rural Ohio.
He said the proposed HTI5 rule will modernize certification criteria so hospitals can adopt more advanced, phishing-resistant standards like FIDO2 instead of outdated checkbox requirements.
AI guardrails
Sen. Bill Cassidy, M.D., (R-La.), chairman of the Senate HELP Committee, pressed Dr. Keane about how AI should use patient data, who bears liability for AI-driven clinical guidance, and how to prevent misuse of sensitive information. Dr. Keane pointed to a federal request for information (RFI) on safe AI deployment, which has already received “hundreds of responses” that will shape future policy.
But the discussion also revealed gaps in authority: many consumer health apps using AI are not covered by HIPAA once a patient voluntarily uploads their data. Dr. Keane acknowledged that unlike Medicare-enrolled-apps, these AI platforms can legally reuse or even commercialize patient information unless Congress acts to strengthen safeguards.
Behavioral health, long-term care, and trial health data
Senators also voiced concerns that behavioral health, long-term care, and tribal health systems —historically excluded from federal EHR incentive programs — remain less connected. Dr. Keane highlighted a new behavioral health information technology initiative being piloted in nine states to try to improve exchange between health care, social services, and housing agencies.
He also noted progress with the Indian Health Service, the first federal system to join TEFCA, and pledged to work with the Senate Indian Affairs Committee on improving tribal data privacy and sovereignty.