We recently submitted our formal response to CMS’s Health Technology Ecosystem RFI—and we didn’t hold back. While CMS processes the 1,366 submitted comments, we’ll keep it simple about what b.well shared. Here are the four big moves we told CMS are needed now, not someday.
1. Enforce the Rules We Already Have, Especially for EHRs, Providers, and HIEs
The reality is that we already have many of the right rules in the books. But without enforcement, too many vendors and providers are still blocking access—either by throttling data, charging for basic APIs, or simply refusing to turn them on.
CMS must:
- Enforce information blocking penalties across EHRs, labs, pharmacies, and HIEs
- Mandate certified API activation for all providers receiving government funds
- Investigate anti-competitive practices like price-tying and integration lockouts
2. Cure Portalitis with Digital ID and Trusted Access
Most patients can’t get their own health data without jumping through unnecessary hoops—managing multiple logins, remembering old passwords, or losing access due to expired tokens. We call it portalitis, and it imposes too much burden and toil on patients.
We told CMS they can fix this by:
- Requiring federated digital ID (IAL2) to simplify and secure patient authentication
- Stopping the use of short-lived or broken refresh tokens that disrupt continuity
- Eliminating scary, misleading OAuth screens that deter patients from connecting apps
We’ve already proven that trusted identity works. Let’s scale it.
3. Move Certification Off the EHR and onto the APIs That Power Real Care
It’s time to stop certifying workflows that keep data stuck inside proprietary systems. The value today isn’t just in records—it’s in action: population health, the shift to value and quality, scheduling, price transparency, refill requests, messaging, and coverage checks.
CMS should:
- Certify and mandate real-world APIs that connect care, not just data
- Ensure third-party developers get equal access to these APIs
- Require that these APIs are performant, free, and not limited to first-party tools
Many of these APIs already exist, and we just need them to be more open and accessible.
4. Expand Standards and Access Across the Ecosystem
Access shouldn’t stop at the doctor’s office. Labs, pharmacies, LTPACs, imaging centers, they all hold critical information, yet most aren’t sharing it with patients in any scalable or standards-based way.
We urged CMS to:
- Expand certification and patient access API requirements across all care settings
- Hold actors accountable when they cherry-pick apps or hide behind the “infeasibility” excuse
- Create a unified framework that brings labs and pharmacies into full compliance
Patients need one complete picture of their health, not fragments in 8-10 different apps and portals.
The bottom line is that we’ve come too far to let inertia slow us down now. In our RFI response, we showed what’s possible when innovation, standards, and enforcement align—and we made it clear what’s standing in the way.
Let’s finish the job. Let’s build a modern health tech ecosystem that works for everyone.
