Epic Systems Response to CMS/ONC Health Technology Ecosystem RFI

Epic Systems CMS Response – Epic Welcome

Epic Systems submitted detailed recommendations to the Centers for Medicare and Medicaid Services (CMS) and the Office of the National Coordinator for Health IT (ONC) regarding the future of the U.S. health technology ecosystem. The response focuses on improving interoperability, patient access, data quality, digital identity, and regulatory clarity to strengthen the national digital healthcare infrastructure1

Key Points and Recommendations

1. National Healthcare Directory

• Epic supports CMS’s plan to build a unified, national healthcare directory as a foundational step for interoperability.

  • The directory should use federated inputs: CMS would manage provider identity (via NPPES), while other organizations (payers, hospitals, licensing bodies) update contextual data (e.g., practice locations, specialties, network status).

  • Strong governance is needed to ensure data quality, with automated validation, routine audits, and a dedicated quality officer.

  • Automated, API-based updates are recommended to keep data current and reduce manual errors, prioritizing machine-to-machine communication over static portals1.

2. Digital Credentials and Patient Identity

• Epic advocates for a common digital identity infrastructure (e.g., using Credential Service Providers like CLEAR or Login.gov) to streamline access, reduce administrative burden, and empower patients.

  • Identity proofing and patient matching remain critical: digital credentials should be linked to the correct medical record, with fallback options (like MFA or passwords) for those unable or unwilling to use digital IDs.

  • Consent and authorization must remain with the covered entity (provider), ensuring patients control data sharing.

  • Epic stresses the need for interoperable digital identity solutions (not proprietary), support for alternatives (mobile driver’s licenses, passkeys), and robust patient controls (revocation, audit trails).

  • Liability for inappropriate disclosures should be shared between providers and CSPs, with HIPAA updated accordingly1.

3. TEFCA (Trusted Exchange Framework and Common Agreement)

• Epic views TEFCA as the core infrastructure for nationwide interoperability and urges further expansion:

  • Broaden use cases to include payment, operations, public health, and government benefits determination (e.g., Social Security disability).

  • Align TEFCA with the national directory to avoid duplicative systems and streamline data exchange.

  • Governance should prevent data exploitation, ensure compliance, and hold all participants accountable for privacy and security1.

4. Health IT Certification and Standards

• Epic recommends streamlining ONC’s Health IT Certification Program to focus on interoperability and standards-based data exchange (e.g., USCDI, FHIR APIs).

  • Non-interoperability requirements (like “Insights Condition” and “Real-World Testing”) should be removed to reduce burden and encourage innovation.

  • Broader adoption of standards is needed, especially among labs, imaging centers, pharmacies, and long-term care facilities not currently using certified health IT1.

5. Large Language Models (LLMs) in Healthcare

• LLMs are valuable for extracting insights from unstructured clinical data but should supplement—not replace—standards-based data exchange.

  • Structured data exchange via FHIR APIs is more reliable and cost-effective for many use cases1.

6. Quality Measures and Reporting

• Epic supports the transition to digital quality reporting but urges CMS to provide flexibility for small practices lacking technical capabilities.

  • In the long term, Bulk FHIR Submit is recommended for standardized, efficient quality data submission1.

7. Information Blocking

• Epic calls for clearer guidance and safe harbors to help regulated actors understand what is not considered information blocking.

  • Overly complex and vague regulations create compliance burdens and may discourage innovation.

  • Participation in TEFCA should be recognized as a “safe harbor” for information sharing, and actors demonstrating a commitment to interoperability (e.g., public APIs, TEFCA membership) should be acknowledged1.

Conclusion
Epic’s letter advocates for a federated, standards-based, and patient-centric health technology ecosystem. The company emphasizes the need for strong governance, automation, regulatory clarity, and shared responsibility across all stakeholders to advance interoperability and improve patient outcomes in the U.S. healthcare system1.

Epic Systems Response To RFI

More Epic Systems CMS Response Resources

• Epic EHR Gains – More Hospitals Switching to Epic
• Epic Welcome Check-In Kiosk For Patients
• Patient Check In EPIC Welcome Kiosk by KIOSK

• CMS Official Announcements:
  The Centers for Medicare & Medicaid Services (CMS) website and newsroom regularly post updates about the RFI process, listening sessions, and next steps for building the digital health infrastructure, including the national provider directory23.

• Industry News and Analysis:
  Outlets such as Digital Health News and HealthManagement.com provide coverage and expert commentary on the RFI process, Epic’s role, and broader industry reactions45.

More

Summary Table: Epic’s Recommendations for a National Healthcare Directory

Summary Table: Epic’s Recommended Standards