Patient-data sharing rule drew provider pushback template

The Centers for Medicare & Medicaid Services received 154 nearly identical comments in 2019 opposing the proposed interoperability and patient-access rule. The campaign argued that forcing payers to share enrollee data with third-party apps would create privacy and security risks without enough vendor accountability.

Campaign window

Feb 2019

Jun 2019

112 days · 154 comments detected

Shape of the campaign

154near-identical comments detected

Each red dot is one comment that matched the campaign's template text. Grey dots are unrelated submissions to the same docket. The clustering algorithm groups comments by semantic similarity, not by exact string match, so light wording changes don't hide the pattern.

How this stacks against other campaigns in health care

ACA nondiscrimination rollback drew civil-rights template1,847
Vape ban opposition flooded FDA tobacco docket612
Patient-data sharing rule drew provider pushback template154

Scale

154of 26,129 total comments in this docket

Coordinated (1%)Other (99%)

The template

“While we support the goal of patient data portability, the proposed rule will require payers to share enrollee data with third-party app developers who are not subject to HIPAA. This creates serious privacy and security risks for patients who may not understand that consenting to share data with an app strips away federal privacy protections. CMS should require enforceable data-use agreements with all downstream apps before mandating API access.”
Representative comment / Director of Health IT, Regional Hospital System

Attribution

Who organized this?

Epic Systems and allied EHR vendorsIndustry coalition

Several electronic health record vendors, led publicly by Epic Systems, distributed template opposition letters to their provider networks, arguing that the FHIR-based API mandate would expose patient data to unregulated third-party apps.

Attribution is based on publicly available evidence. It does not imply wrongdoing.

Migration analysis

Did the campaign's language make it into the final rule?

Language did not carry into the rule

CMS adopted the FHIR-based patient-access API requirement substantially as proposed. The campaign's argument that third-party apps create unmonitored privacy risks was not adopted into the operative rule text — CMS instead relied on existing HIPAA boundaries plus a payer-disclosed app review process.

Phrase overlap is correlation, not causation. Many advocates and agency staff use the same vocabulary; matching language is not evidence the campaign drafted the rule.

Rule outcome

Did it influence the final rule?

Adopted2019-02-11 to 2019-06-03

CMS finalized the Interoperability and Patient Access rule in March 2020 despite opposition. The rule requires payers to make patient data available via standardized FHIR APIs, with phased compliance deadlines through 2023.

Rule outcomes are matters of public record. Astroturf does not claim the campaign caused or prevented the outcome.

> Technical details

Cluster IDcurated-cms-2019-0006-c2d50abbea1e7c02Docket IDCMS-2019-0006Finding slugpatient-data-sharing-rule-drew-provider-pushback-template-4b664eGeneratedManual (edited)

View all 154 member comments ->