What California’s Health Data Sharing Moves Might Mean for Rest of U.S.

Dec. 3, 2024
Looking at California’s headwinds and tailwinds can help other states as they build out their data sharing infrastructure

Following a year marked by notable regulatory changes and new frameworks on health data sharing across the U.S., California has implemented major initiatives, including the California Data Exchange Framework (DxF) and California Advancing and Innovating Medi-Cal (CalAIM). These advancements are reimagining how health and increasingly social service information flows across providers, payers, and community-based organizations (CBOs), setting the stage for change that could ripple across the country.

While these developments offer momentum, they also bring unique challenges. Looking at California’s headwinds and tailwinds can help make sense of where we are, what barriers lie ahead, and what factors will be essential for sustainable data exchange in this state, as well as other states, as they build out their data sharing infrastructure.

Tailwinds in California

Over the past year, California has laid the groundwork for more health data exchange through initiatives like CalAIM, aimed at dramatically and broadly improving health outcomes for Californians, and the DxF, intended to enable programs like CalAIM by increasing health and social services data sharing across the state.

Recognizing the need for whole-person care — care that doesn’t depend solely on the clinical care delivery system to improve health outcomes — CalAIM strives to address needs like housing, transportation, meals, and personal care for a range of high-priority populations, including foster children and individuals involved in the justice system. Doing so requires understanding both population-level and individual needs and then deploying multidisciplinary teams to provide support and services to meet those needs, many of which are social in nature. CBOs and social service agencies become not only critical service providers, but also essential data trading partners with traditional clinical care delivery systems. CalAIM’s approach requires extensive data infrastructure to support more extensive data sharing, including behavioral health and health-related social data, in order to streamline care coordination and improve outcomes for Medi-Cal’s most vulnerable members. 

At the same time, the DxF mandated that most healthcare organizations share health and social service information (HSSI) by early 2024. The DxF demands data sharing beyond what is required in federal certification for electronic health records and information blocking regulations; its wide scope incorporating social service information is necessary given the state’s transformational ambitions in programs like CalAIM. The DxF is “technology agnostic,” meaning it does not require participation in a single network or use of a specific technology for exchange. It is instead supported by nine distinct and unaffiliated voluntary qualified health information organizations (QHIOs) that play a critical role in its success, providing data exchange infrastructure and facilitating secure and appropriate data sharing between DxF participants across the state. The DxF emphasis on interoperability between and beyond HIPAA-covered entities demonstrates the big-picture thinking required to support whole-person care and cross-entity collaboration.

These policy moves, and the funding behind them, create significant tailwinds within the state, propelling and scaling data sharing much faster than it would happen on its own. Yet there are also unique challenges in California that are important to acknowledge when looking at the implications of broader data exchange nationwide.

Headwinds and data sharing barriers

One notable issue with the DxF is the inability to enforce compliance, leaving participation largely up to individual organizations. This has resulted in uneven progress; for instance, according to the Center for Data Insights and Innovation (CDII), which oversees the DxF, approximately 65% of the DxF Participant Directory remains incomplete, leaving many DxF participants and QHIOs uncertain about how to exchange data with each other. CBOs, while eager to participate (although not required), often don’t fall under HIPAA, complicating secure data exchange of protected health information with these essential partners. Additionally, data quality and provenance issues persist, raising questions about the reliability and traceability of shared information.

The success of the CalAIM program relies on sharing comprehensive and accurate health and social data, which remains difficult due to technical and policy-related barriers. For behavioral health data, for example, there are varying interpretations of what can legally be shared, creating uncertainty and elevating the risk of exposing sensitive information tied to social stigma. Social data standards are also still evolving and lack federal requirements, which have slowed adoption and support. CBOs are often under-resourced and may not have the technology to support data sharing at the scale needed. Moreover, the absence of a universal consent management system for non-HIPAA-covered entities complicates consistent and reliable privacy protection. As social data sharing expands, role-based technology may help control data access, but it raises questions about who should decide the appropriate data to share — a critical consideration for nuanced cases, like whether housing providers need detailed information about a patient’s health conditions.

Although data shows people are often willing to share sensitive information when asked directly and informed about its use, privacy and protection of sensitive information remain a big consideration and key concern nationwide. For example AB 352 introduces critical privacy protections for individuals seeking gender-affirming care, abortion services, and contraceptive options in California, including safeguards against out-of-state prosecution for those who travel to the state for such services. The law restricts the sharing of medical information related to these sensitive services, ensuring access only for authorized individuals. However, this data exists across multiple parts of structured and unstructured patient records — medication lists, clinical notes, procedures, and diagnoses — making it challenging to isolate and consistently protect in practice. Limiting the exchange of this data over national health information networks to comply with out-of-state data sharing limitations, which many California health systems rely on, will lead to less comprehensive records compared to data exchanges within an in-state network. This presents a trade-off between safeguarding privacy and maintaining complete, coordinated care across systems.

A California testing ground for other states

With both headwinds and tailwinds to balance, California’s progress on health data exchange and using this data to improve outcomes for the most vulnerable populations may provide an example for other states to consider. Finding ways to navigate the complexity of a diverse state, expanded data trading partners, and much broader datasets that must include sensitive information, while safeguarding privacy and reinforcing continuous security, is a challenge worth taking up. Not every state is as large and complicated as California, but they all share many of the same challenges and opportunities when it comes to policy leadership and health data progress.  

Erica Galvez is CEO of Manifest MedEx, California’s largest nonprofit health data network. Before joining MX, Galvez led the HIE efforts at Aledade and also led the Office of the National Coordinator for Health IT’s (ONC’s) Interoperability Portfolio.

Continue Reading