Blogs featured image
Blog/Data Security, Privacy, and Compliance

Patient Access in the Age of Interoperability: Preserving Trust as Access Scales

Read Time 6 min

Healthcare has made real progress on digital access. Portals are common. APIs are expanding. Federal policy continues to reinforce what should be obvious: patients have a right to their own health information.

But as interoperability matures, the conversation is shifting. The next phase isn’t just about digitizing what used to be paper. It’s about ensuring that as access becomes easier, it also remains intentional.

Reducing friction matters. No one wants to print, fax, or mail a form to access their own records. Those legacy processes deserve to fade away. But friction reduction alone does not equal empowerment.

True empowerment means the patient remains clearly in control.

The Difference Between Access and Agency

When a patient requests their own records for a second opinion, to coordinate care, or to participate in a research study, the pathway should be straightforward, affordable, secure, and predictable.

That’s what patient access is meant to support, giving people a real, practical way to manage their own care.

But today’s ecosystem is more complex than it was even a few years ago. Thousands of API endpoints now facilitate digital exchange, new health apps enter the market regularly, AI-generated communications are increasingly difficult to distinguish from legitimate requests, and data moves faster and further than ever before.

In this environment, the lines between patient-directed access and third-party-driven access can blur. And when those lines blur, patient agency can quietly erode, not because rights disappear, but because visibility does.

As data moves more easily, transparency hasn’t always kept pace. Patients aren’t consistently given clear insight into who receives their data, how long it’s retained, or what protections apply once it leaves a provider.

“Patient access was designed to empower individuals in their care,” said Kathryn Stalmack, Datavant’s Chief Legal Officer. “As digital tools expand, our responsibility is to ensure that empowerment doesn’t unintentionally become exposure. The patient should always understand who is receiving their information and why.”

Access is necessary. But agency requires clarity.

Not All Safeguards Are Barriers

It’s easy to frame identity checks or authorization reviews as “friction.” In some cases, they are, especially when implemented manually or inconsistently.

But those safeguards didn’t appear out of nowhere. They exist because health data is uniquely sensitive. The consequences of improper disclosure, whether financial, reputational, or deeply personal, can be serious.

As digital exchange scales, reasonable safeguards must scale with it.

That doesn’t mean preserving outdated processes. It means modernizing them. Standardizing identity verification, making authorization clearer, and ensuring auditability without burdening patients.

“Interoperability isn’t just about making data movable,” said Shannon West, Datavant’s Chief Strategy Officer. “It’s about building systems people can trust at scale. As access becomes easier, accountability has to become stronger.”

Security and access are not opposing forces. When done well, they reinforce each other.

Why Identity Verification Is Evolving

Patient access has evolved.

Not long ago, requesting a medical record often meant printing a form, signing it by hand, and waiting days (sometimes weeks) for fulfillment. Today, most patients expect to request and receive their records electronically. This shift reflects broader changes in healthcare, policy, and technology. It also reflects something simple: people expect digital interactions to be straightforward.

Supporting secure, compliant electronic record delivery has long been foundational to how patient access is delivered and where we’re continuing to invest. Our Patient Request Tool allows individuals to request their records and receive them electronically in secure formats.

As more of the access experience moves online, the way we verify identity has to evolve alongside it.

In an in-person setting, identity verification is visible, an ID card checked, a signature confirmed. In a digital workflow, that assurance has to be embedded in the system itself.

At the same time, the environment around us has shifted. Online requests are more common, fraud tactics are more sophisticated, and automated communications can look convincingly human. Health data remains deeply personal and increasingly portable.

None of this suggests that existing processes are inadequate, but it does mean that the tools we use to support them should continue to mature.

“As the way patients interact with healthcare evolves, the infrastructure behind that experience has to evolve too,” said Andrea Kowalski, SVP of Product Management. “Strengthening identity verification is part of making sure access remains both simple and trustworthy.”

How We’re Operationalizing This at Datavant

To strengthen how we verify identity, we’re integrating ID.me directly into the patient request experience.

Patients will continue to request and receive their records electronically, just as they do today. The difference is that identity can now be confirmed in a more consistent, streamlined way as part of the process.

In practice, this leads to a few important shifts:

  • More standardized identity verification
  • Reduced risk of unauthorized disclosures
  • Clear authentication logging for audit purposes
  • Less manual ID review for provider staff
  • A smoother path from request to delivery

“From a workflow perspective, this creates more consistency,” said Elizabeth Redko, Product Manager at Datavant. “It reduces variability in how identity is reviewed and helps move requests forward more efficiently.”

For patients, the change should feel intuitive. For providers, it strengthens confidence that each request reflects verified identity and intent.

This is about reducing variability and modernizing a process that was historically more manual.

Advancing Access Without Compromising Trust

Digital record delivery is no longer the exception, it’s the norm. As that shift continues, the systems behind the scenes have to keep up.

At Datavant, we don’t view patient access as a static feature. It’s something that has to evolve alongside technology, risk, and patient expectations. Strengthening identity verification within our Patient Request Tool is part of that evolution.

Because at the end of the day, patient access only works if the patient remains clearly in control.

Verifying identity isn’t about adding friction, it’s about making sure the request genuinely reflects the individual’s intent. It’s one of the ways we protect patient agency in a digital environment where data moves quickly and at scale.

Our existing solution already supports secure electronic access. This enhancement builds on that foundation, reinforcing the integrity of each request while keeping the experience intuitive for patients.

Advancing patient access isn’t about dramatic overhauls. It’s about making sure that as access expands, control and understanding expand with it.

Interested in learning more about Datavant’s release of information solutions, including our patient access tools? Contact us here.