Member Login

Advocacy

The Healthcare Trust Institute (HTI) is an alliance of healthcare organizations committed to promoting and implementing effective privacy and security protections for health information that engender trust in the healthcare system and allow for the advancement of treatments, cures, and improved healthcare quality for individuals and populations. HTI members, which include companies and organizations from across the U.S. healthcare economy, agree that strong national privacy standard for health information is needed to protect sensitive data and spur medical innovation.
HTI is actively engaged in advocacy with Congress, the Administration and state governments to influence policy on health data privacy, cybersecurity, interoperability, and artificial intelligence (AI) governance issues. HTI provides its members with legislative and regulatory analysis that equips them to participate in advocacy through lobbying, fly-ins, comment letters, briefings, and other methods. Through guest speakers, briefings, and webinars, HTI provides valuable educational resources to regulators, members of Congress, and Hill staff.

  • Health data privacy
  • Cybersecurity
  • Artificial intelligence
  • Interoperability

Health data privacy

A key tenet of the Healthcare Trust Institute (HTI) is that Americans will not receive sufficient data protection without a law to set a national privacy standard that protects all health data. The Health Insurance Portability and Accountability Act (HIPAA) provides some protections for health data privacy but is not comprehensive.

HTI’s advocacy in this area focuses on a strong national privacy standard that protects personal health data and spurs medical innovation. Robust privacy protections for personal health information is essential for trust in the healthcare system, which is the foundation for the delivery of quality care and patient safety.

Since the passage of HIPAA in 1996, numerous state laws have been passed to fill its gaps, resulting in a nationwide patchwork of protections that is difficult and expensive for stakeholders to navigate. When states step in to regulate in the absence of federal standards, inefficiencies, inconsistencies, duplication, and unnecessary costs result.

We believe it is critical that this new federal standard harmonize with HIPAA in its approach, concepts, and definitions. Organizations across the healthcare sector have invested significantly in HIPAA compliance over the past three decades. This offers the opportunity to build upon lessons learned to craft a new framework that adequately encompasses the modern data ecosystem.
We also believe the new federal standard must preempt state laws, the number and substance of which have resulted in a thicket of different laws that is confusing and difficult to navigate. Broad preemption is essential not only to ensure a consistent privacy and security standard across the country, but also to increase efficiency, promote innovation, and avoid the cost, burden, and compliance challenges involved in implementing a patchwork of inconsistent, potentially even conflicting, state standards, requirements, and consumer privacy rights.

Resources

HTI Response to House Data Privacy Working Group RFI, April 4, 2025
HTI Privacy Principles

Cybersecurity

The Healthcare Trust Institute (HTI) believes that cybersecurity in the healthcare sector is greatly at risk. Through a combination of factors, including a lack of skilled security talent and outdated equipment, healthcare cybersecurity has developed a number of vulnerabilities that can negatively impact patient care. To illustrate the critical nature of the problem, note that, in a single five-year period (2018-2023), HIPAA breaches nearly doubled. Further, 141 hospitals were hit with ransomware attacks in 2023 alone. Clearly, these vulnerabilities are widely known.

There is a policy foundation for a public–private partnership to provide critical infrastructure protection. A number of legislative fixes and executive orders have been issued to enhance coordination, improve cybersecurity, develop best practices and guidelines, and encourage information sharing. Yet this is not sufficient.

HTI participates in coordinated efforts to identify and mitigate cyber and physical risks to the security and resiliency of the healthcare sector, mitigate those risks, and facilitate preparedness and incident response. For example, HTI has drafted principles on cyber event reporting in the healthcare industry that seek to guide the sharing of critical information and facilitate collaboration, without creating an undue burden on the reporting organization or inadvertently creating additional risk in the reporting.
HTI also welcomes and strongly supports updates to the HIPAA Security Rule as crucial to strengthening cyber resilience across all entities that hold consumer health data. Among other modifications, HTI supports the creation of a federal insurance fund to help offset damages in the event of major cybersecurity attacks; and an increased focus on building the cybersecurity workforce to address the shortfall of experienced professionals.

Resources

HTI Response to the HIPAA Security Rule to Strengthen the Cybersecurity of Electronic Protected Health Information Notice of Proposed Rulemaking, March 6, 2025
HTI Cybersecurity Reporting Principles

Artificial Intelligence

Artificial intelligence, or AI, is advancing healthcare in multiple ways, from diagnosing diseases and helping to find new cures, to streamlining administrative processes and improving workflows. Along with its enormous promise to transform healthcare, AI brings new potential risks. It is essential that these risks be managed through appropriate guardrails while allowing the full potential of AI to be realized through ongoing innovation.
The Healthcare Trust Institute (HTI) is actively involved in developing best practices designed to achieve this goal, through a strong framework that:
Builds trust

  • Ensures human involvement
  • Incorporates robust privacy and security controls
  • Uses high-quality data
  • Accounts for ongoing monitoring and evaluation
  • Promotes transparency
  • Provides for oversight and governance

On the policy front, HTI regularly submits comments in response to requests for information and notices of proposed rulemaking that concern the safe and secure use of artificial intelligence in healthcare.

Resources

HTI Best Practices and Use Cases
Artificial Intelligence (AI) Action Plan

Interoperability

The Healthcare Trust Institute (HTI) strongly supports efforts to increase participation in the interoperable exchange of electronic health information (EHI) by all appropriate healthcare entities. As the nature of EHI has and continues to evolve, it has become more complex, making it more difficult and resource-intensive to adjudicate information requests. HTI supports further clarification of the definition of EHI to improve information exchange across healthcare entities. HTI supports clarification and simplification of regulations to support the policy goals underlying the 21st Century Cures Act, key provisions of which are designed to support the access, exchange, and use of EHI and advance interoperability.

Learn More

Fill out the form below in as much detail as possible and we will respond.