On March 5, 2026, the Senate Health, Education, Labor, and Pensions (HELP) Committee held a hearing on how to transform health care with data and improve patient outcomes. The Committee discussion focused on the topics of prior authorization, cybersecurity, interoperability of electronic health systems, and use of artificial intelligence.
OPENING STATEMENTS
WITNESSES
-
Dr. Thomas Keane, MD, MBA, Assistant Secretary for Technology Policy and National Coordinator for Health Information Technology, US Department of Health and Human Services – Testimony
MEMBER DISCUSSION
Prior Authorization
Sen. Roger Marshall (R-KS) requested an update on how the office is improving the prior authorization process. Dr. Keane highlighted that they have finalized the HTI 4 rule, which sets standards that allow electronic prior authorization requests to be processed in real time by ensuring that electronic health records (EHRs) can be shared between insurance companies and providers. He also shared that ASTP is working with the Centers for Medicare and Medicaid Services (CMS) to meet the goal of 80% of prior authorizations processed in real-time by January 1, 2027. Sen. Marshall asked about current barriers to prior authorization reforms. Dr. Keane shared that the largest barrier is information sharing between insurance companies and providers, but insurance companies are working with him to identify the choke points and potential solutions. EHR companies have also committed to reducing barriers. Sen. Marshall also advocated for the Senate to advance the H.R. 3514, the Improving Seniors Timely Access to Care Act.
Cybersecurity
Senators also expressed concerns about cybersecurity in the health care space. For example, Sen. Josh Hawley (R-MO) expressed concerns about cybersecurity protections for rural hospitals. Dr. Keane acknowledged that cyber-attacks can be devastating for rural hospitals, and he is committed to ensuring patient data is protected and hospital systems are secure. Dr. Keane highlighted that the HTI 5 rule updates certification criteria to encourage systems to adopt the most modern standards for cybersecurity. Chairman Bill Cassidy (R-LA) questioned whether the new certifications and removal of ones previously in place would lead to lower security and fewer privacy protections. Dr. Keane said that the certifications removed were outdated, redundant, or not widely adopted by industry, and therefore the remove of the old standards had no impact on the market.
Interoperability
Senators on both sides of the aisle expressed interest in health care interoperability. For example, Sen. Tim Kaine (D-VA) focused his questioning on how to expand EHR use to other sectors of the health care system, like behavioral health and long-term care providers. Dr. Keane shared that they have been working with the Substance Abuse and Mental Health Services Administration (SAMHSA) on pilot programs that improve interoperability between providers and social service departments, as well as more generally looking for new, modernized solutions to improve interoperability for all providers, including long-term care. Sen. Marshall asked about the current barriers to interoperability, to which Dr. Keane responded that there need to be clear standards, tools to evaluate them, and ways to ensure that organizations are not willfully engaged in information blocking. Dr. Keane expanded that he works with the Health and Human Services Office of the Inspector General when allegations of information blocking are not addressed after warnings of non-conformity. Sen. Lisa Murkowski (R-AK) appreciated the conversation about interoperability but highlighted that many rural and tribal health systems lack the infrastructure and capacity to benefit from many technological advances in healthcare, including EHRs. Sen. Murkowski questioned if agencies such as the Department of Veterans Affairs (VA) and the Indian Health Service (IHS) have been engaged with the development of interoperability standards to ensure that they are not inadvertently creating barriers. Dr. Keane assured the Committee that he has been working with IHS, which was the first organization to join the Trusted Exchange Framework and Common Agreement (TEFCA), through monthly meetings and aiding in technology vendor and contract conversations.
Artificial Intelligence (AI)
Another bipartisan area of interest was AI in health care. For example, Sen. Angela Alsobrooks (D-MD) asked what the role ASTP should play in establishing guardrails on AI use. Dr. Keane responded that ASTP is committed to ensuring patient safety and privacy are protected, and through the recent Health and Human Services RFI on AI use in health care, ASTP can evaluate where gaps in the federal framework are. Chairman Cassidy asked how to best protect patients who upload their health information onto an AI platform, and how the Health Insurance Portability and Accountability Act (HIPAA) could be applied. Dr. Keane clarified that generally, if an individual chooses to download their health information and upload it to an AI tool, that is the individual’s choice and falls outside of the purview of HIPAA. Chairman Cassidy understood but suggested additional consumer safeguards, like a pop-up that would warn an individual that their health data is not protected once uploaded. Dr. Keane responded that any action that would improve security and patient privacy is worth considering.