Beyond Compliance: Why Trust is Health Tech's Most Critical Asset
September 23, 2025
We are in the golden age of health innovation. From AI-driven diagnostics to personalized wellness platforms, our work is fundamentally reshaping the future of care. This progress is fueled by an unprecedented flow of data. Yet, a critical vulnerability exists at the core of our industry: the growing deficit between our technological capabilities and the trust of the patients we serve.
The prevailing model of opaque data collection and secondary monetization is not just a reputational risk; it is an unsustainable business strategy. The next generation of market leaders will not be defined by the cleverness of their algorithms alone, but by the robustness of their trust architecture.
The HIPAA Paradox and the Coming Regulatory Storm: As an industry, we navigate our data strategies around HIPAA (in the US, GDPR and others around the world). We treat it as the definitive rulebook for patient privacy. But this perspective is dangerously narrow. HIPAA is a floor, not a ceiling, and it was built for a world that no longer exists. It governs covered entities, leaving a vast, unregulated ecosystem of wellness apps, wearables, and direct-to-consumer platforms in a compliance gray area. This regulatory gap is well-documented by the Department of Health and Human Services, which clarifies that data shared with many third-party apps falls outside HIPAA's protections.
This regulatory gap is closing. With state-level privacy laws like the California Consumer Privacy Act (CCPA) setting new precedents and the FTC signaling more aggressive enforcement via its Health Breach Notification Rule, the era of regulatory ambiguity is ending. Relying on a minimalist, check-the-box approach to compliance is a strategy with a rapidly expiring shelf life. The question is no longer if a stricter regulatory framework will arrive, but when. The smart play is not to wait for it, but to build for it proactively.
Deconstructing the Flawed Value Exchange: The current unspoken contract with the user is often a lopsided one. We offer a service, and in exchange, we capture data whose downstream value far exceeds the immediate benefit provided to the user. This data flows into a complex secondary market of data brokers and aggregators, a market projected to be worth hundreds of billions of dollars, fueling everything from pharmaceutical research to targeted advertising.
While the process of "de-identification" provides a layer of legal and ethical cover, we know its limitations. The increasing sophistication of analytical techniques means that re-identifying individuals from de-identified data is often possible by cross-referencing datasets. More importantly, this model creates a fundamental misalignment. When users discover how their data is being leveraged, trust is broken, often irreparably. This leads to increased churn, negative brand perception, and a user base that is increasingly unwilling to share the very data our innovations depend on. It is a house of cards.
Trust as a Competitive Moat - An Architectural Blueprint: In a crowded market, the most defensible competitive advantage is not a feature or a price point; it is trust. Companies that treat trust as a core business metric rather than a legal hurdle will attract more engaged users, command greater pricing power, and build more resilient brands. Research consistently shows that a lack of trust is a significant barrier to the adoption of digital health technologies. (Hey, my book talks all about this!) Here is a blueprint for moving beyond compliance to build a foundation of trust:
- Frame Transparency as a Brand Pillar. Your data policy should not be a document crafted by lawyers to minimize liability. It should be a manifesto, written in plain language, that your marketing team can proudly feature. Use your onboarding, UI, and communications to be radically transparent about what you collect, why you collect it, and the value it creates.
- Engineer an Equitable Value Exchange. For every data point requested, you must clearly articulate the direct, tangible benefit the user receives. Move away from implicit collection and toward explicit, granular consent. If the value exchange is strong enough, users will willingly opt in. If it is not, the problem is with your value proposition, not the user's reluctance. This is why we allllllll share our data with Google maps for example. We get immense value from up to date directions, and precise placement of where all the construction delays are. Take my data!
- Build for User-Centric Governance. Empowering the user means more than a settings page. It means building intuitive privacy dashboards, enabling effortless data portability, and providing a simple, verifiable process for data deletion. The future is user-owned health records, and the platforms that embrace this will render closed-silo competitors obsolete.
- Champion Data Stewardship. The ultimate evolution is to shift the corporate mindset from being a data processor to a data steward. This means accepting a 'fiduciary-like' responsibility to act in the best interest of your users and their data. This is not altruism; it is a long-term strategy for building enterprise value.
A Strategic Call to Action: The conversation about data needs to move from the legal department to the C-suite and the product roadmap. It is a fundamental strategic issue that will define the winners and losers of the next decade in health tech.
This week, ask these questions within your organization:
- How clearly do we articulate our data value exchange in the first 60 seconds of a new user's experience?
- Could a non-technical user read our privacy policy and feel empowered rather than confused? (cough cough, the answer today is probably no!)
- How would our business model be impacted if our users could instantly port their data to a competitor?
The future of healthcare innovation depends on a foundation of trust. It is our collective responsibility to build it.....and it's good business for the future.
#StayCrispy
-Dr. Matt
A few weeks ago, we discussed the ACCESS Model . That was the heavy lifter, the massive payment overhaul defining how money moves for chronic care. It dominated the headlines because it impacts reimbursement for two-thirds of Medicare beneficiaries. But while the industry focused on payment rails, CMS quietly dropped a second program that defines what that money is actually for. It is called the MAHA ELEVATE Model . The acronym is dense: M ake A merica H ealthy A gain: E nhancing L ifestyle and E valuating V alue-based A pproaches T hrough E vidence. Despite the political branding attached to the President’s MAHA Commission , the substance represents the single largest philosophical shift I have seen in Medicare in a looooong time. For the first time, the government is putting significant capital ($100 million) behind the idea that "lifestyle" is not just advice; it is medicine. Here is why this matters as much as the ACCESS reimbursement codes. The End of "Sick Care" Funding? For decades, Medicare has operated as a catastrophic insurance policy. It was designed to pay for the crash, not the maintenance. As a general surgeon, I understand this reality. We are reimbursed to fix the failure, such as the necrotic bowel, the blocked artery, or the gangrenous toe. You're not reimbursed to spend forty-five minutes discussing the nutritional architecture or stress mechanisms that caused the failure in the first place. The system was designed to pay for the intervention, not the prevention. ELEVATE challenges that default. Released on December 11, this pilot authorizes reimbursement for functional medicine approaches that target root causes rather than symptom management. We are talking about potential coverage for: Nutritional Optimization: Not just "dietary advice," but medically tailored nutrition plans. Stress & Cortisol Management: Interventions targeting nervous system regulation. Sleep Architecture: Treating sleep as a biological imperative, not a luxury. Metabolic Reset: Focusing on insulin sensitivity before the prescription pad comes out. The "How": Technology as the Enabler This is where the strategist side of my brain gets interested. Historically, "lifestyle medicine" failed to scale because it is labor-intensive. A surgeon can perform a procedure in an hour, while a lifestyle intervention requires months of coaching, tracking, and adjustment. The ELEVATE model explicitly calls for "digital evidence generation." This is the green light for Health Tech. To get paid under this model, providers will need to rely on remote patient monitoring (RPM) and AI-driven data analysis to prove that the "lifestyle intervention" is actually working. They need to show that the biomarkers are moving. This forces a collision between two worlds that usually stay separate: Clinical Medicine and Wellness Tech . If you are a startup building tools for metabolic tracking, cortisol monitoring, or continuous glucose monitoring (CGM) for non-diabetics, you just got a reimbursement pathway. Why Now? Why is CMS doing this? Because they have done the math. The solvency of the Medicare trust fund cannot survive the current trajectory of chronic disease. We cannot stent our way out of the metabolic crisis. We cannot pill our way out of the inflammation crisis. The ACCESS Model ensures that people can get to a doctor. The ELEVATE Model ensures that once they get there, the doctor has tools other than a scalpel or a prescription pad. The Borderless Application This brings us back to the core theme of the Borderless Healthcare Revolution. A borderless system isn't just about geography; it is about erasing the borders between "clinical care" and "daily life." When a patient leaves the four walls of the hospital, their care usually stops. Under ELEVATE, the care effectively starts when they leave the hospital. It incentivizes the physician to care about what happens in the patient's kitchen and bedroom (sleeping!), not just what happens in the exam room. What to Watch This is a pilot program limited to 30 proposals initially. But do not ignore it. In government healthcare, "pilots" are how they test the water before turning the ship. For my clinical colleagues: Start looking at how you document lifestyle advice. "Patient advised to lose weight" will no longer cut it. You will need data, plans, and outcomes. For my tech colleagues: The "Wellness" category just graduated to "Clinical Grade." Adjust your roadmaps accordingly. As you dive into the rest of the week, take a look at the full fact sheet and ask yourself: are you built for Sick Care, or are you ready for Health Care? #StayCrispy -Dr. Matt
It was August in Texas, and the heat hit like a physical wall the second I stepped outside. I was not in an air conditioned operating room. I was walking up a cracked concrete path to a mobile home to see a patient named Maria. The window mounted air conditioning unit hummed desperately against the rising temperature. This was my third attempt to find her. We had previously been unable to find her trailer after two attempts to work through an interpreter, poor phone connections, and constantly changing locations of residence. Standing on that porch, sweating through my scrubs, I realized something that changed the trajectory of my career. I realized that geography is destiny. In our current system, your ZIP code predicts your lifespan more accurately than your genetic code. That realization is why I wrote "The Borderless Healthcare Revolution." This Wednesday (tomorrow!), it finally hits the shelves. The Problem: We Are Feeding the Zombies I moved from clinical practice to tech strategy because I got tired of the gap. We have robots that can perform surgery across continents. We have AI that can predict a stroke before it happens. Yet, we still rely on the "zombie" of healthcare. The fax machine. It just will not die. I remember realizing the absurdity of this when I was just a mom trying to get immunization records for my kids. I actually caught myself wishing I had a fax machine at home just to get a simple piece of paper. That is desperation. And that is a broken system. The Floatplane Paradox We cannot just sprinkle technology on top of a broken system and expect it to work. We often build digital tools that ignore the reality of the people using them. In the book, I share a story from Danny Gladden, LCSW, MBA about his time working in rural Alaska. He served remote island communities where accessing mental healthcare was surprisingly complicated. They had the technology to conduct telehealth visits. However, regulations required indigenous patients to physically travel to a designated healthcare facility to connect virtually with providers. This was the case even if the doctor was sitting comfortably at home. This meant patients had to take a floatplane or a boat just to log on to a video call. Imagine telling someone they have to take a boat and a plane to answer a Zoom call. That is the definition of a system that values compliance over care. It was telehealth, but it certainly was not virtual care. This is what happens when we innovate without fixing the foundation. We create expensive, inconvenient workarounds instead of solving the actual problem. The Solution: The 5 Pillars of Access This book is not a memoir. It is a manual for fixing this mess. To fix it, we need to build on five specific pillars. I break these down in detail in the book: 1. The Physical Pillar We have to bring care to where people actually are. Whether that is a street corner in Syracuse or a rural clinic in Kenya. In the book, I talk about the Health Wagon in Virginia, a mobile unit that has spent decades proving that healthcare can be sustainable when it meets people on their own turf. 2. The Financial Pillar We need to stop the bleed. Did you know that only 80 cents of every private insurance dollar buys actual care?. The other 20 cents vanishes into administration, commissions, taxes, and margin. That is a tax on innovation we cannot afford. We need sustainable reimbursement models that reward outcomes, not just activity. 3. The Cultural Pillar Access is not access if we do not speak the language. I do not just mean English or Spanish. I mean cultural competence that builds genuine connection. In Singapore, for example, the HealthHub app lets every resident toggle instantly among English, Mandarin, Malay, and Tamil. That is how you build a system that respects the user. 4. The Digital Pillar This is about more than broadband. It is about usability. If a patient needs a PhD to use your portal, you have failed. We need infrastructure that supports interoperability so that patient data flows securely across clinics, pharmacies, and hospitals. 5. The Trust/Knowledge Pillar Without trust, the best algorithm in the world is useless. We have to address historical mistrust. If patients do not trust the system, they will not use the tools we build, no matter how advanced they are. Why This Matters Now We are at an inflection point. The borders are falling. We are seeing success stories globally, from India's eSanjeevani platform serving millions to Rwanda's use of drones for blood delivery. We have the tools. We just need the will to use them. Your Action Plan for Wednesday Grab the book. It is the blueprint you have been waiting for. Audit your own work. Are you building barriers or bridges? Join the fight. Share this with a colleague who is ready to build a system that actually works. Let’s get to work. Dr. Matt P.S. To the "tech bro" I met while researching Chapter 3. Yes, AI can do amazing things. But until it can hold a patient's hand, we still need humans in the loop.
Happy Tuesday! If you read one thing this week, make it this. Yesterday, the Centers for Medicare & Medicaid Services (CMS) quietly dropped one of the most significant policy shifts for digital health in the last decade. It’s called the ACCESS Model , and if you are building, investing in, or delivering technology-enabled care, this is the signal you have been waiting for. For years, the industry has been stuck on a "billing code treadmill." We build incredible tools; AI coaching, continuous remote monitoring, predictive analytics, but we are forced to shoehorn them into antiquated Fee-for-Service (FFS) codes that pay for minutes spent rather than health achieved. With ACCESS, CMS is finally cutting the red tape. They are proposing a model that pays for outcomes , not clicks. Grab your coffee. Let’s break down exactly what this means for the future of healthtech. The Friction Point: Why FFS Failed Digital Health To understand why ACCESS is a big deal, we have to look at the status quo. Currently, if you want to treat a Medicare beneficiary using digital tools, you are likely relying on Remote Patient Monitoring (RPM) or Remote Therapeutic Monitoring (RTM) codes. These are better than nothing, but they are rigid. They require specific device definitions, minimum data transmission days, and strict time-logging requirements. The result? Activity-based care. Providers are incentivized to maximize data points and call minutes to ensure reimbursement, even if the patient just needs a passive nudge or an automated intervention. We are maximizing activity, not necessarily efficiency or outcomes. The Solution: Outcome-Aligned Payments (OAPs) The Advancing Chronic Care with Effective, Scalable Solutions (ACCESS) Model changes the currency of care. Instead of billing for every 20-minute increment of time, participating organizations will receive a recurring payment (essentially a subscription fee) to manage a patient’s condition. Here is the kicker: You only get the full payment if the patient gets better. CMS is testing Outcome-Aligned Payments (OAPs) . This gives providers complete flexibility on how they deliver care. Do you want to use a fancy FDA-cleared wearable? A text-message-based AI coach? A telehealth nutritionist? Go ahead. CMS doesn't care about the method anymore; they care about the metric. If you can prove that you lowered a patient’s blood pressure or controlled their A1c using a specific tech stack, you get paid. This aligns the financial incentive with the clinical goal: keeping the patient healthy with the least amount of friction. The Scope: Who is this for? CMS is not starting small. They are targeting the conditions that drive the vast majority of Medicare spending. The model focuses on Original Medicare beneficiaries with: Hypertension: The silent killer. Diabetes: The metabolic crisis. Chronic Musculoskeletal Pain: A massive driver of opioid use and mobility issues. Depression & Anxiety: Recognizing mental health as a core chronic comorbidity. This is a 10-year voluntary model, meaning CMS is playing the long game. They aren't looking for a quick pilot; they are looking to build a permanent alternative to Fee-for-Service. The "Tech" in HealthTech What’s fascinating about the RFA (Request for Applications) details is the language CMS is using. They are explicitly calling for "technology-supported care." They list examples that would have been unimaginable in a CMS memo ten years ago: Wearable devices for continuous monitoring. Asynchronous apps for lifestyle coaching. Telehealth software for on-demand interaction. This is a massive validation for the digital health sector. CMS is acknowledging that the future of chronic care isn't a quarterly 15-minute office visit; it’s continuous, data-driven support that lives in the patient’s pocket. Dr. Matt’s Strategic Analysis: Is this a slam dunk? Not exactly. Here is the nuance you need to consider before you rush to apply The Risk of "Outcomes" "Pay for Performance" is the holy grail, but it is also dangerous. How do you risk-adjust for a patient who is non-compliant regardless of your tech? How do you account for social determinants of health (SDOH) that might spike a patient's blood pressure despite your best algorithm? The ACCESS model will rely on risk-adjusted benchmarks, but the devil will be in the math. If the benchmarks are too aggressive, providers might shy away from the sickest patients, the exact opposite of CMS's goal. 2. The "Co-Management" Opportunity One of the smartest parts of this model is the coordination with primary care. ACCESS participants (likely specialists or dedicated tech-enabled provider groups) can co-manage patients with a beneficiary's primary care doctor. The Opportunity: This creates a business model for "Bolt-on" healthtech companies. You don’t have to replace the PCP; you can be the specialized "hypertension management layer" that plugs into their practice, handling the daily digital grind while they handle the holistic care. 3. The Transparency Engine CMS plans to publish the risk-adjusted outcomes of participating organizations. This is the "Yelpification" of clinical results. Imagine a world where a PCP can look up a dashboard and see: "Company A controls diabetes in 80% of patients, but Company B only manages 60%." Referrals will flow to the performers. Timeline & Next Steps If you are a digital health founder, a forward-thinking provider, or an investor, the clock has started. TBD: Request for Applications (RFA) has not yet been released. The specific details on payment rates and risk adjustment will be here (crossing fingers!). April 1, 2026: Application Deadline for Cohort 1. This is a tight turnaround. July 1, 2026: The program goes live. My Advice: Start building your consortiums now. Digital health vendors need to partner with provider groups (you'll have to decide who/how to apply). If you have a tool that actually works, meaning it drives clinical results, not just engagement, this is your moment to shine. We are moving from the era of "Digital Health" to just "Health"; efficient, scalable, and paid for by results. 🔗 Explore the Official CMS ACCESS Model Page Until next week #StayCrispy, Dr. Matt