Part 2: Interoperability and System Fragmentation in Healthcare

Communication, Compliance, and Strategies for Successful Integration Written by Dr. Stacey R. Atkins, PhD, MSW, LSW, CPC, CIGE 

The healthcare industry continues to face significant fragmentation, as disparate systems and siloed data limit effective care coordination. Interoperability standards such as Fast Healthcare Interoperability Resources (FHIR) and regulatory requirements under the 21st Century Cures Act, HIPAA, and CMS interoperability mandates are reshaping the compliance landscape. Yet achieving interoperability is not only a technical challenge but also a communication and compliance imperative.

This article examines the compliance risks associated with fragmentation and explores communication strategies for healthcare leaders. Key areas include:

1. educating internal teams on compliance-related adoption of FHIR standards;
2. framing Health Information Exchanges (HIEs) and cloud-based platforms as compliance safeguards against information blocking and OCR investigations; and
3. aligning staff expectations, training, and accountability during technology rollouts.

A compliance lens reinforces that interoperability is not optional—it is a regulatory obligation tied to patient rights, organizational risk management, and quality of care.

Introduction

Fragmentation in healthcare undermines not only care delivery but also compliance. When disparate systems fail to exchange data, organizations risk violating federal mandates related to patient access, privacy, and data sharing. The 21st Century Cures Act Final Rule requires organizations to provide patients with immediate electronic access to their records, while HIPAA’s Right of Access standard reinforces patients’ legal rights to their health information. Failure to comply may trigger Office for Civil Rights (OCR) investigations, penalties, or settlements (Office for Civil Rights [OCR], 2022).

Improved interoperability through standards like FHIR, Health Information Exchanges (HIEs), and cloud-based systems offers an opportunity to reduce compliance risk and strengthen organizational integrity. However, success depends on how effectively compliance leaders communicate changes, engage stakeholders, and align workflows with regulatory requirements.

The Compliance Risks of Fragmentation

System fragmentation is not merely an operational inconvenience—it directly impacts compliance.

Examples include:

• HIPAA Violations: Incomplete or inaccessible patient records increase the likelihood of Privacy and Security Rule breaches.
• Information Blocking: Under the ONC Cures Act Final Rule, organizations that delay or restrict information exchange risk penalties (ONC, 2020).
• Claims and Billing Errors: Disconnected systems make it harder to validate documentation, increasing false claims liability.
• Audit Vulnerability: Fragmented workflows create inconsistent documentation trails, raising red flags during audits.

From a compliance standpoint, breaking down silos is both a regulatory necessity and a risk management strategy.

Communicating FHIR Adoption Through a Compliance Lens

FHIR APIs are central to the ONC’s interoperability framework, enabling standardized, patient-directed data sharing. For compliance teams, communicating FHIR adoption requires balancing technical education with regulatory framing.

Compliance challenges:

• Misunderstanding FHIR as a 'technology upgrade' instead of a compliance requirement.
• Lack of clarity on how FHIR supports HIPAA Right of Access and ONC information blocking provisions.
• Resistance from staff unfamiliar with regulatory consequences of noncompliance.

Communication strategies:

• Regulatory Framing: Position FHIR adoption as a compliance mandate tied to federal law, not optional IT innovation.
• Policy Alignment: Provide updated compliance policies showing how FHIR workflows safeguard patient rights.
• Cross-Functional Briefings: Engage compliance, IT, and clinical teams together to prevent siloed communication.

By making compliance central to the conversation, staff understand that interoperability is not just about efficiency—it is about avoiding penalties and protecting patient trust.

Cloud-Based Platforms and HIEs: Compliance Safeguards, Not Just Technology

Cloud platforms and HIEs expand data access across organizational boundaries. From a compliance perspective, these tools mitigate risks of information blocking and improve adherence to patient access laws.

Compliance benefits:

• Audit Readiness: Centralized data improves traceability for regulatory reviews.
• HIPAA Safeguards: Cloud vendors increasingly offer compliance-certified environments with robust encryption and BAAs (business associate agreements).
• Patient-Centered Compliance: HIEs reduce delays in record sharing, directly supporting Right of Access standards.

Communication priorities:

• Stress that cloud and HIE adoption is not only about efficiency, but also about reducing exposure to OCR penalties.
• Clarify shared accountability between providers, payers, and vendors for maintaining compliance safeguards.
• Use compliance case studies (e.g., OCR enforcement actions) to illustrate the risks of fragmented systems.

Framing cloud and HIE adoption as compliance risk mitigation ensures leadership buy-in and reduces resistance to sharing data.

Managing Staff Expectations and Training During Rollouts

System-wide rollouts require a compliance-centered training approach. Staff must not only learn technical workflows but also understand the compliance stakes tied to their responsibilities.

Compliance-driven communication strategies include:

1. Mandatory Training: Incorporating interoperability requirements into annual compliance training to emphasize regulatory obligations.
2. Expectation Management: Clearly communicating that delays or barriers in sharing data could constitute information blocking.
3. Super-User Networks: Assigning compliance-trained 'champions' to monitor adherence to workflows and escalate issues.
4. Policy Updates: Linking rollout communication to policy changes in HIPAA access, data governance, and security protocols.

When staff view interoperability as part of their compliance role—not just an IT task—they are more likely to integrate it into daily practice.

Discussion - The intersection of interoperability and compliance is where organizational risk management, patient rights, and clinical efficiency converge. Communication breakdowns perpetuate system fragmentation, which can escalate into compliance violations. Conversely, transparent communication strategies—emphasizing regulation, patient safety, and organizational accountability—align stakeholders and promote sustainable interoperability.

Compliance leaders serve as translators between regulators, IT professionals, and clinicians. Their role is not only to enforce standards but also to ensure that staff understand why interoperability matters: to safeguard patients, maintain regulatory standing, and strengthen organizational trust.

Conclusion

Fragmentation is more than a technological problem; it is a compliance vulnerability. Interoperability initiatives such as FHIR adoption, HIE participation, and cloud migration reduce fragmentation but require strong communication strategies to succeed. From a compliance lens, effective communication ensures that staff recognize interoperability as a regulatory requirement, not an optional upgrade.

Ultimately, interoperability is a cornerstone of healthcare compliance and patient rights. By embedding compliance in communication, training, and strategy, organizations can break down data silos, mitigate risk, and deliver safer, more coordinated care.

About the Author

Dr. Stacey R. Atkins, PhD, MSW, LMSW, CPC, CIGE

Dr. Atkins is a Compliance Specialist working as a team member in the Education Department of the American Institute of Healthcare Compliance. Her career spans leadership roles with the Office of the State Inspector General, Department of Behavioral Health and Developmental Services, and HRSA, among others.

References:

• Adler-Milstein, J., Holmgren, A. J., & Kralovic, P. (2021). The impact of electronic health record interoperability on care quality and patient safety. Health Affairs, 40(9), 1427–1435. https://doi.org/10.1377/hlthaff.2021.00234
• Cresswell, K., & Sheikh, A. (2017). Organizational issues in the implementation and adoption of health information technology innovations: An interpretive review. International Journal of Medical Informatics, 100, 63–76. https://doi.org/10.1016/j.ijmedinf.2017.01.001
• Lin, S. C., Jha, A. K., & Adler-Milstein, J. (2020). Electronic health records and health care quality: Current evidence and future directions. Annual Review of Medicine, 71, 35–50. https://doi.org/10.1146/annurev-med-052218-020647
• Mandel, J. C., Kreda, D. A., Mandl, K. D., Kohane, I. S., & Ramoni, R. B. (2016). SMART on FHIR: A standards-based, interoperable apps platform for electronic health records. Journal of the American Medical Informatics Association, 23(5), 899–908. https://doi.org/10.1093/jamia/ocv189
• Office for Civil Rights (OCR). (2022). Enforcement highlights: Right of Access Initiative. U.S. Department of Health and Human Services. https://www.hhs.gov/hipaa/for-professionals/compliance-enforcement/data/enforcement-highlights/index.html
• Office of the National Coordinator for Health Information Technology (ONC). (2020). 21st Century Cures Act: Interoperability, information blocking, and the ONC Health IT Certification Program final rule. Federal Register, 85(85), 25642–25961.
• Vest, J. R., Ancker, J. S., & Bates, D. W. (2019). Health information exchange: Persistent challenges and new strategies. Journal of the American Medical Informatics Association, 26(4), 325–331. https://doi.org/10.1093/jamia/ocy135

Copyright © 2025 American Institute of Healthcare Compliance All Rights Reserved