By Jordan Barrett and Dave Anderson

As the saying goes, “Meet me in St. Louis!” and that’s exactly what health technology leaders, administrators, innovators, and conveners from across the country did last week at the 2025 DirectTrust Annual Conference. Attendees represented every corner of the healthcare ecosystem – from CISOs to HIPAA attorneys, state HIEs to EHR vendors, nonprofit alliances, and more.

The event kicked off August 4 with an opening evening reception, sponsored by our friends at Ekko. Held at the Hilton St. Louis at the Ballpark, with the iconic Gateway Arch as the backdrop, the evening set the tone for three days of collaboration, learning, and innovation.

Across sessions, panels, and workshops, one central theme consistently emerged: patients. It was a powerful reminder that the entire healthcare ecosystem – from interoperability to identity and cybersecurity – ultimately revolves around and impacts the patient, the true end-user.

Overheard at the 2025 DirectTrust Annual Conference…

  • “Patients have the right to access their data.”
  • “Change can drive innovation.” 
  • “If I work in health tech and even I can’t get the information to go where it needs to go, what does that mean for the average patient?”
  • “If you run into a cybersecurity incident, patient care is your number one priority – recovery is the second.”
  • “There’s innovation that can happen with our existing technology – it doesn’t need to be rebuilt.”

Solving for Scalable Trust

Scott Stuewe, President and CEO of DirectTrust opened day one by welcoming attendees and framing the conference theme within DirectTrust’s mission of Establishing Trust in a Connected World. Interoperability, identity, and cybersecurity are all intertwined, and in an increasingly connected world, the risks grow as fast as the opportunities. Stuewe asked attendees to identify themselves by sector, and the breakdown was a nearly even split, further solidifying the interest of each sector to collaborate.

Trust, as Stuewe explained, is hierarchical. At DirectTrust, our goal is to make that hierarchy scalable across sectors. You establish trust by bringing together the people who want to be trusted with the people who need to trust, and together, you agree on clear, enforceable rules.

Why is all this important? Because the cybersecurity realm is moving quickly, and we are not keeping up with the bad guys.

Collaboration and Awareness Drive Patient-Centered Interoperability

Carlos Hernandez, founder and CEO of Pensativa Partners, delivered a keynote to kick off day one of the conference, sharing lessons and opportunities from the failure of Haven Health, a joint venture established by Berkshire Hathaway, JP Morgan, and Amazon. The mission of Haven Health was to create a connected health information ecosystem that emphasizes access, quality, and transparency. So where did this concept go wrong? According to Carlos, Haven Health’s failure can be attributed to three factors: lack of stakeholder engagement, demonizing of key industry sectors, and leadership misalignment. “We burned bridges before we built them.”

More importantly, the founding organizations were not aware that a platform already existed to address the industry void they thought they had identified. That platform is DirectTrust. 

Hernandez’s presentation was intentionally scheduled as our 2025 lead-in session to provide a call to action to guide our conference intention: Tech giants are still trying to “disrupt” the industry. Inform them that communities like DirectTrust already exist. DirectTrust is part of the solution to making the world a better place. Don’t let Haven Health happen again. 

Progress, Policy, and the FBI

Following the keynote, we received a brief but detailed virtual update from Steven Posnack, Principal Deputy Assistant Secretary for Technology Policy (ASTP) and Principal Deputy National Coordinator for Health Information Technology. He shared how the ASTP is evolving to match the new administration and their term goals and reflected on the impact of DirectTrust and our growth across the ecosystem. Posnack reintroduced ASTP’s core activities and priorities and explained how their work supports the radical transparency priorities of the current administration to provide more meaningful price information and support a competitive, higher-quality healthcare system.An appropriate successor for his report-out was our “spicy” (as Stuewe introduced them) Advocacy Panel. This panel of health data regulatory experts included Michael Marchant of Sutter Health, Nora Cox of Texas e-Health Alliance, Jodi Daniel of Wilson Sonsini Goodrich & Rosati, Brett Meeks of Jeffrey J. Kimbell & Associates, and Bevey Miner of Consensus Cloud Solutions. They examined government signals, specifically the recent CMS Ecosystem RFI, and their implications for the future of interoperability, identity, and cybersecurity. 

A respectful debate quickly ensued regarding the bipartisan (or not) nature of the evolving healthcare data exchange landscape, questioning: Does necessary momentum rest on states, or does the federal government need to provide a clear and definitive infrastructure for states to implement?

Per Daniel, challenges essentially exist and transition across administrations. The problem is the current “ready, fire, aim” approach that lacks coordination and minimizes focus on patients, saying, “Regulation is necessary to make sure we are prioritizing what’s best for patients.” 

Meeks summarized the group consensus: “How do we make the federal government set some ground rules? Because the patchwork of 50 states is not going to do it.”

The conversation was largely centered around patients, advocating for their rights to access their own data, and the systems in place to facilitate this access.

Before lunch, all attention was on the FBI, CISA, and the St. Louis Fusion Center for a deep dive into cybersecurity and cyberterrorism. Appropriately, the highly insightful session was media-restricted to protect the speakers and their talking points. Thank you to the FBI, CISA, and St. Louis Fusion Center for taking the time to join us and share your fascinating experience.

Government in HIT – Benefit or Detriment?

The perfect session to combat the post-lunch haze was our widely anticipated debate. Teams of two highly credentialed experts argued both sides of the proposition: Government should have little to no role in HIT standards development and cybersecurity expectations.

To start off strong in support of the proposition (lack of government involvement), Mitch Chaney, of Insenna, and Ryan Howells of Leavitt Partners and The CARIN Alliance noted significant bureaucratic challenges and the slow nature of government processes as obstructions to the complexities of healthcare IT. 

Taking on the opposing argument (pro government involvement), Paul Wilder of CommonWell Health Alliance and Angie Bass, a private consultant, expressed concern over the lack of a federally established baseline or standard in the healthcare industry without government oversight.

The teams switched sides halfway through the session – throwing us all for a loop. In a mic-drop moment from Bass in support of the proposition, she argued, “You should be able to trust your government, but can you?”

Moderator Nora Cox closed out the debate by polling the audience – not to determine a winner, but to express opinions on the proposition. A majority of attendees agreed that the government is the only entity capable of establishing a trusted and widespread standard for health IT, but it must guide with good intent to drive better outcomes. Per Howells, “It’s possible to figure this out together.”

Information Security + Operationalizing Interoperability

Tuesday afternoon’s breakout sessions included a CISO Roundtable and Direct Secure Messaging Use Case Workshop – both sessions occurred concurrently, with respective report-out sessions on the Main Stage following our afternoon break.

First, Greg Garcia of the Health Sector Coordinating Council Cybersecurity Working Group moderated the CISO roundtable report-out. Garcia set the tone for the discussion, saying, “Critical infrastructure has meaning, and that’s life and death – information services is one of them.”

The panel, Robert Eikel of P-n-T Data Corp, Bill Reid of Google, Donny Wilson of AWS, and Judy (Hatchett) Molenaar of Surescripts, reported key learnings from those roundtable conversations. The panelists agreed: Cybersecurity is EVERYBODY’s business – from front desk intake to nurses to C-suite executives – and should be foundational to an organization’s cultural practice.

Separately, a panel of experienced health information workflow leaders discussed implementing Direct Secure Messaging and the use cases that illustrate how to leverage the platform to its full potential. The use cases explored opportunities to empower providers to support underserved maternal health populations, track infection prevention intervention data, monitor rural TBI patients, and notify behavioral health patients about their continuity of care.

Trust in Action — From Federal Insights to Final Jeopardy

The second full day of the event brought urgency and action to the forefront — from recorded remarks on federal priorities to breakout sessions on identity, consent, and cybersecurity. Throughout the day, one word rang out: trust.

“Interoperability requires a community-based approach among federal partners, community providers, and trusted organizations like DirectTrust.”

That was the message from Congresswoman Nikki Budzinski (D-IL), who opened the morning with recorded remarks from Washington. As a ranking member of the House Committee on Veterans Affairs’ Technology Modernization Subcommittee, Rep. Budzinski highlighted the bipartisan passage of the Elizabeth Dole 21st Century Veterans Healthcare and Benefits Improvement Act of 2025 and its role in shaping future interoperability between the VA and community providers. Her remarks underscored the importance of cybersecurity investment and collaboration across sectors — noting DirectTrust as a key partner in that mission.

Following her message, Kathryn Ayers Wickenhauser welcomed Kassie Stagner, Professional Staff Member for the Subcommittee, to the main stage for a candid fireside chat. Kassie emphasized the need to prioritize data privacy and cyber resilience in an increasingly digital VA ecosystem. She touched on barriers to care, especially for rural veterans, and noted how technical support roles must be elevated as mission-critical. “We rely on the community to bring forth technological solutions,” she said, echoing a core DirectTrust value.

From there, the morning dove into the Identity and Identifiers Orientation, where AHIMA’s Kate McFadyen, Dr. Joe Schneider, and Andrew Hughes of FaceTec unpacked the policy and technology layers of healthcare identity. The trio touched on Patient ID Now efforts, voluntary identifier frameworks, and how biometrics play a role in establishing trust in identity.

Later, attendees had the opportunity to hear directly from the DEA in a closed-door, media-restricted session on improving security in the prescription drug supply chain. The discussion examined potential gaps in system coordination across the public, private, and federal sectors and emphasized how closer collaboration can close those gaps, especially when responding to crises. Following their session, Adam Forman of DAW Systems shared an example of this fraud in real-life, and how his organization was able to take steps to mitigate and prevent it in the future. The conversation continued in an afternoon breakout session examining the criteria for the Electronic Prescribing of Controlled Substances Certification. 

A midday panel on cross-sector partnerships brought key players together for a conversation on real-world challenges and lessons learned. Moderated by Wickenhauser, the panel included Debbie Condrey of eHealth Exchange, Josh Wymer from the State of Missouri Health Data Consortium, and Michael Marchant of Sutter Health. Their discussion focused on the “last mile” of care and how leveraging health information exchange and partnerships can turn barriers into breakthroughs. As a powerful reminder of the day’s central theme, Wymer noted, “Change can drive innovation.”  

The afternoon workshops brought fresh energy and real-world focus. These sessions tackled consent management, messaging enhancements, and identity infrastructure in a collaborative, problem-solving push for consensus.

After a day of deep dives and debates, the conference closed on a fun, competitive note with Cybersecurity Jeopardy, hosted by Greg Garcia. With questions spanning secure identity to data threats, the session tested attendees’ knowledge and quick reflexes. Laughter, good-natured rivalries, and a few buzzer battles ensued, but everyone left a little sharper and more inspired to prioritize cybersecurity in their own organizations.

Securing Identity, Embracing Innovation, and Preparing for What’s Next

The last day of the 2025 Annual Conference delivered a powerful finale, opening with Built to Trust, a panel tackling one of the most urgent challenges in digital health: how do we secure healthcare data in a world of rising identity fraud and evolving cyber threats? 

Thank you to our session sponsor, Surescripts, for supporting this important conversation, as well as to Judy (Hatchett) Molenaar for sharing valuable insights on the role of identity in protecting patient data and enabling trusted interoperability. Jason Sherwin of CLEAR reminded us that healthcare is a “zero-fail environment,” drawing parallels to his company’s work in other high-stakes sectors, while Sean Newton of ZeOmega emphasized the need for secure workflows in real-time care delivery. 

The morning continued with Securing Health Data in a Post-Quantum World, where Scott Rea of CertiNext explored the looming risks associated with quantum computing and its implications for healthcare cybersecurity. As we learned, preparing for a quantum-resilient future isn’t optional; it’s essential.

Then, in Without Strong Biometric Binding, You Can’t Know Who UR, FaceTec’s Jay Meier challenged the status quo of identity and access management, emphasizing that trust cannot be built on device credentials alone. His call for biometric binding and new authentication protocols brought the conversation full circle to the human element behind cybersecurity.

Finally, our closing panel, Bringing it Together: The Intersection of Interoperability, Identity, and Cybersecurity united the week’s themes with clarity and purpose. With live polling and audience input, the session featured Laura Nixon of Clinical Architecture, Christopher Larkin of Concord Technologies and Mike Green of Availity, and was moderated by Kathryn Ayers Wickenhauser. The session echoed a core belief that resonated throughout the conference: that collaboration, thoughtful design, and practical innovation are key to real progress in healthcare.

We’re grateful to our sponsors for helping make this year’s event possible and to every attendee who shared their expertise, challenges, and ideas. The 2025 DirectTrust Annual Conference proved that collaboration across sectors is essential. We’ll be sharing more on the progress sparked here throughout the year, and we can’t wait to continue building trust, advancing innovation, and improving care… together.

Jordan Barrett is Communications Strategist for DirectTrust and Dave Anderson is President of Anderson Interactive.