HIMSS leaders outline 2025 public policy priorities

LAS VEGAS – At the 2025 HIMSS Global Conference & Exhibition here, Tom Leary, senior vice president and head of government relations at HIMSS, and Jonathan French, senior director of public policy and content development at HIMSS, discussed the organization’s role in progressing health technology policy in government. 

In their talk, “Forecasting the Global Policy Landscape in 2025,” the pair highlighted ways HIMSS establishes policy guidelines and what those recommendations consist of.

“We believe that to realize the full health potential of every human everywhere is a responsibility that this organization fully embraces in order to achieve our mission of reforming the global health ecosystem through the power of not only technology but information and technology,” Leary said. 

“The data that becomes actionable information that then helps to drive public policy is what our team focuses on.”   

The HIMSS Public Policy Committee provides content and SME engagement to the HIMSS Enterprise and creates content and resources to inform, drive action and lead change. 

The committee advises on policy guidance and prioritization around artificial intelligence, cybersecurity, digital transformation, workforce and health equity. 

It also provides public policy principles for governments to ensure that policy exists to support the rapid speed of innovation. 

The Public Policy Principles include the following:

• Health equity

• Data privacy, security and cybersecurity

• Interoperability, health information exchange and infrastructure

• Connected health

• Quality, value, safety and outcomes

• Clinical and administrative efficiency

• Innovation and research

• Patient activation and engagement

• Workforce development and economic growth

• Population and public health

“The board of directors has said everything needs to flow through health equity. It is what our vision for the organization is. All of the rest of the work has to flow through and deliver on health equity,” Leary said. 

This year, the committee is focusing on AI, digital health transformation, cybersecurity and data privacy, and workforce development.

“The first three pillars are critical, but you cannot deliver on them without a strong, robust workforce that is properly prepared for the work ahead, as well as an understanding that the technology is not necessarily there to replace the individual but to augment their work and to reduce their burden,” Leary said. “But if you don’t have a workforce, the others will not be successful.”

Regarding cybersecurity, funding and scalability for security measures, risk management, analysis, mitigation and education programs to extend the cybersecurity workforce are a priority. 

“We’re focusing in 2025 on telehealth and remote patient monitoring as well as broadband expansion,” Leary said. “Finally, public health data and system modernization in the United States is a policy priority.”

Still, French says a new administration is in place, and navigating this new era is essential. He said the Trump administration rescinded Biden’s AI-focused executive order, which concentrated heavily on using AI within the federal agencies. 

“It gave us a framework of what was being anticipated as far as future AI regulatory framework for the country,” French said.   

“That executive order was rescinded by the Trump administration, which also rescinded the requirement of a chief AI officer within all federal agencies.”

President Trump did sign an executive order that called for the development of an AI Action Plan, but the individuals leading the effort do not include a healthcare presence. 

“We have to make our voices heard,” French said. “When you look at the regulatory oversight of artificial intelligence, the healthcare industry is unique. There are unique risks. There are unique opportunities, and we have to make sure that that voice is reflected.”

Individual states such as Virginia, California and Oklahoma have stepped in and established frameworks for AI policy strategy. Still, if policies vary from state to state, developers must create products that fit the compliance rules of different markets. 

“[Developers] would have to create products that fit the compliance requirements of 51 different markets. We have not even started talking about the rest of the world yet. That’s just in the United States. That’s incredibly challenging,” French said.

HIMSS does have its AI Policy Principles, which include the following AI Action Plan Recommendations, which regulation should consider: 

• Risk-based frameworks (consider risk, intended use, outcomes and the level of learned intermediary oversight when setting regulatory requirements).

• Development (conduct appropriate feasibility, safety and mitigation of bias testing). 

• Deployment (require action and monitoring by all parties, encouraging the use of technology to evaluate and monitor model performance). 

• Feedback Loop (create standardized channels to allow end users, patients and caregivers to provide feedback to policymakers and developers on the results of real-world applications of AI models). 

• Appropriate data access (allow for harmonization to ensure AI/ML technologies can exchange data across different healthcare systems).

• Workforce development (support adding the skill sets and knowledge needed for a workforce focused on testing, monitoring and validation).

• Equity (AI should not be allowed to deny access to healthcare benefits based on protected characteristics).

• Cybersecurity and privacy protection (privacy, disclosure and consent standards specific to AI/ML technologies should be developed for how patient information is used and shared).

HIMSS also proposed a response to the change in HIPAA Security Rules, recommending convening regulated entities representing the border community, leveraging the NIST Cybersecurity Framework 2.0, HHS Cybersecurity Performance Goals Essential Goals and HIMSS Cybersecurity Survey. 

Additionally, HIMSS recommended that requirements focus on the highest risk/threats (ransomware), a minimum of 18 months post-publication for a final rule to comply, and to provide resources or encourage the use of Physician Self-Referral/Anti-Kickback Flexibilities. 

HIMSS Cybersecurity Policy Principles recommend developing a unified, global approach by adopting consensus-based and industry-led guidelines and best practices.

The pair circled back to the need for a workforce knowledgeable about technology, advocating for policies by the government that are not so restrictive that individuals without advanced degrees can be active members of the community. 

Looking forward, HIMSS’ primary areas of concern around public policy in 2025 include:

• Health equity

• Protecting access to telehealth

• Leveraging technology to reduce maternal mortality and eliminate disparities

• Public health data modernization

• Interoperability and information access

• Patient identification and matching

• Impact of deregulation

• Lack of funding for innovation

“In terms of what we’re hoping the administration and governments in general can learn from us is the practical implications of policy ideas and policy change. Our organization really drives home not only the theoretical but how the possible policy will impact the doctor, the nurse and the IT professional at a small clinic or large facility,” Leary told MobiHealthNews following the event. 

Regarding the types of issues HIMSS wants to make sure the government takes into account from an AI perspective, Leary said, are the risk-based discussion, ensuring there is a learned intermediary involved or a human is still in the loop, and making cybersecurity a high priority.  

“In the United States in particular, we are calling on Congress and calling on the administration to have a national policy around AI and cybersecurity. Otherwise, we will be impacted by other governments or decisions that are made in other capitals,” Leary said. 

The pair said individuals could take action and participate in HIMSS grassroots advocacy campaigns and tell elected officials to take action with supporting telehealth or preserving IHS and public health modernization efforts by clicking here.