Federal Health IT Strategic Plan and Third-party Risk Management

Jennifer Johnson

On March 27, 2024, the Office of the National Coordinator for Health Information Technology (ONC) released the 2024-2030 Federal IT Strategic Plan which is in draft for public comment.

The four goals of the 2024-2030 plan are:

  • Promote Health and Wellness
  • Enhance the Delivery and Experience of Care
  • Accelerate Research and Innovation
  • Connect the Health System with Health Data

In this first of a four-part series, I’ll explore each of these goals, the objectives that will drive the attainment, and highlight some of the strategies for advancing these goals while connecting the strategies to ways that Connection helps our clients.

Why Is the Federal Health IT Strategic Plan Important to Health IT?

The plan is important because it guides federal government efforts, helps constituents understand how their tax dollars are being spent, and emphasizes health equity in all aspects of health IT and electronic health information (EHI). More than 25 federal government organizations will use the plan to prioritize resources, align and coordinate efforts, benchmark and assess progress, and most importantly, amplify health IT priorities to the industry.

This plan builds upon significant progress made in prior plans, including common standards such as UCDI and HL7 FHIR—which allows the electronic capture and exchange of clinical data with an increased emphasis in areas such as health equity, public health, and artificial intelligence.

Goal 1: Promote Health and Wellness


  • Individuals are empowered to manage their health.
  • Individuals and populations experience modern and equitable healthcare.
  • Communities are healthier and safer.

The strategies to help individuals manage their health include using EHI securely, privately, and without special effort so that they can engage with their own health information. Another strategy is to improve the security and portability of EHI through APIs and other interoperable health IT so that individuals can easily use their EHI across various technology platforms. It’s important to help protect an individual’s right to share EHI with third-party applications safely, privately, and securely by protecting EHI in circumstances where HIPAA rules are not applicable.

Though the specific language in the strategic plan around the use of EHI is aimed at individuals managing their own health information, often—through the use of smartphones and wearable technology—it underscores the importance of understanding the risk of putting personal health information into third-party applications.

Healthcare provider organizations rely heavily on third-party applications in all facets of care delivery. Within a healthcare provider organization, third-party risk monitoring ensures all business partners are compliant to that provider organization’s standards and risk tolerance. 62% of cybersecurity threats originate from within the third-party ecosystem. Traditional assessment methods, such as questionnaires, risk scoring services, and periodic audits are not only time-consuming, they also fall short in providing comprehensive, real-time insights into third-party risks.

To address the pressing issue of third-party cybersecurity risk, Connection offers a different approach that efficiently collects and analyzes critical risk assessment data and eliminates manual inefficiencies. We aggregate risk assessment results and present a comprehensive and current view of third-party risks.

An aggregated risk score for each third-party partner offers healthcare IT professionals the opportunity to prioritize actions based on risk levels, enabling them to take timely, well-informed measures to bolster their cybersecurity defenses. Connection’s proactive risk management approach equips you with the tools needed to protect sensitive data and maintain the trust of your patients and their families. If you’d like to learn more about how Connection can help your organization effectively control third-party risk, engage our Healthcare Practice today to get started.

Jen has worked in field sales with Connection since 2010 and joined the healthcare practice in 2015 as Healthcare Sales Director.  She has more than 20 years in IT, including prior roles in distribution and manufacturing. Jen holds her Certified Digital Health Leader designation from the CHiME organization and is a member of HIMSS, where Connection is a diamond sponsor.