On January 18, 2022, the U.S. Department of Health and Human Services (HHS) Office of the National Coordinator for Health Information Technology (ONC) and the entity chosen as a contracting partner, The Sequoia Project, Inc., published the long-awaited Trusted Exchange Framework and Common Agreement (TEFCA) for health information exchange. In simple terms, TEFCA is a framework that health information networks (HINs) may enter into to share health data with other HINs, individuals, and entities. The stated goal of TEFCA is to develop uniform policies and technical requirements to scale health information exchange nationwide and ensure that HINs, health care providers, health plans, individuals, and other stakeholders can access real-time, interoperable health information.
The development of TEFCA was mandated by the 21st Century Cures Act (Cures Act). In the broader context, ONC has been working on governance for a nationwide health information exchange for over a decade. A proposed framework was published by ONC in 2018 and was subsequently modified after receipt of public feedback. Although funded by the government, there was very little transparency on the process for drafting the framework or on the process for consideration of those comments. Participation in TEFCA is voluntary, and the framework is quite complex; as discussed below, it remains to be seen whether, and to what extent, HINs will choose to participate.
Here are some of the basics:
What is TEFCA?
TEFCA refers to the Trusted Exchange Framework and the Common Agreement.
Trusted Exchange Framework – The Trusted Exchange Framework (TEF) describes high-level, non-binding principles for trust policies and practices that can help facilitate exchange among HINs. The TEF is built on policy principles that have underpinned ONC’s activities and federal health IT policies for over a decade.
Common Agreement – The Common Agreement (CA) is a legal agreement between the Recognized Coordinating Entity (RCE), which is currently the Sequoia Project, Inc., and Qualified HINs (QHINs) that advances the TEF principles and policies for network-to-network data sharing. QHINs are required to flow down certain provisions to entities that have entered into Participant-QHIN agreements (Participants), whereby the QHIN agrees to transmit and receive information via QHIN-to-QHIN exchange on behalf of the Participant. Similarly, certain provisions must flow down in downstream contracts to, entities that have entered into either a Participant-Subparticipant agreement or a Downstream Subparticipant agreement (Subparticipants) to enable the Subparticipant to use the services of the other contracting party to send and/or receive information for one or more Exchange Purposes. The CA includes 6 Exchange Purposes, which are reasons for which information could be requested or shared through QHIN-to-QHIN exchange:
- Treatment
- Payment
- Health Care Operations
- Public Health
- Government Benefits Determination
- Individual Access Service
The QHIN Technical Framework (QTF) and Standard Operating Procedures (SOPs) are separate documents but are incorporated by reference into the CA and are, thus, part of the contract.
QHIN Technical Framework – The QHIN Technical Framework, developed by the RCE, describes the functional and technical requirements that a HIN must fulfill to serve as a QHIN under the CA to support query and message delivery. The QTF includes standards for QHIN-to-QHIN exchange of health information.
Standard Operating Procedures – The SOPs, also developed by the RCE, are written procedures that provide detailed information or requirements related to the exchange activities under the CA. SOPs for various topics, including Dispute Resolution and QHIN Cybersecurity Coverage, are posted under “Common Agreement Resources” on the RCE’s website.
TEFCA Guidance – In addition, ONC and the RCE published TEFCA guidance documents:
- Fast Healthcare Interoperability Resource (FHIR) Roadmap for TEFCA Exchange Version 1 – A 3-year roadmap for FHIR-based exchange.
- User’s Guide to TEFCA
Key Highlights
Governance
The CA creates a Governance Council made up of QHINs, Participants, and Subparticipants. This will be run by the RCE. Advisory groups may be created from time-to-time, but otherwise entities that are not involved directly in governance, such as those who have some concerns about provisions in the CA or patients themselves, may not have a formal mechanism for providing input to TEFCA activities.
Flow-Down Clauses
The CA includes a number of clauses that must be included in downstream Participant and Subparticipant contracts, including:
- Cooperation and Nondiscrimination
- Confidentiality and Accountability
- Utilization of the RCE Directory Service
- Uses, Disclosures, and Responses
- Special Legal Requirements
- Individual Access Services
- Privacy
- Security
Generally, HINs that wish to be QHINs would have to modify their participation agreements, as the requirements may be inconsistent with the policies, operation, or exchange purposes.
Standards
There are a couple of interesting notes on the QTF standards. First, the QTF specifies that QHIN message delivery must use Cross-Community Document Reliable Interchange (XCDR) rather than Direct Secure Messaging, which is incorporated in ONC’s certification program regulations and is a part of the workflow of every certified EHR system. Second, the initial versions of the CA and the QTF do not explicitly incorporate FHIR-based exchange. While there has been a push toward the use of FHIR, ONC stated that “network enablement of FHIR is still maturing in key areas.”
What Came Before?
It has taken some time for ONC to publish TEFCA, but it is important to note that ONC has looked at governance for health information exchange for many years. Here are some key activities:
- The Nationwide Privacy and Security Framework for Health IT published in 2008
- The proposed Nationwide Health Information Network: Conditions for Trusted Exchange published in 2012
- The Governance Framework for Trusted Health Information Exchange published in 2013
Given these prior attempts at standardizing the framework for nationwide health information exchange, it remains to be seen whether TEFCA will prove to be a success.
What’s Next?
Currently, no QHINs have been approved and established. HINs may apply with the RCE to become a QHIN. During the application process, the prospective QHIN must demonstrate to the RCE that it meets the eligibility requirements and can comply with the requirements included in this CA, the QTF, and the SOPs.
Since participation in TEFCA is voluntary, it is uncertain how many entities will apply for QHIN designation. The biggest question is whether HINs will view participation in TEFCA to be favorable enough to change their existing policies and participation agreements to meet the CA requirements. There is also speculation as to whether HHS will tie participation to other regulatory requirements or incentives. Depending on the future level of participation in TEFCA, contractual terms and technical standards may become “industry standard” or serve as a benchmark for contract negotiations involving HINs.
The RCE has scheduled informational webinars in the coming weeks and the RCE and ONC have asked for feedback on its approach.