By Tony Schueth
The 21st Century Cures Act contains a number of requirements aimed at improving interoperability in health care and information exchange. However, there is one that may have slipped below the radar for many stakeholders: the creation of a Trusted Exchange Framework. The government is building that out through the Trusted Exchange Framework and Common Agreement (TEFCA).
TEFCA is taking an expansive look at interoperability and improving data exchange by health information networks (HINs). The concept is to create a network of networks and connect authorized participants or end users. These include payers, vendor networks, government agencies, individuals and the nation’s 100-or-so health information exchanges (HIEs). HIEs are organizations that build point-to-point connections between healthcare providers and facilitate the transaction of patient data between them. In contrast, HINs are health data sharing organizations with a broader scope of what health data may be exchanged, when, how and by whom. HINs may operate locally, regionally, or nationally. However, HINs don’t necessarily exchange health information with each other for various reasons, such as variations in participation agreements and competitive interests. It is expected that TEFCA will change all that.
Implementation and high-level oversight of TEFCA is being done by the Office of the National Coordinator (ONC). The agency issued draft implementation guidance in January, which is described briefly below. (Click here for ONC’s detailed explanation.) The comment period has subsequently closed and the final version of TEFCA will be published in the Federal Register later this year.
How TEFCA may work. The draft TEFCA guidance contains policies, procedures, and technical standards that the government views as an on-ramp to interoperability. This is expected to bridge the gap between providers’ and patients’ information systems and enable interoperability across disparate HINs.
TEFCA implementation will depend on specific entities:
- Recognized Coordinating Entity (RCE). The RCE will have oversight, enforcement, and governance responsibilities for each of the Qualified HINs, which will actually conduct the data exchange. It will be selected competitively and is likely to be a private-sector entity
- Qualified HINs (QHINs). These designated “super networks” (as I’m calling them) connect directly to each other and function via “connectivity brokers.” A Connectivity Broker is a service provided by a Qualified HIN that provides such functions as a master patient index (federated or centralized); Record Locator Service; Broadcast and Directed Queries, and return of health data to a requesting, authorized Qualified HIN. This enables disparate HINs to connect to each other and share data.
Qualifications for becoming an QHIN are quite detailed—potentially limiting the number of QHINs and eliminating what some would consider as obvious candidates. For example, a single regional HIE or a single EHR vendor network are not likely not qualify as a QHIN. On the other hand, groups of payers or groups of EHR and analytics vendors could possibly become QHINs. Some commenters have raised concerns about QHIN eligibility and how QHINs will relate to existing data sharing initiatives, such as the eHealth Exchange and the Commonwell Health Alliance. Presumably such issues will be addressed in the final guidance.
- Simply put, these are a person or entity that participates in the QHIN. Participants connect to each other through the QHIN, and they can access organizations not included in their QHIN through QHIN-to-QHIN connectivity. Participants can be HINs, EHR vendors, and other types of organizations. The QHIN makes it possible for them to connect to each other and to other types of end users, such as individuals and their caregivers.
ONC has provided the following depiction of how it all could fit together.
A key piece of TEFCA is the Common Agreement, which QHINs and their participants will voluntarily agree to adopt. Specifics are spelled out in two parts. Part A—Principles for Trusted Exchange, provides general principles designed to provide guardrails and promote trust between HINs based on existing trusted exchange frameworks in the marketplace. Part B—Minimum Required Terms and Conditions for Trusted Exchange provides the specifics on how HINs become and stay a QHIN.
Why stakeholders should care about TEFCA. TEFCA frankly will not capture the immediate attention of many stakeholders. After all, not everyone is an HIN or participates in one; TEFCA compliance will be voluntary; and implementation will begin at an as-yet-unspecified date in the future.
But stakeholders should not be lulled into a false sense of security. While there are myriad details still to be ironed out, TEFCA will impinge on just about every aspect of the technologies and specifications for health data exchange. This includes, for example, standardization of information and data quality, security, privacy, authentication, and standards. As noted by HIMSS, there currently are no common national standards for data access, patient matching, data normalization, or a revenue model that all states, health systems, and providers can either agree on and/or meet.
As a result, TEFCA will affect business relationships and how providers, payers and others will share data for improving the quality of care, transitioning to value-based care and facilitating data analytics. HIEs and others will need to modify their contractual relationships with participating organizations and QHINs.
As ONC summed it up: TEFCA will affect everyone in the country. This will make TEFCA adoption, well, a must for entities developing and using technology for health information exchange.
Point-of-Care Partners will be keeping on top of TEFCA as it continues to roll out. Of particular interest are timelines and how other 21st Century Cures provisions (such as increased use of application programming interfaces and prohibitions on “information blocking”) will be implemented and harmonized with the TEFCA. Let us keep you on top of TEFCA developments as they unfold. Contact me at email@example.com.