By Annie Harrington, Chief Legal Officer & Privacy Officer, Contexture — in collaboration with Mel Soliz, Partner, Coppersmith Brockelman PLC
Disclaimer: The information in this article is not legal advice. If you have questions about how TEFCA will affect your organization or what you need to do to participate in TEFCA, you should seek legal counsel. The interoperability space changes fast, so some of what is shared here could become outdated at some point.
Introduction
TEFCA stands for the Trusted Exchange Framework and Common Agreement. In the 21st Century Cures Act of 2016, Congress directed the U.S. Department of Health and Human Services (HHS) Office of the National Coordinator of Health Information Technology (ONC) to establish a nationwide interoperability framework for the exchange of electronic health information. Interoperability is the ability to exchange data across different technology systems without special effort on the part of the user.
In 2019, the ONC designated the Sequoia Project as the Recognized Coordinating Entity (RCE)—the governing body tasked with developing, implementing and managing TEFCA.
TEFCA consists of four key components:
- The Trusted Exchange Framework (the “TEF”);
- The Common Agreement (the “CA”);
- The Qualified Health Information Network Technical Framework (the “QTF”); and
- Standard Operating Procedures (the “SOPs”).
On Jan. 19, 2022, the ONC and RCE released version 1 of the TEF, Common Agreement and the QTF. Since then, the RCE has released over a dozen final and draft SOPs, including an SOP for the onboarding and designation of Qualified Health Information Networks or QHINs. QHINs are health information networks that meet the RCE’s rigorous financial, technical and data governance requirements to deliver the legal, administrative and technical backbone necessary to support nationwide data exchange. The RCE opened the QHIN application process on Oct. 3, 2022 and is expected to approve the first batch of QHINs in the first or second quarter of 2023.
Importantly, the TEF, Common Agreement, QTF and SOPs only establish the “rules of the road” for nationwide data sharing. TEFCA is NOT in itself:
- A network;
- A technical standards body;
- A technology;
- A platform;
- A data service; or
- Legally mandated – participation is optional.
TEFCA is a framework that exists to support nationwide data sharing. Its success will depend on broad adoption by stakeholders in the healthcare community and on whether QHINs and their Participants and Subparticipants can bring to market the technology and services that meet the minimum TEFCA requirements.
This post provides a high-level breakdown of the four key components of TEFCA, how TEFCA differs from existing nationwide data sharing frameworks and how Contexture plans to support nationwide data sharing under TEFCA.
The Four Components of TEFCA
1. The Trusted Exchange Framework
The trusted exchange framework, or the TEF component, is comprised of seven non-binding trust principles:
- Standardization
- Openness and transparency
- Cooperation and nondiscrimination
- Privacy
- Security and safety
- Access
- Equity and public health
These trust principles inform all aspects of the TEFCA ecosystem, from the Common Agreement and SOPs to the QTF.
2. The Common Agreement
The Common Agreement is a 64-page, legally binding contract between the RCE and approved QHINs. QHINs are required to flow down many provisions of the Common Agreement to their Participants and Subparticipants, including the requirement to comply with applicable law and relevant RCE SOPs. Because of the flow-down requirements, the Common Agreement will effectively require all persons and entities participating in the TEFCA ecosystem to comply with the same “rules of the road” when engaging in data exchange through a TEFCA-enabled network.
Source: The Sequoia Project, User’s Guide to the Trusted Exchange Framework and Common Agreement – TEFCA, slide 12.
3. The QHIN Technical Framework
The QHIN Technical Framework, or QTF, and related Technical Trust Requirements set out the minimum technical requirements a health information network must meet to serve as a QHIN. For example, QHINs must be capable of supporting the following two exchange modalities: (1) QHIN Query (i.e., a data pull/request from one or more QHINs); and (2) QHIN Message Delivery (i.e., a data push to one or more QHINs.)
Some QTF requirements also flow down to or impact Participants and Subparticipants. For example, Participants and Subparticipants can only be attributed to a single QHIN in the RCE Directory. This means a Participant with multiple facilities cannot participate in more than one QHIN.
The RCE has also published a three-year roadmap for FHIR® readiness. FHIR® (Fast Healthcare Interoperability Resources) is a technical standard describing data formats and elements (known as “resources”) and an application programming interface (API) for exchanging health information between different computer systems. FHIR exchange is currently required by the CMS interoperability mandates for certain CMS-regulated payers to satisfy Patient Access API requirements. TEFCA will not be FHIR ready until at least 2025.
4. Standard Operating Procedures
QHINs, Participants and Subparticipants are all also required to comply with the RCE’s SOPs that apply to them. The SOPs detail the specific requirements that must be met to satisfy Common Agreement and QTF obligations, including those obligations that must be flowed down to Participants and Subparticipants. Thus far, the RCE has proposed and/or finalized over a dozen SOPs and is currently drafting several more.
Each SOP’s title page has an applicability statement that indicates to whom the SOP applies. For example, SOP: Exchange Purposes applies to QHINs, Participants and Subparticipants. This SOP requires that all QHINs, Participants and Subparticipants respond to requests for electronic health information for treatment purposes and individual access services.
The TEFCA Difference
TEFCA is not the first or only framework used to support nationwide data exchange of electronic health information. Indeed, TEFCA builds on the lessons learned by entities affiliated with the Sequoia Project that operate networks subject to similar data sharing frameworks, such as the Data Use and Reciprocal Support Agreement (DURSA) and Carequality Interoperability Framework.
TEFCA does not—and is not intended to—replace any existing health information exchanges, networks or solutions in use today. Rather, it is another option that stakeholders may choose to use to access and exchange electronic health information.
But what makes it different? TEFCA is:
- Government endorsed. TEFCA is an ONC initiative. Governmental agencies, such as the Centers for Medicare & Medicaid Services (CMS) and ONC are expected to incentivize TEFCA participation. For example, TEFCA can be selected as an option for meeting CMS’ Promoting Interoperability health information exchange measure.
- RCE approval. TEFCA requires that QHINs demonstrate that they have the technical, administrative and financial resources to support nationwide data exchange. This suggests that networks operating under the TEFCA framework may be more secure and reliable than existing networks operating under other frameworks.
- Mandatory bidirectional data exchange. Although TEFCA participation is voluntary, once an organization chooses to participate in TEFCA, participation in certain use cases is mandatory. For example, all Participants and Subparticipants must respond to requests for electronic health information for treatment purposes and individual access services. Over time, the RCE is expected to mandate participation in all the TEFCA-permitted use cases, including but not limited to payment and healthcare operations.
However, TEFCA is not a silver bullet that will solve any or all of the complexities of nationwide data exchange. TEFCA relies on each QHIN, Participant and Subparticipant to comply with the laws that apply to them. TEFCA does not propose any legal or technical solutions for data segmentation or segregation, consent management, or compliance with laws that impose more restrictive privacy requirements than HIPAA. There is no TEFCA master patient index or identity verification solution for individual access services or authorization-based use cases. It is also unclear at this time what audits and enforcement will look like for this trusted exchange framework.
The Contexture HIE and TEFCA
Contexture is uniquely positioned to offer a TEFCA connection to our Participants. We already offer access to other nationwide data sharing networks (e.g., eHealthExchange, Patient Centered Data Home), and we plan to offer a connection to future nationwide TEFCA network exchange that meets the legal and compliance requirements of our Arizona and Colorado markets.
Contexture Mission
Advancing individual and community health and wellness through the delivery of actionable information and analysis.
TEFCA Purpose
To help enable nationwide exchange of EHI across disparate networks to ensure that stakeholders have secure access to their information when and where it is needed.
TEFCA’s goal of nationwide query and push-based data exchange aligns with Contexture’s values and mission. Contexture is always striving to ensure that health information securely gets when and where it needs to go to improve patient care and support care coordination.
How Will Contexture Participate in TEFCA?
Contexture does not have plans to apply to be a QHIN. Why is that? Contexture is an HIE that is funded by and supports our local healthcare communities in Arizona and Colorado in compliance with the laws that apply to those communities. To support national scale data exchange, a QHIN must be prepared to manage tens or hundreds of millions of queries for health information from tens of thousands (if not millions) of data requesters from all over the United States. A QHIN is prohibited under the Common Agreement from passing the costs associated with such transactions onto other QHINs. Consequently, if Contexture were to seek QHIN status, the cost of supporting that level of data exchange would be borne by Contexture’s participants in Arizona and Colorado. While Contexture strongly supports nationwide data exchange, as a community HIE, we are not prepared to push those QHIN operating costs to our customers. As such, we have opted not to apply for QHIN status in this initial round.
Instead, Contexture plans to participate in TEFCA as a Participant of a QHIN. We are keenly watching the QHIN application and designation process. Contexture is a member of the Consortium for State and Regional Interoperability (CSRI), a collection of five of the nation’s largest and most robust nonprofit health data networks. CSRI recently announced its member’s intention to be a Participant of the eHealth Exchange’s QHIN, if it is so designated and if the infrastructure aligns. Joining the eHx QHIN could have some technical and logistical advantages since Contexture is already configured to share data through the eHealthExchange and has active data exchange through the eHX hub. We will continue to carefully monitor the QHIN application and designation process. Ultimately, Contexture is committed to partnering with a QHIN that is a good technical and philosophical fit for our customers.
Source: The Sequoia Project, User’s Guide to the Trusted Exchange Framework and Common Agreement – TEFCA, slide 15.
What will Contexture’s TEFCA participation look like for our Participants?
- New TEFCA Service Line: Just as our customers can currently select what HIE services to sign up for and utilize, Contexture plans to develop a new TEFCA service line. Once we officially contract with a QHIN, we will evaluate whether any interface connections that already exist that may be leveraged to support data exchange.
- Opt-In Model: Contexture customers will be given the choice to “Opt-In” to Contexture’s QHIN connection. Those customers that opt-in will become Subparticipants to Contexture’s QHIN Connection.
- Addendum to HIE Participation Agreement: Those customers that opt to be Subparticipants through Contexture will be required to sign an addendum to their HIE Participation Agreement containing a series of mandatory flow-down requirements from the Common Agreement and from Contexture’s QHIN (once selected.) Contexture intends to price its TEFCA Service Line commensurately with other HIE services and competitively.
- Timeline for TEFCA Network Connection: It’s unknown when Contexture will begin sharing HIE data through a TEFCA connection. TEFCA is still just a concept; it’s not yet a network. It may be up to a year before we see any operational QHINs and longer still for the TEFCA network to have critical uptake.
Source: The Sequoia Project, User’s Guide to the Trusted Exchange Framework and Common Agreement – TEFCA, slide 16.
Why Access TEFCA Through Contexture?
Adding a TEFCA connection to the suite of services that Contexture already offers will enhance the value of our HIE connection by giving participants an on ramp to a federally endorsed, national network. There are several benefits to accessing a future TEFCA network through Contexture. They include:
- Affordability: Contexture’s TEFCA connection may be more cost effective and affordable then direct QHIN Participation (e.g., through an EHR vendor connection) or through other Participant connections.
- Local Governance Structure: Contexture has a local governance structure that supports downstream permitted uses that have been vetted and approved by the Arizona and Colorado communities.
- Compliance With Arizona HIO Statute: Contexture is an expert at compliance with Arizona and Colorado state data privacy requirements. A national QHIN will NOT have that expertise.
- Focus on Equity: Contexture is committed to ensuring that all providers in Arizona and Colorado have the opportunity to participate in TEFCA and to get and receive the data they need for their patients.
- Advanced Patient Matching/Identity Resolution Ability: HIEs like Contexture already have advanced patient matching capability that will be a value add to Subparticipants.
- Granular Consent: Contexture already has the technical ability to allow Subparticipants (like providers) to identify, segment and share sensitive data like 42 CFR Part 2 Data.
- Access to Other Networks and Connections: Contexture already offers access to other national data sharing networks, such as PCDH and other HIE-to-HIE connections, and state/local public health connections outside of TEFCA.
Conclusion
This is an exciting time for healthcare interoperability in the United States. Contexture looks forward to partnering with our public and private sector customers to offer access to new and evolving data exchange modalities like TEFCA. We will do so with a continued commitment to prioritizing data privacy and security and the needs of our local communities. As TEFCA data exchange moves from an idea to a reality in the years ahead, we will keep our customers apprised of Contexture’s service offerings and on-ramp for connectivity.
Contexture wants our customers and stakeholders to remember that TEFCA is not intended to and will not replace the value that Participants derive from participating in the Contexture HIE. A TEFCA connection will be another way of getting and moving data where it needs to go to serve patients, but TEFCA will not replace the host of HIE services that our customers currently enjoy, including portal access, ADT/Lab/HTP notifications, customized data analytics, reports and dashboards, healthcare quality reporting, healthcare directives registries and social determinants of health services. For a complete catalogue of Contexture’s data services, visit contexture.org.
TEFCA is complex and changing every day. If you have questions, we encourage you to learn more about TEFCA through the legal briefs at Coppersmith Brockelman or reach out to the Contexture legal team at legal@contexture.org.
Featured Events
Contexture, Arizona’s health information exchange (HIE), is offering webinars for the HIE 3.0 Navigation and Features to new and existing AZHIE Participants and their staff.
Contexture, Arizona’s health information exchange (HIE), is offering webinars for the HIE 3.0 Navigation and Features to new and existing AZHIE Participants and their staff. The webinar will cover services offered by Arizona’s HIE including: Navigation and features of HIE 3.0 Security best practices Support Be sure to take advantage of this opportunity to ...
Contexture, Arizona’s health information exchange (HIE), is offering webinars for the HIE 3.0 Navigation and Features to new and existing AZHIE Participants and their staff.
