A Nationwide Network-of-Networks for Health Information Exchange
The TEFCA framework directly supports nationwide health data sharing by connecting health information networks (HINs) across the country.
Each of these existing networks supports health information sharing for specific states, regions and localities, or among customers using the same electronic health record (EHR) vendor. A few of the larger health information networks operate on a national level.
Some of these networks are connected to each other and their participants can already share medical records across those connected networks. However, significant gaps remain, creating barriers to seamless nationwide health information exchange. TEFCA aims to bridge those gaps by binding all participating HINs, as well as their members, to common rules of the road to guide the exchange of health information across networks.
Much in the same way we can speak to others across all mobile phone carriers, and banks can share information electronically, TEFCA delivers a nationwide framework to enable secure network-to-network health information exchange across HINs.
How TEFCA Operates
Large health information networks are volunteering to serve as the backbone for network connectivity across the country to support TEFCA exchange. These networks are called Qualified Health Information Networks® (QHINsTM). Each QHIN represents dozens or even hundreds of health systems, HINs, federal care providers, public health agencies, payers, and health IT vendors.
To become a QHIN, a network must pass rigorous technology and security testing, and agree to the same rules of engagement for themselves and their members. An organization interested in becoming a QHIN, must complete the QHIN application, onboarding, and designation process and must sign the Common Agreement that is countersigned by the RCE. As a result, any organization participating in a QHIN can query and receive data from members of any other QHIN. Participants and Subparticipants will be able to choose their QHIN and share information with all other connected entities regardless of which QHIN organization they choose.
Recognized Coordinating Entity (RCE), The Sequoia Project
The Sequoia Project currently serves as ASTP’s RCE® under a contract with ASTP. The RCE develops, updates, implements, and maintains the Common Agreement. The RCE is also responsible for soliciting and reviewing applications from HINs seeking QHIN status and administering the QHIN designation and monitoring processes.
Common Agreement
The Common Agreement is the agreement that the RCE signs with each QHIN. It defines the baseline legal and technical requirements for secure information sharing on a nationwide scale. The Common Agreement also establishes the infrastructure model and governing approach to enable users in different health information networks (HINs) to securely share information with each other—all under commonly agreed-to expectations and regardless of which network they happen to be in. Common Agreement Version 2.0 was released in April 2024. It includes an exhibit, the Participant and Subparticipant Terms of Participation (ToP), that sets forth the requirements each Participant and Subparticipant must agree to and comply with to participate in TEFCA. The Common Agreement and ToPs incorporate standard operating procedures (SOPs) and the Qualified Health Information Network Technical Framework (QTF).
TEFCA Exchange Purposes
The following Exchange Purposes (XPs) are authorized under the TEFCA framework:
- Treatment
- Payment
- Health Care Operations
- Public Health
- Government Benefits Determination
- Individual Access Services (IAS)
This means organizations connected to TEFCA are allowed to request for or respond to any of these purposes. Some XPs will require responses which is specified in current and forthcoming SOPs and implementation guides. Additional XPs may be added over time.
Privacy and Security
The Common Agreement requires strong privacy and security protections for all entities who elect to participate in TEFCA, including entities not covered by the Health Insurance Portability and Accountability Act (HIPAA). Most connected entities will be HIPAA Covered Entities or Business Associates of Covered Entities and thus will already be required to comply with HIPAA privacy and security requirements. The Common Agreement requires each non-HIPAA entity that participates in TEFCA to protect individually identifiable information that it reasonably believes is TEFCA Information in substantially the same manner that HIPAA Covered Entities protect Protected Health Information (PHI), including having to comply with the HIPAA Security Rule and most provisions of the HIPAA Privacy Rule as if they were covered by the HIPAA Rules.
TEFCA Implementation
View the current list of organizations that have completed the rigorous TEFCA onboarding process and have been officially designated as QHINs.
Entities considering seeking QHIN status can review the requirements and determine whether they would like to apply.
