Trusted Exchange Framework and Common Agreement (TEFCA)

TEFCA-logo

ONC published Version 1.1 of the Common Agreement on November 7, 2023. Version 1.1 updates Version 1.0, published in January 2022, and includes specific technical and clarifying changes that were accompanied by updates to the Qualified Health Information NetworkTM (QHINTM) Technical Framework (QTF), FHIR® Roadmap, and standard operating procedures. ONC is planning to publish Common Agreement Version 2.0 in the first quarter of 2024, which will include enhancements and updates to require support for Health Level Seven (HL7®) Fast Healthcare Interoperability Resources (FHIR®) based transactions.

The Trusted Exchange Framework and Common AgreementSM (TEFCASM) has 3 goals: (1) to establish a universal governance, policy, and technical floor for nationwide interoperability; (2) to simplify connectivity for organizations to securely exchange information to improve patient care, enhance the welfare of populations, and generate health care value; and (3) to enable individuals to gather their health care information.

TEFCA Components

Common Agreement

The Common Agreement is the legal contract that the Recognized Coordinating Entity® (RCETM) will sign with each QHIN. It defines the baseline legal and technical requirements for secure information sharing on a nationwide scale. The Common Agreement also establishes the infrastructure model and governing approach to enable users in different health information networks (HINs) to securely share information with each other—all under commonly agreed-to expectations and regardless of which network they happen to be in.

Trusted Exchange Framework

The Trusted Exchange Framework is a common set of principles designed to facilitate trust between HINs and by which HINs voluntarily elect to abide to enable widespread information exchange. These principles are standardization; openness and transparency; cooperation and non-discrimination; privacy, security, and safety; access; equity; and public health.

QHIN Technical Framework (QTF)

The QTF [PDF - 1034KB] focuses on the technical components for exchange among QHINs, including patient identity resolution, authentication, and performance measurement. The QTF requirements are incorporated by reference into the Common Agreement. An updated version of the QTF will be made available soon to accompany Common Agreement Version 1.1.

TEFCA Organizations

Recognized Coordinating Entity (RCE)

The RCE developed, updates, implements, and maintains the Common Agreement. It is also responsible for soliciting and reviewing applications from HINs seeking QHIN status and administering the QHIN designation and monitoring processes. The Sequoia Project currently serves as ONC’s RCE under a contract with ONC.

Qualified Health Information Network (QHIN)

A QHIN is a HIN that is a U.S. Entity that has completed the QHIN application, onboarding, and designation process and is a party to the Common Agreement countersigned by the RCE. QHINs have the technical capabilities and organizational attributes to connect HINs on a nationwide scale. Participants and Subparticipants will be able to choose their QHIN and will be able to share information with all other connected entities regardless of which QHIN organization they choose.

TEFCA Exchange

TEFCA Exchange Purposes

Currently, TEFCA will support exchange for the following Exchange Purposes: Treatment; Payment; Health Care Operations; Public Health; Government Benefits Determination; and Individual Access Services (IAS). This means organizations connected to TEFCA are optionally allowed to request for or respond to any of these purposes. As a starting point, TEFCA will only require responses for Treatment and IAS. Over time, responses will be required for the remaining Exchange Purposes and other Exchange Purposes may be added.

Privacy and Security

The Common Agreement requires strong privacy and security protections for all entities who elect to participate in TEFCA, including entities not covered by HIPAA. Most connected entities will be HIPAA Covered Entities or Business Associates of Covered Entities and thus will already be required to comply with HIPAA privacy and security requirements. The Common Agreement requires each non-HIPAA entity that participates in TEFCA to protect individually identifiable information that it reasonably believes is TEFCA Information in substantially the same manner that HIPAA Covered Entities protect Protected Health Information (PHI), including having to comply with the HIPAA Security Rule and most provisions of the HIPAA Privacy Rule as if they were covered by the HIPAA Rules.

To view all TEFCA documents, register for educational sessions, and review requirements for QHIN designation, please visit the RCE website at RCE.SequoiaProject.org.

TEFCA Implementation

On December 12, 2023, HHS Secretary Xavier Becerra, HHS Deputy Secretary Andrea Palm, National Coordinator for Health Information Technology Micky Tripathi, and other federal leaders celebrated TEFCA exchange becoming operational at a Common Agreement signing event at HHS headquarters.

At the event, the following five organizations that completed the rigorous TEFCA onboarding process were officially designated as QHINs:

  • eHealth Exchange
  • Epic Nexus
  • Health Gorilla
  • KONZA
  • MedAllies

In February 2024, ONC announced two additional organizations have been designated as QHINs:

  • CommonWell Health Alliance
  • Kno2

Entities considering seeking QHIN status can now review the requirements and determine whether they would like to apply. Check out ONC’s Recognized Coordinating Entity’s website for more information about the application process.

Publication of the Trusted Exchange Framework and the Common Agreement

Section 4003(b) of the 21st Century Cures Act requires the National Coordinator to publish the Trusted Exchange Framework and the Common Agreement on its public Internet website and in the Federal Register. In accordance with Section 4003(b), links to the Trusted Exchange Framework and the Common Agreement are below.

Resources

TEFCA Policy Notice: Qualified Health Information Network Designation and Appeals Processes

DECEMBER 12, 2023

TEFCA Overview [PDF - 203 KB]

NOVEMBER 21, 2023

Common Agreement v1.1 [PDF - 656 KB] 

NOVEMBER 3, 2023

Common Agreement v1.1 Release Notes [PDF - 157 KB] 

NOVEMBER 3, 2023

The Trusted Exchange Framework - Final [PDF - 292 KB]

JANUARY 13, 2022

Blog Posts and Articles

TEFCA Live! The Future Of Network Interoperability Is Here

by Micky Tripathi and Mariann Yeager | December 12, 2023

Coming in Hot! TEFCA(SM) Will Soon Be Live and Add Support for FHIR®-Based Exchange

by Mark Knee and Jawanna Henry | November 3, 2023

Top Takeaways from the TEFCA Recognition Event

by Elise Sweeney Anthony; John Rancourt and Mark Knee | MARCH 13, 2023

Building TEFCA

by Micky Tripathi and Mariann Yeager, CEO, The Sequoia Project (the TEFCA Recognized Coordinating Entity) | FEBRUARY 13, 2023

Events

TEFCA Recognition Event Video Recording

FEBRUARY 13, 2023