Trusted Exchange Framework and Common Agreement (TEFCA)

ONC released Version 2.0 of the Common Agreement on April 22, 2024. Common Agreement Version 2.0 updates Common Agreement Version 1.1, published in November 2023, and includes enhancements and updates to require support for Health Level Seven (HL7^®) Fast Healthcare Interoperability Resources (FHIR^®) based transactions. The Common Agreement includes an exhibit, the Participant and Subparticipant Terms of Participation (ToP), that sets forth the requirements each Participant and Subparticipant must agree to and comply with to participate in TEFCA. The Common Agreement and ToPs incorporate all applicable standard operating procedures (SOPs) and the Qualified Health Information Network Technical Framework (QTF). Scroll down to view the key concepts that have evolved from Common Agreement Version 1.1 to Common Agreement Version 2.0.

The Trusted Exchange Framework and Common Agreement^SM (TEFCA^SM) has 3 goals: (1) to establish a universal governance, policy, and technical floor for nationwide interoperability; (2) to simplify connectivity for organizations to securely exchange information to improve patient care, enhance the welfare of populations, and generate health care value; and (3) to enable individuals to gather their health care information.

TEFCA Components

Common Agreement

The Common Agreement is the agreement that the Recognized Coordinating Entity® (RCE^TM) signs with each Qualified Health Information Network^TM(QHIN^TM). It defines the baseline legal and technical requirements for secure information sharing on a nationwide scale. The Common Agreement also establishes the infrastructure model and governing approach to enable users in different health information networks (HINs) to securely share information with each other—all under commonly agreed-to expectations and regardless of which network they happen to be in.

Key Concepts that have Evolved: Version 1.1 to Version 2.0

Common Agreement and QTF Version 1.1	Common Agreement and QTF Version 2.0
Fundamental requirements and components of TEFCA mostly included within Common Agreement and QTF Version 1.1	More details moved to SOPs
Model Participant/Subparticipant flow-down terms	Static Participant/Subparticipant Terms of Participation
Exchange only occurs QHIN-to-QHIN via IHE protocols	Facilitated FHIR available between Participants/Subparticipants
Exchange within QHINs not considered TEFCA exchange	TEFCA Exchange identified by unique TEFCA code
Six (6) authorized Exchange Purposes (XPs)	Six (6) authorized Exchange Purposes (XPs) with new sub exchange purposes and implementation guidance
Two (2) XPs require a response: Treatment and Individual Access Services (IAS)	Three (3) XPs require a response: Treatment, IAS, and Health Care Operations SubXP-1 (FHIR only)
All QHINs, Participants, and Subparticipants must respond	Introduction of Principal/Delegate roles and requirements
Participants and Subparticipants may not participate with more than one QHIN	Participants and Subparticipants may conduct TEFCA Exchange in multiple QHINs using multiple Nodes
Privacy/security obligations apply to all	Privacy/security obligations apply to all

Trusted Exchange Framework

The Trusted Exchange Framework is a common set of principles designed to facilitate trust between HINs and by which HINs voluntarily elect to abide to enable widespread information exchange. These principles are standardization; openness and transparency; cooperation and non-discrimination; privacy, security, and safety; access; equity; and public health.

QHIN Technical Framework (QTF)

The QTF [PDF - 1034 KB] focuses on the technical components for exchange among QHINs, including patient identity resolution, authentication, and performance measurement. The QTF requirements are incorporated by reference into the Common Agreement. An updated version of the QTF will be made available soon to accompany Common Agreement Version 2.0.

TEFCA Organizations

Recognized Coordinating Entity (RCE)

The RCE developed, updates, implements, and maintains the Common Agreement. It is also responsible for soliciting and reviewing applications from HINs seeking QHIN status and administering the QHIN designation and monitoring processes. The Sequoia Project currently serves as ONC’s RCE under a contract with ONC.

Qualified Health Information Network (QHIN)

A QHIN is a HIN that is a U.S. Entity that has completed the QHIN application, onboarding, and designation process and is a party to the Common Agreement countersigned by the RCE. QHINs have the technical capabilities and organizational attributes to connect HINs on a nationwide scale. Participants and Subparticipants will be able to choose their QHIN and will be able to share information with all other connected entities regardless of which QHIN organization they choose.

TEFCA Exchange

TEFCA Exchange Purposes

Currently, TEFCA will support exchange for the following Exchange Purposes:

Treatment;
Payment;
Health Care Operations;
Public Health;
Government Benefits Determination;
and Individual Access Services (IAS).

This means organizations connected to TEFCA are optionally allowed to request for or respond to any of these purposes.

Privacy and Security

The Common Agreement requires strong privacy and security protections for all entities who elect to participate in TEFCA, including entities not covered by HIPAA. Most connected entities will be HIPAA Covered Entities or Business Associates of Covered Entities and thus will already be required to comply with HIPAA privacy and security requirements. The Common Agreement requires each non-HIPAA entity that participates in TEFCA to protect individually identifiable information that it reasonably believes is TEFCA Information in substantially the same manner that HIPAA Covered Entities protect Protected Health Information (PHI), including having to comply with the HIPAA Security Rule and most provisions of the HIPAA Privacy Rule as if they were covered by the HIPAA Rules.

To view all TEFCA documents, register for educational sessions, and review requirements for QHIN designation, please visit the RCE website at RCE.SequoiaProject.org.

TEFCA Implementation

On December 12, 2023, HHS Secretary Xavier Becerra, HHS Deputy Secretary Andrea Palm, National Coordinator for Health Information Technology Micky Tripathi, and other federal leaders celebrated TEFCA exchange becoming operational at a Common Agreement signing event at HHS headquarters.

View the current list of organizations that have completed the rigorous TEFCA onboarding process and have been officially designated as QHINs

Entities considering seeking QHIN status can review the requirements and determine whether they would like to apply. Check out ONC’s Recognized Coordinating Entity’s website for more information about the application process.

Publication of the Trusted Exchange Framework and the Common Agreement

Section 4003(b) of the 21st Century Cures Act requires the National Coordinator to publish the Trusted Exchange Framework and the Common Agreement on its public Internet website and in the Federal Register. In accordance with Section 4003(b), links to the Trusted Exchange Framework and the Common Agreement are below. ONC will submit the same version of Common Agreement Version 2.0 that is posted here to the Office of the Federal Register (OFR) for publication and ONC will update this page with the Federal Register link to Common Agreement Version 2.0 when it is available.