The Office of the National Coordinator for Health IT (ONC) and its partner organizations have developed and are operationalizing a Trusted Exchange Framework and Common Agreement (TEFCA), with the goal of enabling a “network of networks” approach to data sharing starting in 2022. This factsheet provides background on TEFCA, highlights some of the implications of TEFCA for data sharing in California with the passage of A.B. 133 and summarizes concerns that have been raised with TEFCA.

Why is ONC creating TEFCA?

Under the 21st Century Cures Act of 2016, ONC was tasked with developing a “trusted exchange framework, including a common agreement among health information networks nationally,” with the “purpose of ensuring full network-to-network exchange of health information.” ¹ “TEFCA” refers to the Trusted Exchange Framework and the Common Agreement that ONC has pursued to comply with the Act.

ONC notes that while there are more than 100 regional health information exchanges and various national networks helping to advance interoperability across the U.S., it believes that variation in the contractual requirements and governance policies of these exchanges and networks impedes connectivity and data exchange between those exchanges and networks. This limits the reach of any one exchange or network, making it difficult to access all an individual patient’s data. ONC believes that TEFCA can “enable existing and future networks to share [electronic health information] with each other without having to join multiple networks…”²

What does TEFCA do?

With TEFCA, ONC looks to meet three goals: (1) “provide a single ‘on-ramp’ to nationwide connectivity,” (2) “enable Electronic Health Information to securely follow the patient when and where it is needed,” and (3) “scale interoperability nationwide.”³ With these goals in mind, TEFCA is intended to create an environment in which multiple health information networks securely share data with each other by using the same technical framework and legal framework.

The Technical Exchange Framework describes the minimum technical requirements that a HIE or network must employ to participate as a QHIN under the Common Agreement.⁴ This includes, for example, how the QHIN requests and answers requests for information. The Common Agreement is a contract that includes the Technical Exchange Framework by reference, and the terms and conditions of participation.⁵

1. Pub. L. 114-225 (“21st Century Cures Act).
2. HHS Office of the National Coordinator for Health Information Technology, Trusted Exchange Framework and Common Agreement (TEFCA) Draft
3. Id.
4. ONC, Trusted Exchange Framework and Common Agreement: Qualified Health Information Network (QHIN) Technical Framework (QTF) version 1.0 (2022), https://rce.sequoiaproject.org/wp-content/uploads/2022/01/ QTF_0122.pdf.
5. ONC, Common Agreement for Nationwide Health Information Interoperability, Version 1 (2022), https://www.healthit.gov/sites/default/files/page/2022-01/ Common_Agreement_for_Nationwide_Health_Information_Interoperability_Version_1.pdf.

ONC has selected the Sequoia Project as the entity to launch and govern TEFCA, as the “Recognized Coordinating Entity” (RCE) Through a competitive process, they will select a small number of qualified health information networks (QHINs) – to execute and implement all requirements of the Common Agreement and share data with other QHINs. Additional entities—including HIEs, health information technology (HIT) developers and smaller networks—will contract with QHINs as “Participants”. They will need to comply with some of the TEFCA requirements.⁶ TEFCA establishes a network-to-network query-based data sharing system to “pull” information (“QHIN Query”) and a mechanism to “push” information (“QHIN Message Delivery”).⁷ ONC and the RCE have also laid out a Fast Healthcare Interoperability Resources (FHIR) Roadmap, which outlines how TEFCA will accelerate FHIR adoption through the health care industry.⁸

What were the major updates to the first version of the Technical Exchange Framework and Common Agreement in 2022 from previous drafts?

ONC released the first draft of the Trusted Exchange Framework in 2018 and solicited public feedback. In the second draft, released in 2019, ONC made several updates. Notably, ONC pared back the HIPAA use cases for exchange purposes required of QHINs. Rather than including the three key HIPAA use cases (Treatment, Payment, and Health Care Operations), ONC kept Treatment but only included specific Payment and Health Care Operations use cases in the second draft.⁹ In a January 2022 webinar, ONC and the RCE signaled that forthcoming Standard Operating Procedures will require responses from QHINs for Treatment and Individual Access Services.¹⁰ ONC and RCE plan to require responses for the other four permitted exchange purposes— Payment, Health Care Operations, Public Health, and Government Benefits Determinations—at a later date. These four exchange purposes will not require responses in the meantime.

What work remains to make TEFCA operational? How will it be updated?

Now that ONC and the RCE have released the version 1.0 of the Common Agreement and Qualified Health Information Network Technical Framework, the RCE anticipates that entities selected as QHINs will begin signing the Common Agreement in 2022, and then begin sharing data.¹²

6. See Common Agreement. Required flow-downs address cooperation and nondiscrimination; confidentiality and accountability; utilization of the RCE Directory Service; certain TEFCA exchange activities like uses, disclosures, responses, and special legal requirements; individual access services; privacy; security; and other general obligations.
7. See QTF. ONC has outlined two modalities for data exchange in the final version: a “QHIN Query” or “the act of a QHIN requesting information from one or more other QHINs (sometimes referred to as a “pull”),” and a “QHIN Message Delivery” or “the act of a QHIN delivering information to one or more other QHINs (i.e., via QHIN-to-QHIN exchange) for delivery to one or more Participants, Subparticipants, or Individuals (sometimes referred to as a “push”).
8. ONC, RCE, FHIR Roadmap for TEFCA Exchange, Version 1, January 2022, https://rce.sequoiaproject.org/wp-content/uploads/2022/01/FHIR-Roadmap-v1.0_updated.pdf.

9. The specific Payment and Health Care Operations use cases that were included are Quality Assessment and Improvement, Business Planning and Development, and Utilization Review.
10. The Sequoia Project, User’s Guide to the Trusted Exchange Frameowrk and Common Agreement – TEFCA (January 2022), https://rce.sequoiaproject.org/wp-content/uploads/2022/01/Common-Agreement-Users- Guide.pdf. Exchange purposes use the same definitions as those in the HIPAA Privacy and Security Rules. “Individual Access Services” refers to “services provided…to an Individual with whom the QHIN, Participant, or Subparticipant has a Direct Relationship to satisfy that Individual’s ability to access, Inspect, or obtain a copy of that Individual’s Required Information that is then maintained by or for any QHIN, Participant or Subparticipant.”
11. id.
12. id.

How will TEFCA affect health information exchange? What are some concerns stakeholders have raised?

Facilitation of data exchange for treatment and individual access exchange purposes. TEFCA requires that QHINs and their delegates respond to queries for treatment and individual access exchange purposes, as defined in the Common Agreement. This will help ensure that data can be queried and pulled for patient care and that health records can be put in the hands of patients.

Potential duplication of existing data exchange efforts and contractual arrangements.

Stakeholders have noted in comments to ONC that the agency should make sure that TEFCA complements, rather than duplicates, existing interoperability frameworks.¹³ For instance, extensive network-to-network exchange—using the same query methodology currently included in TEFCA—is already occurring between Carequality, Commonwell and eHealth Exchange, all national networks.

To participate in TEFCA HIEs and other entities will need to change their policies and modify the contracts and business agreements they have with all participating providers and plans. The effort may outweigh the benefit, given that many HIEs are already exchanging patient data “across networks” by participating in eHealth Exchange or Care quality.

Voluntary participation in TEFCA may limit its impact.

Participation in TEFCA is voluntary. Neither ONC nor CMS are incenting or requiring providers, plans, HIEs or HIT developers to join TEFCA. While several ideas have been floated to incentivize participation, such as making TEFCA participation a condition of certification for EHR vendors or a condition of participation for Medicare and/or Medicaid providers, these policies are not moving forward at this time. Given the voluntary nature of TEFCA, the apparent duplication with existing data exchange efforts, and the steps needed to comply with the Common Agreement and Technical Framework, participation may be limited which will also limit the value proposition of joining the effort.

Current use cases aren’t expansive enough to meet many stakeholders’ needs.

As noted earlier, TEFCA in its current form will only support data exchange for some, but not all, HIPAA operations and payment use cases. Notably, care coordination by health plans is not included as a required exchange purpose at this time. This means that health plan participants will not be able to issue queries for member care coordination, substantially limiting the utility for health plans and the value for patients. Stakeholders have argued that ONC should widen permissible exchange to include all HIPAA use cases for payment and operations, not just a subset, to ensure more widespread and robust interoperability.¹⁴

13. HITAC TEFCA Task Force, Letter to Donald Rucker, National Coordinator for Health IT (July 16, 2019), https://www.healthit.gov/sites/default/files/page/2019-07/2019-07-11-TEFCA_Final% 20Transmittal%20Letter%20to%20HITAC_signed_508.pdf; American Medical Association, AMA Draft 2 TEFCA Comments (June 18, 2019), https://www. healthit.gov/sites/default/files/webform/ tefca_comment_form/ama_comments_ draft_2_tefca.pdf. American Hospital
14. American Hospital Association, Letter To Donald Rucker, National Coordinator for Health IT (June 17, 2019), https://www.aha.org/system/files/media/file/2019/06/onc-trusted-exchange-framework-and- common-agreement-draft2-6-17-2019.pdf;

What are some key considerations and recommendations as the CHHS Stakeholder Advisory Group considers the relevance of TEFCA to the CHHS Data Exchange Framework?

The CHHS Stakeholder Advisory Group should develop solutions to:

Assist all providers and plans to get onto the data sharing networks.

Some but not all providers and electronic health record (EHR) vendors currently participate in the national networks. Larger organizations and vendors are much more likely to join, and the same will be true for TEFCA. Work remains to be done to connect providers and plans to the national networks and/or the health information exchanges that connect to them.

Enable data sharing for the health care and social services and use cases that are left out of TEFCA.

CHHS has indicated that it intends to consider a broad range of providers and their needs through the Stakeholder Advisory Group process, including small provider practices, behavioral health, social services agencies, nursing homes, and other community providers. None of these entities is likely to directly participate in either national networks or in TEFCA, primarily because they do not use a Certified Electronic Health Record Technology (CEHRT) that connects to a national network. AB 133 envisions data sharing among entities for treatment, payment and health care operations purposes, and contemplates the sharing of social and human services data. TEFCA only includes a subset of these use cases as required exchange purposes. These limited TEFCA use cases will not be sufficient to meet California’s data sharing needs, especially for the care coordination that will be essential to the success of CalAIM.

Define and fulfill the promise of “real-time” data sharing, which will not be realized through TEFCA

AB 133 requires the “real-time” sharing of data by most enumerated entities by 2023, which will require entities to proactively share their data with other entities. TEFCA primarily supports query-based exchange—not proactive data sharing.