Trusted Exchange Framework and Common Agreement (TEFCA)

The U.S. Department of Health and Human Services announced that Version 1.1 of the Common Agreement is scheduled to publish on November 7, 2023. Version 1.1 updates Version 1.0, published in January 2022, in preparation for data sharing through the Trusted Exchange Framework and Common Agreement^SM (TEFCA^SM). The updated Common Agreement includes specific technical and clarifying changes that are accompanied by updates to the Qualified Health Information Network^TM(QHIN^TM) Technical Framework (QTF), FHIR^® Roadmap, and standard operating procedures.

TEFCA has 3 goals: (1) to establish a universal governance, policy, and technical floor for nationwide interoperability; (2) to simplify connectivity for organizations to securely exchange information to improve patient care, enhance the welfare of populations, and generate health care value; and (3) to enable individuals to gather their health care information.

TEFCA Components

Common Agreement

The Common Agreement is the legal contract that the Recognized Coordinating Entity® (RCE^TM) will sign with each QHIN. It defines the baseline legal and technical requirements for secure information sharing on a nationwide scale. The Common Agreement also establishes the infrastructure model and governing approach to enable users in different health information networks (HINs) to securely share information with each other—all under commonly agreed-to expectations and regardless of which network they happen to be in.

Trusted Exchange Framework

The Trusted Exchange Framework is a common set of principles designed to facilitate trust between HINs and by which HINs voluntarily elect to abide to enable widespread information exchange. These principles are standardization; openness and transparency; cooperation and non-discrimination; privacy, security, and safety; access; equity; and public health.

QHIN Technical Framework (QTF)

The QTF [PDF - 1034KB] focuses on the technical components for exchange among QHINs, including patient identity resolution, authentication, and performance measurement. The QTF requirements are incorporated by reference into the Common Agreement. An updated version of the QTF will be made available soon to accompany Common Agreement Version 1.1.

TEFCA Organizations

Recognized Coordinating Entity (RCE)

The RCE developed, updates, implements, and maintains the Common Agreement. It is also responsible for soliciting and reviewing applications from HINs seeking QHIN status and administering the QHIN designation and monitoring processes. The Sequoia Project currently serves as ONC’s RCE under a contract with ONC.

Qualified Health Information Network (QHIN)

A QHIN is a HIN that is a U.S. Entity that has completed the QHIN application, onboarding, and designation process and is a party to the Common Agreement countersigned by the RCE. QHINs have the technical capabilities and organizational attributes to connect HINs on a nationwide scale. Participants and Subparticipants will be able to choose their QHIN and will be able to share information with all other connected entities regardless of which QHIN organization they choose.

TEFCA Exchange

TEFCA Exchange Purposes

Currently, TEFCA will support exchange for the following Exchange Purposes: Treatment; Payment; Health Care Operations; Public Health; Government Benefits Determination; and Individual Access Services (IAS). This means organizations connected to TEFCA are optionally allowed to request for or respond to any of these purposes. As a starting point, TEFCA will only require responses for Treatment and IAS. Over time, responses will be required for the remaining Exchange Purposes and other Exchange Purposes may be added.

Privacy and Security

The Common Agreement requires strong privacy and security protections for all entities who elect to participate in TEFCA, including entities not covered by HIPAA. Most connected entities will be HIPAA Covered Entities or Business Associates of Covered Entities and thus will already be required to comply with HIPAA privacy and security requirements. The Common Agreement requires each non-HIPAA entity that participates in TEFCA to protect individually identifiable information that it reasonably believes is TEFCA Information in substantially the same manner that HIPAA Covered Entities protect Protected Health Information (PHI), including having to comply with the HIPAA Security Rule and most provisions of the HIPAA Privacy Rule as if they were covered by the HIPAA Rules.

To view all TEFCA documents, register for educational sessions, and review requirements for QHIN designation, please visit the RCE website at RCE.SequoiaProject.org.

TEFCA Implementation

On February 13, 2023, HHS recognized the first set of applicant organizations approved for QHIN onboarding under TEFCA. Following this approval, the organizations officially began the onboarding process and committed to meeting a 12-month go-live timeline and, if successful, will be designated as QHIN organizations. At this event, HHS Secretary Becerra recognized these organizations for their willingness to voluntarily step up and meet the demanding TEFCA eligibility requirements for TEFCA participation.

National Coordinator Micky Tripathi and Office of Policy Executive Director Elise Anthony both blogged about the event. Watch the full event

There are currently seven organizations that have begun the QHIN onboarding process:

CommonWell Health Alliance
eHealth Exchange
Epic Nexus
Health Gorilla
Kno2
KONZA National Network
MedAllies

Entities considering seeking QHIN status can now review the requirements and determine whether they would like to apply. Check out ONC’s Recognized Coordinating Entity’s website for more information about the application process.

Publication of the Trusted Exchange Framework and the Common Agreement

Section 4003(b) of the 21^st Century Cures Act requires the National Coordinator to publish the Trusted Exchange Framework and the Common Agreement on its public Internet website and in the Federal Register. In accordance with Section 4003(b), links to the Trusted Exchange Framework and the Common Agreement are below.

Resources

TEFCA Overview [PDF - 203 KB]

NOVEMBER 21, 2023

Common Agreement v1.1 [PDF - 692 KB]

NOVEMBER 3, 2023

Common Agreement v1.1 Release Notes [PDF - 157 KB]

NOVEMBER 3, 2023

The Trusted Exchange Framework - Final [PDF - 292 KB]

JANUARY 13, 2022

Blog Posts

Coming in Hot! TEFCA^(SM) Will Soon Be Live and Add Support for FHIR^®-Based Exchange

by Mark Knee and Jawanna Henry | November 3, 2023

Top Takeaways from the TEFCA Recognition Event

by Elise Sweeney Anthony; John Rancourt and Mark Knee | MARCH 13, 2023

Building TEFCA

by Micky Tripathi and Mariann Yeager, CEO, The Sequoia Project (the TEFCA Recognized Coordinating Entity) | FEBRUARY 13, 2023

Events

TEFCA Recognition Event Video Recording

FEBRUARY 13, 2023

Certification of Health IT

Health Information Technology Advisory Committee (HITAC)

Health Equity

HTI-1 Proposed Rule

Information Blocking

Interoperability

Patient Access to Health Records

Clinical Quality and Safety

Global Health IT Efforts

Health IT and Health Information Exchange Basics

HTI-1 Proposed Rule

Health IT in Health Care Settings

Health IT Resources

Laws, Regulation, and Policy

ONC Funding Opportunities

ONC HITECH Programs

Privacy, Security, and HIPAA

Scientific Initiatives

Standards & Technology

Usability and Provider Burden