What is T.E.F.C.A.?

Privacy Compliance
April 20, 2022
TEFCA, a new Health Information Exchange agreement, is going to change the health information technology sector.

What's a TEFCA Agreement?

Have you heard of TEFCA? This agreement aims to create a single Health Information Exchange (HIE) on-ramp that will allow providers, hospitals, and other healthcare stakeholders to join any HIN (Health Information Network) and instantly link to and participate in countrywide health information exchange. This could be a very good thing for stakeholders and medical organizations alike.

In this guide, we’ll break down what exactly TEFCA is, its purpose, who it applies to, and why it’s so important to know about.

What is TEFCA?

TEFCA Version 1 was published on January 19th, 2022, according to the ONC and the RCE (Recognized Coordinating Entity). TEFCA stands for Trusted Sharing Framework and Common Agreement, and it lays forth a set of principles, rules, and conditions to facilitate the construction of a Common Agreement that would allow for countrywide electronic health information (EHI) exchange across various health HINs. The TEFCA is intended to allow HINs, health care professionals, health plans, individuals, and a variety of other stakeholders to have safe access to their electronic health information where and when it is required.

To fulfill the following purposes, the TEFCA will enable an appropriate exchange of electronic health information between networks:

  • Increase safe and appropriate data access, allowing HINs and health IT developers to better serve existing use cases for their consumers.
  • Ascertain that a core set of data will be available for treatment, individual access services, public health, benefit determination, and other purposes among networks connected through the Common Agreement.
  • Reduce or eliminate the need to join several HINs and various legal agreements, as well as the necessity to construct one-off, point-to-point interfaces, to save money and enhance efficiency.
  • Provide a consistent set of privacy and security criteria for HINs and health IT developers to secure patient data, including identity proofing and authentication requirements.

There are two different parts to the TEFCA: The Principles for Trusted Exchange and the Minimum Required Terms and Conditions for Trusted Exchange.

Part A, Principles for Trusted Exchange, is more conceptual and explains ONC and HHS' Trusted Exchange aims and principles. It establishes a foundation and a vision for the future QHIN and RCE structure's operation.

Part B, Minimum Required Terms and Conditions for Trusted Exchange, is more technical and lays out the stringent standards that a HIN must meet in order to be designated a Qualified HIN. Part B contains standards for practically every component of a HIN, including issues such as standardization of information and data quality, security and privacy, data integrity, authentication, and so on.

How Does the TEFCA Work?

TEFCA creates Qualified Health Information Networks (a.k.a. QHINs) to promote a defined technique for HIE inter-connectivity, as well as a new administrative body called the Recognized Coordinating Entity (a.k.a. RCE). TEFCA will be administered by the RCE, which will also serve as the regulatory body for the Trusted Exchange Framework's implementation. The RCE will be in charge of:

  • Developing the standards for the "Common Agreement," which outlines the regulations that must be followed by all QHINs.
  • Developing partnerships with HINs aspiring to be TEFCA-qualified HINs.
  • Ongoing administration of the requirements of the Common Agreements, including ensuring QHIN compliance with the official TEFCA Act.
  • Taking steps to correct non-conformity and non-compliance by Qualified HINs, including the removal of a QHIN if necessary.
  • TEFCA will be updated throughout time to reflect new technologies, policies, and use cases, as well as working cooperatively with stakeholders to develop and execute new TEFCA-based use cases.

Understanding how QHINs function will help you better grasp how TEFCA works. The second pillar of TEFCA is qualified HINs. QHINs are Health Information Networks that have agreed to follow the RCE's Common Agreement. QHINs will be the mechanism for establishing a countrywide health information exchange by providing a network of HINs that can exchange information with one another.

What is the Purpose of TEFCA?

The Trusted Exchange Framework and Common Agreement's ultimate purpose is to create a uniform level of interoperability across the country. The Common Agreement will provide the infrastructure architecture and governance strategy enabling users in various networks to securely communicate basic clinical information with one another, all while adhering to commonly agreed-upon expectations and regulations, independent of which network they are in. The Trusted Exchange Framework is a collection of non-binding core principles for trust rules and practices that can help HINs communicate more effectively.

Who Does TEFCA Apply To?

One thing to keep in mind is that TEFCA is a completely voluntary agreement. HINs are not required to be Qualified HINs. ONC, on the other hand, plainly wants this to be broadly embraced. It is suggested that providers, payers, and states lobby for it to become necessary, and that future legislation should include TEFCA connection as a requirement. TEFCA is a law that applies to healthcare stakeholders and organizations.

Why is TEFCA Important?

Healthcare leaders should keep up with TEFCA developments not only because of the drivers mentioned earlier, but also because they should be focusing on the long-term goals and positive outcomes of participating in TEFCA, such as closing gaps in care, lowering costs, and providing the best care for their patients. Larger provider organizations will have more resources to learn about QHINs and how to link to them. Individual physicians or smaller provider networks may have a harder time finding the time and resources to learn.

Providers will need a plan in addition to education, which begins with understanding where their data is and how it is being shared. They'll then have to put their strategy into action. It's difficult to accomplish this while also attempting to do everything else that's expected of a provider, thus it's strongly advised that providers get help from their professional organizations or vendor partners.

Compliance Managment Full Hexagon logo

Expert compliance support, on-demand

Accountable Compliance Success Managers are dedicated to making sure your company is fully compliant as we guide you step-by-step through the process of achieving HIPAA compliance.
Expert guidance
Build trust
Dedicated Compliance Success Managers
HIPAA Training
Decrease risk
Close more deals