TEFCA: An Overview of Industry Comments

By now, you’ve likely heard of the Trusted Exchange Framework and Common Agreement (TEFCA) – a voluntary trust framework and legal agreement to expand and enable the interoperable exchange of electronic health information nationally – that is being implemented by the Office of the National Coordinator for Health Information Technology (ONC). The TEFCA, currently in draft form, was released for public comment due on February 20, 2018.

During this comment period, several industry stakeholders weighed in on how this framework would affect interoperability, as well as the day-to-day business of the health information technology (HIT) and health information exchange (HIE) industry as a whole. When all was said and done, ONC received comments from more than 200 industry stakeholders. To date, we’ve been able to glean some common issues submitted on the TEFCA:

  • Information Blocking. 
    • Also included in the 21st Century Cures Act, the underlying legislation directing ONC to implement the TEFCA, was a provision relating to information blocking – but what exactly is “information blocking”? Several industry stakeholders would like more guidance on this hot-button issue before ONC goes down the path of implementing the TEFCA, which may, or may not, be a mechanism to enforce information blocking.
  • Slow Down!
    • Several stakeholders are concerned about the ambitious timeline for TEFCA implementation. This framework and agreement comes several years after HIE networks and other industry collaboratives have stood up legal agreements, use cases, and business operations. Recognizing that even minor change could be disruptive to these well-thought-out plans, industry stakeholders, such as the Health Information Management Systems Society (HIMSS), highly encouraged ONC to opt for a multi-year, phased-in approach to TEFCA implementation.
  • Focus on Value.
    • Other comments from industry stakeholders, such as The Sequoia Project, indicate that TEFCA should focus on the minimal necessary, high-level requirements to implement approved use cases.  They say that this is essential to allow the industry to confirm that the given solutions are supportive of these well-vetted objectives. Stakeholders also note that TEFCA should “not extend regulatory controls into areas where a more voluntary, stakeholder-driven model will be most effective by reflecting and taking advantage of the diversity of experience in the exchange community.”
  • Data Privacy and Security.
    • One of the principles noted in the TEFCA relates to the secure exchange of electronic health information, as well as compliance with other Health Insurance Portability and Accountability Act (HIPAA) rules. The framework recognizes that Qualified Health Information Networks (QHINs) and HINs may have participants both that are HIPAA covered entities and that are not HIPAA covered entities. How will TEFCA requirements interact with HIPAA requirements as they related to QHINs and HINs? Stakeholders want to know more specific information, and specifically how this will affect the future of data exchange.
  • And so much more.
    • This is just the tip of the iceberg for TEFCA comments. Be sure to monitor ONC’s TEFCA page to see how some of these comments unfold.

How will ONC act on these comments? Only time will tell. Be sure to check back with the THSA for updates as the TEFCA saga continues.

TEFCA: An Overview of Industry Comments