Health data exchange and interoperability have entered a new chapter in the U.S. In 2016, the 21st Century Cures Act (Cures Act) included a requirement that the Office of the National Coordinator for Health Information Technology (ONC) create a Trusted Exchange Framework and Common Agreement (TEFCA) for nationwide health information exchange.  Seven years later, on December 12, 2023, ONC announced that the nationwide health data exchange governed by TEFCA is operational. At the signing event, many Department of Health and Human Services (HHS) officials celebrated the announcement including Secretary Xavier Becerra, Deputy Secretary Andrea Palm, and National Coordinator for Health Information Technology, Micky Tripathi.

A number of organizations have been designated as Qualified Health Information Networks™ (QHINs™): CommonWell Health Alliance, eHealth Exchange, Epic Nexus, Health Gorilla, Kno2, KONZA, and MedAllies. These designated QHINs support TEFCA’s network-to-network exchange of data under the Common Agreement’s policies and technical requirements by providing shared services and governance to securely route queries, responses, and messages across networks for eligible participants including patients, providers, hospitals, health systems, payers, and public health agencies.

In describing TEFCA, Becerra stated, “TEFCA allows patients, providers, public health professionals, health insurers, and other health care stakeholders to safely and securely share information critical to the health of our country and all of our people.” Danielle Carnival, the Deputy Assistant to the President for the Cancer Moonshot, noted at the ONC Annual Meeting that making health data more shareable and accessible to researchers can unlock new knowledge and the potential to drive new treatments and will help advance the Cancer Moonshot’s initiative. John Blum, the Deputy Director of the Centers for Medicare & Medicaid Services (CMS) stated that CMS would like to use TEFCA to help the connection between value-based care and our current healthcare system by offering better care coordination in connecting data from hospitals to doctors’ office. Mandy Cohen, Director of the Centers for Disease Control and Prevention (CDC) explained that the CDC plans to use TEFCA to plug in public health into the healthcare IT ecosystem. The CDC is already recruiting their first public health jurisdictions to be a part of TEFCA and recently put out $90 million to help public health jurisdictions to support the adoption of TEFCA. The CDC also noted that TEFCA may help support electronic case reports.

Earlier this year, the Sequoia Project, the TEFCA Recognized Coordinating Entity (RCE), released several draft documents to collect stakeholder feedback on the greater use of Health Level Seven (HL7) Fast Healthcare Interoperability Resources (FHIR) and other improvements to the TEFCA framework. And more recently in April, ONC released Common Agreement Version 2.0 (CA v2.0), a legal agreement that establishes the technical infrastructure model and governing approach allowing QHINs and their users to exchange health information as part of TEFCA.

At the same time, certain states have been taking actions to support greater health information exchange. For example, California has implemented the California Health and Human Services Agency (CalHHS) Data Exchange Framework (DxF) comprising the Data Sharing Agreement (DSA) and Policies and Procedures. The DxF was designed to enable and require real-time access to, or exchange of health information among health care providers and payers through any health information exchange network, health information organization, or technology that adheres to specified standards and policies. Cal Health & Safety Code § 130290(a)(2).

Specifically, by January 31, 2023, health insurers and health care service plans along with general acute care hospitals, physician organizations and medical groups, SNFs, plans, clinical laboratories and acute psychiatric hospitals (Participants) had to sign the DSA. By January 31, 2024, participants were required to share Health and Social Services Information (HSSI) in accordance with the DSA and P&Ps. The definition of HSSI is broad under the DSA. “Health and Social Services Information” shall mean any and all information received, stored, processed, generated, used, transferred, disclosed, made accessible, or shared pursuant to this Agreement, including but not limited to: (a) Data Elements as set forth in the applicable Policy and Procedure; (b) information related to the provision of health care services, including but not limited to PHI; and (c) information related to the provision of social services. Health and Social Services Information may include PHI, PII, deidentified data (as defined in the HIPAA Regulations at 45 C.F.R. § 164.514), anonymized data, pseudonymized data, metadata, digital identities, and schema. DSA, Sec. 3.

Finally, by January 31, 2026, physician practices of fewer than 25 physicians, rehabilitation hospitals, long-term acute care hospitals, acute psychiatric hospitals, critical access hospitals, rural general acute care hospitals with fewer than 100 acute care beds, state-run acute psychiatric hospitals, and any nonprofit clinic with fewer than 10 health care providers, governmental participants and social services will be required to exchange HSSI.

The federal government is putting a lot of weight on TEFCA to solve a number of issues related to health care delivery, cost, public health, and research, despite it being a “voluntary” program. States are jumping in on the action as well. There is a lot to be gained in having health data be more accessible, but there have also been some concerns about how data is being shared through various health care networks and whether it is always in the best interest of patients.  One thing is clear… for TEFCA or other health information exchange efforts to succeed, we will need strong oversight and more importantly, transparency and trust. New policies will be coming out very soon and it is critical that all stakeholders follow guidance and policies from ONC and the RCE (as well as states) and engage on these, given the weight that government actors are placing on these efforts.  

Print:
Email this postTweet this postLike this postShare this post on LinkedIn
Photo of Jodi G. Daniel Jodi G. Daniel

Jodi Daniel is a partner in Crowell & Moring’s Health Care Group and a member of the group’s Steering Committee. She is also a director at C&M International (CMI), an international policy and regulatory affairs consulting firm affiliated with Crowell & Moring. She…

Jodi Daniel is a partner in Crowell & Moring’s Health Care Group and a member of the group’s Steering Committee. She is also a director at C&M International (CMI), an international policy and regulatory affairs consulting firm affiliated with Crowell & Moring. She leads the firm’s Digital Health Practice and provides strategic, legal, and policy advice to all types of health care and technology clients navigating the dynamic regulatory environment related to technology in the health care sector to help them achieve their business goals. Jodi is a contributor to the Uniform Law Commission Telehealth Committee, which drafts and proposes uniform state laws related to telehealth services, including the definition of telehealth, formation of the doctor-patient relationship via telehealth, creation of a registry for out-of-state physicians, insurance coverage and payment parity, and administrative barriers to entity formation.

Photo of Lidia Niecko-Najjum Lidia Niecko-Najjum

Lidia Niecko-Najjum is a counsel in Crowell & Moring’s Health Care Group and is part of the firm’s Digital Health Practice. With over 15 years of clinical, policy, and legal experience, Lidia provides strategic advice on health care regulatory and policy matters, with…

Lidia Niecko-Najjum is a counsel in Crowell & Moring’s Health Care Group and is part of the firm’s Digital Health Practice. With over 15 years of clinical, policy, and legal experience, Lidia provides strategic advice on health care regulatory and policy matters, with particular focus on artificial intelligence, machine learning, digital therapeutics, telehealth, interoperability, and privacy and security. Representative clients include health plans, health systems, academic medical centers, digital health companies, and long-term care facilities.

Lidia’s experience includes serving as a senior research and policy analyst at the Association of American Medical Colleges on the Policy, Strategy & Outreach team. Lidia also practiced as a nurse at Georgetown University Hospital in the general medicine with telemetry unit and the GI endoscopy suite, where she assisted with endoscopic procedures and administered conscious sedation.

Photo of Eunice Lalanne Eunice Lalanne

Eunice Lalanne supports Crowell Health Solutions, a strategic consulting firm affiliated with Crowell & Moring, to help clients pursue and deliver innovative alternatives to the traditional approaches of providing and paying for health care, including through digital health, health equity, and value-based health…

Eunice Lalanne supports Crowell Health Solutions, a strategic consulting firm affiliated with Crowell & Moring, to help clients pursue and deliver innovative alternatives to the traditional approaches of providing and paying for health care, including through digital health, health equity, and value-based health care. She is a health care policy consultant in the Washington, D.C. office.