An overview of the Trusted Exchange Framework and Common Agreement (TEFCA)
This past week we hosted a conversation with HTN’s resident experts on interoperability and data sharing, Lisa Bari and Brendan Keeler, on the Trusted Exchange Framework and Common Agreement (TEFCA). They were gracious enough to share their wisdom on the recent TEFCA legislation that passed. Below is a summary of topics covered during the conversation, as well as a recording of the conversation for HTN members.
Overview of TEFCA
TEFCA stands for the Trusted Exchange Framework and Common Agreement. You can think of this in two parts, TEF, the Trusted Exchange Framework, is a framework. In interoperability you have frameworks and you have networks, this is a framework. The Trusted Exchange Framework is based on Carequality, an interoperability framework supported by the large EMRs (including Epic).
The Common Agreement provides for the rules of the road under TEFCA. It’s worth noting that many of the challenges we face in interoperability are related to legal and/or competitive issues, not necessarily technical issues. Nearly all of the technical issues related to interoperability are solvable. The challenges really come down to who owns the data.
As Lisa shared, the challenges really revolve around the principles of federalism - powers that aren’t granted to the federal government are granted to states. Much of the regulatory landscape related to interoperability has been left to states, and states have very different laws governing patient data sharing.
This is exactly why we need the Common Agreement portion of TEFCA, to create rules of the road that we can all abide by. Without the Common Agreement, we’d have a bunch of organizations with different rules that have the same interoperability challenges we’ve always had. The Common Agreement is critical for operationalizing a standard national framework and defining the rules of the road.
What are the use cases of TEFCA?
It’s important to note that TEFCA is in v1 and is nowhere near finished. That said, there are four main use cases outlined in TEFCA:
All four of these categories are poorly defined at the moment - each has a high level overview, but is not finished being defined. Details still need to be worked out. As a side note, the Individual Access use case sounds particularly interesting around individuals accessing their data, although it also sounds particularly vague. Lots of work left to be done.
There’s also a number of other potential use cases that could be included in TEFCA in the future, but those haven’t been articulated yet. This includes things like public health and immunizations. So while this has been referred to as a “win” for public health, it’s not actually clear whether thats the case yet. We could get there in the future via TEFCA if those public health use cases are developed, but it’s not there yet.
What are the organizations involved in TEFCA?
The umbrella diagram below describes some of the organizations involved in TEFCA at a high level. Sequoia Project is the RCE entity that is responsible for oversight of the program and will be putting out the rules to QHINs, Qualified Health Information Networks. These QHINs are the main players in TEFCA.
A number of Health Information Exchanges (HIEs) / Carequality program implementors are expressing interest in being QHINs in TEFCA. These implementors are organizations like Health Gorilla and Commonwell Health Alliance that are providing “on ramps” to data exchange. There will be multiple QHINs because different QHINs serve different purposes. Some QHINs will be focused on large EHR systems, some QHINs will focus on public health data, etc. Not all QHINs need to provide the same set of services.
An organization like Health Gorilla may have digital health providers or digital health infrastructure companies as participants. If a digital health infrastructure company is a participant, the sub-participants could be the digital health providers.
Under TEFCA, whether you’re a QHIN, Participant, or Sub-participant, there are flow-down provisions that mean rules and regulations will be passed down from QHINs to participants and sub-participants.
These flow-down provisions create complications for organizations in implementing TEFCA. For instance, each HIE that might consider being a QHIN has its own participants, and those participants will need to agree to any changes in their agreements regarding data sharing. That is a complicated, challenging process getting all of the various stakeholders to commit to those changes.
What are the goals of TEFCA?
TEFCA’s articulated goals are a bit messy as it has been through multiple administrations since work on this was started - remember that it was passed into law under the Obama administration, HHS had it in the Trump administration, and it’s now being finalized in the Biden administration.
All of this has created changes in the legislation over time. For instance, instead of Goal 1 being something simple like: “provide a single onramp to nationwide connectivity”, it is more vague today.
What does it mean that TEFCA has been launched?
We’ve been trying to support national data sharing at least since HIPAA was passed. We’ve had a few iterations of this historically, but both public and private efforts have stalled for various reasons. Most recently we’ve had private entities attempting to build national networks - Commonwell and Carequality.
So launching essentially means there is new administration support behind it and with a rejiggered set of goals, but it it doesn’t mean things are going to change quickly without more use case definition and a forcing mechanism for involvement more than volunteering.
How are TEFCA and Carequality similar / different?
TEFCA is really a “spiritual follower” to the Carequality framework. To start, TEFCA and Carequality will provide access to very similar data - they’ll have CDA documents, some PDFs, and some non-diagnostic images.
It would make sense for the Sequoia project to try to lift much of what Carequality has built and shift it over to TEFCA in oder to ease the transition for organizations and drive momentum within TEFCA. Any changes it makes between the two are going to require investments on the part of organizations - i.e. product teams will have to rebuild certain things if there are differences between the two approaches.
Who is incentivized to participate in TEFCA?
As previously mentioned, it’s important to remember that TEFCA is an entirely voluntary program at the moment. If organizations aren’t participating, you can make requests to them all you want but you’re not going to hear anything back and there’s no penalty.
One of the only ways government can actually mandate change is by tying payments to meeting certain requirements. The classic example of this is connecting federal highway funding to seatbelt and legal drinking age requirements. It’s also been a mechanism in the Quality Payment Program, which ties Medicare payment rates to reporting specific quality data.
Like most things in healthcare (and generally), organizations that find a business interest in participating will be happy to participate in TEFCA, and those that don’t will not.
It seems as though implementors participating in Carequality are the clearest organizations that will be interested in participating in TEFCA.
EHRs will likely drag their feet with TEFCA because they have the most to lose and have always dragged their feet.
Is TEFCA sustainable?
There are a lot of open questions regarding ongoing funding of TEFCA at the moment. For instance, it’s not clear how the RCE (Sequoia Project) will fund the work on an ongoing basis. It’s currently getting some funding from ONC to set up TEFCA (on the order of $1 million a year) but will need more funding moving forward. Does that funding come from more governmental grants? Elsewhere? This is not yet clear, and will need to be answered.
What are organizations doing today?
Most organizations are taking a wait-and-see approach. If you’re digital health orgs curious about the interoperability space and looking at TEFCA, your starting point should be to join Carequality or one of the existing on-ramp vendors because you can get most the data there today. Why jump at TEFCA with the unknowns when you can get most of that data from Carequality today?
Will TEFCA change the interoperability landscape?
Probably not for a while. It is going to be a long haul as infrastructure gets built. TEFCA isn’t going to be able to provide the same value as HIEs for a long time, because it takes a long time to build networks. Most folks left the session with this takeaway - 2022 is the year TEFCA gets started, but it is going to be a long road to nationwide usage and reliability.