TEFCA: What You Need to Know About It If You’re a Healthcare Player (or Not) - image

TEFCA: What You Need to Know About It If You’re a Healthcare Player (or Not)

A patient steps into a clinic in Texas. She’s from Connecticut, visiting her daughter for a few weeks. Naturally, her medical records are with her primary care provider, thousands of miles away. But she needs care now, and she’s at the clinic.

Imagine, with a simple keystroke, the clinic can securely and instantly pull up her health information in real-time, ensuring she receives prompt and effective care. This reality was made possible by the Trusted Exchange Framework and Common Agreement (TEFCA). TEFCA is a groundbreaking initiative that has revolutionized electronic health information exchange nationwide, particularly addressing the critical issue of interoperability.

What Is TEFCA as It Is?

The Trusted Exchange Framework and Common Agreement (TEFCA) represents a transformative leap in the secure and seamless sharing of healthcare information across the United States. Envisioned as a solution to the fragmented landscape of electronic health information (EHI) exchange, TEFCA has been the answer to healthcare providers, health plans, and patients who have long sought a system that provides secure, universal access to EHI, regardless of geographical barriers.

The healthcare industry grappled with the challenge of interoperability. The ability to access and share critical patient information across different healthcare systems was hindered by a lack of standardization and connectivity. This often led to delays in care, increased costs, and a frustrating experience for both patients and providers.

Historically, a significant majority of healthcare entities — nearly 95% of hospitals and 90% of office-based physicians — have utilized electronic health records (EHR). Many are part of health information networks (HINs) that facilitate the exchange of records among providers and other stakeholders. With over 100 regional health information exchanges and several national organizations offering data sharing, the infrastructure for interoperability was in place, yet not without its challenges.

The inconsistency and lack of universal connectivity between HINs resulted in a costly and inefficient status quo. Healthcare providers, patients, and HINs often resorted to employing multiple methods of data exchange to bridge the gaps, with most hospitals using at least three different methods and about 30% requiring five or more.

The introduction of a national health information exchange (HIE), as envisioned by TEFCA, addressed these inefficiencies head-on. Serving as a unifying framework, TEFCA connected healthcare providers nationally, facilitating the secure and efficient data exchange.

Rooted in the 21st Century Cures Act of 2016, TEFCA’s mission aligned with the Act’s objectives to establish a common set of data standards and leverage technology to expedite the delivery of healthcare innovations to patients. Developed by the Office of the Coordinator for Health Information Technology (ONC) under the U.S. Department of Health and Human Services (HHS), TEFCA’s development included a “trusted exchange framework” comprising a national, common agreement among HINs.

With drafts released in 2018 and 2019, TEFCA went live in early 2022 as announced by the ONC in July 2021.

Who Benefits from TEFCA?

TEFCA’s reach extends to a wide array of entities within the healthcare ecosystem. Healthcare providers, payers, state agencies, public health professionals, patients, and other stakeholders stand to gain from the policies, technical specifications, and network connectivity requirements established by TEFCA. Participants are empowered to send and receive EHI effortlessly, a stark contrast to the previous landscape where stakeholders juggled multiple networks to access necessary information. By joining a HIN within the TEFCA network, entities gain access to a wealth of information through a single, unified access point.

How Does TEFCA Function?

The Trusted Exchange Framework and Common Agreement (TEFCA) is designed with three pivotal goals that shape the future of healthcare information exchange in the United States:

  • National Connectivity: TEFCA provides a unified gateway for networks to connect, granting patients secure access to their health information whenever and wherever needed.

  • Portable Electronic Health Information: It ensures that health information is not only accessible but also transferable across the healthcare spectrum.

  • National Scalability: TEFCA achieves nationwide interoperability by harmonizing legal and technical standards, enabling the system to operate seamlessly across diverse networks.

Structure of TEFCA

TEFCA operates as a “network of networks,” offering various entry points for a wide range of participants and stakeholders, including:

  • Health Information Networks (HINs)

  • Health Information Exchanges (HIEs)

  • Healthcare Providers

  • Public Health Agencies

  • Government and Federal Agencies

  • Health Plans

  • Health IT Developers

  • Individual Users (patients, their representatives, or health plan members)

Governed by the Office of the National Coordinator for Health Information Technology (ONC) and managed by a Recognized Coordinating Entity (RCE), TEFCA’s implementation has been spearheaded by the Sequoia Project since 2019.

Qualified Health Information Networks (QHINs)

QHINs are networks chosen by the RCE that meet specific technical and standard requirements to facilitate nationwide data sharing. Under the RCE’s guidance, QHINs interconnect through connectivity brokers, offering services like record locator, query broadcasting, and a master patient index.

TEFCA’s Core Components

TEFCA comprises two foundational elements:

  • Trusted Exchange Framework: A set of principles that guide organizations in health information exchange, emphasizing:
    • Access

    • Cooperation and Non-Discrimination

    • Data-Driven Accountability

    • Privacy, Security, and Patient Safety

    • Standardization

    • Transparency

  • Common Agreement: A legal contract that dictates the terms of data sharing between networks, ensuring neutral coordination and connectivity among QHINs.

The Sequoia Project, as the contracted RCE, collaborates with the ONC to refine and implement the Common Agreement. The latest iteration, Common Agreement Version 2.0, released on April 22, 2024, mandates support for HL7® FHIR® transactions and introduces new terms of participation, enhancing the framework for a more robust national health information exchange. This version is set to be implemented by June 30, 2024, marking a significant milestone in TEFCA’s evolution and its commitment to creating a comprehensive, interoperable health information system across the nation.

The Significance of HL7® FHIR® in TEFCA

HL7® FHIR® is a standard for exchanging healthcare information electronically, and it plays a crucial role in achieving TEFCA’s goals of interoperability.

Here are some of its key points:

  • Facilitated Exchange: HL7® FHIR® enables facilitated exchange, allowing healthcare organizations to conduct transactions directly with other participants in the TEFCA exchange without needing a prior connection.

  • Roadmap Integration: The FHIR® Roadmap for TEFCA Exchange V.2 outlines the integration of FHIR® APIs into TEFCA, marking a significant step towards standardized, API-based health information exchange.

  • Support for Modern Workflows: The adoption of FHIR® standards supports both business-to-business and consumer-facing individual access workflows, which are essential for modern healthcare operations.

  • Enhanced Security and Accessibility: With FHIR®, there’s an emphasis on secure, scalable registration, authentication, and authorization, ensuring that patient data remains protected while being more accessible for care coordination.

In essence, HL7® FHIR®’s role in TEFCA is to streamline the process of health data exchange, making it faster, more secure, and more efficient, ultimately leading to improved patient care and reduced healthcare costs. The implementation of FHIR® within TEFCA reflects the healthcare industry’s move towards more advanced and standardized technology for interoperability.

TEFCA & Hospitals: “How You Doin’?” ©

As of the data available, about 51% of hospitals are aware of TEFCA and plan to participate. However, there is a variation in participation intent among different types of hospitals. For instance, just 29% of independent ones plan to participate compared to 61% of multi-hospital system members.

Reasons for Hospitals’ Slow Adoption

Hospitals may be hesitant to join TEFCA for several reasons:

  • Complexity and Cost: Aligning with TEFCA’s requirements can be complex and may necessitate significant changes to existing systems, which can be costly.

  • Voluntary Participation: TEFCA’s adoption is voluntary, and there is concern about whether there will be enough uptake to create the envisioned nationwide interoperability network.

  • Ongoing Development: TEFCA is still considered a work in progress, with ongoing updates and enhancements to the framework.

TEFCA’s Role in Interoperability

TEFCA is a significant step towards solving interoperability issues by establishing a universal governance, policy, and technical floor for nationwide interoperability. It aims to simplify connectivity and enable secure information exchange to improve patient care and enhance the welfare of populations. However, it is still far from a complete solution because:

  • Widespread Industry Buy-In Needed: For TEFCA to be fully effective, it requires widespread industry participation, which is currently not at 100%. Full embracement of TEFCA by the healthcare industry requires education, community buy-in, and careful consideration of incentives for participation.

  • Phased Implementation: The full range of TEFCA’s capabilities, including all its exchange purposes, is yet to be fully realized and utilized across the healthcare industry.

  • Interoperability Complexity: The complexity of patient data and health information that falls outside of HIPAA regulation poses a challenge. There’s also a proposal to extend HIPAA to all TEFCA participants, which could complicate compliance for those not currently considered covered entities or business associates under the rule.

  • Privacy and Security: The need to raise the privacy and security bar for entities that want to be certified as qualified health information networks (QHINs) is a significant challenge. This includes ensuring encryption for individually identifiable information in transit and at rest.

  • Ongoing Management: Even after adopting TEFCA, there is an ongoing administrative responsibility to maintain compliance, manage data exchanges, and ensure privacy and security standards are met. This continuous effort can be seen as an administrative burden.

In Conclusion: How Can Healthcare Organizations Prepare for TEFCA?

Healthcare entities should begin by auditing their current health information exchange systems, focusing on data identification and consistency. Evaluate the existing tools, applications, and systems for collecting and storing essential data points. Identify any discrepancies or gaps and strategize on how to address them effectively.

Maintaining high data quality is vital for seamless integration. Establishing baseline data quality metrics, if not already in place, is a proactive measure to identify and rectify issues before the implementation of TEFCA’s latest version.

To comply with the updated standards, healthcare providers are required to implement a secure API that facilitates safe access to electronic health records. Embracing an interoperability platform that supports HL7® FHIR® transactions will be instrumental in ensuring a smooth transition to the enhanced TEFCA framework.

By taking these steps, healthcare organizations can ensure they are well-prepared for the upcoming changes and can continue to provide high-quality care through improved data exchange and interoperability.

So dear healthcare leaders! If you’re reading this material, it’s not a random thing. The journey towards a unified health information network also begins with your actions. Choose TEFCA’s vision today for improvements tomorrow!


What is the significance of TEFCA?

The Trusted Exchange Framework and Common Agreement (TEFCA) is significant because it establishes a universal governance, policy, and technical floor for nationwide interoperability in healthcare. It simplifies the process for organizations to securely exchange health information, which is essential for improving patient care, public health, and healthcare value. Additionally, TEFCA enables individuals to access and gather their healthcare information, promoting patient empowerment and engagement.

What are the key components of TEFCA?

The key components of TEFCA include the Trusted Exchange Framework (TEF), which outlines principles for trust and data exchange; the Common Agreement (CA), which sets legal and technical requirements for nationwide information sharing; and the Qualified Health Information Network Technical Framework (QTF), along with Standard Operating Procedures (SOPs), which provide detailed operational guidance. These components work together to create a standardized approach for secure health information exchange across different networks. The framework aims to enhance patient care, ensure secure data transfer, and empower individuals with access to their health information.

How can organizations address data privacy concerns during the TEFCA transition?

Organizations can address data privacy concerns during the TEFCA transition by ensuring compliance with the Health Insurance Portability and Accountability Act (HIPAA) and understanding the security obligations of managing centralized databases of information. They should also engage in risk assessments and management to identify and mitigate potential privacy risks associated with data exchange under TEFCA. Additionally, organizations may seek legal counsel to navigate the complexities of patient data and health information regulations that fall outside of HIPAA, as TEFCA extends HIPAA to all participants.

Are there any penalties for non-compliance with TEFCA?

Yes, there are penalties for non-compliance with TEFCA. While the specific penalties are not detailed in the search results, organizations are expected to adhere to the requirements outlined in the Common Agreement and the Trusted Exchange Framework. Failure to comply could potentially lead to legal consequences, loss of trust among healthcare partners, and exclusion from participating in the nationwide health information network.

Are there any challenges to the widespread adoption of TEFCA?

The widespread adoption of TEFCA faces challenges such as ensuring voluntary uptake by healthcare stakeholders, given that the government cannot mandate adoption. There are concerns about achieving the envisioned coast-to-coast interoperability network due to historical difficulties in securing industry buy-in for health IT regulations. Additionally, the transition requires stakeholders to adapt to new legal and technical requirements, which may involve significant changes to existing systems and processes.


Alex Koshykov
Alex Koshykov (COO) with more than 10 years of experience in product and project management, passionate about startups and building an ecosystem for them to succeed.
Mariia Maliuta
Mariia Maliuta (Copywriter) "Woman of the Word" in BeKey; technical translator/interpreter & writer

Tell us about your project

Fill out the form or contact us

Go Up

Tell us about your project