The U.S Department of Health and Human Service’s Office of National Coordinator (ONC) for Health Information Technology unveiled the draft version of the Trusted Exchange Framework as required by the 21st Century Cures Act.
The goal of the Trusted Exchange Framework is to achieve long-term sustainability by building on existing work done in the industry and providing a single “on-ramp” for all interoperability needs. It aims to make interoperability scalable by connecting the numerous Health Information Networks (HINs) in existence today through a core of Qualified Health Information Networks (QHINs). It also aims to build a competitive market that will allow innovation by encouraging collaboration between various HINs even though they might be competitors.
The Trusted Exchange Framework is expected to enhance care coordination by giving health information networks, and their participants, access to more data on the patients they currently serve. It will enable health systems and providers to join one network and have access to their patient’s data, regardless of where the patient received care. It will allow health systems and providers to more easily work with third parties such as analytic products, Qualified Clinical Data Registries (QCDRs), HINs and other registries by eliminating expensive one off and point-to-point interfaces with each one of them. The Trusted Exchange Framework will allow patients, and their caregivers, access to their health information from across the continuum enabling them to participate in their own care.
How the Trusted Exchange Framework will work?
The ONC will select a Recognized Coordinating Entity (RCE) that will act as a governing body and operationalize the Trusted Exchange Framework. The RCE will be responsible for:
- Incorporating the Trusted Exchange terms and conditions into a Common Agreement
- On-boarding organizations to the final TEFCA
- Ensuring QHIN’s compliance to the Common Agreement
- Addressing non-conformities with QHINs
- Updating TEFCA over time in collaboration with the stakeholders
The RCE will oversee and govern the Qualified HINs. QHINs will connect with each other directly to exchange data in adherence with the Trusted Exchange Framework, each QHIN will serve a variety of participants and networks; and each participant will, in turn, serve multiple end users – providers, caregivers and individuals.
The Trusted Exchange Framework consists of 2 parts: Part A and Part B
Part A: General Principles
Part A contains the general principles that Qualified HINs and HINs should follow for Trusted Exchange.
- Standardization: Qualified HINs must adhere to industry and federally recognized standards, policies, best practices and procedures. They must implement technology in a manner that makes it easy to use and allow others to connect easily with them. They must store health information in a structured format and use standard vocabularies.
- Transparency: Qualified HINs must conduct all exchange openly and transparently. They must make terms and conditions and agreements publicly available.
- Cooperation and Non-discrimination: Qualified HINs must collaborate with stakeholders across the continuum of care to exchange electronic health information, even when a stakeholder may be a business competitor.
- Privacy, Security & Patient Safety: QHINs must exchange electronic health information securely and in a manner that promotes patient safety and ensures data integrity. They must ensure that data is consistently and accurately matched to the correct patient.
- Access: QHINs must ensure that patients and their caregivers have easy and consistent access to their health information. They must ensure that no unnecessary barriers restrict patient’s access to their data. They must have policies and procedures to allow patients to revoke their participation in the exchange.
- Data Driven Accountability: Qualified HINs must allow multiple records to be exchanged at one time to enable identification and trending of data for population health.
Part B: Minimum Required Terms & Conditions
Part B contains the minimum required terms and conditions that will be incorporated into the Common Agreement by a Recognized Coordinating Entity (RCE). The terms and conditions include:
- Common authentication processes of the Trusted Exchange
- Common privacy and security policies for all participants of the Trusted Exchange including patient consent, breach notification and data disclosure
- Common set of rules regarding identity proofing, credential management and network governance for all participants
- Common set of rules regarding the standards and technologies to be used for the exchange – e.g. FHIR, CCDA, IHE profiles etc.
- Policies preventing participants from levying unreasonable charges, requiring additional testing procedures or discriminating against competitors for sharing data
The Trusted Exchange Framework currently supports individual access, public health, treatment, benefits determination, healthcare operations and payment as the permitted purposes (use cases) for exchange of data. While the framework successfully addresses the limitations of the traditional HIE model, it does not specify any guidelines or standards for the integration and exchange of data from personal wearable devices. At present, it only provides guidance for voluntarily participating HINs. It is unclear what regulatory mechanisms CMS will use to enforce participation in, and ensure adherence to the framework.
Participating health information networks, hospital networks and provider organizations need to adhere industry standards like FHIR and IHE profiles for data exchange. These organizations would benefit from partnering with healthcare IT companies that are capable of technology upgrades and have significant expertise in interoperability standards and regulatory requirements. The right IT partner will need to have extensive capabilities in interoperability, security, regulatory requirements, including an extensive portfolio of working with Health Information Exchanges and Networks to successfully comply with the framework.