Find Your Specialist


Contact Us

    Go Back

    Your Guide to TEFCA

    In January 2022, the Office of the National Coordinator for Health Information Technology (ONC) published the Trusted Exchange Framework and Common Agreement (TEFCA). This marked an important milestone in the journey to establish the United States’ first national health information sharing network.

    What is TEFCA?

    The Trusted Exchange Framework and Common Agreement establishes guidelines and contractual conditions to facilitate the safe transfer of electronic health information nationally. TEFCA aims to provide stakeholders such as health professionals, health plans, individuals, government agencies, public health agencies, hospitals and HINs with improved yet secure access to health information.

    TEFCA’s primary goals are to:

    • Increase access to secure health data;
    • Create a core set of data to be available for treatment, access, benefit determination and other related purposes through HINs that follow the Common Agreement;
    • Reduce excess costs and inefficiencies that occur when joining multiple HINs with different protocols and agreements;
    • Establish consistent privacy and security guidelines for HINs to follow when securing patient data.

    While some regional networks already exchange health information, existing networks have limited reach and interoperability, prompting the need for a nationwide, standardized system.

    Participants and Procedures: How TEFCA Works

    Under TEFCA, ONC hopes to accelerate the adoption of Fast Healthcare Interoperability Resources (FHIR) nationwide.

    TEFCA has two components:

    1. The Trusted Exchange Framework (TEF) is a set of foundational, non-binding principles and standards designed to exchange health information effectively.
    2. The Common Agreement (CA) establishes the technical infrastructure and governance required to standardize the quality, security and authentication protocols for transferring and accessing patient data. It advances TEF principles to govern data sharing among networks.

    The ONC appointed the Sequoia Project as the Recognized Coordinating Entity (RCE) administering the adoption and enforcement of the CA. The RCE oversees qualified healthcare information networks (QHINs), which are approved healthcare information networks that agree to comply with TEFCA. QHINs connect directly to facilitate the consistent and safe exchange of health data across the network. In addition to monitoring QHINs, the RCE keeps the technical framework followed by QHINs updated for changes in technology, procedures and policy.

    Once multiple QHINs have joined, providers, patients, insurers and eligible agencies can use the standardized network to access electronic health information. The data will help diagnose and treat patients, improve care and public health outcomes and permit patients to access their private records.

    Apply to be a Qualified Health Information Network

    Starting in 2022, HINs may apply to the RCE to become QHINs. Before submission, HINs need to evaluate their internal processes to determine if they can meet the terms of the CA. During this stage, they should notify the RCE of their intent to apply and conduct preliminary testing of their systems.

    The application process is broken down into five phases:

    1.  Application Submission: HINs submit an online application, a signed CA and a completed questionnaire for the RCE to review. The RCE evaluates the application to determine if it’s complete.
    2. Application Review: The RCE verifies the information provided and either accepts, denies or notifies the HIN of discrepancies within the application. Failure to rectify issues within 10 business days results in the automatic withdrawal of the application. Denied applicants may reapply after six months.
    3. Pre-production Testing: Once the application is approved, the HIN conducts a series of pre-production tests to verify that its systems conform with other QHINs within the system. This phase is performed using test data.
    4. Designation and Post-production Testing: QHINs receive provisional status and access to the production directory. QHINs have 30 days to initiate a Production Connectivity Validation test.
    5. Production QHIN Exchange: QHINs that have completed all application, onboarding and testing steps enter the Production QHIN Exchange.

    Required Third-Party Certification

    To comply with the CA, QHINs must receive and maintain a third-party certification to an industry-recognized cybersecurity framework. Certifying bodies ensure that each QHIN’s cybersecurity framework maintains compliance with the CA’s security controls. The RCE is responsible for selecting eligible certifying bodies. Currently, HITRUST is the only RCE-designated certification body.


    Frazier & Deeter’s dedicated HITRUST practitioners expertly guide organizations through the assessment journey. Learn more today!


    Related Articles

    • 01.25.2023

      A New Year Means New Privacy Laws

      Ever since the General Data Protection Regulation (GDPR) came into effect in May 2018, US state privacy laws have been passed in Virginia, Colorado, Connecticut, Utah and, most pressing of them all, California. The California Privacy Rights Act (CPRA) went…

      Continue Reading
    • 01.19.2023

      The New Rules Under Section 174

      Internal Revenue Code Section 174 has long been used by taxpayers to deduct certain expenses related to research and experimentation (R&E) in the current year.  The code section was originally enacted in 1954 to eliminate uncertainty in the tax accounting…

      Continue Reading
    • 12.20.2022

      IRS Customer Service May Improve in 2023

      With 4,000 new customer service representatives and plans to hire 700 new Taxpayer Assistance Center (TAC) employees, taxpayers soon may get relief from endless hold times, no in-person help and unresolved problems.

      Continue Reading
    • 12.12.2022

      Reduce Taxable Income with IRA Distributions Transfers

      IRA owners who are age 70½ or over can transfer up to $100,000 per year to charity to reduce their taxable income. These transfers, known as qualified charitable distributions or QCDs, offer end-of-the year tax savings and can count toward required minimum distributions (RMDs) that taxpayers who are age 72 must make each year. Think of it as a tax-free charitable rollover of IRA funds.

      Continue Reading
    • 12.02.2022

      UK R&D Tax Reliefs – Where Are We Now?

      In the November 2022 Autumn Statement, the Chancellor announced significant changes to the current Research and Development (R&D) tax reliefs. The key announcements were a change to the applicable rate of the Research and Development Expenditure Credit (RDEC) and a…

      Continue Reading
    • 12.01.2022

      1099s Required for 2022 Tax Year

      Taxpayers earning income from selling goods or providing services may receive a Form 1099-K, Payment Card and Third-Party Network Transactions, for the first time in early 2023, when the 2022 forms are due. The requirement to file Forms 1099 have…

      Continue Reading
    • 11.28.2022

      IRS Uncovers $3.1 Billion in COVID Fraud

      The IRS Criminal Investigation department (IRS-CI) has partnered with the Justice Department to uncover and prosecute fraudulent activities related to the federal government’s COVID relief programs. To date, the IRS has conducted 840 investigations involving fraud amounts totaling more than…

      Continue Reading
    • 10.25.2022

      IRS Inflation Reduction Act Increases Funds

      The Inflation Reduction Act of 2022, enacted in August, increased funding for the IRS by $80 billion through 2031 for enforcement activities, operations support, systems modernization and taxpayer services. The legislative language, Treasury Secretary Janet Yellen and IRS Commissioner Charles…

      Continue Reading

    Privacy Overview

    When you use or access the Site, we use cookies, device identifiers, and similar technologies such as pixels, web beacons, and local storage to collect information about how you use the Site. We process the information collected through such technologies, which may include Personal Information, to help operate certain features of the Site (e.g., to prevent online poll participants from voting more than once), to enhance your experience through personalization, and to help us better understand the features of the Site that you and other users are most interested in.

    You can enable or disable our use of cookies per category.
    Always Enabled