Sanjay Patil is a Healthcare IT consultant with top-tier consulting experience in successfully delivering large scale custom development projects, application integration, content management ,portal solutions and implementation of health care business solutions. He has been actively involved in Meaningful Use and is passionate about creating IT solutions for providers w.r.t different regulatory programs. He has worked in delivering solutions across all product lines such as EMR, EHR ,Care Co-ordination, Patient Engagement. Sanjay Patil TEFCA Trusted Exchange Frame work and Common Agreement
Transcript
Sanjay Patil is a Healthcare IT consultant with top-tier consulting experience in successfully delivering large scale custom development projects, application integration, content management ,portal solutions and implementation of health care business solutions. He has been actively involved in Meaningful Use and is passionate about creating IT solutions for providers w.r.t different regulatory programs. He has worked in delivering solutions across all product lines such as EMR, EHR ,Care Co-ordination, Patient Engagement.
What is TEFCA?TEFCA – the “Trusted Exchange Frame work and Common Agreement”, is an initiative by the US govern-ment to streamline data exchange by building a network of HINs (Health Information Networks) under the management of ONCHIT. The objective of TEFCA is to develop or support a trusted exchange frame work for trust policies and practices and for a common agreement for Exchange between health information networks. The common agreement may include —
A common method for authenticating trusted health information network participants
A common set of rules for trusted exchange
Organizational and operational policies to enable the exchange of health information among networks, including minimum condi tions for such exchange to occur; and
A process for filing and adjudicating noncom pliance with the terms of the commonagreement.
Aims of TEFCA to improve interoper-ability in healthcare system are:
To expand existing work done by HINs and build a frame work on top of it.
Provide a common platform “on-ramp” to interoperability for all the healthcare industry stake holders to exchange the health data `
The Frame work should be scalable to support the entire healthcare industry, stake holders and to achieve long-term sustainability
To bring a common platform and establish a single platform for HIE that will enable provid ers, hospitals and other healthcare stakehold ers to collaborate and exchange data with any HIN and then connect and participate in nationwide health information exchange automatically.
Need for TEFCAInteroperability and data exchange in healthcare industry is a recognized problem for all stake holders. Presently, HINs operate locally, regionally, or nationally. Due to variations in their participation agreements and sometimes competitive interests, these entities don’t exchange health information with each other. This impacts patient care and outcomes as patients and their family members, providers, public health officials, health plans and the other systems that need health information aren’t able to get it on time.
The current practice for health data exchange is more complex and is not cost effective because of the reasons stated below:
Scalability issues: Most of the healthcare organiza-tions need to join multiple HINs that do not share data with each other. In order to scale this, the complexity of the trusted exchange must be simplified.
Rules restricting information sharing: The diversity of restrictions on data sharing cripples the efforts for nation-wide interoperability. A case on point is Dela-ware HIN that aimed to grow its ADT notifications with providers, hospitals and consumers within Delaware. It ran into challenges communicating with other health information organizations that had more restrictive agreements limiting the type of data being shared and the types of providers, hospitals, and patients allowed to receive the data.
Cost Burden: Due to lack of a Trusted Exchange Frame work, healthcare providers have to spend more for creating many costly, point to point interfaces between organizations. Alternatively, they need to subscribe to multiple HINs that already ought to exchange information with other HINs.
TEFCA aims to reduce the need for individual interfac-es, which are costly, complex to create and maintain, and also to foster efficient use of provider and health IT developer resources.
Steps Taken by Government to MitigateInteroperability ChallengesTo mitigate the above challenges impacting data exchange, building and maintaining trust across and among these HINs is key to interoperability of health information outlined in the Cures Act. The set of principles and basic terms and conditions proposed in TEFCA to address the current challenges faced in healthcare data exchange are stated below:
Part A—Principles for Trusted ExchangeONC has defined 6 principles under Part A that provide a frame work and vision for how the new QHIN and RCE structure will function. In order to facilitate interoperability and exchange of Health Information necessary to support the entire care contin-uum, all the stakeholders should adhere to these principles.
The six principles of TEFCA
Standardization
QHINs and all their participants will be responsible for implement-ing and following all the existing federal standards for interopera-bility. They must implement the updated standards in a timely manner and work with RCE to update TEFCA with newer versions of standards asapplicable.
Transparency
ONC and QHINs along with RCE have to make terms, conditions, and contractual agreements that govern the exchange of Electronic Health Information easily and publicly available.
Cooperation andNon-Discrimination
Collaborate with stakeholders across the continuum of care to exchange Electronic Health Information, even when a stake-holder maybe a businesscompetitor.
Security and Patient Safety
Ensure that Electronic Health Information is exchanged and used in a manner that promotes patient safety, including consis-tently and accurately matching Electronic Health Information to an individual.
Access
Do not impede or put in place any unnecessary barriers to the ability of patients to access and direct their Electronic Health Information to any designated third parties.
Data-driven Accountability Exchange multiple records for a cohort of patients at one time in accordance with Applicable Law to enable identification and trending of data to lower the cost of care and improve the health of the population.
Part B— Basic Required Terms and Condition for TEFCAPart B of TEFCA provides standards for every component of HIN, including items such as standardization of information and
data quality, security and privacy, data integrity and authentication. It focuses more on requirements that HIN will need to
implement and adhere to in order to be considered a Qualified HIN.
More details on PartA and Part B can be found here.
TEFCA Frame workThe frame work comprises of the model of data exchange between the HINs/QHINs and participants who need the data. It explains the role of governing body for TEFCA, the set of principles for the trusted health data exchange and the terms and conditions required for trusted data exchange between the HIN networks.
The frame work proposed by ONC is given below:
TEFCA Frame work
Recognized Coordinating EntityRCE is the governing body formed by ONC to
Administer the requirements of the common agreement set forth for QHINs
Manage the Trusted Frame work by incorporating it into a single, all-encompassing Common Agreement
that Qualified HINs will adhere to.
Build and implement new use cases for TEFCA foundation; RCE should work collaboratively with
stakeholders from across the industry
Monitor QHIN compliance with TEFCA and take actions to resolve non-conformity and non-compliance.
Health Information NetworkHealth Information Networks (HINs) are Individuals or Entities which determine and administer the requirements for facili-tating and enabling the data exchange process electronically between the individuals/entities. HINs manage the policies and control the technology and services required for exchange of health care information with a broader scope of what health data may be exchanged, when, how and by whom. HINs may operate locally, regionally, or nationally.
Qualified Health Information NetworkThe Qualified HIN is a network of organizations which are directly connected to each other to ensure the interoperability and are working in agreement to exchange the health care information. In addition to all the requirements of HIN, QHIN must also be able to locate and transmit ePHI between multiple persons and/or entities electronically.
QHIN is structured in three layers, namely; connectivity broker, participants and end user.
Connectivity broker is a service provided by QHIN to facilitate the following functions with respect to all the TEFCA
Permitted Purposes:
Master patient index (federated or centralized)
Record Locator Service
Broadcast and Directed Queries, and
EHI return to an authorized requesting Qualified HIN.
Participants can be HINs, EHR vendors, and other types of organizations which connect to each other through the
QHIN, and access data from organizations that aren’t members of their QHIN, through QHIN-to-QHIN connectivity.
An End User is an individual or organization using the services of a Participant to send and/or receive electronic
Health Information NetworkHealth Information Networks (HINs) are Individuals or Entities which determine and administer the requirements for facili-tating and enabling the data exchange process electronically between the individuals/entities. HINs manage the policies and control the technology and services required for exchange of health care information with a broader scope of what health data may be exchanged, when, how and by whom. HINs may operate locally, regionally, or nationally.
Qualified Health Information NetworkThe Qualified HIN is a network of organizations which are directly connected to each other to ensure the interoperability and are working in agreement to exchange the health care information. In addition to all the requirements of HIN, QHIN must also be able to locate and transmit ePHI between multiple persons and/or entities electronically.
QHIN is structured in three layers, namely; connectivity broker, participants and end user.
Connectivity broker is a service provided by QHIN to facilitate the following functions with respect to all the TEFCA
Permitted Purposes:
Master patient index (federated or centralized)
Record Locator Service
Broadcast and Directed Queries, and
EHI return to an authorized requesting Qualified HIN.
Participants can be HINs, EHR vendors, and other types of organizations which connect to each other through the
QHIN, and access data from organizations that aren’t members of their QHIN, through QHIN-to-QHIN connectivity.
An End User is an individual or organization using the services of a Participant to send and/or receive electronic
health info.
Use Cases Covered Under the Trusted ExchangeFrame workPatient data request through broadcast to all healthcare organizations
Sends request for a patient’s Electronic Health Information (EHI) to all the Qualified HINs to have the data returned from
the organizations that have it.
Supports situations where it is unknown who may have Electronic Health Information about a patient.
Patient data request to a specific healthcare organization Sends targeted request for a patient’s Electronic Health Information to a specific organization.
Supports situations where you want specific Electronic Health Information about a patient, for example data from
a particular specialist.
Multiple patient data request - Population Level DataQuery and retrieve Electronic Health Information about multiple patients in a single query.
Supports population health services, such as quality measurement, risk analysis, and other analytics.
PermittedPurposes
......
PUBLICHEALTH TREATMENT
PAYMENT
HEALTHCAREOPERATIONS
INDIVIDUALACCESS
BENEFITSDETERMINATION
Trusted Exchange Frame work - Privacy andSecurity ProtectionsTEFCA proposes Identity proofing and authentication for security/privacy protections of patient health information. Identity proofing is the process of verifying that a person is who they claim to be and digital authentication is the process of establishing confidence in a remote user communicating electronically to an information system.
Privacy/Security: Identity Proofing
Each Qualified HIN shall require proof of identity for Participants and participating End Users at a minimum of IAL2
prior to issuance of credentials and Individuals must provide strong evidence of their identity.
Privacy/Security: Authentication
The digital identity guideline SP 800-63B of National Institute of Standards and Technology refers to the level of assur
ance in authentication as the Authenticator Assurance Level (AAL).
Each Qualified HIN shall authenticate End Users, Participants, and Individuals at a minimum of AAL2, and provide
support for at least FAL2 or, alternatively, FAL3.
Connecting to a Qualified HIN or one of its Participants will require two-factor authentication.
Data Classes in U.S. Core Data for Interoperability (USCDI) and Proposed Expansion ProcessThe USCDI establishes a minimum set of data classes that are required to be interoperable nationwide and is designed to be
expanded in an iterative and predictable way over time. Data classes listed in the USCDI are represented in a technology
agnostic manner.
USCDI v1 - Required - CCDS plus Clinical Notes and Provenance
Candidate Data Classes - under consideration for USCDI v2
Emerging Data Classes - Begin evaluating for candidate status
Through TEFCA, ONC aims to implement the Cures Act requirement of all electronic health information from a patient’s record being available for exchange within HINs and QHINs and their participants. As part of ONC’s continued efforts to expand the availability of a minimum baseline of data classes that must be commonly available for interoperable exchange, the draft USCDI builds off the CCDS definition and includes two additional data classes: Clinical Notes and Provenance. This enables the broadest set of use cases, Qualified HINs and their participants are required to be able to exchange the USCDI when such data is available..
The proposed USCDI expansion process will follow a gradual process where it will be promoted to emerging status and will ultimately be included in the USCDI. Once a data class is officially included in the USCDI, it will be required for nationwide exchange.
Use Cases Covered Under the Trusted ExchangeFrame workPatient data request through broadcast to all healthcare organizations
Sends request for a patient’s Electronic Health Information (EHI) to all the Qualified HINs to have the data returned from
the organizations that have it.
Supports situations where it is unknown who may have Electronic Health Information about a patient.
Patient data request to a specific healthcare organization Sends targeted request for a patient’s Electronic Health Information to a specific organization.
Supports situations where you want specific Electronic Health Information about a patient, for example data from
a particular specialist.
Multiple patient data request - Population Level Data Query and retrieve Electronic Health Information about multiple patients in a single query.
Supports population health services, such as quality measurement, risk analysis, and other analytics.
Trusted Exchange Frame work - Privacy andSecurity ProtectionsTEFCA proposes Identity proofing and authentication for security/privacy protections of patient health information. Identity proofing is the process of verifying that a person is who they claim to be and digital authentication is the process of establishing confidence in a remote user communicating electronically to an information system.
Privacy/Security: Identity Proofing
Each Qualified HIN shall require proof of identity for Participants and participating End Users at a minimum of IAL2
prior to issuance of credentials and Individuals must provide strong evidence of their identity.
Privacy/Security: Authentication
The digital identity guideline SP 800-63B of National Institute of Standards and Technology refers to the level of assur
ance in authentication as the Authenticator Assurance Level (AAL).
Each Qualified HIN shall authenticate End Users, Participants, and Individuals at a minimum of AAL2, and provide
support for at least FAL2 or, alternatively, FAL3.
Connecting to a Qualified HIN or one of its Participants will require two-factor authentication.
USCDI Expansion ProcessSome Candidates will be Accepted to USCDISome Candidates Require Further WorkSome Emerging Elements Become CandidatesSome Emerging Require Further Work
Public Health organizationsReporting of laboratory diagnoses and physician-based diagnoses to Health Departments
Public health investigation
Disease-based non-reportable laboratory data
Antibiotic-resistant organism surveillance
Population-level quality monitoring.
PayersBetter coordination of care for patients, share e-referrals, treatment and medication status, discharge summaries and
care plans to attain better patient outcomes and readmission tracking to reduce costly readmissions
To generate quality of care reports with most recent data
Technology developersTo develop HIE compliant applications like ,EHR,EMR,PHM,LIMS etc
Obtain clinical data from providers and provide analytics services
Providers
Population specific health history exchange
Exchange of clinical summary during care transitions, referrals, specialist visits, routine PCP visits
To get historical Lab results and Medication Reconciliation and Immunization History
Home Health to get precise and complete information on admissions and discharges
IndividualsConsumer Empowerment: Consumer Access to Clinical Information
Review copy of their clinical information and their medication history
Federal Agencies Imposing state specific rules and healthcare regulations through audits
Generating population specific reports for data analysis
Promote payment changes and reforms that accelerate the pace of quality improvement
Enable alignment with national priorities for quality of care through incentives, a legal frame work for data sharing, and
patient‐centered quality measure to set health data standardization
Benefits and Impacts of TEFCA on PPP (Patient, Payer, Provider) and HINsTEFCA outlines a business environment in which HINs and health information exchange platforms can generate substantial revenue from two sources:
(1) Real-time data services to different health care providers and(2) Help to generate customized reports and asynchronous data analytics. The revenue generated from these sources wouldbe used to finance the operational costs of an interoperable heath information network.
Below are a few benefits of TEFCA for different stakeholders in the ecosystem
Qualified HINs
HINs and their participants can get access to more data on the patients they currently serve and will enhance care
coordination and care delivery use cases.
Health Systems and Providers
Providers can access patient data regardless of setting of care provisioning. This enables safer, more effective care, and
better care coordination.
This eliminates the need for one point-to–point interfaces. This will allow providers and health systems to easily work with
third parties, such as analytics products, care coordination services, HINs, Qualified Clinical Data Registries (QCDRs), and
other registries.
Patients and Their Caregivers
This enables patients to find all of their health information from across the care continuum, even if they don’t remember
the name of the provider. With this, patients and their caregivers can participate in their care, manage their health
information and have access to their longitudinal health record, transparency of quality or cost, access to indepen
dent decision support, or even the ability to know what their out-of-pocket cost is going to be.
Some common issues submitted on TEFCA: Information Blocking: Several industry stake
holders would like more guidance on this issue
before ONC goes down the path of implementing
TEFCA, which may, or may not be a mechanism to
enforce information blocking.
Time line challenges for implementing
TEFCA: This frame work and agreement comes
several years after HIE networks and other industries
have collaboratively stood up legal agreements,
use cases, and business operations.
Data Privacy and Security: Stakeholders
require specific information on how will the TEFCA
requirements interact with HIPAA requirements as
they govern both QHINs and HIN and specifically
how this will affect the future of data exchange
Cost burdens: In order for the Trusted Health
Information Exchange and Frame work to work,
ONC must allow differentiation between state
health information exchange models. Otherwise,
there will be significant financial implications to
state economies, infrastructure, and communities.
ConclusionTEFCA is designed to bridge the gap between provid-ers’ and patients’ information systems and enable interoperability across disparate Health Information Networks by providing a “single on-ramp” to patient information.
It is recommending that providers, payers and state advocates to include requiring TEFCA connectivity in future legislations.
Despite the fact that the procedures and draft agree-ments described, if adopted by ONC, would remain completely voluntary, the Act mentions that Federal agencies may require its use in certain circumstances. This may profoundly affect both health agencies and their trading partners.
Regardless, if they don’t consider TEFCA in their plan-ning, it may become a requirement. In the short run, existing HIEs (or HINs) and collaborative activities may not find it convincing to alter their course. Only time will tell if TEFCA will have the impact on interoperability that on interoperability that Congress desires.
Federal Agencies Imposing state specific rules and healthcare regulations through audits
Generating population specific reports for data analysis
Promote payment changes and reforms that accelerate the pace of quality improvement
Enable alignment with national priorities for quality of care through incentives, a legal frame work for data sharing, and
patient‐centered quality measure to set health data standardization
Benefits and Impacts of TEFCA on PPP (Patient, Payer, Provider) and HINsTEFCA outlines a business environment in which HINs and health information exchange platforms can generate substantial revenue from two sources:
(1) Real-time data services to different health care providers and (2) Help to generate customized reports and asynchronous data analytics. The revenue generated from these sources would be used to finance the operational costs of an interoperable heath information network.
Below are a few benefits of TEFCA for different stakeholders in the ecosystem
Qualified HINs
HINs and their participants can get access to more data on the patients they currently serve and will enhance care
coordination and care delivery use cases.
Health Systems and Providers
Providers can access patient data regardless of setting of care provisioning. This enables safer, more effective care, and
better care coordination.
This eliminates the need for one point-to–point interfaces. This will allow providers and health systems to easily work with
third parties, such as analytics products, care coordination services, HINs, Qualified Clinical Data Registries (QCDRs), and
other registries.
Patients and Their Caregivers
This enables patients to find all of their health information from across the care continuum, even if they don’t remember
the name of the provider. With this, patients and their caregivers can participate in their care, manage their health
information and have access to their longitudinal health record, transparency of quality or cost, access to indepen
dent decision support, or even the ability to know what their out-of-pocket cost is going to be.
