TEFCA interoperability — First QHINs cleared to exchange nationwide

The Office of the National Coordinator for Health IT (ONC) and The Sequoia Project announced on January 18, 2024 that six organizations achieved Qualified Health Information Network (QHIN) status under the Trusted Exchange Framework and Common Agreement (TEFCA). The designations move TEFCA from planning into live operations, creating a single on-ramp for cross-network exchange that aligns with Cures Act information blocking and HTI-1 interoperability rules.

Healthcare providers, payers, and health IT vendors integrating with a QHIN must now map onboarding, testing, and privacy attestations to the Common Agreement and the QHIN Technical Framework (QTF).

Interoperability readiness checkpoints

• Participant agreements. Review QHIN terms to confirm permitted purposes, security event reporting timelines, and flow-down obligations to subparticipants, aligning them with existing Business Associate Agreements and HIPAA disclosure logs.
• Technical onboarding. Build FHIR R4 endpoints and brokered message services that satisfy QTF requirements for patient discovery, query, and message delivery, including IHE ATNA-style audit trails and system-of-record assertions.
• Privacy operations. Update consent workflows to respect federal and state restrictions on sensitive data (e.g., 42 CFR Part 2) and ensure segmentation metadata persists across QHIN routing so downstream nodes can enforce restrictions.

Operational priorities for 2024

• Testing and validation. Schedule conformance testing with the Recognized Coordinating Entity (RCE), documenting error handling, availability SLAs, and security control mappings for SOC 2 or HITRUST evidence packages.
• Provider outreach. Communicate TEFCA participation, patient access options, and permitted uses to clinicians and patients, leveraging HTI-1 decision support transparency templates to explain how exchanged data informs CDS outputs.
• Monitoring and incident response. Integrate QHIN security event reporting (required within 24 hours for certain incidents) into enterprise incident response plans, and run tabletop exercises simulating cross-network outages or data integrity issues.

What comes next

• Exchange purposes expansion. TEFCA initially supports treatment, individual access services, public health, and payment; ONC has signaled additional purposes and FHIR-based exchange obligations will follow as QHIN capacity matures.
• Alignment with CMS rules. CMS Interoperability and Prior Authorization rules will rely on FHIR APIs and payer-to-payer exchange that complement TEFCA, making data model harmonisation a 2024 roadmap item for payers.
• Certification updates. HTI-1 certification conditions require transparency for decision support interventions and adoption of USCDI v4 by 2026, reinforcing the need to keep FHIR payloads and metadata consistent across TEFCA and certified EHR modules.

Sources

• ONC announcement of first six QHIN designations (January 18, 2024)
• Trusted Exchange Framework and Common Agreement resources from the RCE

Interoperability, privacy, and compliance leads should sequence TEFCA onboarding with HTI-1 timelines to minimise duplicate testing and evidence collection.