
The Office of the National Coordinator for Health Information Technology (ONC) at the U.S. Department of Health and Human Services (HHS) announced new oversight measures for the Trusted Exchange Framework and Common Agreement (TEFCA), which has facilitated the exchange of more than 1 billion health records.
These updates are a direct reaction to some of the interoperability litigation, with many Qualified Health Information Networks (QHINs) suing each other over allegations of fraud and information blocking behavior.
A third-party auditor, Alliance Global Tech, will provide auditing, review, and compliance support to verify that QHINs and other participants are following the rules of the road for TEFCA.
The auditor will route any conduct that amounts to fraud or information blocking to the appropriate government authority.
This move is intended to create a verification process, validating the trust in the network for data suppliers and providers sharing data.
TEFCA is essentially a voluntary framework, with participation optional for both healthcare providers and payers.
However, the risk of compliance falls on the data suppliers, primarily the provider community, as they are responsible for ensuring that all legal preconditions have been met when sending out data.
If data is sent out without proper authorization, the healthcare providers will be responsible for reporting the data breach and may be subject to burden and associated risks.
The payer community right now is not contributing data into TEFCA.
The introduction of a third-party auditor may change this, but it depends on the implementation and the auditor’s ability to provide effective oversight.
The legal implications of these updates are significant, with healthcare providers facing potential risks if they participate in health information exchange without proper structures in place.
Melissa Soliz, an attorney specializing in Health Data Privacy, Interoperability, and Technology, suggests that providers should consider partnering with the right QHIN or participant to ensure protective measures are in place.
Soliz also recommends that providers have detailed conversations with their technology companies about configuring systems to send data back and responding to TEFCA Required Treatment queries.
It is clear that the future of nationwide health information exchange hangs in the balance as the healthcare industry watches the outcome of ongoing interoperability litigation.
The introduction of a third-party auditor is a step towards creating a more trusted network, but its success will depend on effective implementation and enforcement.
Healthcare providers must work through the complex regulatory and technical infrastructure of TEFCA, balancing the benefits of interoperability with the risks of non-compliance, and consider how technology choices affect their operations.