In an effort to improve interoperability and reduce administrative burden across the healthcare industry, the Department of Health and Human Services’ (HHS) Office of the National Coordinator for Health Information Technology (ONC), earlier this year, released a draft Trusted Exchange Framework and Common Agreement (TEFCA) as mandated by Congress in accordance with the 21st Century Cures Act. Now, as we move towards the release of a final version of TEFCA, Lee Barrett, executive director of the Electronic Healthcare Network Accreditation Commission (EHNAC) (@EHNAC) and a member of both the ONC Fast Healthcare Interoperability Resources (FHIR) Tiger Team and HHS Cybersecurity Task Force, tackled several questions regarding the industry’s take on TEFCA to date as well as ways the healthcare ecosystem is helping improve interoperability.
Q. What has industry’s reception been to date regarding TEFCA and how might it impact the final draft slated to be released late this year?
Barrett: The release of TEFCA included a public comment period which ran through February 18, during which many within the industry voiced their desire for ONC to refrain from establishing a whole new set of identity verification, authentication and privacy/security frameworks. In addition to using existing best practices, industry wanted TEFCA to identify and address gaps in existing frameworks as well as utilize a number of enabling technologies including blockchain, cloud-based data storage and others.
Recently, several industry leaders offered constructive comments related to TEFCA Part B where they voiced concern over the ongoing support of older technologies still being used by healthcare organizations rather than promotion and utilization of more current technologies to promote interoperability adoption.
Genevieve Morris of ONC responded by indicating that there are still many organizations that utilize these older technologies today that can’t be excluded but provide a transition for them to evolve and implement new technologies. In essence, we need to provide a roadmap for migration. This is a good strategy to not “exclude” organizations just because they currently are using older technology but to incent them to migrate to newer technologies. This provides an architecture to allow for this evolution and implementation of the healthcare ecosystem to evolve too.
Now is the time for us to work together to identify areas for improvement, close privacy and security gaps across networks, address vulnerabilities across HIPAA compliance, cyber protection and ransomware prevention, address authentication and ID verification issues, and assure the highest levels of stakeholder trust.
Q. As the industry prepares for a final TEFCA regulation, what efforts have been made to help bridge the interoperability gap between providers’ and patients’ information systems?
Barrett: In an effort to assist the industry in achieving interoperability, EHNAC, in collaboration with WEDI, eHI, eP3 Foundation and many other healthcare organizations has established a new Trusted Exchange Accreditation Program (TEAP). This new program is set to leverage existing industry-wide frameworks and best practices in use across the healthcare ecosystem and align with many national efforts including the Office of the National Coordinator for Health Information Technology’s (ONC’s) efforts to endorse the 21st Century Cures Act and other federal requirements including TEFCA.
As we continue to move forward with this collaboration, we invite the healthcare industry to join us in a very transparent, inclusive and open process to develop this accreditation program that not only aligns with TEFCA provisions but will continue the much-needed focus on interoperability as well as assure a trusted environment where privacy and security requirements are maintained. This new accreditation program is just one of several ways we continue to assist ONC and the industry as we move the needle in terms of interoperability.
The Electronic Healthcare Network Accreditation Commission (EHNAC) is a voluntary, self-governing standards development organization (SDO) established to develop standard criteria and accredit organizations that electronically exchange healthcare data. These entities include accountable care organizations, data registries, electronic health networks, EPCS vendors, e-prescribing solution providers, financial services firms, health information exchanges, health information service providers, management service organizations, medical billers, outsourced service providers, payers, practice management system vendors and third-party administrators. The Commission is an authorized HITRUST CSF Assessor, making it the only organization with the ability to provide both EHNAC accreditation and HITRUST CSF certification.
EHNAC was founded in 1993 and is a tax-exempt 501(c)(6) nonprofit organization. Guided by peer evaluation, the EHNAC accreditation process promotes quality service, innovation, cooperation and open competition in healthcare.