Summary of Comments
In early 2018, the Department of Health and Human Services’ (HHS’) Office of the National Coordinator for Health Information of Technology (ONC) released its initial draft of the Trusted Exchange Framework and Common Agreement (TEFCA). A requirement under the 21st Century Cures Act, TEFCA is intended to develop and support a framework of trust, enabling the exchange between health information networks so health information is available where and when it is needed. After receiving a great deal of feedback from stakeholders such as NYeC, ONC released the much anticipated second draft of TEFCA this April. In addition to the release of TEFCA Draft 2, ONC also released a funding opportunity for an industry-based Recognized Coordinating Entity (RCE) to implement and monitor compliance with the Common Agreement.
NYeC remains very supportive of the intent and goals of TEFCA. The Trusted Exchange Framework (TEF) as set forth by ONC largely resembles the structure we developed in New York, with the Statewide Health Information Network for New York (SHIN-NY) similarly providing governance and policy leadership enabling exchange across regions. As ONC proceeds, we stressed the importance of selecting an unbiased RCE with relevant experience and an understanding for the importance in engaging stakeholders to obtain industry trust. Additionally, NYeC greatly appreciated many of the revisions in this second draft but encouraged ONC to further leverage existing infrastructure and demonstrate the value proposition to existing robust and mature Health Information Networks. One way NYeC believes this could be achieved, is by providing an appropriately tailored exception and safe harbor from the recently proposed information blocking regulations for robust Health Information Exchanges and Networks, and their participants. We also called for increased alignment among recent proposals and offices within HHS, and the need for a phased in approach and more realistic implementation timelines. NYeC asked for further guidance on how various consent policies are to be managed through TEFCA, as well as further clarity on certain definitions and continued focus on privacy and security.