Watching the skies for signs of TEFCA’s impact on data exchange
It’s been a long, complicated road to interoperability, but recent progress on a national approach to exchanging data might indicate clearing skies ahead.
I have always loved watching a good storm as it is brewing, because it’s hard to tell what will happen. Will it blow by without a drop, or will it rain cats and dogs? Often, weather patterns are so complex that it is difficult to determine the outcome.
I feel the same way about the Trusted Exchange Framework and Common Agreement (TEFCA) as the first qualified health information networks (QHINs) are being onboarded. I am fascinated to see what will happen next, and I don’t think it is easy to predict.
But TEFCA is coming, that is for sure. You can smell it on the wind. As evidence, several QHINs made it through the gate this week. CommonWell Health Alliance, eHealth Exchange, Epic, Health Gorilla, Kno2 and KONZA all had their QHIN applications accepted, enabling them to begin to test their capabilities as participants in the new framework.
Since beginning my health IT career in 1991, I have seen the storm clouds that represent the EHR market and progress (or lack, thereof) on interoperability. I’m passionate about the subject because I believe that as an occasional patient, I expect my data to be available to all my providers. It should not matter whether a provider is in the same network or in the same city or state, but that is not the case for me or almost anyone else I know.
Full data interoperability is what we all deserve. But I’m also passionate about seeing progress on the complex issues of health information technology adoption and interoperability that I have worked on virtually my entire career. I believe health IT can be a force for positive change, and these recent developments certainly are positive.
While it is simple to describe what we want as patients, getting it to happen for all of us is something else entirely.
Data exchange starts with trust
It has long been understood that success for healthcare information exchange would require trust. Participants must have confidence that others are playing by the same rules. Exchange partners need certainty about the identity of the organizations they are connecting to. Everyone wants to know that everyone else has paid close attention to cyber hygiene.
Most important, though, is that for providers to use a system, they must have confidence it will work the way they expect. They want answers to their messages. They want queries to return the longitudinal record for their patients. While substantial headway has been made in terms of trust, a chicken-and-egg problem exists — nobody will use the network workflows because nobody else is. It is a pervasive problem.
David Blumenthal, who served as the national coordinator for health information technology from 2009 to 2011, recently published his perspective on interoperability in the New England Journal of Medicine. That perspective can be summarized by the opening paragraph: “Although virtually all patient information is now recorded electronically, the persistent inability to move this information easily from place to place has remained a major frustration for patients, clinicians, and policymakers in the United States. It wasn’t supposed to be this way.”
Progress on health information exchange is a dynamic system, or “dynamical” in chaos theory terms — not unlike a thunderstorm — where those involved individually have little control over what progress is made or how the overall system behaves.
Changes in such a system are affected only by outside forces or “disturbances at the periphery.” With thunderstorms, it’s high- and low-pressure systems that make the weather move and change. For interoperability, it’s business interests, market forces, governmental regulation and culture that collide in unpredictable ways, similar to how cold air masses, high pressure and the jet stream interact to make weather. Neither the government nor industry can make anything happen on their own — not even if they decide to collaborate. Other rogue and sometimes random forces remain partly in control of the outcome.
The status quo is difficult to change
For providers in the historically fee-for-service healthcare environment, exchanging data with other providers in many cases is seen as “leakage,” or a loss of control over important assets (especially patients) that “belong” to the health enterprise.
Given that context, the notion of health information exchange among competitors is comparable to trying to reverse the flow of a river or getting it to rain in the desert. While we may talk about value-based care as though it is overwhelmingly replacing fee-for-service, recent studies show we are still not very far down that road. One could argue that once providers are being paid for healthy outcomes, information exchange would be economically rewarding. Incentives are not yet aligned.
By 2016, Congress had lost patience with what it saw as information blocking, by vendors and providers, that was stemming the effective flow of patient data. After spending more than $25 billion over the past several years to get the health community automated and EHR systems certified, lawmakers wanted to see improvements in healthcare outcomes and costs. The missing element was national interoperability.
Direct Secure Messaging through the Direct Standard®, and query-based exchange through the NWHIN or Nationwide Health Information Network (the first run at a national health network) had mixed results by 2013. DirectTrust’s health information service providers demonstrated ongoing growth in push-based messaging for all providers using certified EHR technology nationally, but NWHIN’s query-based exchange operated only in regional deployments that, for the most part, were not connected to each other.
Large vendor-based networks emerged during this period that mostly limited connections between clients of each vendor. Enterprise health information exchanges (HIEs) also emerged — repositories to serve a closed network of providers within a community. To get connected, organizations had to onboard lots of different connections to vendor networks and HIEs. Each connection involved its own legal contract and its own technical and policy requirements. Not all connections were available to everyone.
The 21st Century Cures Act passed in the closing days of the Obama administration on a bipartisan basis — 392 yeas to 26 nays in the U.S. House. The law contained three forces that were intended to help influence the system through regulation.
First, information blocking was defined in the act as “a practice that interferes with, prevents or materially discourages access, exchange or use of electronic health information,” and it was made immediately illegal. The rulemaking that clarified exceptions didn’t come until later, and enforcement remains spotty even today.
Second, patients should be able to access their data through application programming interfaces (APIs) and an “app of their choosing.” The idea was that patients accessing their own records with modern mechanisms could impact the availability of data to providers.
Finally, the law obligated the Office of the National Coordinator for Health Information Technology (ONC) to stand up a Trusted Exchange Framework and to develop a Common Agreement (TEFCA) that would bring forth a “single on-ramp” for health information exchange. The goal was to set standards for how networks would communicate with one another, eliminating the myriad connections and legal agreements an organization needed and to access complete patient records from wherever that data was stored. Adoption of TEFCA was mandatory for ONC, but for no one else — this is still true for the moment.
Progress in parallel
In 2013, the industry was trying to respond to the interoperability issue on its own. In March at the HIMSS convention, CommonWell Health Alliance announced its intention to build a shared infrastructure for member use, providing a national backbone for health information exchange. This move was in response to the growing power of vendor-based networks that made it far easier to communicate with healthcare organizations on the same platform than with others.
Later that year, in a perceived response to CommonWell, Carequality launched an effort based not on shared infrastructure, but instead on common standards that aligned with standards in use in the vendor-based networks. Over the next two years, most vendors chose to align with CommonWell or Carequality (or both), selecting a partner that better fit their goals or alliances.
After nearly a year of fraught negotiation and design, on Dec. 13, 2016 (ironically, the same day 21st Century Cures was signed) CommonWell and Carequality agreed to create a bridge designed to enable exchange between the two. I was a part of this team as a representative of CommonWell. The discussion was mediated by Micky Tripathi, the current national coordinator for health IT.
In the intervening years, CommonWell and Carequality continued their growth, with the majority of transactions coming from exchanging data with one another. Some openly wondered if the time for TEFCA had passed because the market had moved to solve the problem on its own.
The January 2023 ONC Data Brief described the relationships between participants in each national network and found that many organizations make more than one connection. More than 6 percent of hospitals (of the 60 percent that connect to any of these networks) are connected four ways, and in fact, my guess is a great many of those are also connected a fifth way — to a regional HIE.
Even though the brief frequently mentions “national” query networks, the survey results showed the most common mechanism used to query documents in 2021 was from a regional HIE and that “sending and receiving” Direct Secure Messaging over the national DirectTrust network had the most universal usage that almost rivaled fax.
Despite ever broadening adoption of data exchange networks for both query and push, patients still can’t count on their providers being able to access their records from across town— let alone cross-country — even though healthcare organizations are multiply connected. Anecdotally, we have not made sufficient progress on data interoperability.
TEFCA is dead; long live TEFCA!
From its initial announcement in 2016, TEFCA moved slowly, and at one time, looked like it might move to the sea and stall out. The qualified health information network (QHIN) construct was first defined in TEFCA’s first draft in January 2018. This definition of QHINs favored a CommonWell infrastructure approach to national exchange, mandating that QHINs have national master patient index systems and record locator systems. This approach was very much at odds with the networks that were part of Carequality.
After industry comments on the first draft, a second version emerged a year later that was not only much more detailed but more flexible on the “how” a QHIN could accomplish its goals. It expanded the ambitions of the framework to encompass other use-cases and actors including payers and public health. This version of the QHIN ecosystem looked substantially different from the rigid technical expectations of first iteration.
Version 2 also attracted many comments. The National Coordinator for Health IT at that time, Don Rucker, had overseen the selection of the Sequoia Project as the mandated and subsidized recognized coordinating entity (RCE) to operate TEFCA, but there were no publicly announced timelines for TEFCA deployment when he left office in January 2021.
His successor, Micky Tripathi, came to realize the obligation the ONC had to establish TEFCA and that progress to date had been hindered by a lack of clear timelines. As his first major activity, Tripathi announced a definitive timeline, including when he expected a final version of TEFCA would be published and when the first QHINs would be named. As promised, in the first quarter of 2022, a final draft of the documents was published. QHIN onboarding only missed its mark by a quarter or so — which definitely qualifies as on-time delivery for ambitious government led projects.
Blue skies on the interoperability horizon?
In 2021 and 2022, the Sequoia Project and the ONC worked through the necessary policies and standard operating procedures (SOPs) required to make TEFCA work. These companion documents contain some of the most substantive and dynamic work on the network. The onboarding process for QHINs features a multi-step process that includes a letter of intent to apply, followed by an application that was subject to approval by the RCE. There were also strict rules about what a QHIN-in-waiting could and could not say about its “status” in the process.
According to public statements from the RCE, 12 organizations submitted letters of intent, but when it came time to apply to be among the first QHINs to onboard, only six submitted complete applications.
This week, we saw the first class of QHINs recognized in a high-profile public ceremony in the Hubert Humphrey building in Washington. On stage were two networks closely aligned with EHR vendors (CommonWell and Epic), two commercial interoperability companies (Health Gorilla and Kno2) and two non-profit organizations that were representative of the regional information exchanges (eHealth Exchange and Konza). It was quite a bit more diverse a pool of players than was imagined in the first version of TEFCA.
In no way does this mean these organizations are ready to exchange data under the tenets of TEFCA. A rigorous testing process, including QHIN-to-QHIN interoperability, may yet wash out other applicants out before the process is complete.
While this doesn’t mark the “beginning of TEFCA,” or the end, for that matter, it is an important milestone worth recognizing, particularly realizing that the first TEFCA timeline was articulated in January 2021.
The six accepted applicants for QHIN, the Sequoia Project, the ONC and Micky Tripathi are to be congratulated for their diligence and tenacity. We don’t yet know how TEFCA will impact the overall interoperability picture, but we know that it will — it is a force on its own at this point.
It remains to be seen when new rain will come to the interoperability desert. Perhaps as we look back, we will be able to see what impact TEFCA had on the progress we make. I will continue to watch the skies.
Scott Stuewe is president and CEO of DirectTrust.