ONC seeks comment on Trusted Exchange Framework aimed at facilitating greater interoperability of health information

On January 5, 2018, the Department of Health and Human Services’ Office of the National Coordinator for Health Information Technology (ONC) released a draft Trusted Exchange Framework and Common Agreement (TEFCA), outlining a common set of principles for trusted exchange of health data and interoperability between health information networks (HINs) and proposing a Common Agreement aimed at operationalizing the principles for data exchange in an effort to drive interoperability. ONC released the draft framework in compliance with provisions of the 21st Century Cures Act, which was enacted in December 2016.

The draft framework is part of an effort “to scale interoperability nationwide by providing a single ‘on-ramp’ to allow all types of healthcare stakeholders to join any health information network they choose and be able to participate in nationwide exchange, regardless of what health IT developer they use, health information exchange or network they contract with, or where the patients’ records are located.”

Comments on the draft framework are due to ONC by February 20, 2018. ONC will post comments on its website. ONC will consider comments on the draft framework as it develops a final TEFCA product, which will be posted on the ONC website and published in the Federal Register.


TEFCA is part of a broader set of directives for HIT information sharing laid out in Section 4003 of the 21st Century Cures Act, wherein ONC is directed to “develop or support a trusted exchange framework, including a common agreement among health information networks nationally,” which may include:

  1. A common method for authenticating trusted health information network participants;
  2. A common set of rules for trusted exchange;
  3. Organizational and operational policies to enable the exchange of health information among networks, including minimum conditions for such exchange to occur; and
  4. A process for filing and adjudicating noncompliance with the terms of the common agreement.

ONC has proposed to use a an open and competitive Funding Opportunity Agreement (FOA) in Spring 2018 to select a single, private Recognized Coordinating Entity (RCE) to oversee all such data transfer. The RCE will work with existing HINs on technical and governance requirements and will have an enforcement capacity. The RCE will work closely with ONC to develop a set of minimum required terms and conditions for trusted exchange, including common authentication processes, and core sets of organizational and operational policies that enable the exchange of health information.

Importantly, the draft framework explains that “while the proposed Trusted Exchange Framework aligns with [the Health Insurance Portability and Accountability Act (HIPAA)] requirements, it also specifies terms and conditions to enable broader exchange of health information.”


Anne Phelps
Principal | Deloitte Risk and Financial Advisory
US Health Care Regulatory Leader
Deloitte & Touche LLP
Latest conversations from Anne Phelps on Twitter

Daniel Esquibel
Senior Manager | Deloitte Risk and Financial Advisory
Deloitte & Touche LLP

Ethan Joselow
Manager | Deloitte Risk and Financial Advisory
Deloitte & Touche LLP

This article contains general information only and Deloitte is not, by means of this article, rendering accounting, business, financial, investment, legal, tax, or other professional advice or services. This article is not a substitute for such professional advice or services, nor should it be used as a basis for any decision or action that may affect your business. Before making any decision or taking any action that may affect your business, you should consult a qualified professional advisor.

Deloitte shall not be responsible for any loss sustained by any person who relies on this article.

About Deloitte

Deloitte refers to one or more of Deloitte Touche Tohmatsu Limited, a UK private company limited by guarantee (“DTTL”), its network of member firms, and their related entities. DTTL and each of its member firms are legally separate and independent entities. DTTL (also referred to as “Deloitte Global”) does not provide services to clients. In the United States, Deloitte refers to one or more of the US member firms of DTTL, their related entities that operate using the “Deloitte” name in the United States and their respective affiliates. Certain services may not be available to attest clients under the rules and regulations of public accounting. Please see http://www.deloitte.com/about to learn more about our global network of member firms.

Copyright © 2018 Deloitte Development LLC. All rights reserved.

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out /  Change )

Google+ photo

You are commenting using your Google+ account. Log Out /  Change )

Twitter picture

You are commenting using your Twitter account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )

Connecting to %s