January 29, 2023

Volume XIII, Number 29


January 27, 2023

Subscribe to Latest Legal News and Analysis

ONC Releases Interoperability Frameworks

The 21st Century Cures Act directed the National Coordinator to “develop or support a trusted exchange framework, including a common agreement among health information networks nationally.” Fulfilling that mandate, the Office of the National Coordinator (“ONC”) for Health Information Technology released the “Trusted Exchange Framework and the Common Agreement” for health record interoperability. The two documents, titled “Trusted Exchange Framework, Common Agreement – Version 1” (“TEFCA”), and “Trusted Exchange Framework: Principles for Trusted Exchange” (“Principles”) were published on January 18, 2022. The purpose of the Principles is to create a non-binding set of common principles for the exchange of health information and the TEFCA memorializes the technical infrastructure and governance for the different networks and their users to securely share information with each other – all under a common framework. By signing the TEFCA and adhering to the Principles, entities can be designated as Qualified Health Information Networks (“QHIN”). A QHIN is a network of organizations certified by the ONC to work together to share data. QHINs will connect directly to each other to ensure interoperability between the networks they represent. With the release of these two documents, entities can now begin reviewing the requirements and considering whether to apply.

In addition, the TEFCA Health Level Seven (“HL7”) Fast Healthcare Interoperability Resource (“FHIR”) Roadmap (“TEFCA FHIR Roadmap”) has been released, which sets forth how TEFCA will accelerate the adoption of FHIR-based exchange across the industry.


Following are the seven principles that will help facilitate the exchange of information among health networks:

  1. Standardization. Health information networks should prioritize federally recognized and industry recognized technical standards, policies, best practices, and procedures.

  2. Openness and transparency. Health information networks should conduct activities openly and transparently, wherever possible.

  3. Cooperation and Non-discrimination. Health information networks should collaborate with stakeholders across the continuum of care to electronically exchange digital health information, even when a stakeholder may be a business competitor.

  4. Privacy, Security, and Safety. Health information networks should exchange digital health information in a manner that supports privacy; ensures data confidentiality, integrity, and availability; and promotes patient safety.

  5. Access. Health information networks should ensure that Individuals and their authorized caregivers have easy access to their digital health information and understand how it has been used or disclosed and HINs should comply with civil rights obligations on accessibility.

  6. Equity. Health information networks should consider the impacts of interoperability on different populations and throughout the lifecycle of the activity.

  7. Public Health. Health information networks should support public health authorities and population-level use cases to enable the development of a learning health system that improves the health of the population and lowers the cost of care.

 Common Agreement

The TEFCA operationalizes the principles above by binding its signatories to a detailed infrastructure which allows different networks to securely share basic clinical information with each other. The major obligations of the agreement are demonstrating the ability to send and receive information with various upstream and downstream entities. Affirmative covenants in the agreement include security, privacy, and respecting data rights of individual patients. There are also negative covenants such as non-exclusivity and non-discrimination with respect to the sharing of data. By signing the 63-page agreement and following its obligations a health information network becomes designated as a Qualified Health Information Network.

© 2023 Proskauer Rose LLP. National Law Review, Volume XII, Number 70

About this Author

Ryan P. Blaney Healthcare and Cybersecurity Attorney Proskauer Washington DC

Ryan Blaney is a partner in Proskauer’s Health Care and Privacy & Cybersecurity Groups.

Ryan’s practice focuses on regulatory compliance, enforcement, litigation and transactions in the areas of data privacy, cybersecurity, health care, and emerging technologies. He advises private equity, asset managers, health care, life sciences, retail and technology clients on privacy and cybersecurity compliance, cybersecurity incidents and government investigations, including acting as lead counsel in defending clients in regulatory investigations by...


Vincent Tennant is an associate in the Privacy & Cybersecurity and Health Care Groups.

Vince’s practice focuses on data privacy and cybersecurity issues in the context of regulatory compliance, enforcement, litigation and transactions. He advises private equity, asset managers, health care, life sciences, retail and technology clients on privacy and cybersecurity compliance, cyber risk management in critical transactions and cybersecurity incident response.   

Vince counsels clients on federal, state, and...

Whitney Phelps Attorney Proskauer Rose LLP

Whitney Phelps provides practical and strategic counsel, solutions and analysis for healthcare stakeholders of all kinds. She has particular expertise in managed care and value-based contracting, including with various alternative payment arrangements between providers and payers. Her experience includes advising on a broad range of complex healthcare transactions and regulatory matters relating to long-term care, home care, behavioral health, risk contracting and ambulatory services. Whitney has deep capabilities negotiating complex joint ventures and other transactions...

Jason S. Madden Healthcare Attorney Proskauer Law Firm

Jason Madden is an associate in the Corporate Department and a member of the Health Care Group. His practice focuses on representing health care clients, including hospitals, physician groups, not-for-profit corporations, private equity firms and other financial institutions. Jason provides legal advice on a wide range of regulatory, transactional and litigation matters, including fraud and abuse compliance; HIPAA and data privacy; mergers, acquisitions and financings; and general corporate and business planning.

In addition, Jason actively participates in pro bono matters,...