TEFCA

The Trusted Exchange Framework and Common Agreement (TEFCA), established under the 21st Century Cures Act and operationalized by ONC through the Recognized Coordinating Entity (RCE) — currently The Sequoia Project — creates a national framework for health information exchange. TEFCA Version 2.0 (published 2024) consists of the Trusted Exchange Framework (principles for exchange) and the Common Agreement (legally binding contract between the RCE and Qualified Health Information Networks (QHINs)). QHINs are the exchange hubs — organizations that sign the Common Agreement and provide on-ramp connectivity. Participants (healthcare providers, payers, health IT developers) connect to a QHIN rather than negotiating bilateral agreements with each counterparty. Exchange use cases include Treatment, Payment, Health Care Operations, Individual Access Services (IAS), Public Health, and Benefits Determination. TEFCA uses both FHIR-based exchange and IHE profiles (XCA, XCPD) for legacy compatibility.

The engineering reality of TEFCA participation is that connecting as a Participant or Sub-Participant requires implementing specific technical specifications defined by each QHIN — there is no single technical standard across all QHINs, though all must meet the Common Agreement's minimum technical requirements. The TEFCA FHIR Roadmap is defining FHIR-based exchange requirements (FHIR R4, targeting QHINs by defined dates), but the current deployed infrastructure still relies heavily on IHE Document Sharing (XDS, XCA, XCPD) for cross-QHIN query and response. Organizations must implement Patient Matching — a notoriously difficult problem without a universal patient identifier in the US. ONC's Patient Matching Algorithm Challenge results and TEFCA's patient matching guidance recommend referential matching algorithms with specific minimum attribute requirements, but false positive matches create patient safety risks and false negatives defeat the purpose of exchange.

TEFCA intersects with information blocking rules: participation in TEFCA can help satisfy information blocking exceptions, but TEFCA participation is voluntary and not the exclusive path to compliance. The Individual Access Services (IAS) use case under TEFCA creates a specific set of obligations for organizations connecting patients to their data through third-party applications — this overlaps with but is distinct from the ONC § 170.315(g)(10) API requirement. For large health systems already participating in regional HIEs or CommonWell/Carequality, TEFCA may represent a consolidation opportunity or an additive burden depending on existing connectivity. TEFCA's Benefits Determination use case is particularly significant for payers, enabling social determinants of health data exchange and care coordination workflows that cross coverage boundaries.

We implement TEFCA connectivity through documented QHIN evaluation and onboarding processes, selecting the appropriate QHIN based on the client's existing infrastructure and target use cases. We build patient matching pipelines using probabilistic matching algorithms with configurable threshold management, audit logging, and manual review queues for ambiguous matches. Our IHE Document Sharing implementations include XCA Initiating and Responding Gateway configurations with ATNA audit trail compliance built into the transport layer.

Compliance-Native Architecture Guide

Design principles and a structured checklist for building software that is compliant by default — not compliant by retrofit. Covers data architecture, access controls, audit trails, and vendor due diligence.