Skip to content
This search input has a predictive search function. When 3 letters or more are entered, a number of predictive results appear in a dropdown. Use arrow keys to navigate and use the enter key to go to the page highlighted.
    RENEW JOIN
    Dashboard

    TEFCA Rule

    • January 02, 2025

    The Trusted Exchange Framework and Common Agreement (TEFCA) final rule aims to facilitate the efficient, secure exchange of healthcare information across the care continuum. This final rule is a subsection of the HTI-2 proposed rule that received 200+ comments, including from APA, earlier in 2024.

    Key Changes

    Information Blocking Regulations

    The final rule amends the information blocking regulations by including definitions related to the TEFCA Manner Exception. This supports reliable, secure, and trusted data exchange.

    • Purpose: It allows healthcare providers, health IT developers, and other actors to limit the way they fulfill requests for electronic health information (EHI) to only through TEFCA. This means they can choose to share information exclusively via the TEFCA network.
    • Information Blocking: Normally, if an actor restricts the way they share EHI, it might be considered information blocking, which is against the rules. However, if they do it through TEFCA, it's not considered information blocking.
    • Conditions: This exception applies only if both the actor (the one sharing the information) and the requestor (the one asking for the information) are part of the TEFCA network. This ensures that the exchange of health information is secure, reliable, and standardized.

    In essence, the TEFCA Manner Exception provides a safe harbor for actors to use a standardized, trusted framework for sharing health information without facing penalties for information blocking.

    Infeasibility Exception

    The rule revises the infeasibility exception, clarifying conditions under which an actor can deny a request for electronic health information (EHI) due to uncontrollable events or other specific scenarios.

    • Uncontrollable Events: If an uncontrollable event, like a natural disaster, affects the actor's ability to fulfill the request, they can invoke this exception.
    • Third-Party Modifications: If the request involves allowing a third party to modify EHI and this is not feasible, the actor can use this exception.
    • Exhausting Alternatives: The actor must have exhausted all alternative manners of fulfilling the request as per the manner exception before invoking the infeasibility exception.
    • Substantial Number: The actor must not currently provide the same requested access, exchange, or use of EHI to a substantial number of similarly situated individuals or entities.

    This exception ensures that actors are not penalized for genuinely being unable to fulfill certain requests due to practical limitations.

    New Conditions

    Two new conditions have been added:

    • Allows an actor to deny a third party seeking to modify EHI. This ensures that actors are not required to allow external modifications that could compromise data integrity or security.
    • Allows an actor to deny a request for access, exchange, or use of EHI after exhausting alternative manners offered under the manner exception. This helps actors manage resources effectively while complying with interoperability standards.

    Common Agreement Changes:

    • Support for FHIR: The Common Agreement now requires support for Fast Healthcare Interoperability Resources (FHIR) API exchange. This allows TEFCA participants to more easily exchange information directly and enables individuals to access their health information using apps of their choice.
    • Standard Operating Procedures (SOPs): New SOPs have been introduced to enhance the trust model central to TEFCA. These include policies for transitioning TEFCA governance, cooperation in investigations, and reporting security incidents.
    • Participant and Sub participant Terms of Participation: The updated Common Agreement includes detailed terms of participation for both participants and sub participants. This helps streamline legal processes and reduce costs for organizations seeking to connect to TEFCA.
    • Enhanced Privacy and Security: The new rule strengthens privacy and security requirements for all entities participating in TEFCA, ensuring that health information is exchanged securely and confidentially.
    • Expanded Use Cases: The Common Agreement now better supports use cases beyond treatment, including public health, individual access, and other authorized uses. This flexibility allows a wider range of stakeholders to benefit from improved access to health information.

    Medical leadership for mind, brain and body.

    Join Today