Emerging Technologies

TEFCA and Blockchain: Enabling Trusted Data Flow Between Health Networks

Blockchain helps keep patient data flow between health networks secure

Longstanding interoperability challenges prompted the creation of a number of public initiatives, all aimed at addressing the need for greater data flow, increased security, and trust and accountability between health entities.

The Trusted Exchange Framework and Common Agreement (TEFCA)—led by the Office of the National Coordinator for Health Information Technology and born out of the 21st Century Cures Act—aims to foster a health ecosystem that allows for free data flow of electronic health information (EHI) between separate health information networks (HINs).

TEFCA is composed of two parts:

  1. Trusted Exchange Framework (TEF)
  2. Common Agreement (CA)

These work in tandem to establish the technical and legal requirements needed to support sharing of EHI on a nationwide scale. TEFCA guidance outlines the principles that facilitate trust and provides the governance needed to scale this effort nationally.

Blockchain technology can address components of this guidance and support a secure and interoperable national health information network. To understand blockchain’s potential, we need to first understand the components of the agreement that align with the use of blockchain.

Trust in an Environment of Uncertainty

Data flow of EHI between and among separate HINs, providers, health systems and patients requires trust, and TEFCA’s principles work to ensure this. But what does it mean to have trust?

Trust requires reliability, confidence, truth, quality and fidelity, and an environment of uncertainty and risk to exist. Trust also implies predictability that delivers positive outcomes. In order to help facilitate trust, TEFCA’s principles account for and address the need for predictability, confidence and resilience in a healthcare ecosystem where fidelity and reliability are necessary.

While there is often uncertainty in the face of adopting new technologies, decision-makers need to understand that proper implementation of blockchain helps enhance trust and supports the TEFCA framework’s aims of delivering quality and enhanced confidence in shared information. Since data on the blockchain are immutable, the blockchain supports a network where nodes can operate in a trustless system. This means that nodes do not have to trust each other or establish a way to ensure trust, as long as they trust the technology.

The U.S. healthcare system needs to utilize technologies, such as blockchain, to provide a level of trust and support TEFCA’s aims to provide a framework for interoperability, care coordination and delivery of quality value-based care.

Qualified Health Information Network Governance for Sustainability and Efficiency

A key component of TEFCA seeks to scale health information nationwide through Qualified Health Information Networks (QHINs)—networks of organizations that connect directly to share real-time data, gathered from HINs, through the use of standards-based interoperability.

The current gaps between providers’ and patients’ information systems and separate HINs require QHIN governance to sustain interoperability. This governance provides oversight and enforcement, and outlines the responsibilities of QHINs, who serve as connectivity brokers for HINs.

Ultimately, TEFCA will create a network of QHINs, connecting the data flow between authorized participants and users. Under the agreement, the QHIN Technical Framework (QTF) provides functional and technical requirements to qualify as a QHIN and outlines requirements for interoperability between QHINs.

This governance structure aligns with the distributed network functionality enabled by blockchain. As TEFCA’s new governance seeks to create, blockchain technology can facilitate medical record transactions through peer-to-peer networks of nodes, removing the need of intermediaries. Blockchain technology is also able to efficiently track access of medical records across affiliated and unaffiliated health entities (e.g., physicians, hospitals, clinics, skilled nursing facilities) in the continuum of care.

Consent Management

Requirements around an individual’s consent and authorization to share or disclose information vary across federal and state privacy laws.

Consent management includes outlining policies and procedures to get or revoke consent, share or store consent and communicate consent actions.

As outlined in TEFCA, individuals can provide their consent at various levels, meaning consent management and sharing need to occur at several points in the data flow. Blockchain technology could ensure that the consent management is efficient and transparent by providing records of these consents on one chain to be able to catalog and organize them. It also facilitates sharing across multiple participants.

Privacy and Security

Sharing of personal health information amongst entities securely is a key element of trust for TEFCA. The Minimum Required Terms and Conditions (MRTCs) require strong privacy and security protections from all participating entities. Key to this is the compliance with required standards from the National Institutes of Standards and Technology (NIST) that outline the key requirements that participating organizations need to follow and the identity proofing and enrollment requirement for clinicians and providers who want access. These introduce complexity with varying compliance requirements.

Of note, the identity proofing requirements for access to TEFCA systems (NIST Identity Access Level 2 (IAL2)), differ from those for prescribing controlled substances (Identity Access Level 3 (IAL3)), even though the same documentation and checks are required for exchange access and to prescribe controlled substances. Also, two-factor authentication that meets NIST standards is required for both ePCS and TECFA.

Blockchain can help facilitate TEFCA privacy and security requirements by providing strong audit trails and cryptographic hashing of activity, and provide a means for network participants to reconcile records using a distributed system.

Consistent Standards for Scalable Nationwide Interoperability

Enabling EHI to be available to authorized users when and where it is needed, is another goal of TEFCA. To accomplish this, the QTF outlines various principles that QHINs should apply, including adherence to applicable industry and federally recognized technical standards.

The technical and functional requirements described in the first draft of the QTF reflect many of the technologies and standards used for network-based health information exchange today. These include the IHE XCPD and XCA profiles for document exchange among disparate entities. HL7 FHIR is currently an alternate standard, but might be added as a required standard in future updates.

Application programming interfaces were also discussed in the QTF for population-level data flow and exchange needs. Even though these technical requirements may not directly apply to blockchain technology, the other principle that QHINs must adhere to is transparent data exchange and operation, which can benefit from blockchain technology. Blockchain technology can ensure the transparency of the policies and operations that QHINs need to adhere to.

Many blockchain-enabled solutions are either maturing or in production that incorporate these standards to align with the current data exchange needs, demonstrating that it can co-exist with the outlined standards.

Leveraging Blockchain Technology as a Part of the Global Healthcare Landscape

For many global institutions, the exchange challenges are confounded even further by the variation in regulation, policy and standards across countries, regions and jurisdictions. Regulations such as the General Data Protection Regulation (GDPR) for data flow protection and privacy for people in the European Union (EU) is expected to have implications within the U.S. as well.

As the U.S. works to align exchange efforts with TEFCA, we also need to scale to address the global needs of standards exchange, as outside the U.S., standards and regulations are being developed and reviewed. Similar conversations are occurring with the growth of blockchain-enabled solutions that work with data across multiple jurisdictions. Blockchain may be a catalyst to connect data standards across these jurisdictions and standards-making bodies.

TEFCA supports scalable interoperability and enables participating networks to work together to build the on-ramp for the seamless exchange of electronic health information, regardless of the technology used or geographic location of provider or patient.

Blockchain will play a critical role in TEFCA’s ability to establish trusted, collaborative relationships across multiple stakeholders, technologies and geographies—eliminating many of the barriers in today’s current health information exchange environment.

The views and opinions expressed in this blog or by commenters are those of the author and do not necessarily reflect the official policy or position of HIMSS or its affiliates.

HIMSS Government Relations

The HIMSS policy team works closely with the U.S. Congress, federal decision makers, state legislatures and governments, and other organizations to recommend policy, and legislative and regulatory solutions to improve health through information and technology.

Help Advance Health IT Policy