Healthcare is at a rare inflection point. As our recent report indicated, advances in artificial intelligence and automation have the potential to improve the care experience for patients, expand access to services, and help control costs by reducing waste and friction in the healthcare system. To deliver on that promise, these technologies rely on interoperability for timely access to accurate clinical data.
Interoperability, in turn, depends on trust. For patients to share health information, they must trust that their information is private and used for their benefit. When providers share medical records, they must trust that any disclosure protects their patients’ privacy. Transparency into how sensitive information is being handled is critical to fostering patient and provider trust.
TEFCA was created through the bipartisan 21st Century Cures Act to serve a public good: connecting the nation’s healthcare system so that people receive safer, better-coordinated care. It is a landmark collaboration between the public and private sectors and represents the best opportunity to make nationwide health information exchange a reality. When a cardiologist pulls up test results from a hospital outside their network, or when an emergency physician treating a patient on vacation reviews a medication list from their home provider, that’s TEFCA at work.
Recently, 77 health systems, including HLC members, suggested that reforms were needed in large nationwide interoperability frameworks including TEFCA and the private sector interoperability network, Carequality, based on perceived gaps in current governance, vetting, and enforcement. These frameworks are responsible for more than one billion patient medical documents exchanges each month.
What health systems have observed is that TEFCA operates based on trust without verification. There is no independent “cop on the beat” ensuring record requests are legitimate. Addressing those gaps and restoring trust will require government involvement to establish stronger safeguards. HLC stands ready to be a resource ensuring those safeguards don’t inhibit entities exchanging critical data for coordinated patient care.
The most immediate way to discourage abuse and foster patient and provider trust is by increasing transparency into TEFCA. Transparency begins with knowing who is requesting private patient records. Making a complete participant directory public, along with a description of each participant’s asserted business purposes for accessing records, would ensure patients and providers know who is exchanging data and discourage participants from misrepresenting their intentions.
Transparency should extend to basic activity measures, including how many records each participant requests and how many it shares back to the network. Making those totals public, along with standardized monthly exchange figures, would paint a clear picture of how information flows nationwide. It would also help identify unusual patterns, such as only engaging in one-directional exchange or large monthly swings in records requested.
Each patient should be able to review a personalized list of network exchange activity involving their records, including which TEFCA participants have requested their information and for what purpose. This mirrors a CMS Interoperability Framework criterion and would empower patients and providers to react to potential abuse quickly.
There should also be transparency about the Qualified Health Information Networks (QHINs) that onboard participants eligible to request patient records from TEFCA. Specifically, the overall number of exchanges facilitated by each QHIN should be made public, including clear disclosures of how they use the information that passes through their networks from TEFCA. For example, do QHINs and other intermediaries save data passed through their networks and use it for secondary purposes?
The United States has spent years attempting to perfect the technical and policy foundation for nationwide health data exchange. TEFCA represents a milestone in that effort—one that has achieved rapid adoption among health systems and is positioned to enable true nationwide data exchange and support emerging use cases such as individual access and public health reporting. But if healthcare organizations or their patients suspect that participating exposes their patients’ records to misuse, they may leave the network, which would set interoperability back years.
Government can help prevent this by increasing transparency so that organizations cannot misrepresent their purpose when accessing patient data. With clear visibility into who is accessing records and why, TEFCA will be better positioned to protect patient privacy, support legitimate exchange, and enable the advanced technologies that depend on trusted data sharing.
