In July our colleagues at the Centers for Medicare & Medicaid Services (CMS) launched an ambitious Health Technology Ecosystem pledge program. The groundswell of energy and enthusiasm for the program has been remarkable, and we’re glad to be their partner. CMS established several pledge categories associated with aspirational criteria included within its CMS Interoperability Framework. This post looks specifically at the similarities and differences between the Trusted Exchange Framework and Common Agreement™ (TEFCA™) and the “CMS-Aligned Network” pledge category.
How TEFCA and CMS-Aligned Networks Relate
To start, both TEFCA and CMS-Aligned Networks are built around the same objective – supporting patients, providers, and other authorized entities in securely accessing and exchanging the electronic health information needed to improve care and reduce burden. Building on this shared purpose, CMS created the CMS-Aligned Network pledge criteria to give any network – including new entrants and networks with different business models – a pathway to accelerate interoperability capabilities. Participation is open and voluntary, and it complements TEFCA rather than replacing it. In fact, all the organizations who have become Qualified Health Information Networks™ (QHINs™) under TEFCA have also pledged to be a CMS-Aligned Network. That’s why the combination of these two initiatives is so powerful.
TEFCA implements the 21st Century Cures Act’s requirement to establish a Common Agreement for participating parties involved in network-to-network exchange, whereas CMS has given networks the opportunity to publicly step up and “do more, faster.” Any organization that self-identifies as a network and agrees to meet the CMS Interoperability Framework can pledge to be a “CMS-Aligned Network.” While the CMS-Aligned Network pledge does not establish a centralized network governance structure like TEFCA, CMS actively defines the expectations for pledgees and convenes technical working groups to shape the criteria and measures of success.
Through this collaborative process, pledgees commit to shared goals, contribute to the development of common approaches, and are expected to make steady progress. CMS may remove organizations that no longer meet the criteria, and pledgees may withdraw voluntarily if they are no longer aligned. CMS-Aligned Networks must meet HITRUST requirements and fully comply with HIPAA rules and all other applicable privacy and security laws and regulations.
TEFCA provides one set of network participation policies, one set of nationwide connectivity services, and one approach to network oversight for all participants. Having gone live at the end of 2023, TEFCA’s governance has matured into a participatory, public-private, collaborative model. Additionally, for a health information network to become a QHIN under TEFCA and demonstrate it is up to the task of facilitating cross-network exchange, at nationwide scale, the requirements are rigorous and specific. Not only do such networks need to address aspects like cybersecurity insurance, annual third-party security assessments, and U.S. ownership status, they also need to demonstrate their technical competencies as part of a regimented onboarding process. Moreover, QHINs are also required to ensure Participants and Subparticipants within their network adhere to specific terms of participation, which is a level of operational network policy that is not necessary for the CMS-Aligned Network pledge program.
Different Paths to Accelerating Interoperability
Where TEFCA looks to be a rising tide that lifts all boats, networks that have pledged to be a CMS-Aligned Network are more like speedboats shooting out ahead to achieve specific milestones. For instance, one CMS Interoperability Framework criterion applicable to CMS-Aligned Networks is that networks provide “an accounting record of all network-facilitated transactions, including for treatment, (who accessed patient’s data, when, and why) and ensures a timely response for each request.” Similarly, the CMS Interoperability Framework expects that “patient consent preferences, when included in a transaction, must be shared with all involved parties, including for treatment use cases.” Implementing these pledge criteria is as important as it will be challenging because they go considerably beyond current policy baselines and require a level of automation and process standardization not yet universally in place in health care.
Similarly, the CMS Interoperability Framework spotlights “patient appointment and encounter details” for accelerated effort by each individual CMS-Aligned Network, whereas this use case does not necessarily fit TEFCA’s focus on cross-network exchange. TEFCA and the CMS Interoperability Framework share the most commonalities in terms of underlying technical expectations. Both reference support for USCDI, HL7® FHIR®, and IAL2 and AAL2 from a digital identity perspective as well as expected capabilities and timeliness for record location and query.
The main difference is the pace and structure. TEFCA progresses through a formal, stepwise governance process, while CMS-Aligned Networks evolve through an ongoing connect-a-thon style model that encourages rapid testing, learning, and refinement. The two approaches are complementary – one provides stability, the other accelerates innovation.
Ultimately, TEFCA will be better off to the extent that CMS-Aligned Networks are able to achieve their pledges and, collectively, we are able to advance efforts to empower patients with their electronic health information and leverage interoperability to reduce administrative burden. We look forward to continuing to advance TEFCA and remain committed to its growth.
