ONC’s Draft Trusted Exchange Framework: Seeking Nationwide Interoperability for Health Information Networks

On January 5, 2018, the Office of the National Coordinator for Health Information Technology (“ONC”), an office within the U.S. Department of Health and Human Services, released its Draft Trusted Exchange Framework (the “Draft Framework”), setting forth a roadmap for a public-private partnership designed to promote interoperability among health information networks (“HINs”).

Since the 2004 Executive Order 13335 which established the ONC, the goal of development and nationwide implementation of interoperable health information technology infrastructure has been a federal priority. Presently, there are over 100 regional HINs, each of which serves as a conduit through which electronic healthcare-related information is shared among member organizations. Many of these HINs are not connected, and, generally speaking, interoperability among HINs is limited. This has the effect of limiting patient health information that a provider or health system can access or share, unless the provider or health system joins multiple HINs. Through the 21st Century Cures Act (the “Cures Act”), Congress required ONC to take steps to address this limitation, by establishing a nationwide, interoperable health information exchange framework that can be used by all types of health care stakeholders, including HINs, government agencies, patients, providers, payors, technology developers, and public health organizations. The Draft Framework sets out a series of principles on which any exchange among HINs should be based, and then proposes a set of terms and conditions to which HINs would need to voluntarily agree in order to become “qualified HINs” that would be connected through the framework proposed by ONC, which it refers to as the “Trusted Exchange Framework.” In a January 11, 2018 webinar regarding the Draft Framework, ONC officials described this effort by explaining that the goal of the Draft Framework is to increase “data liquidity” throughout the American health care system. ONC also provided a draft “User’s Guide” for understanding the Draft Framework.

The Draft Framework works towards Congress’ aim of interoperability through a two-part framework. Part A outlines six foundational principles to engender trust among all stakeholders who or that may ultimately participate in the Trusted Exchange Framework, and Part B describes the minimum terms and conditions to which HINs would need to agree in order to be included in ONC’s online Trusted Exchange Framework directory. The principles articulated in Part A are as follows:

1. Standardization. Stakeholders should adhere to industry and federally recognized standards, policies, best practices and procedures.
2. Transparency. Stakeholders should conduct all exchanges openly and transparently (e.g., publicly releasing terms, conditions and contractual agreements that govern the exchange of information).
3. Cooperation and Non-Discrimination. Stakeholders should collaborate across the continuum of care to exchange Electronic Health Information (“EHI”) regardless of the competitive nature of stakeholders (e.g., stakeholders should not create policies that use the law as a pretext for limiting access to patient information to health care providers or health plans outside of their preferred network).
4. Privacy, Security and Patient Safety. Stakeholders should exchange EHI in a secure manner that promotes patient safety and ensures data integrity (e.g., ensuring that data are consistently and accurately matched to the right patient, so care is provided based on the right information).
5. Access. Stakeholders should ensure that individuals and their authorized caregivers have easy access to their EHI.
6. Data-Driven Accountability. “Interoperability” should include the ability for participants to request and receive multiple patient records in a single instance, consistent with applicable legal requirements, for more effective use of data analytics to lower the cost of care and improve the health of the population.

The minimum required terms and conditions contemplated in Part B are designed to support the principles in Part A. In particular, Part B focuses on technical rules and details relating to the obligations of qualified HINs to adopt common authentication processes for network participants and a minimum core set of organizational and operational policies to enable the exchange of EHI among networks. ONC designed the terms and conditions to align with, and in some instances exceed, HIPAA privacy and security requirements (e.g., requiring participants to notify the recognized coordinating entity (“RCE”) tasked with implementing the Trusted Exchange Framework within 15 days of a breach).

ONC hopes that the combination of principles in Part A and terms and conditions in Part B will create a single “on-ramp” for the electronic exchange of health information among HINs, permitting all types of health care stakeholders to participate in nationwide exchange regardless of the IT platform with which they work locally. In its study of approximately 70 hospitals, ONC found that a majority of hospitals use at least three interoperability methods, providing evidence that the Trusted Exchange Framework has the potential to achieve a significant reduction in costly, complex, and redundant methods for access to and exchange of EHI. Health care stakeholders with an interest in greater access to EHI data flows will be keenly interested in how the Trusted Exchange Framework develops and how access to EHI that they can use to spur innovation may be improved as a result. HINs and technology developers will need to carefully assess what steps will need to be taken to comply with the proposed terms and conditions set forth in the Draft Framework.

ONC considers the introduction of the Draft Framework to be the first step in fostering a public-private partnership to create national interoperability of HINs. Although ONC drafted the framework, it intends for the draft to be modified and ultimately finalized by an industry-based RCE, which will be selected through a competitive bidding process to manage and oversee the Trusted Exchange Framework. ONC is accepting public comments about the Draft Framework until February 18, 2018. After the comment period, ONC contemplates that an RCE will be selected by “mid-2018” and a final Trusted Exchange Framework and Common Agreement will be published in the Federal Register by the end of 2018.

We will continue to monitor the development of the Trusted Exchange Framework and analyze its impact on various stakeholders, including HINs, technology developers, and health care providers. Please contact your usual Ropes & Gray attorney with any questions.