From the Desk of Shreya Patel – TEFCA Update
The Sequoia Project, the entity charged with operationalizing the framework for national interoperability titled the Trusted Exchange Framework and Common Agreement (TEFCA), has released a Standard Operating Procedure (SOP) on how Individual Access Service Providers (IAS) and actors under the framework will have to respond to Individual requests for information.
VHIEC was able to read through this SOP, which predominantly revolves around identity verification and the best practices IAS Providers must use when they receive requests from individuals. IAS Providers must have a credential service provider (CSP) that is approved by Sequoia Project as the RCE and the identity proofing must meet NIST IAL2 (Identity Assurance Level 2), which is defined under NIST SP800-63A. Additionally, the SOP delves into minimum and additional demographic categories IAS Providers are required and should use respectively.
What is perhaps most noteworthy about this SOP, however, is the guidance they have given on if Qualified Health Information Networks, Participants, and Sub participants are required to respond to all IAS requests. As an HIE or HIN, most entities have not been directly responsible for IAS requests due to the lack of direct relationships with individuals and identity verification concerns. Most requests are coordinated with the Providers or other entities connected to HIEs and HINs, who direct them to share the information for the individual. This would all change under TEFCA because the SOP states, if an actor under the framework receives a QHIN query that meets the demographic/ technical requirements above and has an acceptable patient match, they are required to respond with the Required Information per the Common Agreement, QTF, and Exchange Purposes SOP. The SOP also states, a responder’s patient match shall not require more than the demographic items listed above unless required by law.
Under this new guidance, it will be imperative that entities participating in TEFCA, particularly those without the infrastructure to handle IAS requests, work with an IAS provider to meet these requests.
For more information about TEFCA and this SOP please contact email@example.com Attn: Shreya Patel.