Difference between revisions of "TEFCA"

Revision as of 18:20, 14 September 2018

Full Title or Meme

Trusted Exchange Framework and Common Agreement (TEFCA)

Context

The context of an FHIR interaction is the transfer of PHI although other transaction could occur of the interchange so established.

The Draft Trusted Exchange Framework is intended to enable Health Information Networks (HINs) to securely exchange electronic health information with each other to support a wide range of stakeholders. The draft Trusted Exchange Framework sets up an ecosystem wherein Qualified HINs connect to each other to support the use case of broadcast and directed query for treatment, payment, operations, individual access, public health, and benefits determination purposes. To enable the broadest set of use cases, Qualified HINs and their participants are required to be able to exchange the USCDI when such data is available (i.e. if a participant or Qualified HIN does not capture or have access to a specific data class, they are not expected to be able to exchange that data class). By requiring Qualified HINs and their Participants to be capable of exchanging the USCDI, the Trusted Exchange Framework will, over time, be able to support the Cures Act requirement of all electronic health information from a patient’s record being available.

Problems

• FHIR is focused on the data access methods and encoding leveraging existing Security solutions. Security in FHIR needs to focus on the set of considerations required to ensure that data can be discovered, accessed, or altered only in accordance with expectations and policies.
• Privacy in FHIR is focused on the data access methods and encoding leveraging existing Security solutions. Security in FHIR needs to focus on the set of considerations required to ensure that data can be discovered, accessed, or altered only in accordance with expectations and policies.

Solutions

• The government is looking for demonstration servers and suggestions on improvements. https://www.hhs.gov/about/news/2018/05/17/secure-api-server-showdown-winner-announced.html
  • Including a Recognized Coordinating Entity (RCE)^[1]
  • This The Draft Trusted Exchange Framework could be made generic and apply to a broader range of industries.^[2]
• The page on Federation Trust Registry describes some generic solutions to Trust in a Federated Ecosystem,

References

1. ↑ The Office of the National Coordinator (ONC) for Health Information Technology, DRAFT TRUSTED EXCHANGE FRAMEWORK. (2018) Section 2 - How Will it Work p. 9ff https://www.healthit.gov/sites/default/files/draft-trusted-exchange-framework.pdf
2. ↑ The Office of the National Coordinator (ONC) for Health Information Technology, The Draft Trusted Exchange Framework (2017) https://www.healthit.gov/sites/default/files/draft-guide.pdf

Other sources

• Trusted Exchange Framework and Common Agreement: A Common Sense Approach to Achieving Health Information Interoperability
• FHIR STU3 version of the Security and Privacy Module has a good overview of protection of health information(PHI).
• SMART Health IT is an open, standards based technology platform that enables innovators to create apps that seamlessly and securely run across the healthcare system.
• Argonaut Project is a private sector initiative to advance industry adoption of modern, open interoperability standards. The purpose of the Argonaut Project is to rapidly develop a first-generation FHIR-based API and Core Data Services specification.
• SMART Backend Services: Authorization Guide, Use this OAuth 2.0 profile when the following conditions apply: (1)the service runs automatically, without user interaction, and (2)the service is able to protect a private key