For years, the promise of health data interoperability has felt just out of reach. Despite a growing network of EHR systems, HIEs, and APIs, the simple act of exchanging patient information across organizations still depends on a patchwork of contracts, systems, and manual workarounds.
TEFCA, short for the Trusted Exchange Framework and Common Agreement, was created to change that. It is not a new app, platform, or integration protocol. It is an attempt to create a common legal and technical foundation for how health information is exchanged nationwide. Think of it as infrastructure: the underlying roads, not the cars.
Now in 2025, TEFCA is finally moving from policy concept to operational reality. With federally designated QHINs (Qualified Health Information Networks) beginning to onboard participants, and with formal governance rules taking effect, organizations across the healthcare ecosystem are facing real questions about how TEFCA fits into their operations.
This blog breaks down what TEFCA actually is, how it works, and why it is starting to matter whether you are a hospital CIO, a public health department, a payer, or an EHR developer navigating what comes next.
What Is TEFCA?
TEFCA was established by the 21st Century Cures Act in 2016 to create a common legal and technical foundation for health data exchange across the country. At its core, TEFCA aims to simplify interoperability across healthcare systems, enabling clinicians, researchers, public health agencies, payers, and individuals to access and share essential data securely and efficiently.
TEFCA is not a software product or platform. It defines the policies, requirements, and trust agreements that healthcare networks must follow to exchange data with confidence and consistency.
Core Components
TEFCA consists of two main parts:
- Trusted Exchange Framework: A set of principles that guide networks on privacy, security, standardization, and accountability.
- Common Agreement: A binding legal contract that Qualified Health Information Networks (QHINs) sign, outlining responsibilities, permitted data uses, and compliance expectations.
Qualified Health Information Networks (QHINs)
QHINs are the operational backbone of TEFCA. These are existing health information networks that meet strict technical and legal criteria and have committed to the rules in the Common Agreement. Once connected, QHINs allow any participant on their network to exchange data with any participant on another QHIN, without building individual point-to-point interfaces.
As of mid-2025, seven QHINs have been officially designated. More are in the onboarding pipeline, including Oracle Health Information Network, which entered pre-production testing in May 2025.
Governance and Oversight
The Sequoia Project serves as the Recognized Coordinating Entity (RCE) for TEFCA. Under the direction of the Office of the National Coordinator for Health IT, the RCE oversees QHIN applications, technical onboarding, policy development, and stakeholder engagement.
In January 2025, the RCE published the Governance SOP, which formally established a Governing Council, a QHIN Caucus, and a Participants and Subparticipants Caucus. These groups guide decisions, propose changes, and ensure transparency in how TEFCA evolves.
Other key SOPs, such as the Public Health Exchange Purpose Implementation SOP (August 2024) and the Exchange Purpose Vetting SOP (November 2024), clarify how specific use cases like case reporting or public health surveillance are governed under TEFCA.
What This Means
- TEFCA provides the policy framework for interoperable data exchange across the United States.
- QHINs are the trusted networks that make this connectivity possible.
- The RCE ensures that TEFCA is implemented consistently, fairly, and with broad stakeholder input.
How TEFCA Works
Exchange Architecture: QHINs as the Core
TEFCA is built around Qualified Health Information Networks (QHINs). These are existing health information networks that have completed onboarding, passed technical and cyber assurance evaluations, and signed the Common Agreement. Once designated, a QHIN connects to other QHINs, enabling data sharing between participants and sub-participants across networks.
A provider, lab, public health agency, or payer connected to one QHIN can exchange data with any participant on another QHIN. This model removes the need for individual point‑to‑point interfaces and allows “connect once, reach many” connectivity.
As of mid‑2025, eight QHINs are fully operational, and more are in the onboarding pipeline California Data Exchange Framework.
Exchange Purposes: What the Data Is Used For
TEFCA only permits exchange for six clearly defined reasons, known as Exchange Purposes or XPs. These are:
- Treatment
- Payment
- Health care operations
- Public health
- Government benefits determination
- Individual access services
QHINs are required to support all six XPs technically, though organizations must only respond to requests for Treatment and Individual Access Services today.
How Exchange Happens: Technical Frameworks and SOPs
The QHIN Technical Framework (QTF) defines detailed specifications for how data moves across the network. These include support for document-based exchange (IHE profiles or C‑CDA) and, progressively, with FHIR-based queries and pushes.
Standard Operating Procedures (SOPs) issued by the Recognized Coordinating Entity (The Sequoia Project) translate the high-level rules of the Common Agreement and QTF into day‑to‑day practice. Examples include:
- The Treatment XP Implementation SOP (July 2024) specifies which transactions must be honored and the conditions for response.
- The Public Health XP Implementation SOP (April 2025), which outlines formats and processes for electronic case reporting (ECR) and electronic laboratory reporting (ELR), including required message delivery formats and XP Codes such as T‑PH, T‑PH‑ECR, and T‑PH‑ELR.
The SOPs also cover identity verification, node registration, security incident reporting, XP vetting, and facilitated FHIR support.
Example: Public Health Data Exchange
Public health exchange illustrates how TEFCA works in practice: a public health authority or its delegate initiates a query or push using the XP Code (e.g., T‑PH‑ECR for case reporting). The system ensures jurisdiction metadata and date-range criteria are included. The responding node should comply, returning standardized data at minimum USCDI v1 content where available.
FHIR support is in development through the Facilitated FHIR SOP, allowing public health queries via FHIR API to responding nodes registered with FHIR endpoints in the RCE directory.
Identity and Trust: Directory and Delegation
Every participating entity—QHIN, participant, subparticipant—is published in the RCE Directory. That directory holds endpoint and identity metadata such as Organization ID, Home Community ID, and others needed to authenticate nodes during TEFCA Exchange.
Delegation is also supported. A covered entity may authorize a delegate to initiate queries or pushes on its behalf. Both principal and delegate must sign the Framework Agreement and be listed in the RCE Directory.
Enforcement and Compliance
QHINs and participants must follow Common Agreement terms and SOPs, including privacy, security, dispute resolution, and change management policies. Violations of SOPs are treated as breaches of the Common Agreement.
Codes of conduct, escalation mechanisms, and attestation processes are codified under 45 CFR Part 172, which became effective January 15, 2025
Why TEFCA Matters in 2025
As TEFCA moves from planning to implementation, its relevance across healthcare is becoming increasingly tangible. Here’s how its impact is playing out now:
Building a True Nationwide Interoperability Network
TEFCA establishes a unified national network of networks. By connecting Qualified Health Information Networks (QHINs), providers, labs, payers, and public health agencies can share data across state lines and organizational boundaries without individual contracts and interfaces. This simplifies integration and enables more timely access to critical clinical information.
Enhancing Public Health Surveillance and Emergencies
Public health agencies can now query structured data from providers using defined Exchange Purposes (XP), like case reporting (T‑PH‑ECR) and lab results (T‑PH‑ELR). A new SOP issued in August 2024 clarifies these processes, making data sharing more automated, accurate, and timely for disease surveillance and outbreak response.
Supporting Faster, More Accurate Patient Care
Clinicians and care teams benefit from real-time access to comprehensive patient records. When a clinician needs health information from a facility across the country, TEFCA-connected networks can facilitate direct retrieval—reducing delays, duplication, and external portal login burdens.
Enabling Value-Based Care and Administrative Efficiency
Insurance organizations and provider networks are adopting TEFCA to retrieve data for payment, operations, and benefits determination. This enables better coordination of care and supports emerging value-based care models by reducing administrative overhead and redundant data requests.
Advancing Patient Access and Empowerment
Under TEFCA, individuals can access their health information via connected QHINs. These individual access services require explicit consent and data protection. Although in early adoption stages, the capability is now legally and technically supported under the Common Agreement and regulatory guidance in effect as of January 15, 2025.
Strengthening Trust Through Standardization and Security
All participating QHINs must meet standardized governance, cybersecurity, identity verification, breach notification, and dispute resolution requirements. Requirements codified under 45 CFR Part 172 ensure consistent oversight and expectations across participants and networks.
Opening New Opportunities for Research and Innovation
By creating a reliable exchange backbone across regions and vendors, TEFCA enables access to broader, de‑identified data sets. This facilitates research initiatives, AI-driven analytics, healthcare policy evaluation, and more coordinated innovation efforts across the ecosystem
Who Should Care About TEFCA
As TEFCA moves into real-world implementation, several stakeholder groups have meaningful incentives and responsibilities to engage now:
Providers and Health Systems
Providers benefit from significantly simplified interoperability. Instead of managing multiple point-to-point connections or interfaces, they can connect to a QHIN once to exchange patient information with a broad ecosystem across the nation. This supports better care transitions, reduces delays, and improves continuity of care.
Public Health Agencies
State and local public health organizations can now receive structured data for notifiable conditions, lab results, and investigations using standardized Exchange Purpose codes like T‑PH‑ECR and T‑PH‑ELR. This functionality replaces manual systems such as faxes or spreadsheets, improving timeliness and quality of data for surveillance and outbreak response.
Payers and Health Plans
Engaging with TEFCA allows payers to streamline data exchange for administrative use cases, including payment, benefits determination, and healthcare operations. While companies must comply with guidelines from the Common Agreement and SOPs, they face practical challenges—such as ensuring data quality, aligning infrastructure, and managing governance expectations under reciprocal sharing obligations.
Health IT Vendors and EHR Platforms
Vendors integrating TEFCA-enabled pathways can offer standardized interoperability to clients. As major vendors like Epic and athenaOne scale up live TEFCA adoption, Epic covering over 1,000 hospitals and 22,000 clinics, and athenahealth connecting more than 100,000 provider organizations, the value of TEFCA-enabled platforms increases markedly.
Policy, Compliance & Governance Teams
Compliance leaders should understand how TEFCA impacts broader regulatory obligations, such as the codified rulemaking in 45 CFR Part 172 that became effective January 15, 2025. The common agreement, SOPs, and enforcement mechanisms require ongoing attestation, breach notification procedures, and dispute resolution processes.
Research, Analytics & Innovation Teams
With a connected national network, access to broader, de-identified datasets becomes feasible. This unlocks opportunities for large-scale research, AI-enabled analytics, and coordinated innovation across regions and care settings—especially as TEFCA integrates stronger FHIR APIs and machine-readable data flows
Key Milestones & Timeline
Below is a chronological summary of TEFCA’s development and implementation—from inception to real-world rollout:
| Date / Period | Milestone |
| 2021 | Early public engagement, initial drafting of the Common Agreement and Technical Framework, and stakeholder input sessions |
| Q1–Q2 2022 | Common Agreement v1 released, initial SOPs published, and QTF v1 and FHIR roadmap announced; planning for pilot testing begins |
| Q3–Q4 2022 | Additional SOPs finalized; QHIN applications reviewed; preparation for TEFCA FHIR pilot underway |
| Q1–Q2 2023 | First QHIN applicants approved and onboarded; initial exchange using IHE-based document formats; FHIR pilots launch |
| Q3–Q4 2023 | First QHINs go live; governing council established; additional SOP and technical framework refinements for FHIR-based exchange implemented |
| May 1, 2024 | Common Agreement v2 and key SOPs released, including Facilitated FHIR, Individual Access Service, Governance SOP, XP SOP, Treatment XP Implementation, and Delegation SOPs |
| August 6, 2024 | Public Health XP Implementation SOP published, enabling structured case reporting and lab reporting via TEFCA |
| November 2024 | Technical governance SOPs published—such as security reporting, XP vetting, and FHIR implementation guidance |
| December 16, 2024 | Final federal rule amending information blocking regulations and codifying TEFCA definitions in 45 CFR Part 172 issued |
| January 15, 2025 | Information blocking exception for TEFCA becomes effective; onboarding deadlines and compliance obligations become legally enforceable |
| 2025 H1 (ongoing) | New QHIN approvals and designations continue; operational TEFCA-based data exchange underway; FHIR exchange scaling under Facilitated FHIR SOP |
Event Spotlight
- Common Agreement v2 (May 2024) marked a new era by introducing FHIR-based exchange and consolidating key SOPs into a cohesive update. This was essential for scaling modern APIs and advancing governance transparency.
- Public Health XP Implementation SOP (August 2024) clarified case and lab reporting use cases. This enabled public health agencies to engage in precise, automated query exchanges via TEFCA.
- Federal Rule (Dec 2024 / Jan 2025) codified TEFCA definitions, structure, and a TEFCA-specific exception within the information blocking regulations (45 CFR Part 172–171), thereby providing enforceable regulatory clarity for QHINs and participants.
Conclusion
TEFCA has been in discussion for years, but 2025 is the year it moved from paper to practice. With live QHINs, published SOPs, and legal enforcement now in place, TEFCA is reshaping how health data moves across the country. It’s no longer about isolated systems trying to talk to each other. It’s about one connected framework that lets healthcare organizations exchange data reliably, securely, and at scale.
Whether you’re a provider trying to reduce referral friction, a public health official looking for faster surveillance data, or a payer aiming to streamline prior authorization, TEFCA gives you a new foundation to build on. But that foundation won’t benefit you unless you start planning your engagement.
If you’re exploring TEFCA participation, interoperability strategy, or QHIN onboarding, our team at Nalashaa can help you navigate the landscape. Explore our healthcare interoperability services to learn more about how we support providers, payers, and vendors through compliance and implementation.
Have questions or need a TEFCA readiness conversation? Connect with us at info@nalashaa.com.
Latest posts by Priti Prabha (see all)
- 5 Common Challenges in Healthcare Claims Data Integration - August 14, 2025