HIE Integration
Health information exchange design, deployment, and optimization.
Explore HIE IntegrationTEFCA Integration Services
Connect your organization to the national TEFCA network — QHIN onboarding, Common Agreement compliance, exchange purpose configuration, and end-to-end Trusted Exchange Framework implementation for seamless nationwide interoperability.
Trusted Exchange Framework
TEFCA-Ready Integration for Nationwide Health Data Exchange
Saga IT implements TEFCA connectivity from the ground up — QHIN onboarding, Common Agreement compliance, exchange purpose configuration, and end-to-end trusted exchange implementation. Our team connects your organization to the national network through FHIR R4 APIs, identity proofing, and federated query infrastructure.
TEFCA Compliant
QHIN Connectivity
IAS Exchange Purposes
QHIN Landscape
Comparing Qualified Health Information Networks
The Trusted Exchange Framework and Common Agreement (TEFCA) designates Qualified Health Information Networks as the backbone of nationwide health data exchange. Each QHIN brings different strengths in geographic reach, participant base, and exchange capabilities. Understanding these differences is critical when choosing the right QHIN pathway for your organization.
| Feature | Carequality | CommonWell | eHealth Exchange | KONZA | Epic Nexus | MedAllies |
|---|---|---|---|---|---|---|
| Network Type | Framework | Alliance | HIE Network | State HIE | EHR-Based | HISP/HIN |
| Primary Participants | EHRs & HINs | EHRs & Labs | Federal & State | Rural & Critical Access | Epic Customers | Providers & HIEs |
| Treatment (T) | ||||||
| Payment (P) | ||||||
| Healthcare Operations (HCOPS) | ||||||
| Public Health (PH) | ||||||
| Individual Access (IA) | ||||||
| Government Benefits (GB) | ||||||
| FHIR R4 Support | ||||||
| Geographic Coverage | National | National | National + Federal | Midwest Focus | Epic Sites | Northeast + National |
| Participant Scale | 70K+ providers | 40K+ providers | Federal + State | 500+ facilities | Epic network | 10K+ providers |
Implementation Roadmap
TEFCA Implementation Timeline
Connecting to the TEFCA network is a multi-phase effort that spans organizational readiness, technical build-out, and compliance validation. Most organizations complete the journey in 6 to 12 months depending on their starting point, existing infrastructure, and chosen QHIN pathway. Our team guides you through every phase — from initial assessment to production exchange and ongoing compliance.
3-4 Weeks
TEFCA Readiness Assessment
We evaluate your organization's current interoperability landscape, existing HIE connections, technical infrastructure, and governance posture against TEFCA requirements. This includes mapping your current data exchange patterns, identifying gaps in identity proofing and security controls, and determining whether you should connect as a Participant or Sub-Participant. The assessment produces a detailed roadmap with effort estimates and a recommended QHIN partner.
4-6 Weeks
QHIN Selection & Onboarding
Based on your organizational needs, geographic footprint, and exchange purpose requirements, we help you select the right QHIN and initiate the onboarding process. This involves completing the QHIN's participant application, executing participation agreements aligned with the Common Agreement, and establishing the governance and legal framework for data exchange. We manage the relationship with your chosen QHIN throughout the process.
8-12 Weeks
Technical Architecture & Build
We design and implement the technical infrastructure required for TEFCA exchange, including FHIR R4 API endpoints, identity proofing workflows, certificate management, and secure transport configuration. This phase includes building or adapting your integration engine to support TEFCA query and response patterns, implementing the required USCDI data elements, and configuring role-based access controls that align with the Common Agreement's minimum required terms.
3-4 Weeks
Identity Proofing & Patient Matching
TEFCA mandates specific identity proofing requirements for individuals accessing their records and robust patient matching to ensure data is routed to the correct patient. We implement compliant identity verification workflows, configure your Master Patient Index for cross-network matching, and integrate with your QHIN's patient discovery services. This step is critical for Individual Access Services and prevents record mismatches across the network.
4-6 Weeks
Testing & Certification
Before production exchange, we execute comprehensive testing against your QHIN's sandbox environment and connected network participants. This includes message conformance testing, exchange purpose validation, error handling scenarios, security penetration testing, and end-to-end workflow verification for each supported exchange purpose. We coordinate testing schedules with your QHIN and resolve any connectivity or data format issues.
2-4 Weeks + Ongoing
Go-Live & Monitoring
We activate production exchange with your QHIN and monitor all data flows for the first 30 to 60 days. Post-go-live support includes real-time dashboards for exchange volume and error rates, incident response for failed queries, performance optimization, and regular compliance reporting. We also establish ongoing audit processes to maintain your organization's standing under the Common Agreement and handle any QHIN recertification requirements.
Compliance Requirements
TEFCA Common Agreement Checklist
The TEFCA Common Agreement defines minimum required terms that all Participants and Sub-Participants must satisfy. These requirements span technical infrastructure, governance processes, and security controls. Our team ensures your organization meets every requirement before connecting to the network.
Technical Requirements
- FHIR R4 API endpoints with US Core profile conformance
- USCDI v3+ data elements for all supported exchange purposes
- TLS 1.2+ encryption for all data in transit
- Digital certificate management and PKI infrastructure
- Patient discovery and matching via demographics-based query
- Structured error handling and acknowledgment responses
- Audit logging for all exchange transactions with retention
- High availability architecture with failover capabilities
Governance & Legal
- Executed participation agreement with designated QHIN
- Common Agreement Minimum Required Terms acceptance
- Data use and reciprocal support agreement (DURSA) alignment
- Defined policies for each supported exchange purpose
- Incident reporting and breach notification procedures
- Designated privacy officer and TEFCA compliance contact
- Participant-level and Sub-Participant agreement chain
- Annual compliance attestation and recertification process
Security & Privacy
- Identity proofing at IAL2 or higher for Individual Access
- Multi-factor authentication for administrative access
- Role-based access controls aligned with exchange purposes
- Encryption at rest for all stored protected health information
- Network segmentation and firewall rules for TEFCA endpoints
- Vulnerability scanning and penetration testing schedule
- Security incident response plan with defined escalation paths
- Workforce training on TEFCA privacy and security requirements
Ready to connect to TEFCA? Let's assess your readiness and build your QHIN connectivity roadmap.
Get Started TEFCA Deep Dive
Understanding the Trusted Exchange Framework
TEFCA is built on three foundational pillars: standardized exchange purposes that define why data can be shared, a participant hierarchy that structures network connectivity, and the Common Agreement that governs the legal and technical rules of exchange. Understanding each pillar is essential for successful TEFCA implementation.
TEFCA defines specific permitted purposes under which health data can be exchanged across QHINs. Each exchange purpose has distinct rules governing who can initiate a query, what data elements must be returned, and how consent is managed. Organizations must declare which exchange purposes they support and implement the corresponding technical and policy requirements for each one.
Treatment (T)
The Treatment exchange purpose enables providers to query for and receive clinical data to support direct patient care and care coordination. This is the most widely used TEFCA exchange purpose and supports real-time query/response patterns during clinical encounters. Treatment queries can retrieve a patient's medication list, problem list, allergies, lab results, and clinical notes from any connected QHIN participant — giving clinicians a more complete picture at the point of care.
Payment (P)
The Payment exchange purpose allows payers, clearinghouses, and billing entities to request clinical documentation needed for claims adjudication, prior authorization, and benefits determination. This exchange purpose reduces the manual effort of chart retrieval and fax-based documentation requests that slow revenue cycles. Payers can query for encounter data, procedure records, and supporting clinical documentation directly through the TEFCA network.
Healthcare Operations (HCOPS)
Healthcare Operations supports quality improvement, population health management, care gap analysis, and operational reporting workflows. Organizations can query for aggregate clinical data to support HEDIS measures, risk adjustment, and quality program reporting. This exchange purpose is particularly valuable for accountable care organizations and health plans that need longitudinal patient data across multiple providers to identify care gaps and improve outcomes.
Public Health (PH)
The Public Health exchange purpose enables public health agencies to query for data needed for disease surveillance, immunization registries, reportable conditions, and public health investigations. State and local health departments can use TEFCA to receive case reports, lab results for notifiable conditions, and syndromic surveillance data from across the network. This exchange purpose strengthens the nation's public health infrastructure by standardizing how clinical data flows to public health authorities.
Individual Access Services (IAS)
Individual Access Services empower patients and their authorized representatives to request and receive their own health records from across the TEFCA network. This exchange purpose implements the patient right of access under HIPAA and the 21st Century Cures Act information blocking rules. Applications and third-party platforms acting on behalf of individuals can query for the patient's complete clinical record, which is particularly transformative for patients managing care across multiple health systems.
Government Benefits (GB)
The Government Benefits exchange purpose supports federal and state agencies in determining eligibility for government benefit programs such as Social Security Disability, Medicare, Medicaid, and veterans' benefits. This exchange purpose enables agencies to request clinical documentation that substantiates benefit claims, reducing the administrative burden on both applicants and providers. Government Benefits is the newest TEFCA exchange purpose and is still in the process of broader QHIN adoption.
TEFCA establishes a three-tier hierarchy that structures how organizations connect to the national network. The hierarchy is designed to scale from large national networks down to individual provider offices while maintaining consistent governance and technical standards through the Common Agreement. Your organization's role in this hierarchy determines your obligations, your QHIN relationship, and the technical requirements you must meet.
RCE
Recognized Coordinating Entity
The Sequoia Project serves as the RCE — the federally designated entity that manages the Common Agreement, designates QHINs, and oversees the entire TEFCA ecosystem. The RCE establishes the rules of the road, mediates disputes between QHINs, and ensures that all network participants adhere to the technical and governance requirements of the Common Agreement. The RCE does not directly exchange data but serves as the governance backbone of the framework.
QHIN
Qualified Health Information Network
QHINs are the top-level entities that connect directly to other QHINs under the Common Agreement. Designated QHINs like Carequality, CommonWell Health Alliance, eHealth Exchange, and KONZA maintain the technical infrastructure for cross-network query and response. Each QHIN undergoes rigorous designation by the RCE and must demonstrate the capacity to support all required exchange purposes, maintain security and privacy standards, and manage its downstream participants.
P / SP
Participant & Sub-Participant
Participants are organizations that connect to a QHIN — typically health systems, payers, public health agencies, and health information networks. Sub-Participants connect through a Participant and include individual provider practices, clinics, and facilities. Most healthcare organizations join TEFCA as either a Participant or Sub-Participant, depending on their size and technical capabilities. The interoperability requirements flow down through this hierarchy, with each tier responsible for ensuring its downstream connections comply.
The Common Agreement is the legal and technical backbone of TEFCA. Published by the RCE (The Sequoia Project) under the direction of ONC (Office of the National Coordinator for Health IT), it establishes the baseline terms, conditions, and technical requirements that all network participants must follow. Think of it as the "constitution" of nationwide health data exchange — it standardizes the rules so that any organization connected through any QHIN can exchange data with any other connected organization under a consistent, predictable legal framework.
Minimum Required Terms (MRTs)
The MRTs are the non-negotiable baseline requirements that every QHIN, Participant, and Sub-Participant must implement. They cover data exchange obligations (you must respond to valid queries), privacy protections (you must handle data in accordance with applicable law), security requirements (encryption, access controls, audit logging), and breach notification procedures. MRTs flow down through the participant hierarchy — QHINs must incorporate them into their participant agreements, and Participants must flow them down to Sub-Participants. Our team maps your existing policies and infrastructure to the MRTs and closes any gaps before onboarding.
Standard Operating Procedures (SOPs)
The Common Agreement includes detailed SOPs that define how exchange actually works at a technical level — message formats, query patterns, error handling, identity proofing procedures, and security incident response protocols. SOPs are regularly updated by the RCE as the network matures and new exchange purposes are activated. Staying current with SOP changes is an ongoing compliance obligation. We monitor SOP updates, assess their impact on your implementation, and coordinate technical changes to keep your organization in compliance. Our FHIR API development practice ensures your technical infrastructure aligns with the latest SOP requirements.
Case Studies
TEFCA Integration in Action
Real-world TEFCA implementations — from QHIN onboarding to cross-network patient record queries.
QHIN Onboarding for Health System
Connecting a multi-hospital system to the national TEFCA network through a designated QHIN. The engagement covered participant application, Common Agreement compliance, technical infrastructure build-out, and production connectivity across all facilities.
Health System
// Participant Application
"orgType": "Multi-Hospital System",
"facilities": "12 hospitals",
"role": "Participant"
"orgType": "Multi-Hospital System",
"facilities": "12 hospitals",
"role": "Participant"
QHIN Adapter
onboard({
qhin: "Designated QHIN",
mrt: true,
purposes: ["T", "IAS"]
})
qhin: "Designated QHIN",
mrt: true,
purposes: ["T", "IAS"]
})
TEFCA Network
Frequently Asked Questions
Common Questions
TEFCA — the Trusted Exchange Framework and Common Agreement — is the federal initiative to create a single, nationwide framework for health data exchange. Developed by ONC (Office of the National Coordinator for Health IT) and managed by The Sequoia Project as the Recognized Coordinating Entity, TEFCA establishes a common set of rules that allow any connected organization to exchange health data with any other connected organization, regardless of which network or EHR they use. For healthcare organizations, TEFCA eliminates the need to negotiate individual point-to-point data sharing agreements and provides a standardized pathway to nationwide interoperability. As TEFCA adoption grows, organizations that are not connected risk being left out of the national data exchange ecosystem.
A QHIN — Qualified Health Information Network — is a top-level network entity designated by the RCE to facilitate nationwide health data exchange under TEFCA. QHINs like Carequality, CommonWell Health Alliance, eHealth Exchange, KONZA, Epic Nexus, and MedAllies serve as the connective tissue between healthcare organizations across the country. To connect to a QHIN, your organization applies as either a Participant (direct connection) or Sub-Participant (connection through an existing Participant). The process involves completing the QHIN's onboarding application, executing a participation agreement that incorporates the Common Agreement's Minimum Required Terms, implementing the required technical infrastructure, and passing connectivity and conformance testing. Saga IT manages the entire QHIN onboarding process from application through production go-live.
Traditional health information exchanges (HIEs) operate as regional or state-level networks with their own governance, technical standards, and participation agreements. While HIEs have been effective at enabling local data exchange, they often cannot exchange data across network boundaries without additional point-to-point agreements. TEFCA solves this by creating a national framework that connects HIEs, EHR networks, payer systems, and public health agencies under a single Common Agreement. Rather than replacing existing HIEs, TEFCA builds on top of them — many HIEs are connecting to TEFCA through QHIN partnerships, extending their reach from regional to nationwide. Organizations that already participate in an HIE can leverage that relationship to connect to TEFCA more efficiently.
TEFCA defines six exchange purposes that govern why and how health data can be shared: Treatment (direct patient care), Payment (claims and billing), Healthcare Operations (quality improvement), Public Health (surveillance and reporting), Individual Access Services (patient right of access), and Government Benefits (eligibility determination). Most provider organizations start with Treatment and Individual Access Services, as these cover the most common clinical and patient-facing use cases. Payers typically need Treatment, Payment, and Healthcare Operations. Public health agencies focus on the Public Health exchange purpose. Each exchange purpose has specific technical and governance requirements, so we help you determine which exchange purposes align with your organizational needs and implement them incrementally.
A typical TEFCA implementation takes 6 to 12 months from initial assessment to production exchange, depending on your organization's current interoperability maturity and chosen QHIN pathway. Organizations with existing HIE connections and modern FHIR infrastructure can often reach production in 6 to 8 months. Those starting from scratch with legacy systems may need 10 to 12 months. The implementation cost varies based on scope — factors include the number of exchange purposes you support, whether you connect as a Participant or Sub-Participant, the complexity of your existing integration infrastructure, and the extent of identity proofing and patient matching capabilities you need to build. We provide a detailed cost estimate after the initial readiness assessment.
The TEFCA Common Agreement is the legal framework published by the RCE (The Sequoia Project) that governs all data exchange across the TEFCA network. It defines the rights, obligations, and technical requirements for QHINs, Participants, and Sub-Participants. The Minimum Required Terms (MRTs) are the non-negotiable baseline provisions that must be incorporated into every participation agreement throughout the network hierarchy. MRTs cover obligations like responding to valid data queries, protecting privacy in accordance with applicable law, implementing required security controls, and reporting security incidents. The Common Agreement also includes Standard Operating Procedures that define the technical details of how exchange works — message formats, query patterns, identity proofing procedures, and error handling protocols.
Carequality and CommonWell Health Alliance are both designated QHINs under TEFCA, meaning they serve as top-level network participants that facilitate data exchange under the Common Agreement. Before TEFCA, Carequality and CommonWell operated as separate interoperability frameworks with their own governance and participation agreements — organizations needed to join each network independently to exchange data with its participants. Under TEFCA, Carequality and CommonWell are now connected through the QHIN-to-QHIN exchange layer, meaning an organization connected through Carequality can exchange data with an organization connected through CommonWell (and vice versa) without needing a separate agreement. This QHIN interconnection is one of TEFCA's most significant achievements for nationwide interoperability.
TEFCA's technical framework supports FHIR R4 as a primary data exchange standard, and the Common Agreement's Standard Operating Procedures specify FHIR-based query and response patterns for QHIN-to-QHIN exchange. While TEFCA does not exclusively mandate FHIR (some exchange patterns still support other formats), FHIR R4 with US Core profiles is the predominant technical standard for TEFCA exchange. TEFCA and the 21st Century Cures Act are complementary but distinct — the Cures Act established information blocking rules and required certified health IT to support standardized APIs (which led to FHIR-based patient access APIs), while TEFCA provides the national framework for actual cross-network data exchange. Together, they form the regulatory and technical foundation for nationwide health data interoperability.
Related Services
Explore More Services
Resources
Talk to a TEFCA Expert
From TEFCA readiness assessment to QHIN connectivity and production exchange — let's connect you to the national network.