TEFCA Must Align with HIPAA to Ensure Privacy, Stakeholders Tell ONC
Industry comment continues to roll in for the Office of the National Coordinator’s proposed Trusted Exchange Framework and Common Agreement, and much like with the proposed info blocking rule, industry stakeholders like Premier, CHIME, and the Association for Executives in Healthcare Information Technology are raising concerns around privacy and security.
While most groups support the intent behind the rule, some are concerned with how TEFCA will align with HIPAA, as well as state and federal regulations.
Specifically, Premier is concerned ONC doesn’t sufficiently address the complexities of patient access to their data, especially data that falls outside of HIPAA. While TEFCA proposes extending HIPAA to all TEFCA participants – including those that are not considered covered entities or business associates—ONC did not fully explain how it will be operationalized.
Premier urged ONC to expand on the proposal to explain how this would work.
ONC will also need to explain how TEFCA will take into consideration the patchwork of state privacy and security laws, as well as regulation around data access and consent.