The Sequoia Project Releases Draft QHIN Onboarding and Designation Standard Operating Procedures, Requests Feedback

Releases Include Definitions, Updated QHIN Security Requirements for the Protection of TEFCA Information, and the List of Cybersecurity Certifications Under Consideration


VIENNA, Va., May 16, 2022 (GLOBE NEWSWIRE) -- The Sequoia Project, selected by the Office of the National Coordinator for Health IT (ONC) as the Recognized Coordinating Entity (RCE) to support the implementation of the Trusted Exchange Framework and Common Agreement (TEFCA), today released additional details regarding the process and requirements for becoming a Qualified Health Information Network (QHIN). The Sequoia Project is requesting feedback on these items before the final documents are released.

“Throughout the TEFCA development process, we’ve sought to instill the principles of transparency and community engagement, which are core to The Sequoia Project’s values,” said Mariann Yeager, chief executive officer of The Sequoia Project. “The feedback we receive through our events, website, and email has been invaluable as we operationalize TEFCA and finalize implementation resources. We look forward to another robust round of engagement regarding the QHIN Onboarding and Designation SOP and the QHIN Application this month.”

The items being released for review include:

The RCE is seeking stakeholder input on all three documents through June 15, 2022. Drafts are available on the RCE website.

In addition, the forthcoming SOPs are listed in the table below:

 TEFCA Standard Operating Procedures Release Schedule

 
 SOP NameSummary DescriptionExpected Publication of Final Version 1
1SOP: QHIN Security Requirements for the Protection of TEFCA Information (TI) (Update)Updates the SOP to include additional information regarding QHIN security certification requirements and a list of approved certification programs.Version 1.1 released today*
2SOP: Exchange PurposesThis SOP identifies the exchange purposes that are authorized under the Common Agreement (or in the SOP itself) and specifies which exchange purposes require responses. The Common Agreement authorizes the exchange purposes of treatment, payment, health care operations, public health, government benefits determination, and individual access services—these exchange purposes are available immediately when QHINs go live. Once an SOP for a particular exchange purpose is finalized, QHINs, Participants, and Subparticipants would need to support exchange pursuant to that SOP.June 2022*
3SOP: RCE Fee Structure for QHINs (Schedule 1)Specifies the fee structure for fees charged to a QHIN by the RCE (initially such fees would be set at zero).June 2022*
4SOP: Types of Entities That Can Be a Participant or Subparticipant in TEFCA Specifies the types of entities that can be Participants or Subparticipants.July 2022
5SOP: QHIN Onboarding and Designation (and QHIN Application)Specifies the requirements QHINs must meet, including those needed to be eligible to apply for designation.August 2022
6SOP: Means to Demonstrate U.S. Ownership and Control of a QHINSpecifies the Common Agreement policy regarding QHIN foreign ownership.August 2022
7SOP: Individual Access Service (IAS) Provider Privacy and Security Notice Sets forth the implementation of the requirements in Common Agreement 10.3.August 2022
8SOP: Individual Access Services (IAS) Exchange Purpose Implementation Specifies the expectations of IAS providers, including demographics-based matching and identity proofing.August 2022
9SOP: Participant and Subparticipant Security Specifies security requirements for Participants and Subparticipants.October 2022
10SOP: Other Security Incidents and Reportable Events Further specifies the Common Agreement’s definition of TEFCA Security Incident(s).End of 2022
11SOP: Payment and Health Care Operations Exchange Purpose Implementation The Common Agreement itself specifies that payment and health care operations are authorized exchange purposes, meaning that they are available to be used by QHINs, Participants, and Subparticipants immediately when QHINs go live. This SOP will further define the parameters under which responses to queries are required for these exchange purposes.Early 2023
12SOP: Public Health Exchange Purpose Implementation The Common Agreement itself specifies that public health is an authorized exchange purpose, meaning that it is available to be used by QHINs, Participants, and Subparticipants immediately when QHINs go live. This SOP will further define the parameters under which responses to queries are required for this exchange purpose.Early 2023
13SOP: Government Benefits Determination Exchange Purpose Implementation The Common Agreement itself specifies that government benefits determination is an authorized exchange purpose, meaning that it is available to be used by QHINs, Participants, and Subparticipants immediately when QHINs go live. This SOP will further define the parameters under which responses to queries are required for this exchange purpose.Mid 2023
14SOP: Suspensions Process Specifies requirements and timelines related to suspension per Common Agreement 16.4.1.2023
15SOP: Successor RCE and TransitionSpecifies processes and requirements if there is a change in RCE.2023
*As a result of the significant input that already has been received throughout the TEFCA development process, these SOPs will be released in final form. All SOPs may be revised in the future, and ongoing feedback on any SOP is welcome at any time.  

“Since TEFCA’s release on January 18, 2022, we’ve been entirely focused on hitting our promised timeline of potential live exchange before the year’s end,” continued Yeager. “We look forward to the thoughtful input of potential QHINs and other stakeholders to carefully consider these drafts. Remember that these documents are just that – drafts. We’re not accepting application submissions at this time.”

It is anticipated that the final QHIN Onboarding and Designation SOP Version 1 and final QHIN Application Version 1, both expected in late summer, may differ from the drafts released today, depending on feedback received.

The RCE also released the updated “QHIN Security Requirements for the Protection of TEFCA Information (TI) SOP” on the RCE website and launched an online resource where it will maintain a list of cybersecurity certifications for QHINs. Per the Common Agreement, QHINs must achieve and maintain third-party certification to an industry-recognized cybersecurity framework demonstrating compliance with all relevant security controls.

Prospective QHIN organizations can now access the initial list of cybersecurity certifications published on the RCE website to prepare themselves for the application and potential onboarding process.

On Tuesday, May 17th at noon Eastern time, the RCE will host its monthly informational call and will review today’s release at a high-level. The RCE will also be hosting a public webinar on Wednesday, May 25th, 3 p.m. to 5 p.m. Eastern time, which will be a focused review of the draft QHIN Onboarding and Designation SOP and draft QHIN Application. Registration is now open for both events: https://rce.sequoiaproject.org/community-engagement/.

About The Sequoia Project
The Sequoia Project is a non-profit, 501c3, public-private collaborative chartered to advance implementation of secure, interoperable nationwide health information exchange. The Sequoia Project focuses on solving real-world interoperability challenges and brings together public and private stakeholders in forums such as the Interoperability Matters cooperative to overcome barriers. The Sequoia Project is also the Recognized Coordinating Entity (RCE) for the Office of the National Coordinator for Health IT’s Trusted Exchange Framework and Common Agreement (TEFCA), for which it will develop, implement, and maintain the Common Agreement component of TEFCA and operationalize the Qualified Health Information Network (QHIN) designation and monitoring process. For more information about The Sequoia Project and its initiatives, visit www.sequoiaproject.org. Follow The Sequoia Project on Twitter: @SequoiaProject.

 

Coordonnées