Skip to the main content.
Featured Image
BLOG. 7 min read

Freeing Health Plan Data Using Trusted Exchange Networks

“Data is the new oil.  It’s valuable, but if unrefined it cannot really be used,” Clive Humby[1]

That’s a valid thought, but what happens if you can’t get the oil out of the ground to begin with?  The U.S. invested over $35 billion in electronic health record (EHR) incentives, achieving adoption rates of 86% by physicians and 96% by hospitals, and creating massive amounts of data.  The oil is there, but we have to free it.  This is the very nut the Center for Medicare and Medicaid Services (CMS) and the Office of National Coordinator (ONC) are trying to crack in the two proposed rules that add interoperability to the list of compliance requirements for health plans.[2] [3]

The foundation of interoperability begins with understanding the purpose for data movement.  What are you trying to solve?  We often refer to these answers as the use case, business case, epic, scenario, or storyboard.  In health IT interoperability, use cases will define the data, technology, transport, steps and logic necessary to achieve a specific result.   No matter where you are in your journey, you’ll be required to understand interoperability and how to implement the necessary steps to get there.

Think of interoperability as a 3-step process.  First, you must package up the right data based on the need or use case.  To learn about what data health plans are expected to make available to consumers, visit Richard Popper’s blog post. Second, you must transport the package from one system to another, which is what we’re going to focus on today. Third, when receiving the package, you must be able to unpack it and consume the data, which we will cover in the next post in this series.  Today, let’s examine step 2, transporting the data from one system to another by connecting to a health information network (HIN) for trusted exchange.

Connectivity to a Trusted Exchange Network

Open APIs will be used to push data out from technology or data stores to HINs to facilitate transport. For this reason, the CMS-proposed rule is asking health plans to connect to a framework to achieve nationwide exchange of data using a trusted exchange network, thereby expanding data liquidity beyond a local market. 

What is a trusted exchange network? Think of it as a system of national highways to which exchange vendors have on and off-ramps.  Just as there are speed limits and safety rules on a highway, there should be rules to make health data exchange “trusted and secure.” This technical and governance structure is known as a trusted exchange framework.  By connecting to this information superhighway, payers, providers and patients can communicate with each other as well as other payers and providers.

An HIN is an entity that establishes the policies, agreements, conditions and requirements for the exchange of electronic health information (EHI); manages the technology or services to enable exchange; and influences or even controls access, exchange and use of EHI.  As an example, New York operates Healthix, an HIN that serves 28 million people across the state.  Done right, exchange of information should be completely underwhelming for the end-user.  The data is easily and securely available.  By linking these HINs together, stakeholders have access to a nationwide roadway of networks. 

So how could you use this roadway? There are 2 types of queries available to obtain information:  direct (targeted) query and broadcast (untargeted) query.  Direct queries are used when specific information for a known and identified source is needed.  As an example, a new member in your health plan has moved across the country for his job and is leaving his legacy plan.  You need information for risk management, enrollment, population health, or other reasons. In this direct query example, a network of HINs could provide the necessary transport for securing the EHI you need from a specific source.  A broadcast query could be used when a provider needs EHI for a patient who came into the emergency department and is clinically unknown to that provider. A broadcast query could be sent out to the network for anyone who has information on the patient. 

Keeping Data Secure and Private

CMS is proposing that health plans connect to such an information highway for secure exchange with, and use of, EHI from other disparate IT systems, and identifies three criteria networks must meet to be considered “trusted”:

  1. Enables exchange of personal health information (PHI) in compliance with all applicable state and federal laws across jurisdictions
  2. Connects both inpatient and ambulatory EHRs
  3. Supports secure messaging or electronic query by and between patients, providers and payers

HIPAA has always been the anchor for securing and keeping health information private.  However, HIPAA was created in 1996, over two decades ago, before the advent of smartphones and mobile devices.  Although the CMS-proposed requirements will mandate compliance with federal and state laws, the ONC is charged with broadening the scope of these requirements under the 21st Century Cures Act (Cures). [4]  Cures tasks the ONC with the development of a comprehensive trusted exchange framework (TEF) and a common agreement to be adopted by HINs nationally.  The result is the Trusted Exchange Framework and Common Agreement (TEFCA),[5] which seeks to achieve three goals:

  1. Provide a single “on-ramp” for connectivity nationwide
  2. Enable secure EHI availability whenever and wherever needed by the patient
  3. Support nationwide scalability

While voluntary at this time, HINs that choose to adhere to TEFCA[6] will be deemed “Qualified” HINs (QHINs).  These QHINs can then be linked together to form a nationwide trusted exchange network, so that information is available to the patient anywhere, anytime it’s needed; much like you can access your checking account through an ATM.  QHINs will be overseen by an ONC-contracted Recognized Coordinating Entity (RCE), which will enforce and govern their responsibilities.  Likewise, your organization will want to have a contractual agreement in place with their interoperability partner(s) just as you have documents governing business associates.

In Summary

While your interoperability strategy will need to include wide use of open APIs to facilitate use cases, you will also need to ready your plan to connect to a trusted exchange network.  TEFs promise to create the national infrastructure necessary to solve and support better care, improved health, and greater efficiency.  As TEFCA is finalized, you will want to make sure you are plugging into an HIN with the highest level of integrity; one that is qualified using these principles and common agreement—a QHIN.

Our next blog in this series will cover the third step, the development of a business use case to implement these regulations and benefit health plans, providers and patients, including consuming data.

Look to SS&C Health

SS&C Health has been continually monitoring these expanding interoperability initiatives for years.  We recognize that innovation will be required to overcome a number of barriers that have been identified, including the lack of a unique patient identifier (UPI), lack of standardization and consistent use of computing and content standards, information blocking, and lack of health IT use among some stakeholders, as well as privacy and HIPAA concerns.  We already incorporate enumerable APIs across our health plan customers for access to member, benefit, provider, group, claims and other health plan information, and will continue to innovate as the use of digital health transforms patient care. 

Contact us today to learn more about how our solutions can enable your strategies. 



[1] Palmer, CMO News, “Data is the New Oil,” Nov. 3 2006,

[5] ONC, Trusted Exchange Framework and Common Agreement (TEFCA), Draft 2, April 19 2019,

[6] TEFCA remains in draft, version 2 as of Jul 24 2019.

Related articles

The Game Changer: 3 Interoperable Data Types Required of Health Plans
BLOGS. July 15, 2019

The Game Changer: 3 Interoperable Data Types Required of Health Plans

Read more
Change Is In the Air: How New Regulations Will Impact Healthcare
BLOGS. February 16, 2023

Change Is In the Air: How New Regulations Will Impact Healthcare

Read more
SEC Reporting Changes: Accelerated Settlement Cycles
BLOGS. March 1, 2022

SEC Reporting Changes: Accelerated Settlement Cycles

Read more