HITRUST is a Trusted TEFCA Resource

October 4, 2022 by Brent Goedel
Information Systems, Technology Solutions

What is TEFCA?

The Trusted Exchange Framework and Common Agreement, also known as TEFCA, outlines a common set of principles, terms, and conditions to support the development of a Common Agreement that would help enable nationwide exchange of electronic health information (EHI) across disparate health information networks (HINs). The TEFCA is designed to scale EHI exchange nationwide and help ensure that HINs, health care providers, health plans, individuals, and many other stakeholders have secure access to their electronic health information when and where it is needed.

How is HITRUST Involved?

The TEFCA Recognized Coordinating Entity (RCE) – The Sequoia Project – has selected HITRUST and the HITRUST r2 Certification as the first certifying body and certification for organizations to prove they comply with the TEFCA security requirements for their Qualified Health Information Network (QHIN) designation.  The accuracy, consistency, and integrity offered by HITRUST r2 Certification provides the necessary transparency for QHINs, their Participants, and Sub-participants around the required data confidentiality, integrity, and availability of digital health information.

Managing and Reporting Certification for QHINS, Participants, and Sub-participants

The HITRUST Results Distribution System (RDS) provides Qualified Health Information Network (QHIN) with the appropriate dashboards to document and report the results of their certification to the Recognized Coordinating Entity. QHINs also have the requirement to flow-down and enforce the security obligations of TEFCA to Participants and Sub-participants. RDS is an online toolkit that helps successfully manage the third-party risk of Participants and Sub-participants who are leveraging the HITRUST CSF and have achieved validation or certification.

Health Information Networks Ready for TEFCA Today

Health Information Networks preparing for certification using the HITRUST Assurance Program™ may be assured that the control requirements, depth of quality review, and consistency of oversight afforded by the HITRUST r2 Validated Assessment + Certification will meet the requirements for participation in the Trusted Exchange Framework.

For more information about how HITRUST can be a valuable resource to help your organization meet TEFCA Information Security Certification Requirements, call Steve Marsden, Copeland Buhl & Company PLLP at 763-746-5207 or email