TEFCA Policy & Implementation

Trusted Exchange Framework and Common Agreement

Shteg.ai is aligned with the ONC Trusted Exchange Framework and Common Agreement (TEFCA), the federal initiative to establish a universal floor for nationwide health information exchange. This policy documents our technical implementation, permitted exchange purposes, and privacy protections.

QHIN-Ready Architecture Connie HIE Connected FHIR R4 Compliant

TEFCA Framework Principles

Standardized On-Ramp

TEFCA provides a single, consistent set of legal terms and technical requirements for connecting to the national health information exchange infrastructure. Shteg.ai participates through this standardized pathway, eliminating the need for point-to-point agreements.

Recognized Coordinating Entity (RCE)

The Sequoia Project serves as the federally-designated RCE, administering TEFCA and certifying Qualified Health Information Networks (QHINs). Shteg.ai operates under the governance of the RCE.

Qualified Health Information Networks (QHINs)

QHINs are the primary networks through which data flows under TEFCA. Shteg.ai connects to certified QHINs such as CommonWell, eHealth Exchange, and KONZA through standardized APIs.

Common Agreement

The Common Agreement establishes the legal and governance framework. Shteg.ai adheres to all terms including permitted purposes, privacy protections, and technical requirements defined in the Common Agreement v1.

Permitted Exchange Purposes

Under TEFCA, data exchanges are limited to specific Permitted Purposes as defined in the Common Agreement. Shteg.ai supports the following:

PurposeImplementationStatus

TreatmentExchange of PHI for patient care coordination, referrals, and clinical decision-making across specialty modules.Active

PaymentInsurance verification, claims adjudication, and prior authorization data exchange with payers.Active

Healthcare OperationsQuality improvement, population health analytics, and compliance reporting.Active

Public HealthElectronic case reporting, immunization registry submissions, and syndromic surveillance.Active

Individual Access Services (IAS)Enabling patients to access their health data from any connected provider through Shteg.ai's Patient Portal.Active

Benefits DeterminationExchange of health information to determine health plan coverage and benefits eligibility.Planned

Technical Standards & Protocols

Shteg.ai implements the following standards for TEFCA-compliant health information exchange:

StandardVersionUsage in Shteg.ai

HL7 FHIR R44.0.1Primary data exchange format for all clinical resources (Patient, Encounter, Observation, Procedure, etc.)

HL7 v2.x (ADT)2.5.1Admit/Discharge/Transfer messaging for real-time patient movement notifications to HIE/Connie

C-CDAR2.1Consolidated Clinical Document Architecture for transitions of care and referral summaries

SMART on FHIR2.0App authorization framework for third-party integrations within TEFCA ecosystem

OAuth 2.0 / OIDC2.1Identity and authentication protocol for user and system-level authorization

mTLSTLS 1.3Mutual TLS for secure, authenticated connections between Shteg.ai and QHIN endpoints

SNOMED CT2024-03Clinical terminology standard for problem lists, procedures, and clinical findings

LOINC2.77Laboratory and clinical observation codes used in diagnostic results exchange

ICD-10-CM/PCS2025Diagnosis and procedure coding for clinical documentation and billing exchange

NDCCurrentNational Drug Code identifier for medication data exchange in prescriptions

Connecticut HIE (Connie) Integration

Connie — Connecticut Health Information Exchange

Shteg.ai maintains a live, bi-directional connection with Connecticut's statewide Health Information Exchange (HIE), known as Connie (formerly HITE-CT). This integration enables real-time population health bridging across all practices using the Shteg.ai platform.

Real-time ADT (Admit/Discharge/Transfer) event notification via HL7v2

Clinical document exchange via C-CDA R2.1

Patient Discovery and Record Location (IHE PDQ/PIX)

Consolidated care summaries for multi-provider patients

Population health analytics dashboard for participating providers

Immunization registry submission to CT WiZ

Electronic case reporting to CT DPH

Secure mTLS tunneling per Connecticut HISP requirements

TEFCA Privacy Protections

In addition to HIPAA requirements, TEFCA introduces specific privacy protections that Shteg.ai adheres to:

Meaningful Choice

Patients are informed of TEFCA-related data exchanges and may exercise their rights under the Common Agreement, including opting out of non-treatment exchanges where permitted by law.

Purpose Limitation

PHI is exchanged only for the specific Permitted Purpose requested. Shteg.ai validates the purpose code on every inbound and outbound exchange request before processing.

Minimum Necessary

Only the minimum data necessary to accomplish the stated purpose is exchanged. Shteg.ai's FHIR mapper selectively includes resources based on purpose-specific data profiles.

Sensitive Data Handling

Information classified as sensitive under 42 CFR Part 2 (substance abuse), state-specific mental health protections, and reproductive health data are subject to additional consent requirements and segmentation.

Audit Trail

Every TEFCA exchange is logged with timestamp, requesting organization, purpose of use, data categories accessed, and patient identifier. Audit logs are retained for 7 years.

Breach Notification

Any breach involving data exchanged under TEFCA triggers notifications per both HIPAA and TEFCA-specific breach procedures, including notification to the RCE and affected QHINs.

TEFCA Compliance Inquiries

For questions about our TEFCA implementation, Connie HIE integration, or to request interoperability testing, contact our integration team.

interop@shteg.ai Security Team