Dianne Koval
While it admittedly isn’t the world’s most scintillating topic of conversation at cocktail parties, the importance of corporate compliance cannot be understated.
Consider the fate of companies that suffer from poor corporate compliance: We hear about them in the news and learn about how their failure to embrace corporate compliance creates a lack of safety that harms the public.
In the healthcare information technology world, as key decisions are made about interoperability, there is a new reason to embrace corporate compliance: TEFCA (more on that in a minute). Because compliance teams understand organizational risk and are experts at facilitating, identifying, and mitigating risk, they can provide their organizations with valuable guidance related to TEFCA.
One key portion of TEFCA includes the requirements that participants and sub-participants agree to and comply with the terms of participation. Individuals working in compliance can help ensure the organization has the resources in place to comply with and enforce applicable policies and procedures, and mitigate any risks associated with Standard Operating Procedures (SOPs).
TEFCA, QHINs, networks, and frameworks
The Trusted Exchange Framework and Common Agreement (TEFCA) was created as part of the 2016 21st Century Cures Act. TEFCA is a set of regulations designed to improve healthcare interoperability by establishing standards and infrastructure to ease data exchange among key stakeholders, such as providers, payers, and their information technology partners.
TEFCA, along with DirectTrust and Carequality, are known as “frameworks,” which are entities that share the following characteristics:
- A common set of data sharing policies and legal terms for the networks operating under them
- Technical standards by which exchange actually happens (implementation guides)
- Technical means of identifying trusted endpoints (directory)
- A process for onboarding and monitoring to ensure participants adhere to technical standards
- Governance to review and update all the above on a regular basis
- All have networks operating within the framework guidance and rules
Qualified Health Information Networks (QHINs) are a centerpiece of TEFCA. QHINs are networks that are designed to become the “on ramp” for all electronically accessible health information without special effort on the part of the user.
The idea behind TEFCA is that all healthcare stakeholders will connect to a QHIN that enables them to seamlessly share data, with TEFCA acting as the internet of healthcare data.
One important note: Data sharing cannot occur across networks that are regulated by different frameworks. So, for example, a hospital connected to a TEFCA QHIN could share electronic health record (EHR) data with another TEFCA QHIN, could not with a provider connected to a different framework, such as a DirectTrust network.
Building a culture of compliance
The SOPs are key to ensuring transparency and trust among the QHIN networks. As TEFCA evolves, the management of SOPs will continue as new SOPs are continually put forth for review and comment. Final SOPs will need to be incorporated to QHINs’ operations.
Compliance can be difficult when an organization lacks a culture of compliance that prioritizes its workforce’s understanding of the importance of adhering to SOPs. In addition, a culture of compliance means truly valuing an adherence to industry standards, rather than looking at SOPs as a series of boxes that need to be checked in order to claim that requirements have been met.
When healthcare organizations are not able to create a culture of compliance, it leads to a reactive approach to risk that can jeopardize trust in the entire network. With the emergence of TEFCA and its expected impact on interoperability, it’s thus essential that healthcare organizations protect themselves from unanticipated risk and embrace the risk mitigation expertise of their compliance teams.
Image: NicoElNinom, Getty Images
Dianne Koval has been with MedAllies since its inception in 2001 and the company’s Chief Operating, Privacy, and Compliance Officer since 2015. She was appointed Corporate Compliance Officer in 2021. She is responsible for all customer-facing operations including professional services, legal, customer support, customer success, government programs, account management, and compliance for all lines of business. She also oversees several corporate programs including employee engagement and diversity/equity/inclusion. With Dianne’s collaborative leadership, MedAllies has grown from a regional to a nationally recognized healthcare technology organization.
This post appears through the MedCity Influencers program. Anyone can publish their perspective on business and innovation in healthcare on MedCity News through MedCity Influencers. Click here to find out how.