Industry Voices—TEFCA and information blocking: The end of patient digital access to their chart?

The Office of the National Coordinator for Health Information Technology's (ONC’s) recent efforts to define the appropriate structure and rules for the Trusted Exchange Framework Common Agreement (TEFCA) appear to encourage and enable the long-standing patterns of “information blocking” that the Cures Act set out to abolish. 

The 21st Century Cures Act was designed to allow modern digital approaches for patients and their apps to use the medical information in the patient’s chart. Is this about to end?

The 21st Century Cures Act, passed almost unanimously by Congress in 2016, has three HIT provisions:

1.      APIs “without special effort,”

2.      no “Information Blocking,”

3.      and TEFCA

In 2020, ONC’s Cures Act Rule defined “APIs without special effort” as modern, standard FHIR APIs using OAuth 2 security. It also limited allowable exceptions for information blocking to a few common-sense provisions related to security, privacy, specific patient harms and technical feasibility. While the structure of TEFCA was left to be defined later by a coordinating entity, as the national coordinator at that time, my ONC colleagues and I fully expected that the future definition of TEFCA would not break those rules. 

Yet now, in what appears to be an unfortunate result of lobbying, that is what the current text of ONC’s proposed TEFCA Condition for the Manner Exception would do. TEFCA specifies a 90s era document architecture that predates smartphones and the programming languages and data formats that define the modern web, including JSON, REST and, of course, FHIR. It also proposes to exempt entities and electronic health records that use this IHE protocol from the information blocking rule.

Furthermore, as written, the proposed TEFCA rule states that anyone who needs to use TEFCA FOR ANY REASON whatsoever has to forgo the right to modern data access for every part of their business if TEFCA-enabled information blockers so desire.

In effect, the law that was meant to give consumers unfettered digital access to their health information would now allow TEFCA participants to not only block access to computable data fields which are the backbone of the modern web but also prevent the modern APIs that power the entire smartphone and web economy, including Amazon, Facebook, Google and nearly every app on your Android or Apple phone. 

As the proposal is written, once in the TEFCA spiderweb, TEFCA-enabled information blockers can force the use of non-computable 1990s protocols and document-only architecture. Sequoia, the group managing TEFCA, states it will move to FHIR in the future, but the proposed rule would take effect far earlier than TEFCA could support modern computing. 

When one tries to understand Sequoia’s FHIR plans, there also seems to be confusion between FHIR, which is a data standard, and RESTful, which is an API approach. Much of the usefulness of FHIR comes from FHIR’s typically associated RESTful APIs. This fundamental value is lost in TEFCA’s 1990s IHE API and further blocked by the myriad requirements wrapped around the use of QHIN brokers.

If TEFCA needs information blocking to work and hopes to use FHIR in the future, why not wait until TEFCA can prove it works and do so not just for industry incumbents but also for new competitors offering patients innovative options in care? American healthcare desperately needs digital innovation to break through noncompetitive delivery systems and their frequent pricing control over entire regions throughout the country.

Only ONC can say why it has proposed this problematic rule, but judging by the public comments to the ONC HTI1 rule (available at, the same folks who didn’t want the Cures Act to provide direct digital access for patients now want everyone offering digital services to patients who use their medical records to go through TEFCA and its network of toll-taking brokers, instead of just serving them directly using the standard, real-time data available via FHIR. One TEFCA QHIN commented that even 10 days was not enough time to evaluate a data request—why do we have to wait 10 days or more to get blood pressure, blood glucose, lab results or other data that could be life-saving?

Congress defined information blocking as limiting the “access, exchange or use” of patients using their data. TEFCA, as formulated today, does each of these things:

1. It limits access by forcing access through a network of QHIN toll-takers rather than directly as with every other modern web business. You can only use one QHIN, so the choice is further limited. 

2. TEFCA limits exchange by requiring an archaic 1990s IHE communications protocol.  

3. TEFCA limits use by returning only documents, so any app forced to get data as a document has to parse one or more documents to find needed data. 

Frictionless information sharing is critical for patients and builds the foundation for an exciting future of digital healthcare. As an industry, we need to rise above seeking short-term competitive advantages and build the right infrastructure for everyone.

I would urge ONC to not give TEFCA participants a license to information block. If TEFCA works as well as claimed, then there should be no information blocking complaints to shield from, and, if it doesn’t, then patients should have the right to get their data in a truly computable form. Digital access to the medical record is what almost the entire Congress voted for; this was supported by both Presidents Barack Obama and Donald Trump, and is what patients deserve.

Dr. Donald Rucker is the chief strategy officer of 1upHealth. As national coordinator of health IT at the U.S. Department of Health and Human Services from 2017 to 2021, Dr. Rucker led the writing of the ONC 21st Century Cures Act Interoperability Rule.