The Trump administration unveiled new efforts to strengthen oversight of the Trusted Exchange Framework and Common Agreement (TEFCA), including hiring a federal IT contractor to provide audit, review and compliance support.
TEFCA is the government-backed health data-sharing initiative that allows patients, providers and payers to share health records. It was mandated by the 21st Century Cures Act back in 2016 and went live in December 2023.
More than 1 billion health records have been exchanged through TEFCA, up from 10 million in early 2005, the Department of Health and Human Services’ health IT office announced Friday.
The Office of the National Coordinator for Health Information Technology (ONC), HHS' health IT policy arm, awarded a new contract to strengthen oversight of the network and verify that organizations participating in TEFCA follow required policies and procedures, the agency said in the press release.
ONC is also conducting additional reviews of Qualified Health Information Networks (QHINs) and their participants to help ensure compliance with TEFCA’s rules and operating requirements.
“Americans deserve secure, timely access to their health records,” HHS Secretary Robert F. Kennedy, Jr. said in a statement. “We are strengthening TEFCA to put patients in control of their health information, improve care coordination, and ensure health data moves securely where it is needed. Access to your own health records is a fundamental right.”
Alliance Global Tech Inc., a company specializing in federal IT services including cybersecurity, cloud solutions and data analytics, was awarded a five-year contract to provide TEFCA audit, review and compliance support for HHS, according to a new USASpending.gov listing. USASpending.gov is an official open data source of federal spending information, including information about federal awards such as contracts, grants and loans.
The five-year contract is worth up to $5.62 million, structured as a one-year baseline, around $1.28 million, with annual renewal options through June 2031.
HHS officials said the new investments support ONC’s "ongoing commitment to maintaining a secure, reliable and trusted national health information network."
Christian Robles, health tech reporter at Inside Health Policy, reported that the company is using AI to flag whether TEFCA participants should be reviewed by subject matter experts and federal officials, citing the company's website. Alliance Global Tech has since removed information about TEFCA from its website.
There have been growing calls for stronger oversight of nationwide data sharing networks. Healthcare tech leaders have raised concerns about companies exploiting TEFCA and misrepresenting their intentions using the "treatment" pathway to access and monetize patients' medical records.
Back in January, more than 75 health systems sent a letter to federal officials flagging issues with "bad actors" gaining access to patients' medical information and highlighting the need for centralized oversight and governance for the nationwide health data exchange frameworks, including TEFCA and Carequality.
The organizations argue that self-attestation and decentralized oversight, which is the current process, is not sufficient to safeguard patient data. Health systems want more established rules of the road and stronger protections to prevent fraud on the networks.
Under the Trump administration, HHS is also stepping up enforcement of information blocking. The department announced in September that it has put more resources behind investigating and enforcing information blocking rules. ONC has sent notices to developers of certified health IT about potential nonconformity under the ONC Health IT Certification Program, Thomas Keane, M.D., National Coordinator for Health IT, told HIMSS26 attendees at the conference in March.
Should information blocking be confirmed, health IT developers could face penalties of up to $1 million per violation, while providers could be prevented from receiving Medicare payments. Since the HHS launched its information blocking complaint portal, more than 1,500 complaints have been filed alleging information blocking, he noted.
“Seamless interoperability is essential for quality care; health records must flow easily between providers and patients,” Chris Klomp, HHS Chief Counselor and Director of the Center for Medicare, said in a statement. “When critical health information is blocked or withheld, patients suffer the consequences. We are fully committed to using every appropriate regulatory and policy tool available to root out information blocking and protect patients’ right to access their own health data.”
As ONC identifies any behaviors on the network that are potentially civilly or criminally actionable, including information blocking and fraud, the agency will refer them to the appropriate Executive Branch agencies for investigation, including the HHS Office for Civil Rights, HHS Office of Inspector General, and the Department of Justice, Keane said in a statement.
Individuals who believe that their right to access their health information has been denied or that its security has been violated can file a complaint with the HHS Office for Civil Rights.