A qualified health information network (QHIN) is a group of organizations working together to share data and ensure interoperability. QHINs connect directly to each other and also connect the providers within their network to exchange information without restriction. Organizations become QHINs through the Office of the National Coordinator for Health Information Technology’s (ONC) Trusted Exchange Framework and Common Agreement (TEFCA).
Learn about: What is the Office of the National Coordinator for Health Information Technology (ONC)?
ONC designed TEFCA to help providers easily access and exchange electronic health records (EHRs). TEFCA benefits health entities by supporting and encouraging health information exchange. Additionally, it benefits individuals (i.e., patients) by making it easier for them to access their records and support their personal health journeys.
The trusted exchange framework is a set of nonbinding but foundational principles for the healthy exchange of health information. It enables the sharing of health information to:
With such interoperability, health providers can work together to improve health conditions, patient engagement, and healthcare. The common agreement (a contract) enables the network-to-network sharing of health data and includes technical and definition clarifications. All who become QHINs and sign the common agreement agree to the expectations established in the trusted exchange framework.
QHINs are networks of organizations associated with healthcare such as:
The networks enable the safe and easy sharing of health information within them and with other QHINs. QHIN organizations serve as connective networks, offering providers and patients greater access to health information. According to the U.S. Health and Human Services (HHS), QHINs were created “to securely route queries, responses, and messages across networks for health care stakeholders including patients, providers, hospitals, health systems, payers, and public health agencies.”
Ultimately, the use of QHINs improves patient care, giving patients access to a broader range of organizations and increasing their care teams and specialists. For the organizations themselves, QHINs facilitate interoperability and patient care while decreasing their own costs.
One year after TEFCA was published in 2022, five organizations had become QHINs. As of today, seven exist; applications remain open.
CommonWell Health Alliance: a not-for-profit trade association with a network of 35,000 clinical sites and about 194 million registered patients
eHealth Exchange: an exchange company that connects federal agencies and nonfederal healthcare organizations; it was the government’s original Nationwide Health Information Network (NwHIN)
Epic Nexus: a subsidiary of Epic Providers, a healthcare records software, that includes 498 hospitals
Health Gorilla: a data-sharing platform that supports the secure exchange of patient-centric data
Kno2: an interoperability platform that connects stakeholders via an app interface, including 1.2 million providers and 4,500 home systems and hospitals
KONZA: a nationwide information exchange and analytics company offering a suite of products and services
MedAllies: a health company that facilitates the adoption of health technologies and serves over 800 hospitals, 5,000 organizations, and 125,000 providers and partners
According to Paul Wilder, executive director of CommonWell, "QHINs are going to compete, and that competition is there to keep us honest and make sure we're providing better services every day. There's enough growth for everybody . . ."
According to ONC, a proper health information exchange helps organizations improve healthcare quality, make care more efficient, streamline administrative tasks, and support community health. At the same time, the increase in technological innovations also means an increase in the security of EHRs and protected health information (PHI).
HHS created HIPAA to improve healthcare standards and combat PHI fraud and abuse. The exchange of health information must follow HIPAA’s privacy and security standards. That means using technical, physical, and administrative safeguards to protect electronic PHI (ePHI). Strong cybersecurity measures that should be considered include:
By promoting the adoption of secure health IT practices, ONC builds trust among patients and healthcare providers. Relying on the healthy and secure exchange of information encourages both better patient engagement and patient outcomes.
See also: HIPAA compliant email: The definitive guide
HIPAA compliance is required for:
PHI is any information held by a covered entity or business associate that concerns health status, the provision of healthcare, or payment for healthcare that can be linked to an individual. This includes a wide range of identifiers that could be used to identify the individual.
HIPAA mandates that EHRs must be secured to protect patient information. This involves implementing access controls, encryption, audit controls, and transmission security measures.
Penalties for noncompliance can range from monetary fines to criminal charges, depending on the severity and circumstances of the violation. The Office for Civil Rights (OCR) can impose penalties, which can range from $1307 to $68,928 per violation, with a maximum annual penalty of $2,067,813.