By: Christopher A. Parrella, Esq., CPC, CHC, CPCO
Parrella Health Law, Boston, Ma.
A Health Law Defense and Compliance Firm
The healthcare landscape in the United States is on the cusp of a major transformation. Epic
Systems, a leading healthcare software vendor, recently announced that individuals will now have
the ability to securely release their health data to apps of their choice. This announcement is
part of a larger effort to give patients more direct control over their medical information,
marking a significant technological advancement for the healthcare sector.
A New Standard in Data Sharing
Epic Systems is among the key organizations collaborating with the federal government to
establish the Trusted Exchange Framework and Common Agreement (TEFCA). Launched in December,
TEFCA aims to create a unified and secure method for sharing patients’ data at scale, both
legally and technically. This initiative addresses a longstanding challenge in the U.S.
healthcare system: the siloed and fragmented nature of health data. Until now, transferring
medical records securely across state lines or different healthcare facilities has been
difficult, often leaving patients without access to their complete medical history when they
need it most.
Epic’s announcement allows patients to integrate their medical records into various
health-related apps, such as health coaching platforms or medication reminder applications,
using their Epic login credentials. This development is not just a convenience; it’s a step
toward empowering patients to take control of their health and wellness.
The Role of TEFCA
TEFCA serves as the backbone for this revolutionary change, providing the infrastructure needed
for secure and interoperable data exchange. It functions similarly to how different cellphone
carriers allow users to communicate seamlessly, regardless of the network they use. This means
that regardless of the healthcare network a patient belongs to, they will be able to access and
share their health information effortlessly across multiple platforms.
Qualified Health Information Networks (QHINs) are the main participants in TEFCA’s health-data
exchanges. These networks undergo a rigorous approval process to ensure they meet technical and
eligibility standards. Epic is one of the seven QHINs currently live within TEFCA, facilitating
millions of data transactions each day.
Enhancing Patient Engagement and Trust
TEFCA requires QHINs to support six “exchange purposes,” including treatment, payment,
healthcare operations, public health, government benefits determination, and individual access
services. The latter allows patients to request and consolidate all their health records into a
single app, providing a comprehensive view of their medical history. This capability is expected
to revolutionize patient engagement by enabling individuals to take a more active role in
managing their healthcare.
Epic’s recent announcement indicates their readiness to support individual access services, a
development that took considerable time to ensure robust security and patient education. This
effort is essential to maintaining trust in a system where patient data is inherently sensitive
and protected by the Health Insurance Portability and Accountability Act (HIPAA).
Safeguarding Patient Data
One of the challenges in implementing such a system is ensuring the security and privacy of
patient data. While some apps comply with HIPAA regulations, others do not. TEFCA allows apps to
volunteer for participation, provided they adhere to HIPAA standards, ensuring users are
informed about the privacy policies of the apps they choose to use.
Epic’s approach includes educational prompts that inform patients about the data they are
sharing and the privacy practices of the apps they select. This transparency is crucial for
building trust and encouraging more widespread adoption of health data sharing.
Conclusion
The introduction of patient-controlled health data access through Epic Systems and TEFCA is a
pivotal moment in healthcare, poised to enhance patient engagement, improve care coordination,
and ensure better health outcomes. As these capabilities become more widely available, patients
will have unprecedented access to their medical information, allowing them to make more informed
decisions about their health. This shift represents a significant step forward in the digital
transformation of healthcare.
Parrella Health Law
For further information on how these developments may affect you or if you have any questions
regarding the implications of this new era in healthcare data sharing, please contact Parrella
Health Law at 857.328.0382 or reach out to Chris directly at cparrella@parrellahealthlaw.com.
Christopher Parrella, ESQ, CPC, CHC, CPCO, is the founding partner of Parrella Health Law in Boston, Mass. The firm focuses exclusively on healthcare defense and compliance matters. Chris also travels the country on behalf of a wide range of healthcare organizations, lecturing on a variety of health care enforcement and compliance topics. Chris is one of a handful of health care attorney’s that are also Certified Professional Coders (CPC) and is a member of the AAPC’s National Legal Advisory Board and Ethics Committee. He is also a Certified Professional Compliance Officer (CPCO) and Certified in Health Care Compliance (CHC.)
Leave a Reply