ONC’s Keane Says Government Will Strengthen TEFCA Onboarding to Address Provider Privacy Concerns

The Office of the National Coordinator (ONC) has clarified its mission after a brief internal reorganization that moved chief technology, AI, and data officers back under HHS’s secretary office. By refocusing exclusively on external stakeholder engagement, ONC maintains its core responsibilities—administering the Health IT Certification Program, overseeing the TEFCA exchange network, and enforcing information‑blocking rules—while leaving internal HHS architecture to the CIO’s office. This streamlined approach reassures health‑system CIOs that the regulatory landscape remains stable, even as electronic health record adoption now exceeds 95 percent nationwide.

A distinctive feature of today’s health‑information exchange strategy is the two‑lane model linking TEFCA with the CMS‑aligned networks. Through collaborative governance, qualified health information networks (QHINs) vote on technical frameworks that are then mirrored in CMS’s accelerator initiatives. This synergy accelerates the development of a national provider directory, improves record‑location services, and reduces data‑matching collisions. Voluntary pledges from 600‑plus participants, coordinated in Slack and face‑to‑face meetings, feed innovative solutions back into TEFCA, creating a feedback loop that benefits both regulatory and market‑driven efforts.

Provider privacy concerns have prompted ONC to tighten TEFCA onboarding, introducing stricter vetting, mandatory cybersecurity insurance, and annual penetration testing. Because TEFCA is government‑administered, violations trigger direct action from the Office of Civil Rights and the Department of Justice, offering a legal whip hand absent in private exchanges. Enhanced audit‑trail requirements align with HIPAA security rules, giving providers greater visibility into data flows. Simultaneously, ONC’s new diagnostic imaging RFI seeks standards for exchanging large imaging files efficiently, recognizing imaging’s central role in diagnosis and the need for seamless, secure sharing across care settings.