TEFCA Concepts

In order to connect to TEFCA, you need to go through an extensive vetting and onboarding process. Here are some important concepts to understand as you do that.

Principal listings always belong to Covered Entities

The right to retrieve data under the primary TEFCA Treatment Purpose of Use (POU) is limited to Covered Entities (CEs) who are Healthcare Providers. The vetting process confirms that CEs will be querying under a legitimate POU and then allows them to establish a Principal listing. All TEFCA queries must be conducted by or on behalf of a Principal listing. Business Associates cannot maintain Principal listings.

Business Associates act as Delegates

Business Associates (BAs) can conduct queries on behalf of CEs that they serve. The CE that owns the Principal listing must instruct their QHIN to add the BA as a Delegate that is allowed to make requests on their behalf, in a process known as "Delegation of Authority". Note: The BA Delegate can be connected to the network via a different QHIN.

If the CE is fulfilling all of its reciprocity requirements through the Principal listing and contributing no additional data via the Delegate listing, it can append the Delegation of Authority with an "Initiator-Only Attestation" confirming that the secondary listing has no additional data to contribute to the networks.

Vetting paths vary by type of Covered Entity

Path 1: Healthcare Providers that have in-person, physical patient interactions and participate in a government program (Medicare, Medicaid, Tricare)

  • Type I evidence that you are both a Health Care Provider and Covered Entity (choose one of the following):
    • Link to the Entrant’s listing in any directory maintained by the Centers for Medicare and Medicaid Services (CMS) (e.g., on data.cms.gov or medicare.gov)
    • Link to the Entrant’s listing on any state government list of Medicaid providers

Path 2: Healthcare Providers that have in-person, physical patient interactions but only participate in commercial health plans

Path 3: Healthcare Providers that only have virtual patient interactions

Type II evidence

Evidence for Healthcare Provider (choose one)
  • Documentation reasonably showing the Entrant’s receipt of payment from a payer within
    the six months immediately preceding publication in the Entrant Review List
    (Documentation should be redacted so that it does not include PHI, financial or any other
    confidential information).
  • Link to the Entrant’s NPI listing in NPPES showing that the Entrant is the type of Health
    Care Provider listed in the submission
  • Link to the Entrant’s listing on a state government website confirming it is licensed as the
    type of Health Care Provider listed in the submission
  • Copy of a Certificate of Coverage for professional medical malpractice coverage
  • Copy of or link to Entrant’s national accreditation as a health care provider (Joint
    Commission, AAAHC, NCQA, URAC, etc.)
  • Link to the Entrant’s listing of its CLIA certification on S&C QCOR
  • Link to the Entrant’s inclusion on a list of participating providers published by a payer
  • Copy of a letter from a payer confirming that Entrant is a participating provider
Evidence for Covered Entity (choose one)
  • Documentation reasonably showing the Entrant’s submission of claims to a payer or other
    HIPAA standard transactions within the six months immediately preceding publication in
    the Entrant Review List. (Documentation should be redacted so that it does not include
    PHI, financial or any other confidential information.)
  • Link to the Entrant’s inclusion on a list of participating providers published by a payer
  • Copy of a letter from a payer confirming that Entrant is a participating provider