Tim Kosty, R.Ph., M.B.A.

THE 21ST CENTURY CURES ACT (Cures Act) was signed into law in December 2016. The law requires the Office of the National Coordinator for Health Information Technology (ONC) to create a pathway for establishing an interoperable exchange of electronic health information. Section 4003 of the act directs the ONC to “develop or support a trusted exchange framework, including a common agreement among health information networks nationally.” The network will be called the Nationwide Health Information Network (NHIN).

Congress tasked the ONC with addressing the core principle of interoperability, which is defined as building and maintaining trust. The ONC’s vision of interoperability includes:

  • Patient-centered care by means of a system where healthcare providers have the capability to access patient health information from all available sources in a convenient, secure, and judicious manner.
  • A system that delivers a longitudinal picture of a patient’s health.
  • A mechanism for researchers to harness health information data to advance research and development.
  • Full and convenient access for patients to their complete personal health records.


The purpose of interoperability is to provide relevant and timely information to healthcare providers at the point of care, with the goal of improving healthcare decision-making and patient outcomes. The Standards and Interoperability (S&I) Framework presented by the ONC provides insight into the components needed to achieve the seamless electronic interchange of health information between organizations and information systems. The S&I Framework includes:

  • Technical infrastructure (directories and certificate authority).
  • Use cases and health information standards.
  • A process to evaluate, test, and refine the standards exchange.
  • Certified products that meet security and interoperability standards.
  • Policies and governance structures for the NHIN.

The framework components require a central, trusted authority to facilitate the exchange of healthcare information, create legal agreements to protect all participants, certify compliance with the technical standards, and ensure that standard policies and procedures are used. The Cures Act envisions health information exchanges (HIEs) linked together across the country. The ONC has specified that a trusted exchange framework (TEF) include the selection of a single recognized coordinating entity (RCE) through an RFP (request for proposal) process that has extensive experience with existing health information network capabilities. Once selected, the RCE will work within the TEF framework to develop a “common agreement” that qualified health information networks (HINs) and their participants can voluntarily adopt.


Qualified HINs will be the HIEs that have been selected to participate in the National Health Information Network. HIEs are in place around the country and are focused regionally or within a state, making them natural qualified HIN candidates. From an operating perspective, CMS (the Centers for Medicare and Medicaid Services) has indicated they would like the network to contain the fewest number of qualified HINs possible.


In January and February, there was a 45-day public comment period on the Draft Trust Exchange Framework. Press reports on the comments indicate the industry had major concerns about limiting the number of HIEs participating and the administrative and technical requirements that will be handled by the RCE. The ONC schedule noted that the RCE selection and the final draft of the combined Trusted Exchange Framework and Common Agreement (TEFCA) are expected mid-2018. It is likely that this time frame will be delayed as the public comments are evaluated and responded to by the agency.


The TEF is a complex system, and it will be challenging to get all industry participants to sign the common agreement, given the cyber security concerns and the firewalls needed for organizations to protect their internal IT (information technology) assets. One cyber security issue still needing to be addressed includes who is responsible for network breaches. Healthcare companies must also assign administrative rights and responsibilities to access the NHIN and create the structure and process to implement changes post-implementation.

Because participation in the TEF is voluntary, the ONC will need to incentivize involvement. All healthcare systems have extensive IT development lists and processes to determine which initiatives to fund. Outside of required regulatory updates, IT initiative business cases must be chosen based on expected financial outcomes and improvement of patient care, which remain unknown for NHIN.

All stakeholders need to achieve a final consensus on the common agreement. Once the draft is published, attorneys will dissect the draft and generate many comments for review and adjudication. The RCE needs to be selected and contracted by the ONC, which could prove challenging. Finally, the ROI (return on investment) is not clear for health systems to prioritize IT development funds. Expect a long implementation timeline for the TEF and NHIN to become operational.


The Cures Act and TEF are the government’s plan to create interoperability across the nation, but the private sector is also creating interoperability solutions and leveraging the latest blockchain technology to facilitate data access. Blockchain is a distributed ledger technology that is the basis for Bitcoin and other cyber currencies. The technology behind blockchain is expected to revolutionize the tracking of information in many industries, including healthcare.


Blockchain does not require a trusted central authority to validate network participants. A network of computers (nodes) maintains and secures the blockchain, while each participant stores a copy. The blockchain cannot be changed, but new information/blocks can be added via mathematical validation by the nodes. Blockchain is based on a cryptographic mathematical structure that is nearly impossible to fake.

Read More 〉Blockchain 101: Foundations and Potential in Pharmacy

Some blockchains are private and require permission to access, while others are public, such as Bitcoin, and no permission is needed to add blocks to the chain. No single entity owns or controls a public blockchain; it is a distributed ledger with no central trusted authority and the nodes (participants) do not need to trust each other. The verification process eliminates this trust requirement, so there is no need for data-sharing agreements or processes and procedures; network protocols are also eliminated.


In January 2018, Apple launched its Health Records patient data viewer, with a pilot program with 12 participating health systems. Two months later, 39 health systems were participating, a 325% increase and an extraordinary adoption rate. The Apple HealthView uses Fast Healthcare Interoperability Resources (FHIR, pronounced fire) to access data through electronic health record (EHR) systems.

FHIR is a draft standard created by HL7 (FHIR V3) and uses modular components called “Resources” that can be thought of as APIs (application program interfaces) that pull specific data from EHRs. Like ordering a product online where there is a URL specifying the product location in the vendors’ database, FHIR technology uses similar principles. HL7 has created multiple implementation libraries to assist developers, and FHIR is free, enabling many developers to build applications with this technology.

The Apple Health Record is based on both blockchain and FHIR technologies. Health systems do not need complex data-sharing and cybersecurity agreements, and no central trusted authority is required. Apple has created a patient-centric model where the patient agrees with an end-user agreement. This minimizes liability, as patients have been warned how their data is being used. The technology leverages patients’ existing skill sets and enables them to download health records to their iPhone.


My colleague’s health system participated in the initial pilot program, and he had the experience outlined below.


If the goal of interoperability is to improve access to patients’ healthcare information at the point of care, accessing this information through Apple Health Records meets that need and puts the patient in control. There is not an NHIN required, and the patient is motivated to ensure that his or her healthcare provider has the latest information. No investment is needed by health systems and providers, and IT infrastructure and attorneys do not need to negotiate data sharing agreements.


Implementing the TEF appears to be a “field of dreams” venture. The use of blockchain technology in products like Apple Health Records will make TEF obsolete before it is implemented. Finally, patients will have access to their healthcare records outside the healthcare system and provide it to their healthcare providers as needed. CT

Tim Kosty, R.Ph., M.B.A., is president of Pharmacy Healthcare Solutions, Inc., with 30 years of pharmacy experience. He can be reached at tkosty@phsirx.com.