The start of 2026 has been a bit rocky for the advancement of healthcare interoperability.
As you likely know, more than 60 health systems recently sent a letter to The Sequoia Project, the group charged with overseeing the Trusted Exchange Framework and Common Agreement (TEFCA), asking them to take steps to strengthen data security, including more rigorously vetting potential network members. There is growing concern that some entities connecting to TEFCA are doing so with malicious intent, putting patient data at risk.
How are these potential bad actors getting access to TEFCA? Members can join TEFCA by one of two ways: 1) become a qualified health information network (QHIN), or 2) become a participant or subparticipant under a QHIN. To date, The Sequoia Project recognizes more than 10,000 TEFCA participants/subparticipants and only 11 designated QHINs. So, participants/subparticipants make up the vast majority of the TEFCA network.
Currently, TEFCA relies on self-attested business descriptions to determine who can join the network. It’s a bit like a farmer leaving cartons of eggs on a table at the end of their driveway with a cashbox, relying completely on the honor system for payment. In the case of TEFCA, however, it’s patient data—not eggs– at risk.
It’s a bit like a farmer leaving cartons of eggs on a table at the end of their driveway with a cashbox, relying completely on the honor system for payment. In the case of TEFCA, however, it’s patient data—not eggs– at risk.
For interoperability to thrive in a way that transforms patient care and our healthcare system, trust must be an essential piece of not just interoperability strategy, but reality. How do you build trust, however, amongst providers and data requestors, especially when those groups have historically experienced very low trust?
We built our business on the idea that when it comes to healthcare data exchange, trust must be built into technology. Our data exchange framework fosters trust because it is built to ensure the secure exchange of patient data.
Our EHR-neutral network enables providers to set up the exact release configurations for clinical and administrative data so that requestors get what they need, and nothing more. Providers trust Moxe because they know only data they have approved will leave their system. Payers trust Moxe because they know they will get the data they need, when they need it, in the format that’s most helpful to their use case(s). The way we deliver data reflects our belief that interoperability is furthered not just through increased data access, but through stringent data security, transparency, and close collaboration with both providers and requestors.
KLAS has recognized Moxe’s commitment to the secure exchange of data with a Best in KLAS award for 2026 for Payer Provider Data Exchange. Scoring a 90.8 overall, it is clear that both payers and providers trust Moxe to handle their sensitive clinical data. As one VP/Other Executive shared with KLAS in May 2025, “Sharing data through Moxe’s system has improved our relationships with the organizations we are sharing data with.”
There are some great things going on with TEFCA and in the broader interoperability landscape. The requirement that data sources make data accessible in USCDI v3 means better, more consistent data will be available for treatment and individual access requests, for example. Also, the Sequoia Project recently published guidance and a drafted approach to handling sensitive patient data and automating consent. This is a big step in the right direction to give stakeholders some tools to use and actions to take as we get closer to automating consent driven by patients themselves.
While we believe TEFCA’s intentions are good, we also must be realistic about the logistical and technical challenges facing the network and acknowledge how a lack of trust between participants is a real hindrance to its forward progress.
The reality is that today, the trusted direct exchange of data between payers and providers can’t exist through TEFCA for all use cases. It can through Moxe. We’re proud of the network we continue to build on a strong foundation of trust for the effective, efficient exchange of data, and we look forward to continuing to partner with both providers and payers to move interoperability forward in 2026.