Beyond exchanging with eHealth Exchange’s 300+ health systems, federal agencies, providers and provider collaboratives, eHealth Exchange also provides Participants the optional ability to also exchange with Carequality’s 35+ networks (e.g. the AthenaNet network, the eClinicalWorks network, CommonWell Health Alliance and many other eHealth Exchange peer networks).
Carequality is a framework, a library of technical and policy agreements, plus a governing structure enabling independent health data networks to exchange patient data. Similar to how the telecommunications industry has a behind the scenes framework allowing Verizon mobile phone users to communicate with T-Mobile and AT&T users, Carequality provides the policies and governance enabling providers on the CommonWell network to exchange with providers on the AthenaNet, Epic CareEverywhere and eHealth Exchange networks.
Exchange via Carequality
1. Maintain directory entries in both the Carequality Production and Stage (non-production) directories by requesting eHealth Exchange make these entries on your behalf.
- If your organization has not already done so, please email firstname.lastname@example.org to request these directory entries.
- Please ensure your directory entries in the Carequality Stage directory (non-production) reasonably mirror your production setup.
- For additional information, see https://carequality.org/wp-content/uploads/2021/07/Query-Based-Document-Exchange-Implementation-Guide-v2.0-Published-07122021-1.pdf.
2. Authorize a response to any and all Carequality directory listings for any Carequality use case (e.g. Query-Based Document Exchange) in which your organization exchanges.
- If you deny requests to organizations not on a list of permitted identifiers (HCIDs), then in order to accomplish this goal, you will need to integrate with eHealth Exchange Extended directory via FHIR, once that directory is available circa Q1 2023.
- By consuming the eHealth Exchange Extended directory, you will be able to authorize each entry in the directory by the HCID of the entry.
- Until the eHealth Exchange Extended directory is released, the eHealth Exchange will provide a Carequality directory listing in a tabular format (Excel spreadsheet). Your organization should authorize a response to all the entries in this directory listing.
3. HIEs and similar non-providers must create sub-participant entries in the eHealth Exchange production directory that represent the providers and/or payers within your organization.
- Participants must populate the eHealth Exchange directory (which will in turn update the Carequality directory) with each of their locations that might be initiating/triggering a query and each of those locations must include a Home Community Identifier (HCID).
- Messages sent by HIEs must identify the entity that triggered the request using a home community ID (HCID or organization ID) for that entity instead of identifying the parent organization that joined the eHealth Exchange, unless the organization and triggering entity are actually one in the same.
- For example, a provider entity named “Springfield Medical Center” triggers a request so the request should be identified using the HCID of “Springfield Medical Center” and not the parent HIE organization named “Montana HIE”. In this scenario, “Montana HIE” is the parent organization that joined the eHealth Exchange and “Springfield Medical Center” is a provider that is a child of the parent organization. This is important as you can imagine for HIPAA auditing.
- There is no eHealth Exchange charge for these supplemental directory entries.
4. Adhere to the Carequality Connection Terms (https://carequality.org/resources)
- By not opting-out of exchange with Carequality, eHealth Exchange Operating Policy & Procedure 10 (section II, paragraph 3) binds your organization to adopt and flow-down the Carequality Connection Terms to be legally binding with your Participant Users.
5. Maintain a test environment with an active certificate authority (CA) issued certificate.
- At least one synthetic patient with at least one synthetic CDA so the trusted Carequality community can test exchange with your organization at any time.
- More than one test patient is needed when one test patient is not sufficient to reasonably represent the data in your production environment.
Note: Separately, remember eHealth Exchange requires these non-production certificates be issued specifically by DirectTrust [or by Entrust as long as still permissible in 2021].
7. HIE and similar participants (“Candidate Implementers” in the Carequality world) must complete a Carequality Application Exhibit 1 form.
The Carequality Application Exhibit 1 is a survey designed to document the nature of your requests and responses for the Carequality community and how your share data with other organizations. The form can be requested by contacting email@example.com. For example:
- As an initiator, list the permitted purpose of uses and justification for each purpose of use. As a responder, which purpose of use values do you allow?
- Document external access to retrieved data
- Patient/consumer access to retrieve data
- What triggers your requests?
- How do you decide which Carequality organizations are targeted for requests?
- Patient selection approach – for example, patients targeted based on appointment check-in or ED arrival?
- Do your providers require additional terms and conditions to respond to requests? Do the terms and condition include any limitations to the purpose of use?
HIE participants choosing to exchange with Carequality should populate the Carequality Application Exhibit 1 form and email it to firstname.lastname@example.org.
1. A participant or participant member wishing to assert the Treatment Permitted Purpose must provide one of the following pieces of evidence:
- Organization-level NPI (Type 2), or Provider-level NPI (Type 1) in cases where an Organization-level NPI is not needed and has not been acquired
- State-level certification/accreditation/licensure
- CLIA certification (for labs)
This requirement will be enforced once the FHIR R4 directory is deployed by Carequality. Some exceptions are allowed as documented by the latest revision of the Carequality Framework Policy which is pending approval.
2. A participant or participant member is permitted to serve ONLY in the role of Query Initiator for the Permitted Purpose of Treatment if that participant or participant member has received authorization from Carequality and:
- (i) is a provider organization with no clinical information that could reasonably be made available for response as defined by Section 126.96.36.199 of the Carequality Framework Policy which is pending approval.
- (ii) is an EMS provider with alternative provision of data, as defined in Section 188.8.131.52 below; or
- (iii) is otherwise prohibited from serving in the Query Responder role by Applicable Law.
The categorization of an initiator only role (one of the three choices above) must be published in the Carequality directory under a new initiator only entry and will be enforced once the FHIR R4 directory is deployed by Carequality.