The Data Exchange Framework (DxF) commenced on January 31, 2024 and is a comprehensive initiative that introduces a unified Data Sharing Agreement (DSA) and a set of common Policies and Procedures (P&Ps) to govern the exchange of health and social services information among health care entities and government agencies.
Below we address the most common inquiries we receive about the CalHHS DxF related specifically to QHIOs.
Access the full list of DxF FAQs developed by CalHHS
Are Participants (DSA Signatories) required to use a QHIO for the exchange of HSSI under the DxF?
No, using a QHIO is optional. Participants may choose to exchange HSSI (health and social services information) via a QHIO, a nationwide network or framework, other intermediary, point-to-point connections using their own technology, or a combination of these methods to comply with the DSA and P&Ps. See related General DxF FAQs, notably questions 16, 30, and 31.
Are QHIOs required to serve any Participant that requests their services?
No, QHIOs are not required by CDII or the QHIO Program to enter into contracts and serve every Participant that requests their services. Some QHIOs may not be able to meet the specialized needs of some Participants or the technologies they have chosen; may not be prepared to serve all Participant types; may not offer all of the services requested by a Participant; or may not have the capacity to take on new Participants at the time of a Participant’s inquiry. Please reach out to the QHIO(s) in which your organization is interested for more information on whether they are able to provide services to your organization.
Can QHIOs charge for the services that they provide to Participants?
Yes, QHIOs may charge for the services they provide to Participants. CDII recommends that Participants refer to the P&Ps, including the Permitted, Required, and Prohibited Purposes P&P and the proposed Fees P&P, both of which can be found on the CDII DxF webpage, for more information on when Intermediaries, including QHIOs, may charge fees and restrictions on the fees they may charge. Please reach out to the QHIO(s) in which your organization is interested to learn more about the pricing of their services.
May a QHIO require a Participant to sign agreements in addition to the DSA?
Yes, QHIOs may require Participants to sign additional agreements or contracts that specify the terms of the services they offer. In some cases, QHIOs may be acting as a business associate to a Participant as defined under HIPAA requiring the parties to execute a business associate agreement. Agreements that a Participant might be asked to execute by a QHIO include a participation agreement, a data sharing agreement distinct from the DxF DSA, and/or business associate agreement.
Does contracting for services with a QHIO guarantee that a Participant has met its requirements under the DSA and its P&Ps?
No, use of a QHIO does not guarantee compliance with DSA or its P&P requirements. QHIOs offer access to critical services compliant with DxF technical standards requirements and have established critical connectivity that may help Participants comply with their obligations to provide access to or exchange of HSSI. It remains the responsibility of each Participant to ensure that they comply with requirements of the DSA and its P&Ps beyond the technical standards by reviewing and complying with P&Ps including but not limited to:
- The Permitted, Required, and Prohibited Purposes P&P for the purposes for which the Participant may and must share HSSI,
- The Privacy Standards and Security Safeguards P&P for information on privacy and security standards the Participant’s systems must meet,
- The Data Elements to Be Exchanged P&P for information on data elements the Participant must make available,
- The Technical Requirements for Exchange P&P for the types of exchange a Participant must enable, and
- The Real-Time Exchange P&P for information on the requirements for timely information sharing.
Can a Participant require that a QHIO guarantee the Participant will be in compliance with the DxF if the Participant becomes a client of that QHIO?
QHIOs are not required by CDII to guarantee Participants that use a QHIO are compliant with the DxF. QHIOs may not have insight into a Participant’s internal policies and standard operating practices which could have an impact on the Participant’s compliance with the DSA and its P&Ps. Participants must assess their own processes to ensure that they remain compliant. QHIOs may choose, but are not required by CDII, to offer services to assist or advise Participants in assessing their compliance with the DSA.
How long does it take to onboard to a QHIO?
Onboarding to a QHIO typically takes between 90 and 180 days; however, the length of time to onboard to a QHIO will vary depending on the Participant’s technology, Participant vendor readiness, the services the Participant is seeking, and other factors. Participants should reach out to the QHIO(s) for more information on the time to onboard.
To learn how organizations like yours use LANES as their QHIO, check out our participants page.