Man. You didn’t even get to the IAS use cases under TEFCA and the the grey areas around multi multi factor authorization. IAL2 to Oauth to Oauth again because ain’t no way a NIST approved ID vendor knows how to do identity. What sucks is the way TEFCA IAS SOPs are written, they aren’t exactly in the wrong here.
Excellent piece, thank you - Brendan! I’m curious about how Epic’s expansion, particularly under TEFCA, impacts the public health sector in the following ways:
1. Cost of participation – What are the financial implications for public health entities to join and engage in the TEFCA ecosystem? Particularly thinking of smaller jurisdictions with limited resources(maybe compelled to join TEFCA because TEFCA is a cheaper way to comply with the information blocking rule than using Epic)
2. Privacy and security protections – how Epic as QHIN in TEFCA ecosystem- safeguards sensitive data (e.g., immigration status, reproductive health information) as it flows to third parties( Sub Participants) particularly for entities not covered by HIPAA? Sounds like Epic’s Cosmos platform comes with a pretty strict standard though.
Other thoughts:
1. Public health representation – To what extent does public health have a voice in TEFCA’s Standard Operating Procedures (SOPs) and implementation guidelines?
2. Liability concerns – How does TEFCA address liability management for smaller jurisdictions that may lack the financial capacity to absorb potential risks?
This is such a rapidly evolving yet critical issue, and I look forward to reading more of your insights. Thank you!
Disclaimer: all views are mine based on the publicly available information.
I feel like EPP roadmap aligns with FHIR Da-vinci use cases. Epic is one of the stakeholder in that program as well.
Regarding your comment on Epic strategy on AI technogy, i saw another update from Oracle that Ambient scribe is part of oracle clinical agent. Epic is lagging little behind on AI technologies.
Another paradigm shift these EHR vendors can offer is Agentic AI which can automate the workflow, next iteration of RPA.
Keen to see expansion beyond being system of record to emerging technologies (Agentic AI, etc)
Epic has already internally announced they are releasing an ERP
Thank you for confirming my thesis Deep Throat
Great read!
HTN? Health Tech Nerds?
Yes
Man. You didn’t even get to the IAS use cases under TEFCA and the the grey areas around multi multi factor authorization. IAL2 to Oauth to Oauth again because ain’t no way a NIST approved ID vendor knows how to do identity. What sucks is the way TEFCA IAS SOPs are written, they aren’t exactly in the wrong here.
Well this article isn't about TEFCA. I cover their implementation of IAS here
https://htdhealth.com/resources/tefca-individual-access-services-open-forum-video/
Their implementation is of course always subject to change, especially if competing EHRs successfully roll out "open" IAS and force their hand
I will check that out as well.
Excellent piece, thank you - Brendan! I’m curious about how Epic’s expansion, particularly under TEFCA, impacts the public health sector in the following ways:
1. Cost of participation – What are the financial implications for public health entities to join and engage in the TEFCA ecosystem? Particularly thinking of smaller jurisdictions with limited resources(maybe compelled to join TEFCA because TEFCA is a cheaper way to comply with the information blocking rule than using Epic)
2. Privacy and security protections – how Epic as QHIN in TEFCA ecosystem- safeguards sensitive data (e.g., immigration status, reproductive health information) as it flows to third parties( Sub Participants) particularly for entities not covered by HIPAA? Sounds like Epic’s Cosmos platform comes with a pretty strict standard though.
Other thoughts:
1. Public health representation – To what extent does public health have a voice in TEFCA’s Standard Operating Procedures (SOPs) and implementation guidelines?
2. Liability concerns – How does TEFCA address liability management for smaller jurisdictions that may lack the financial capacity to absorb potential risks?
This is such a rapidly evolving yet critical issue, and I look forward to reading more of your insights. Thank you!
Disclaimer: all views are mine based on the publicly available information.
I feel like EPP roadmap aligns with FHIR Da-vinci use cases. Epic is one of the stakeholder in that program as well.
Regarding your comment on Epic strategy on AI technogy, i saw another update from Oracle that Ambient scribe is part of oracle clinical agent. Epic is lagging little behind on AI technologies.
Another paradigm shift these EHR vendors can offer is Agentic AI which can automate the workflow, next iteration of RPA.
Keen to see expansion beyond being system of record to emerging technologies (Agentic AI, etc)