Data Exchange Framework



Does the Data Exchange Framework require practices to utilize a state health information exchange?


What about physicians who do not use an electronic health record? Do they still have to comply?

YES. Physicians who work on paper still have to execute the Data Sharing Agreement and respond to requests for information from other health care entities. Exactly how that will happen is still to be decided.

If a practice contracts with a health information organization, do they need to do anything else?

YES. Practices that contract with an health information organization (such as Manifest Medex, LANES, Inland Empire HIE, etc.), or who utilize a national network (such as Carequality) are still required to execute the Data Sharing Agreement. These practices, however, will have an easier time complying with the requirements of the Data Exchange Framework, as they are likely already sharing the required data.

Do smaller practices, who don’t have to comply with the Data Exchange Framework until 2026, still have to sign the DSA in 2023?


Do physicians have to share their clinical notes with patients?

In most cases, YES. Although, that is not related to the Data Exchange Framework. The federal 21st Century Cures Act Final Rule (aka the “Information Blocking” Rule) requires physicians, in most cases, to share clinical notes with their patients. For background on download the Information Blocking Rule.

Do the Health Information Portability and Accountability Act (HIPAA) and the Confidentiality of Medical Information Act still apply under the Data Exchange Framework?

YES. All existing privacy laws and regulations still exist under the Data Exchange Framework.

Will the Data Exchange Framework require physicians to share very sensitive data, such as reproductive health or mental health information?

NO. All of the existing protections for sensitive data, both in state and federal law, will still apply.

For more FAQs please view CalHHS Data Exchange Framework FAQs.