FAQs Archive - Page 6 of 9 - California Data Exchange Framework

The DxF requires electronic Exchange of health information. All Participants should review the DxF DSA and its Policies and Procedures to determine what Health and Social Services Information (HSSI) is required to be shared. A Participant may use any health information exchange network, health information organization, or technology to share the HSSI which they Maintain, so long as they are able to comply with the requirements of the DxF DSA and its Policies and Procedures. Participants should consider whether to seek services from a Qualified Health Information Organization, another Intermediary, or another vendor to support electronic Exchange of health information.

View full FAQ →

The Implementation Toolkit provides step-by-step guidance for health and Social Services entities in California to become active Participants in the Data Exchange Framework.

View full FAQ →

The Data Exchange Framework (DxF) is not a technology, but instead rules of the road for how organizations will provide Access to and Exchange Health and Social Services information (HSSI). HSSI will not reside on any state DxF system. The Privacy Standards and Security Safeguards Policy and Procedure describes the minimum privacy and security safeguards required by the DxF for Participants to implement. These Policies and Procedures can be found on the Policies and Procedures section of the DxF website.

View full FAQ →

The DSA permits sharing PHI between a Covered Entity and non-Covered Entity when you have a valid Authorization from the patient or patient’s representative or the Disclosure is otherwise permitted or required by Applicable Law. (See DSA, Section 6(a); Privacy Standards and Security Safeguards Policy and Procedure). For more information on how Covered Entities can share PHI with non-Covered Entities, please see the State Health Information Guidance (SHIG), particularly SHIG Vol. 1.1: Sharing Behavioral Health Information in California, especially Scenario 4, the scenarios in SHIG Vol. 2.0: Sharing Health Information to Address Food and Nutrition Insecurity in California, and the Data Sharing Authorization Guidance (DSAG) Toolkits.

View full FAQ →

The Privacy Standards and Security Safeguards Policy and Procedure defines a set of requirements for Participants for maintaining and safeguarding data, including:

Administrative, technical, and physical safeguards that Participants must follow to protect the confidentiality, integrity and availability of Health and Social Services Information (HSSI);
The use of a secure environment that supports the Exchange of HSSI;
What Participants must do to protect against unauthorized Disclosure, Access, Use, modification, or Exchange of HSSI; and
How Participants must protect against any Loss, Destruction, Disruption of authorized Access or Exchange of HSSI.

The Technical Requirements for Exchange Policy and Procedure defines a set of person attributes that must not be included among person attributes for Person Matching unless required by the technical exchange standard or by the Nationwide Network or Framework in use. It further specifies that if Participants use Nationwide Networks or Frameworks or other intermediaries to Exchange HSSI, Participants must follow all applicable law, and conform to the security model and security standards for exchanging information established by that Nationwide Network or Framework.

View full FAQ →

23. How do Data Sharing Agreement (DSA) signatories who do not use an electronic health record participate in the Data Exchange Framework (DxF)?

22. How do Data Sharing Agreement signatories operationalize data Exchange?

21. How will patient data be secured?

20. If my organization is a Covered Entity under HIPAA, how can I share protected health information with a non-Covered Entity participant, like a social service organization, under the DSA?

Stay Informed