650 likes | 744 Views
Provider Directory CoP. Western States Consortium and Inter-State Exchange. June 20, 2012. Today’s Agenda. Welcome Discussion on the Western States Consortium and Inter-State Exchange - Aaron Seib , 23 Eleven, and Ryan Sommers , Arizona Department of Administration
E N D
Provider Directory CoP Western States Consortium and Inter-State Exchange June 20, 2012
Today’s Agenda • Welcome • Discussion on the Western States Consortium and Inter-State Exchange - Aaron Seib, 23 Eleven, and Ryan Sommers, Arizona Department of Administration • Closing remarks and announcements This meeting is being recorded. Please disconnect if you have any objections. Thank you!
Welcome Provider Directory CoP Welcome John Rancourt
Discussion on the Western States Consortium and Inter-State Exchange Aaron Seib, 2311, LLC Ryan Sommers, Arizona Department of Administration
Origins At A Glance • Funding comes from ONC’s State Health Policy Consortium (SHPC): Opportunity to Request Support Services • RTI provides overall Project Management support (Stephanie Rizk & Cindy Throop) and funds subcontractors that work on the initiative along with the participants from each of the states (includes John Hall, C3 Consulting and Dragon) • Team of states initially included OR, CA, NV, AZ, HA, UT, AK, NM who collaborated to develop work plan (subsequent to kick off satellite states that have been involved include WA, ID, GA & FL) • A number of related proposals were presented and iterated with RTI & ONC • ONC (Lee Stevens & John Rancourt) approved proposal to evaluate the policy and subsequently pilot the use of digital certificates and provider directories to enable inter-state exchange. • Project received final approval to begin on November 1, 2011
Focus of Project Approved Work Plan focuses • On the practical and technical barriers to ensuring the privacy and security of interstate exchange, With a specific attention to • How provider directories and trust services originating in different states can be harnessed and potentially combined at the regional level to promote privacy and security and facilitate interstate exchange using Direct secure messaging.
Overall Objectives • Policy: The key barrier to be examined by this work is to evaluate the Policy variances among exchanging states and identify solutions that would enable the exchange of health information. • Alternatives analysis and selection: Key elements to be considered included federated provider directory concepts and establishment of trust anchors. How can we implement Certificate Policy representing the variance among states and HIOs (or the standardization thereof) so that a Certificate from OR can be trusted to assure Identity of a Provider in CA. • Pilot Implementation: Using the collaboratively established best of breed approach implement a local solution between CA (NCHIN) and OR (FQHC). Operate pilot and produce report for ONC to distribute to nation.
Work Plan – Task 1 • Task 1: Status Meetings with RTI • Monthly meeting lead by RTI Collaborative Project Manager • The first meeting and the Projects Kick-off was held Nov. 2 • Reviewed the revised timeline • Project kick-off was delayed by a month awaiting approval by ONC • Project related administrative tasks • We have met every month and had several off schedule meeting to focus on specific topics between meetings Recurring Monthly through 1/4/2013
Work Plan – Task 2 Task 2: Research, Preparation, and Analysis • Gather Strategic and Operational plan, • Description of how trust services and PD are addressed in each States HIE plans, • HIE Services Offered, • Status of RFP for PD\HIE Services NOTE: It was concluded that these elements are still very dynamic and will be changing over the course of the project – Initial information to be gathered and subsequent updates collected through February 2012
Work Plan – Task 3 Task 3: Discuss Regional Trust Services/Trust Anchor and Regional Provider Directory Services at In Person Meeting State Participants responsible for proposing goals & objectives for meeting • Establish shared definition and understanding of “Federated Provider Directory”, “Trust Services” including “Trust Anchor”; • Explore the benefits and challenges of a regional approach to these ‘services’; and • Present various options for shared approaches and how each would work in practice. On or before 2/24/2012
Work Plan – Task 4 Task 4: Meeting to Weigh Options and Determine Solutions • Determine the value and feasibility of options or a combination approach, and • Make a consensus decision about the most desirable option/ approach moving forward. We concluded that from a trust fabric perspective Identity Management and Provider Directories weren’t an either or option as both needed to be developed together to achieve the project’s goals. March 2012
Work Plan – Task 5 Task 5: Preparation to Implement Solutions • Evaluate minimum requirements for ID Mgmt for interstate exchange – (turns out to be very similar to what was recently announced as the Guidelines for the State HIE program) • Identify options, templates, or other guidance for recognizing commonality of minimum requirements in participants agreements, • Identify barriers or challenges to executing agreements, and • Devise strategy for moving forward on implementing a discovery method among users. May/June 2012
Work Plan – Task 6 Task 6: Next Steps Toward Implementation • Identify policy/planning processes and timing within each state needed to move forward toward implementing agreed upon regional solution(s), • Identify existing programs/ processes within participating states that can be leveraged, and • Identify next steps for consortium • Culminating at our face-to-face meeting July 25th & 26th End of July 2012
Work Plan – Task 7 Task 7: Execute Pilot/Proof of Concept • Establish Common Trust Anchor and Trust Policies • Procurement and Implementation Cost saving opportunities may be identified here. For example, through forming a joint relationship to procure Certificate related services in volume. Timing to be determined Overall task running between August 2012-December 2012.
Work Plan – Task 8 Task 8: Produce Report • Outline report • Assign responsibilities and roles • Assemble tools and other documentation • Assemble early draft for team to discuss • Submit Draft report to RTI/ONC • Revise Draft report • Submit Final report January 23, 2013
Healthcare Directory for Interoperable Exchange Gaps to Address
What Are the Gaps We Are Trying to Address in the Pilot? • Gap #1: The assumption is that the sender knows which PD to search for endpoints. PD are established at a sub-state level in a number of states and as a result there is a need to develop a federated approach to discovery. • Gap #2: There isn’t a commonly accepted method for creating and issuing digital certificates in the health care domain so we don’t know if the cert retrieved is trustworthy. Further we have determined that there is a need to verify that the receiver is engaged in a Direct service that satisfies HIPAA requirements. • Gap #3: From a policy perspective there is a need to establish what is actually known about both the sender and the receiver when a common approach to creating and issuing digital certs is established to enable compliant electronic exchange. For example, how do you learn and trust that the direct address is bound to a Provider?
What Does the Real World Look Like Today? HIO2 HIO1 HIO3
California Federated Provider Directory CA FPD Participants Agreement CA FPD Participants Agreement CA FPD Participants Agreement HIO2 Onboarding Policies Onboarding Policies Onboarding Policies HIO1 HIO3
Western States Consortium Oregon Federated Provider Directory WSC Participants Agreement Onboarding Policies California Federated Provider Directory
Q&A Questions?
Work Products to Discuss • Data Collection Instrument • In-Person Meeting (Las Vegas – March 2012) • More Data Collection Prior • Business Process Requirements
Data Collection Instrument • December 2011 • Initial Planning and Discovery • Instrument designed to collect baseline information about each State’s strategy for Statewide HIE. • Assist in determining how each State is incorporating a Direct strategy into their HIE activities and plans
Data Collection Instrument Cont’d • Approval status of State’s SOP Plans to ONC. • Trust Services and Provider Directories • Addressed in State’s SOP? • Timeline for each State? • HIE Service Offerings • Types of services being offered by Statewide HIE? • RFP for HIE Services • Status of RFP activities by State
In-Person Meeting – States Attended • California • Oregon • Arizona • Utah • Colorado • Oregon • Nevada • Alaska • New Mexico
In-Person Meeting Goals • Discuss the options of establishing regional connections between HISP entities in each state. • Discuss the options of leveraging a regional approach to trust services to support regional provider directory services. • Determine which solutions the core group is most interested in pursuing during the remaining phases of the project, including the planned pilot between California and Oregon.
In-Person Meeting – PreWork • Have you selected a technology vendor? • If yes, which vendor(s) and what are the initial set of planned services for HIE? • What is the expected date for implementation of initial services • If no, what is the status of the technology selection? • Please list the initial set of use cases for health information exchange/sharing (e.g. treatment, coordination of care)?
In-Person Meeting – PreWork Cont’d • Certificates: Has the decision been made regarding who is able to issue certificates? Individual? Organization? Both? • Certificates: If the decision has not been made, what is the status of this decision? • Identity: What information must be provided to verify identity? Describe to the extent an in-person step includes identify proofing in front of a notary or other authorized party?
In-Person Meeting – PreWork Cont’d • Identity: Beyond verification, are there any additional criteria that must be met to receive a certificate? • Must individuals be licensed providers? If so, what about administrative staff? • Must organizations be health care providers? • What about other HIPAA-covered entities like plans?
In-Person Meeting – PreWork Cont’d • Governance: Describe briefly the status for developing policies related to Trust Services. • Governance: How are (or will) these policies be maintained and governed? • Governance: Will there be an enforcement or audit mechanism? What if any are the consequences for non-compliance? • Governance: How do you currently (or plan to) provide a level of comfort to the communities exchanging information?
What Did We Learn from This? • Confirmed different approaches being rolled out • Helped us understand each model better (Set the baseline)
What Did We Learn from This? Cont’d • Different approaches and level of HIE Maturity by State
What Else Did We Learn from This? • A need to establish a “minimum set of standards” • Minimum policy requirements required by State • Minimum policy requirements by use case • Should leverage other work from S&I Framework and Provider Directory COP • Documented numerous parking lot items (many considered “out of scope” but related)
Business Process Requirements Matrix • Goal to identify and define the various business processes associated with the WSC pilot project. • Build the requirements associated with those processes.
Business Process Requirements Matrix Cont’d • BP1: Identity Registration and Maintenance by Organization Type • BP2: Identity provisioning and maintenance (including issuing of certificates) • BP3: Verification of Provider Identity or alternatively Secure Exchange of PHI • BP4: Assignment of Roles (for Access Rights)
Business Process Requirements Matrix Cont’d • BP5: Verification of Accreditation • BP6: Authorization to access directory services across the state lines. • BP7: Authorization to Exchange PHI Across State Lines • BP8: Provider Discovery
BP1: Identity Registration and Maintenance by Organization Type Definition and Consideration: • The full lifecycle for maintaining provider directory information. • For the pilot, it might make sense to limit the actors to "Individual Clinicians" and "Clinical Organizations" but still need to think about a more complex environment which includes the following actors (listed in no particular order): Payers, Labs, Pharmacy, Patient, Researchers, Public Health, Government Agencies/Entities.
BP1: Identity Registration and Maintenance by Organization Type Cont’d Components: • Registering an Individual Provider • Registering a Provider Organization • Updating Provider Information Discussion points for the various components • How do we verify the information? • Do we need to define the verification process and to what extent are they necessary for the pilot?
BP1: Identity Registration and Maintenance by Organization Type Cont’d Requirements: • Proof of individual identity • Demographic information (to be further defined) for demographic search • Verification of demographic information • Proof of organizational affiliation(s) • Service endpoints for electronic exchange (may be organizational) • Standards associated with service endpoints* (may be organizational) • Verification of service endpoint information (Note: Service endpoint for the pilot is a direct address)
Other Conclusions • This is hard work!!! • This is doable!!!