360 likes | 497 Views
RTI Western States Consortium Meeting #2 Documentation. July 25 – 26, 2012 Portland, Oregon. Prepared by C3 Consulting. Attendees. John Rancourt, ONC Bob Bailey, RTI Cindy Throop, RTI Vicki Estrin, C3 Consulting Sarah Stewart, C3 Consulting John Hall, Krysora
E N D
RTI Western States ConsortiumMeeting #2 Documentation July 25 – 26, 2012 Portland, Oregon Prepared by C3 Consulting
Attendees • John Rancourt, ONC • Bob Bailey, RTI • Cindy Throop, RTI • Vicki Estrin, C3 Consulting • Sarah Stewart, C3 Consulting • John Hall, Krysora • NageshwaraBashyam (Dragon), Harris • Paul Cartland, AK • Lorie Mayer, AZ • Travis Shank, AZ • Aaron Seib, CA • Rim Cothren, CA • Cassie McTaggart, CA • Kerry Cataline, CA • Greg Suenaga, HI • Jeff Blair, NM • Lynn O’Mara, NV • Stefani Hogan, NV • Gerry Yantis, NV • Carol Robinson, OR • Christy Lorenzini-Riehm, OR • Chelsea Hollingsworth, OR • Mindy Montgomery, OR • Pete Mallard, OR • Dan Alvord, Utah • Matt Hoffman, Utah • Rick Ruben, WA
Welcome – Cindy Throop, RTI Cindy welcomed the group on behalf of RTI and thanked everyone for all the work that has been done to date.
Meeting Objectives • Review and finalize the details of the pilot/proof of concept (POC) task (6), including whether enough consensus and technical agreement has been gained in both pilot states to test the trust anchor concept and the provider directory concept. • In order for the pilot to be successful, both need to be considered, and at least one needs to be successful. • Define the POC and Pilot tasks with dates (e.g. begin, end, major milestones) where the Pilot includes the exchange of “actual” patient information (if possible) bi-directionally across state lines.
Meeting Objectives • Understand the requirements for establishing inter-state exchange using Direct in order for each “non-pilot” state to develop policies and plans to participate in the WSC using Direct. • This includes the identification of existing programs/processes within participating states that can be leveraged to execute the solution. • Identify next steps for consortium.
Ground Rules • During all Discussion and Brainstorming sessions, the floor will be given to the pilot states (California and Oregon) to provide initial information and feedback. The floor will then be given to the remaining core states to contribute their feedback, and then to the satellite states to note any additional items the core states should be considering. • States participating in the WSC need to actively comment, critique and reach resolution on issues that the WSC agrees are critical to a regional solution for exchange. Examples include but are not limited to business processes and terms of a Participation Agreement.
Welcome and Project Thoughts – John Rancourt, Office of the National Coordinator John thanked everyone for their hard work but noted the “real work” begins with this meeting. He noted that the WSC project has HIGH visibility within ONC John asked that everyone participate and speak up with ideas, questions, issues, etc.
Project Assumptions(source: March meeting and WSC calls) Vicki Estrin reviewed the project assumptions at the start of each day.
Project Assumptions • The states forming the WSC do not need to agree on everything; however, there is a need to find and agree on specific policy decisions for acceptable exchange between states. • The WSC is vendor neutral and any solution (e.g. policies) must be vendor neutral. • We can’t wait for final rules (e.g. governance) to move forward. • The S&I Framework for data and use cases can serve as a place to start. • Direct currently requires the issuance of certificates; this could change in the future but not for the pilot.
Project Assumptions • We should learn lessons from the NPI as opposed to adopting it. • The one who releases the data (sender) is bound by the laws in the sender’s state (e.g. consent requirements). The one who receives the data (receiver) is bound by the receiver’s state laws in terms of access to and use of the data. • California and Oregon are taking the lead but decisions made for the pilot will reflect the WSC decisions.
Project Assumptions • Pilot is defined as Provider-to-Provider exchange of clinical information for treatment purposes using the Direct mode of exchange where providers are located in different states (Oregon and California). • Providers are in two different HISP networks • The pilot will if at all possible be the exchange of “live” or “real” patient data (versus simply the exchange of test patient data). • While we are limiting the pilot in terms of actors (providers involved in patient care), there is a need to consider a more complex environment post-pilot. • Standardization of what information is sent is out of scope and it to be left to each state’s discretion; however, this doesn’t mean that there can’t be a minimum amount of data required for the exchange.
Meeting Documentation The meeting was divided into “sections” and this documentation is meant to summarize the discussion relevant to each section. Decisions made were captured through out the meeting and are summarized in a separate section.
Specific State Updates Where are we today and where do we believe we are heading? • States discussed their progress since the March meeting and described their current status. • Outstanding questions were captured and documented to be addressed by the WSC as appropriate.
Specific State Updates • California • The WSC is the first step to their broader approach to HIE. There are a number of weekly meetings that take place and California invited WSC members to attend. • The HIO (Health Information Organization) that will participate in the pilot is NCHIN (North Coast Health Information Network). They are currently testing their HPD compliant directory and plan to go live by the end of August. • Oregon • Direct is the first product in a suite of HIE products to be launched. • There was a soft launch test in multiple environments in April. • Participation Agreement has been developed. • Looking for a hospital in southern Oregon to exchange with NCHIN. • Talking about expanding functionality beyond HIPAA.
Specific State Updates • Alaska • Implemented Direct in January 2012 with 841 accounts. Many of these are not counted by ONC as they are not providers. • They do not require permission or authorization to access their Provider Directory. • They have 212 providers (out of their goal of 300) who have sent at least one Direct message. • Arizona • They have focused on providers for Directed exchange (instead of the larger hospitals). Their goal is to “meet providers where they are” in terms of HIE.
Specific State Updates • Hawaii • Implemented Direct on April 4th. They currently have more than 200 providers trained. They are using a survey tool (for providers that have signed up for Direct and sent a test message) to track how often providers use their Direct account • Working with Guam and American Samoa on uses for Direct. • Integrating a Beacon Project. • Provisioning is done 1:1 and is manual at this time. • Nevada • Direct is the first phase of support for the EHR Medicaid Incentive Program. • Providers pay to participate in the Direct program.
Specific State Update • New Mexico • HIE vendor has “gotten out of the HIE” space so NM has selected a new vendor Orion • Utah • Axolotl was the vendor for HIE and Direct, but informed UT that Axolotl will not maintain Direct software. Optum will support Direct but will not be available until 2013, so UT is looking for a new vendor.
Questions to address • How do we identify HISPs that comply with “our standards”? • How will we query Directory Services? What are the technical and policy standards? Are there assumptions about the data? • Between now and December – Do we authorize access to the provider directories? • To whom is this access granted? • What do we do when states don’t use Direct Standards? • What are the interstate HISP agreements for access to provider directories? • We know how we (as a state) validate identities but we don’t know how others do it. How do we (or do we need to) reach a standard approach to identity management?
Questions to address • How do we approach the vendors (e.g. Epic) who seem to be competing with statewide HIE? What are the key differentiators? • What is the states’ role in enforcement especially after the grant funds are gone? • How will we (should we) approach accreditation? • For the Pilot? • Beyond the pilot? • Is there an individual accreditation process? • Is there a template for Direct Exchange?
Business Process Requirements • The group reviewed the Business Process Requirements and agreed that they had been defined well enough to move forward with the technical and policy discussions. • For the states that participated, there was a great deal of synergy between the states in approaches. • The group did acknowledge that in some cases the “devil would be in the details.”
Baseline Governance and Trust Issues • John Hall reviewed the Implementation Guidelines for State HIE grantees on Direct Infrastructure & Security/Trust Measures for Interoperability • The group agreed that they supported most of the guidelines (with some clarification on specific issues requested). • The exceptions to agreement: • #8 “All STAs/HISPs should Provide users with mechanisms to directly establish trust with another user (e.g., store the public key) to enable ad-hoc messaging even if the respective HISPs have not “white listed” each other. • Only facilitate Direct messages that utilize digital certificates which have been cross-certified to the Federal Bridge Certification Authority (FBCA). This may or may not be the case and should be market driven. Needs further discussion and clarification. • The WSC identified a set of requirements to support trust. These are reflected in the Decisions Made section of this document. In addition there some requirements that were identified but not agreed to; requiring additional discussion. These are documented in the Next Steps section of this document.
Overview of Technical Execution • Rim provided a Technical Straw-man for discussion purposes. He posed a number of questions that needed to be answered before the pilot could proceed. Decisions made are reflected in the Decisions Made by the WSC section of this document. • Based upon the discussion, Rim will revise the straw-man and circulate to the WSC via email for comment. We will finish the discussion of the technical requirements on the August 14th WSC monthly phone call.
Planning and Timelines • An initial timeline was built by all of the states reflecting specific activities to support/implement Direct Project Exchange. • The document was sent as a supplement to this meeting documentation. • The plan will be reviewed and revised going forward on all WSC monthly calls.
Decisions Made by the WSC July 25th and July 26th
Decisions Made by the WSC • The Business Processes as documented are good enough to move forward (although the “devil may be in the detail”). • Third party accreditation process for HISPs is recommended but Not required for interstate exchange. • Make accreditation (or lack there of) discoverable.
Decisions Made by the WSC • Meeting the Implementation Guidelines for State HIE grantees on Direct Infrastructure & Security/Trust Measures for Interoperability with some clarification should be considered aspirational. • Number 8 and use of FBCA cross certified certificates are not required but other elements/aspects of FBCA cross certification need to be considered. • WSC needs to develop a set of principles or elements (e.g. check list) to be applied to the Participation Agreements (between User and the HISP (not the vendor) where the HISP is considered to be the party who is acting as the contracting organization reflecting the WSC requirements. Examples: Limits on disclosure, Comply with state laws. • Consider a common set of definitions and terms • Action Item: Review existing Participation Agreements to identify the list of core components.
Decisions Made by the WSC • Authorization for access to the Provider Directory especially for the Pilotis required. • Speed will be important to the users and this needs to be inlcuded in the Pilot. • We will test Direct Certificates for the pilot. We will do the exchange of a “WSC Trust Bundle” (which is the Trust Anchors for all the WSC but it will be applicable only within the WSC). We are testing the concept of the WSC Trust Bundle in the pilot with CA and OR only. • Inclusion of others is a different phase. It needs to start with Oregon and California. • Trust Anchor is not the org. or individual certificate. • We won’t do a “bridge” for the demonstration. • We will likely not pursue a WSC OID in the future but will not pursue it for the pilot.
Decisions Made by the WSC • For Directory Service Access: Authorization of Organizations and individual information will be recorded at the “originating system” for auditing purposes only. As part of the Participation Agreements this will be a requirement. • For example: California talking to Oregon and that is all that Oregon needs to know. The individual that asked the question needs to be logged at their organization. This is a synchronous process. Include audit logs in pilot. • The Pilot will be Direct Project compliant • The WSC will create a Principle document for Participation Agreements; however, there are decisions to be made and further discussion needed before this can be done.
WSC needs to discuss the following further… • During the discussion the following was proposed and discussed at length; however, no resolution was reached as to what would be in this document and how it would be crafted. • The WSC will create a principle document that reflects the need and desire of the community “to facilitate trust to encourage care coordination and interoperability…” We will trust one another based on the following….” Note the wording is important. • Document will include a framework for decision making governance and how directory services will work. • HISPs ultimately “apply” to join the community. • Example: Verizon or SureScripts could apply to be a part of the WSC. However, in the case of Orion, it would be the customer of Orion. • Inclusion in a Provider Directory and ability to exchange • While we all come to the WSC with different voices and hats, the one this document references is that of a member of a trust community. • Need common definitions.
WSC needs to discuss the following further… • Mechanism for monitoring behavior HISP compliance and addressing poor behaviors. • Who owns responsibility for communicating? Could be an expansion of the Notification Process. • If you set a minimum bar for what is acceptable by definition then you have identify when the bar isn’t met. • This is out of scope for the project at this time. • If we stand up a consortium then it will need to be addressed. • Other notes: • CA is not creating another enforcement entity • State laws must be met. • Notification (of Breach but also other policies) is important.
WSC needs to discuss the following further… • “HISP wide certificate” which may be HIE but it is not Direct Project exchange. If this the case – then it should be discoverable. • The Pilot needs to be Direct Project Compliant. • States can have multiple modes of exchange. • Market will drive some of this. • Utah could/would share with someone who does have a HISP wide certificate which would be interoperable exchange but not Direct exchange. • If you are purporting to be Direct Project compliant then HISP wide certificate is not compliant with Direct Project protocol. • Notes: The Direct Project community doesn’t feel a HISP wide certificate is granular enough to engender trust. State HIE program did choose to emphasize this in its guidelines.
What’s next? • Next Steps • RTI/C3 to distribute results from the meetingthe week of 7/30/2012. • Rim to revise and circulate the Technical Straw-Man. Everyone will need to respond with changes via email. We will finalize the document on our 8/14/2012 call. • Review Participation Agreements (OR, CA, NV and anyone else who would like to do this) • RTI/ONC to decide on whether or not there needs to be an in-person meeting. Will be a topic on 8/14/2012 call. • Oregon and California need to determine how they will connect and get the work done. Need to figure out how to keep the group informed. • Does it make sense to “check-in” at the ONC meeting in December to work on the report? Will continue to discuss. • John Rancourt to send information on the Provider Directory CoP • The WSC needs to coordinate and link to S&I framework work. • John R. will send out the format for what is required for the final report.
What’s next? • Draft agenda for next WSC call August 14, 2012 @ 3:00 p.m. EDT • Rim’s Technical Straw-man – reach agreement on critical items. • Check on progress relevant to the plan developed at the July WSC meeting. • Establish next in-person meeting • Discuss what will be required for the reportto ONC.
Thank You!! • All attendees for your input, energy, enthusiasm and most all your time. • Oregon for being such awesome hosts! • California and Oregon for your willingness to be “first” • ONC for your leadership and sponsorship • RTI and friends (SMEs) for your leadership and project management • And to Matt for the awesome Voodoo doughnuts!