Session 7_Direct Boot Camp_Contracting for HISP


Contracting for HISP Services

Session 7

April 13, 2010


• Introduction

– Potential levels of offerings

– Key issues

– Key questions for you

– Elements of the RFP

– Key questions to ask vendors

• Panelists

– Greg Chittim, Rhode Island Quality Institute Consultant; Director of Provider Services, Arcadia Solutions

– Fred Richards, COO/CIO, Ohio Health Information Partnership


– Christopher M. Henkenius, Program Director, NeHII, Inc.

• Q&A

• Poll


To HISP or not to HISP….

...That may be the question, but the answer is not so simple

• Potential levels of offerings

– Set the playing field

– Designate a "HISP of Last Resort"

Provide core services to HISPs

Be the HISP


Potential Levels of Offerings

• Set the playing field

– Certifying or Qualifying HISP entities

– Establish minimum service and interoperability requirements for "network of networks"

– Serve as matchmaker (Vendor marketplace)


• Establishing and maintaining a governance operation

• Establishing a certification or qualification process

Revenue Options

• Registration/certification fees for

HISP vendors


Potential Levels of Offerings

• Designate a “HISP of Last Resort”

– Level playing field plus...

– Contract with one or several HISP vendors that will provide services to any provider

– Provide vouchers to help cover the costs for providing

HISP services to underserved areas where market drivers don't justify investment


• Establishing and maintaining a governance operation

• Establishing a certification or qualification process

• Vouchers

Revenue Options

• Registration/certification fees for

HISP vendors

• Sponsoring state agency where current process is replaced by

Direct-mediated service


Potential Levels of Offerings

• Provide core services to HISPs

– Level playing field plus...

– State-level provider directory services

– Certificate Authority provision

– Customers = HISP vendors


• Level playing field plus...

• Development and maintenance of provider directory and CA service

• Customer support services

Revenue Options

• Registration/certification fees for

HISP vendors

• Provider directory access


Potential Levels of Offerings

• Be the HISP

– Contract with a single vendor to provide statewide services

– Provide HISP services directly as the state or SDE

(for those states with infrastructure already in place)

– Customers = Providers


• Provider directory

• Certificate authority

• Network services

• Customer support services

Revenue Options

• Subscription or membership fees

• Transaction-based fees


Key Issues

• Establishing trust

• Contractual and legal agreements

• Compliance with HIPAA

• Risk assessment and mitigation

• Encryption

• Certificate issuance, management, discovery

• Transparency

• Minimum necessary

• Separation of functions


Questions for you

• How is your state or SDE intending to ensure that providers in your state have access to

HISP services?

• What approaches to contracting with HISP vendors are you currently employing or planning to employ?


What goes into a RFP?

• General terms and conditions

– These will not typically change from one RFP to another.

• Special terms and conditions

– Assuming that states build their RFP off of a shared template, states will be able to select the options that work for them from a set of special terms and conditions.

• Scope of work/services

– These are typically completed by the contract monitor or state point of contact.


What goes into a RFP cont…

• Specifications based on extensive input from stakeholders

• A clear vision of the tasks the HIE will perform

• Well-defined technical expectations

• Maintenance and upgrade needs

• Vendor must be cooperative and flexible to adapt to technological and administrative changes

• Build performance metrics and milestones into contracts

• Include general timeframes and costs


Key questions to ask HISP vendors

• Describe your applicable credentials, certifications and experience.

• Are you on the state's preferred vendor list?

• Does your solution/service meet all applicable state and federal laws?

• How does your solution/service accommodate our particular state requirements?

• Describe your existing privacy, security safeguards including your security plan.

• Does your solution describe your approach to connecting to other HISPs?


Key questions to ask HISP vendors

• Describe your planned outreach efforts for new providers.

• Are you a member/participant of the Direct


• Does your solution/service comply with the principles of the HHS Privacy and Security


• Does your solution comply with standards of the

PCI Security Standards Council?


Rhode Island Quality Institute


Rhode Island Quality Institute

What the Rhode Island Quality Institute is working to achieve:

• Leverage this state’s unique characteristics to demonstrate how the health care system can be improved through collaborative innovation

• Foster connectivity between and among the health care team and the patient

• Increase accuracy, responsiveness, and effectiveness in health care by using technology to standardize, streamline, and speed up the retrieval and delivery of patient data statewide

• Help the health care team consistently deliver care that is based on best-known practices

• Create a system that inspires and rewards improved professional performance


RIQI’s Approach to HISP Services

Recall from earlier RIQI’s approach to implementation, specifically a convener for a market-based approach to connecting providers and HISP vendors:

How is RIQI contracting with

HISP to enable these key tenets?



Distributed via PDF and an online form on the


Evaluation categories include:

• Basic business information (demographics, size, product lines)

• RI REC requirements (discounts, support processes)

• Financial information (revenue, ownership)

• Direct Project contribution (community/pilot involvement)

• Minimum HISP specifications (best practices, functionality)

• Technology system specifications (processes, infrastructure)

• Additional information (free text)

Opportunities for Reuse:

• HISP contacts and communications

• Application-to-Participate

• Scoring tool


HISP Vendors

The following HISP vendors expressed interest in participating and have received the Application-to-Participate:


OHIP Presentation

OHIP HIE: Snapshot

200 TouchPoints Grant Collaboration

Provide support for HealthBridge’s Beacon and

REC grant programs to ensure that Ohio is successf ul in all its programs

Addressing the Gaps

Increasing ePrescribing

Increasing Hospital Lab Orders

Continuity of Care Documents

Business Partner Program

For those EHR vendors who were not chosen as pref erred vendors, this program of f ers them the ability to agree to OHIP HIE protocols to produce 1 consistent interf ace f or each vendor

Direct Project Participant


Open Provider Directory

Consent Management

Certif icate Authority

Multi-State Collaborative

• Part of a workgroup w/ NY, NJ, MA,


• Leading a workgroup w/ CO, MS, DE and VT

5 Preferred EHR


Allscripts eClinicalWorks eMDs



• EHR Loan Program

• Welch Allyn EHR


• ProOhio Program

7 Regional Partners


OHIP HIE: Phased Strategy


OHIP HIE: Contracted Services

• Secure email messaging to known and trusted providers

• Tightly –controlled provider verification process that assigns addresses to authenticated providers

• Enable a provider’s ability to obtain patient consent prior to reviewing a secure message

• Providers can exchange with any Direct provisioned user (not limited to OHIP)

• OHIP will serve as vendor Direct Pilot Community


OHIP HIE: HISP-related Costs

• Certifying HISPs in state

– Identification and expectations for SDEs

• Privacy and security

– Cost to support consent management layer

– SDE liability in Direct framework

• Depth and width of provider directory

– Extent of validation and related liability

– Maintenance of provider directory(s)

• Cost to providers

– EHR or HISP vendor purchases or upgrades to support framework


OHIP HIE: Special Challenges

• Stringent consent requirements concerning the viewing of patient data

• Unknown issues surrounding large scale implementation of digital certificates and certificate management

• Required conversion between SMTP and

XDR/XDM messages

• Liability issues of conversion and delivery


NeHII Presentation


• NeHII, Inc.

– Statewide HIE in Nebraska

• Role of HIO Shared Services, Inc.

– Subsidiary of NeHII, Inc.

– Established product roadmap

– Service provider for NeHII and external clients

– Health Information Services Provider (HISP)

• Transport, routing, certificates for lines of service

• Services

– Legal, security, assessment



• Policy HISP Services

– The criticality of managing trust

– Interoperability of transport

– Transparency in operational policies

– Certificates and identify management

– Evaluate and asses trust in other exchanges

– Direct enabling

– Certificate discoverability


Questions Worth Asking

• What is the primary component of a HISP?

• What did Nebraska consider for the HISP model?

• Will I be able to communicate with other entities with separate HISP providers?

• What are considerations for working with a HISP?

• Am I going to be able to exchange secure messages to HIEs, HIE Participants, and other providers?


Business Model

• Fee for Service Business Model

– Provider directory

– Certificate authority

– Direct messaging

• Cost Models – ROI Based

– Subscription model

– Transaction model

– HIE-based model