Session 7
April 13, 2010

• Introduction
– Potential levels of offerings
– Key issues
– Key questions for you
– Elements of the RFP
– Key questions to ask vendors
• Panelists
– Greg Chittim, Rhode Island Quality Institute Consultant; Director of Provider Services, Arcadia Solutions
– Fred Richards, COO/CIO, Ohio Health Information Partnership
LLC
– Christopher M. Henkenius, Program Director, NeHII, Inc.
• Q&A
• Poll
2

...That may be the question, but the answer is not so simple
• Potential levels of offerings
– Set the playing field
– Designate a "HISP of Last Resort"
–
–
Provide core services to HISPs
Be the HISP
3

• Set the playing field
– Certifying or Qualifying HISP entities
– Establish minimum service and interoperability requirements for "network of networks"
– Serve as matchmaker (Vendor marketplace)
Costs
• Establishing and maintaining a governance operation
• Establishing a certification or qualification process
Revenue Options
• Registration/certification fees for
HISP vendors
4

• Designate a “HISP of Last Resort”
– Level playing field plus...
– Contract with one or several HISP vendors that will provide services to any provider
– Provide vouchers to help cover the costs for providing
HISP services to underserved areas where market drivers don't justify investment
Costs
• Establishing and maintaining a governance operation
• Establishing a certification or qualification process
• Vouchers
Revenue Options
• Registration/certification fees for
HISP vendors
• Sponsoring state agency where current process is replaced by
Direct-mediated service
5

• Provide core services to HISPs
– Level playing field plus...
– State-level provider directory services
– Certificate Authority provision
– Customers = HISP vendors
Costs
• Level playing field plus...
• Development and maintenance of provider directory and CA service
• Customer support services
Revenue Options
• Registration/certification fees for
HISP vendors
• Provider directory access
6

• Be the HISP
– Contract with a single vendor to provide statewide services
– Provide HISP services directly as the state or SDE
(for those states with infrastructure already in place)
– Customers = Providers
Costs
• Provider directory
• Certificate authority
• Network services
• Customer support services
Revenue Options
• Subscription or membership fees
• Transaction-based fees
7

• Establishing trust
• Contractual and legal agreements
• Compliance with HIPAA
• Risk assessment and mitigation
• Encryption
• Certificate issuance, management, discovery
• Transparency
• Minimum necessary
• Separation of functions
8

• How is your state or SDE intending to ensure that providers in your state have access to
HISP services?
• What approaches to contracting with HISP vendors are you currently employing or planning to employ?
9

• General terms and conditions
– These will not typically change from one RFP to another.
• Special terms and conditions
– Assuming that states build their RFP off of a shared template, states will be able to select the options that work for them from a set of special terms and conditions.
• Scope of work/services
– These are typically completed by the contract monitor or state point of contact.
10

• Specifications based on extensive input from stakeholders
• A clear vision of the tasks the HIE will perform
• Well-defined technical expectations
• Maintenance and upgrade needs
• Vendor must be cooperative and flexible to adapt to technological and administrative changes
• Build performance metrics and milestones into contracts
• Include general timeframes and costs
11

• Describe your applicable credentials, certifications and experience.
• Are you on the state's preferred vendor list?
• Does your solution/service meet all applicable state and federal laws?
• How does your solution/service accommodate our particular state requirements?
• Describe your existing privacy, security safeguards including your security plan.
• Does your solution describe your approach to connecting to other HISPs?
12

• Describe your planned outreach efforts for new providers.
• Are you a member/participant of the Direct
Project?
• Does your solution/service comply with the principles of the HHS Privacy and Security
Framework?
• Does your solution comply with standards of the
PCI Security Standards Council?
13

What the Rhode Island Quality Institute is working to achieve:
• Leverage this state’s unique characteristics to demonstrate how the health care system can be improved through collaborative innovation
• Foster connectivity between and among the health care team and the patient
• Increase accuracy, responsiveness, and effectiveness in health care by using technology to standardize, streamline, and speed up the retrieval and delivery of patient data statewide
• Help the health care team consistently deliver care that is based on best-known practices
• Create a system that inspires and rewards improved professional performance
15

Recall from earlier RIQI’s approach to implementation, specifically a convener for a market-based approach to connecting providers and HISP vendors:
How is RIQI contracting with
HISP to enable these key tenets?
16

Distributed via PDF and an online form on the www.docEHRtalk.org
website
Evaluation categories include:
• Basic business information (demographics, size, product lines)
• RI REC requirements (discounts, support processes)
• Financial information (revenue, ownership)
• Direct Project contribution (community/pilot involvement)
• Minimum HISP specifications (best practices, functionality)
• Technology system specifications (processes, infrastructure)
• Additional information (free text)
Opportunities for Reuse:
• HISP contacts and communications
• Application-to-Participate
• Scoring tool
17

The following HISP vendors expressed interest in participating and have received the Application-to-Participate:
18

200 TouchPoints Grant Collaboration
Provide support for HealthBridge’s Beacon and
REC grant programs to ensure that Ohio is successf ul in all its programs
•
•
•
Addressing the Gaps
Increasing ePrescribing
Increasing Hospital Lab Orders
Continuity of Care Documents
Business Partner Program
For those EHR vendors who were not chosen as pref erred vendors, this program of f ers them the ability to agree to OHIP HIE protocols to produce 1 consistent interf ace f or each vendor
Direct Project Participant
•
•
•
• HISP
Open Provider Directory
Consent Management
Certif icate Authority
Multi-State Collaborative
• Part of a workgroup w/ NY, NJ, MA,
CA
• Leading a workgroup w/ CO, MS, DE and VT
•
•
•
•
•
5 Preferred EHR
Vendors
Allscripts eClinicalWorks eMDs
NextGen
Sage
• EHR Loan Program
• Welch Allyn EHR
Tool
• ProOhio Program
7 Regional Partners
20

21

• Secure email messaging to known and trusted providers
• Tightly –controlled provider verification process that assigns addresses to authenticated providers
• Enable a provider’s ability to obtain patient consent prior to reviewing a secure message
• Providers can exchange with any Direct provisioned user (not limited to OHIP)
• OHIP will serve as vendor Direct Pilot Community
22

• Certifying HISPs in state
– Identification and expectations for SDEs
• Privacy and security
– Cost to support consent management layer
– SDE liability in Direct framework
• Depth and width of provider directory
– Extent of validation and related liability
– Maintenance of provider directory(s)
• Cost to providers
– EHR or HISP vendor purchases or upgrades to support framework
23

• Stringent consent requirements concerning the viewing of patient data
• Unknown issues surrounding large scale implementation of digital certificates and certificate management
• Required conversion between SMTP and
XDR/XDM messages
• Liability issues of conversion and delivery
24

• NeHII, Inc.
– Statewide HIE in Nebraska
• Role of HIO Shared Services, Inc.
– Subsidiary of NeHII, Inc.
– Established product roadmap
– Service provider for NeHII and external clients
– Health Information Services Provider (HISP)
• Transport, routing, certificates for lines of service
• Services
– Legal, security, assessment
26

• Policy HISP Services
– The criticality of managing trust
– Interoperability of transport
– Transparency in operational policies
– Certificates and identify management
– Evaluate and asses trust in other exchanges
– Direct enabling
– Certificate discoverability
27

• What is the primary component of a HISP?
• What did Nebraska consider for the HISP model?
• Will I be able to communicate with other entities with separate HISP providers?
• What are considerations for working with a HISP?
• Am I going to be able to exchange secure messages to HIEs, HIE Participants, and other providers?
28

• Fee for Service Business Model
– Provider directory
– Certificate authority
– Direct messaging
• Cost Models – ROI Based
– Subscription model
– Transaction model
– HIE-based model
29

31