Transcript Session 7_Direct Boot Camp_Contracting for HISP

Contracting for HISP Services
Session 7
April 13, 2010
Agenda
• Introduction
– Potential levels of offerings
– Key issues
– Key questions for you
– Elements of the RFP
– Key questions to ask vendors
• Panelists
– Greg Chittim, Rhode Island Quality Institute Consultant; Director
of Provider Services, Arcadia Solutions
– Fred Richards, COO/CIO, Ohio Health Information Partnership
LLC
– Christopher M. Henkenius, Program Director, NeHII, Inc.
• Q&A
• Poll
2
To HISP or not to HISP….
...That may be the question, but
the answer is not so simple
• Potential levels of offerings
– Set the playing field
– Designate a "HISP of Last Resort"
– Provide core services to HISPs
– Be the HISP
3
Potential Levels of Offerings
• Set the playing field
– Certifying or Qualifying HISP entities
– Establish minimum service and interoperability
requirements for "network of networks"
– Serve as matchmaker (Vendor marketplace)
Costs
•
•
Establishing and maintaining a
governance operation
Establishing a certification or
qualification process
Revenue Options
•
Registration/certification fees for
HISP vendors
4
Potential Levels of Offerings
• Designate a “HISP of Last Resort”
– Level playing field plus...
– Contract with one or several HISP vendors that will
provide services to any provider
– Provide vouchers to help cover the costs for providing
HISP services to underserved areas where market
drivers don't justify investment
Costs
•
•
•
Establishing and maintaining a
governance operation
Establishing a certification or
qualification process
Vouchers
Revenue Options
•
•
Registration/certification fees for
HISP vendors
Sponsoring state agency where
current process is replaced by
Direct-mediated service
5
Potential Levels of Offerings
• Provide core services to HISPs
– Level playing field plus...
– State-level provider directory services
– Certificate Authority provision
– Customers = HISP vendors
Costs
•
•
•
Level playing field plus...
Development and maintenance
of provider directory and CA
service
Customer support services
Revenue Options
•
•
Registration/certification fees for
HISP vendors
Provider directory access
6
Potential Levels of Offerings
• Be the HISP
– Contract with a single vendor to provide statewide services
– Provide HISP services directly as the state or SDE
(for those states with infrastructure already in place)
– Customers = Providers
Costs
•
•
•
•
Provider directory
Certificate authority
Network services
Customer support services
Revenue Options
•
•
Subscription or membership
fees
Transaction-based fees
7
Key Issues
•
•
•
•
•
•
•
•
•
Establishing trust
Contractual and legal agreements
Compliance with HIPAA
Risk assessment and mitigation
Encryption
Certificate issuance, management, discovery
Transparency
Minimum necessary
Separation of functions
8
Questions for you
• How is your state or SDE intending to ensure
that providers in your state have access to
HISP services?
• What approaches to contracting with HISP
vendors are you currently employing or
planning to employ?
9
What goes into a RFP?
• General terms and conditions
– These will not typically change from one RFP to another.
• Special terms and conditions
– Assuming that states build their RFP off of a shared
template, states will be able to select the options that work
for them from a set of special terms and conditions.
• Scope of work/services
– These are typically completed by the contract monitor or
state point of contact.
10
What goes into a RFP cont…
• Specifications based on extensive input from
stakeholders
• A clear vision of the tasks the HIE will perform
• Well-defined technical expectations
• Maintenance and upgrade needs
• Vendor must be cooperative and flexible to adapt to
technological and administrative changes
• Build performance metrics and milestones into
contracts
• Include general timeframes and costs
11
Key questions to ask HISP vendors
• Describe your applicable credentials, certifications
and experience.
• Are you on the state's preferred vendor list?
• Does your solution/service meet all applicable state
and federal laws?
• How does your solution/service accommodate our
particular state requirements?
• Describe your existing privacy, security safeguards
including your security plan.
• Does your solution describe your approach to
connecting to other HISPs?
12
Key questions to ask HISP vendors
• Describe your planned outreach efforts for new
providers.
• Are you a member/participant of the Direct
Project?
• Does your solution/service comply with the
principles of the HHS Privacy and Security
Framework?
• Does your solution comply with standards of the
PCI Security Standards Council?
13
Rhode Island Quality Institute
Presentation
Rhode Island Quality Institute
What the Rhode Island Quality Institute is working to achieve:
• Leverage this state’s unique characteristics to demonstrate
how the health care system can be improved through
collaborative innovation
• Foster connectivity between and among the health care team
and the patient
• Increase accuracy, responsiveness, and effectiveness in
health care by using technology to standardize, streamline,
and speed up the retrieval and delivery of patient data
statewide
• Help the health care team consistently deliver care that is
based on best-known practices
• Create a system that inspires and rewards improved
professional performance
15
RIQI’s Approach to HISP Services
Recall from earlier RIQI’s approach to implementation, specifically a convener for a market-based
approach to connecting providers and HISP vendors:
How is RIQI
contracting with
HISP to enable
these key tenets?
16
Application-to-Participate
Distributed via PDF and an online form on the www.docEHRtalk.org website
Evaluation categories include:
• Basic business information (demographics, size, product lines)
• RI REC requirements (discounts, support processes)
• Financial information (revenue, ownership)
• Direct Project contribution (community/pilot involvement)
• Minimum HISP specifications (best practices, functionality)
• Technology system specifications (processes, infrastructure)
• Additional information (free text)
Opportunities for Reuse:
• HISP contacts and communications
• Application-to-Participate
• Scoring tool
17
HISP Vendors
The following HISP vendors expressed interest in participating
and have received the Application-to-Participate:
18
OHIP Presentation
OHIP HIE: Snapshot
200 TouchPoints
Business Partner Program
For those EHR vendors who were not chosen as
pref erred vendors, this program of f ers them the
ability to agree to OHIP HIE protocols to produce 1
consistent interf ace f or each vendor
5 Preferred EHR
Vendors
•
•
•
•
•
Allscripts
eClinicalWorks
eMDs
NextGen
Sage
Addressing the Gaps
Grant Collaboration
Provide support f or HealthBridge’s Beacon and
REC grant programs to ensure that Ohio is
successf ul in all its programs
Direct Project Participant
•
•
•
•
HISP
Open Provider Directory
Consent Management
Certif icate Authority
• EHR Loan Program
• Welch Allyn EHR
Tool
• ProOhio Program
•
•
•
Increasing ePrescribing
Increasing Hospital Lab Orders
Continuity of Care Documents
Multi-State Collaborative
•
•
Part of a workgroup w/ NY, NJ, MA,
CA
Leading a workgroup w/ CO, MS, DE
and VT
7 Regional Partners
20
OHIP HIE: Phased Strategy
21
OHIP HIE: Contracted Services
• Secure email messaging to known and trusted
providers
• Tightly –controlled provider verification process that
assigns addresses to authenticated providers
• Enable a provider’s ability to obtain patient consent
prior to reviewing a secure message
• Providers can exchange with any Direct provisioned
user (not limited to OHIP)
• OHIP will serve as vendor Direct Pilot Community
22
OHIP HIE: HISP-related Costs
• Certifying HISPs in state
– Identification and expectations for SDEs
• Privacy and security
– Cost to support consent management layer
– SDE liability in Direct framework
• Depth and width of provider directory
– Extent of validation and related liability
– Maintenance of provider directory(s)
• Cost to providers
– EHR or HISP vendor purchases or upgrades to support
framework
23
OHIP HIE: Special Challenges
• Stringent consent requirements concerning the
viewing of patient data
• Unknown issues surrounding large scale
implementation of digital certificates and
certificate management
• Required conversion between SMTP and
XDR/XDM messages
• Liability issues of conversion and delivery
24
NeHII Presentation
Introduction
• NeHII, Inc.
– Statewide HIE in Nebraska
• Role of HIO Shared Services, Inc.
–
–
–
–
Subsidiary of NeHII, Inc.
Established product roadmap
Service provider for NeHII and external clients
Health Information Services Provider (HISP)
• Transport, routing, certificates for lines of service
• Services
– Legal, security, assessment
26
Trust
• Policy HISP Services
–
–
–
–
–
–
–
The criticality of managing trust
Interoperability of transport
Transparency in operational policies
Certificates and identify management
Evaluate and asses trust in other exchanges
Direct enabling
Certificate discoverability
27
Questions Worth Asking
• What is the primary component of a HISP?
• What did Nebraska consider for the HISP model?
• Will I be able to communicate with other entities with
separate HISP providers?
• What are considerations for working with a HISP?
• Am I going to be able to exchange secure
messages to HIEs, HIE Participants, and other
providers?
28
Business Model
• Fee for Service Business Model
– Provider directory
– Certificate authority
– Direct messaging
• Cost Models – ROI Based
– Subscription model
– Transaction model
– HIE-based model
29
Q&A
Poll
31