North Carolina Health Information Exchange Governance Workgroup Date: March 3, 2011 Time: 12:00 pm – 2:00 pm Location: NC Hospital Association Dial in: ; Participant Code: #
2 Agenda TopicLeadsTime Welcome Roll call Review progress to date and today’s objectives Co-Chairs12:00 – 12:10 Overview of Emerging Models for Governance of Qualified Organizations Perspectives on Emerging Models for Statewide HIE Business, Technical and Legal Relationships Manatt12:10 – 12:50 Development of Recommendations Related to Qualified Organizations (QOs) Selection Criteria Manatt12:50 – 1:45 Next StepsCo-Chairs & Manatt 1:45 – 1:50 Public CommentN/A1:50 – 2:00
3 Statewide HIE Governance...Primary Tasks 1. Who Will Participate in Statewide HIEStatus 1. Participation Model Board determined participation to be voluntary Board determined that participation would be through “Qualified Organizations” 2. Definition of Qualified Organization Board approved definition of a Qualified Organization Board approved principles for Qualified Organizations 3. Candidates for Qualified Organizations Workgroup and Board identified candidate types of organizations 4. Criteria for Qualified Organizations To be developed 2. Rules and Policies for ParticipationStatus 1. Participation Mechanism Board determined that Qualified Organizations must sign a participation agreement with NC HIE 2. Terms and Conditions To be developed and informed by Governance, Legal/Policy and Clinical/Technical Operations Workgroups 3. Enforcement and OversightStatus 1. Enforcement Approach Board determined that there will be a process and policies established for ongoing oversight 2. Enforcement and Oversight Roles and Responsibilities To be developed 3. Enforcement and Oversight Mechanisms To be developed
4 Statewide HIE Governance...Today’s Objectives Review Background & Contextual Information Emerging Statewide HIE Governance Models Business, Technical and Legal Relationships of QOs in Statewide HIE Begin Process of Developing Recommendations for QO Approach Selection Criteria (primary focus today) Process for Selecting Oversight and Enforcement of Obligations
5 Emerging Lessons from the Field Governance Models for Statewide HIE
6 National Perspective...Continuum of Governance Models from Federal Viewpoint In Feb 2011, ONC released report characterizing 4 models for governance of statewide HIE Orchestrator Elevator Public Utility Capacity- builder $ $ Overview: Rapid facilitation of directed exchange capabilities to support Stage 1 MU Overview: Bolstering sub-state exchanges thru financial & tech support, tied to performance goals Overview: Thin-layer state-level network to connect existing sub-state exchanges Overview: Statewide HIE provides wide spectrum of HIE services directly to end-users and to sub-state exchanges Preconditions: Multiple nodes of exchange cover large portion of state High level of exchange within nodes but little across nodes Strong backing by state government and/or strong stakeholder buy-in Preconditions: Operational state-level entity Strong stakeholder buy-in State government authority and financial support Existing staff capacity Preconditions: Sub-state nodes exist, but capacity needs to be built to meet Stage 1 MU Nodes are not connected No existing statewide exchange entity Preconditions: Little to no exchange activity Many providers and data trading partners that have limited HIT capabilities If HIE activity exists, no cross entity exchange States in This Category: IL, IA, OH, WI States in This Category: IN, MI, NJ, TX States in This Category: CA, FL, MA, MO, NH, NY, NC, OR, TN, WA States in This Category: DE, ID, MD, ME, NE, NM, RI, SC, UT, VT
7 Orchestrat or State-level network that connects sub-state exchanges ONC “Orchestrator Model”: Many elements consistent with North Carolina’s Vision for Statewide HIE Organization Technical Legal/policy Criteria to define, monitor, enforce “qualified organizations” for state-level exchange Strategy to connect end-users not affiliated with a sub-state exchange or white space may leverage sub-state nodes Does not typically include state-level service provision to end-users directly, only through sub-state networks Light layer state-level policy infrastructure to allow minimum necessary alignment for statewide exchange Phase 1 includes focus on directed exchange (“push”) to connect sub-state networks in alignment with Stage 1 MU requirements; common core services include: (1) messaging hub, (2) security services, (3) provider directory. Phase 2, North Carolina will include expansion of core infrastructure to support query/retrieve (“pull”) of patient data and other value-added services such as data aggregation, analytics, or patient access to information according to market demand and buy-in Risks Dependency on sub-state nodes for state-level sustainability Potential lack of coverage of un-tethered providers/white space Potential for heterogeneity in HIE across state (service levels, pricing, etc.)
8 NC HIE Operations and Governance Model Must Balance Challenging, Overlapping Priorities The NC HIE Board adopted a model that would allow eligible Qualified Organizations to link into a Statewide HIE that may both operate some services directly and provide governance and policy oversight to additional shared services if/as applicable. In developing an operational HIE, NC HIE governance and business operations must strike a balance among overlapping priorities: Providing maximum participant value Developing cost effective model Leveraging existing infrastructure as possible and appropriate (new technologies will always be disruptive – imperative is to be strategic and responsible when disruptive) Ensuring administrative efficiency at the NC HIE corporate level Ensuring highest feasible level of security Allowing multiple “on-ramps” for access to network to account for different types of providers and other participating entities Minimizing workflow burden for participants as possible
9 Qualified Organizations Business, Technical & Legal Relationships
10 Statewide HIE Components North Carolina Health Information Exchange (NC HIE) –NC HIE is North Carolina’s public-private partnership that supports an open and transparent, statewide, collaborative process which creates statewide policy guidance (i.e., “rules of the road”) for the statewide HIE network –NC HIE provides core technology services and selected “value-added” services accessible via the statewide HIE network. State of North Carolina –The State of North Carolina, working through the NC State HIT Coordinator and its various Departments, (1) identifies and protects the public interest through its regulatory roles, (2) collects, stores, and provides access to health information in support of its various missions, such as Medicaid and public health, and (3) supports efforts to obtain public funds for HIE. Statewide Policy Guidance –Statewide Policy Guidance provides a common and consistent technical, privacy, security, and legal framework for participants in HIE and ensures the secure, interoperable exchange of data through the statewide network. –Statewide Policy Guidance typically includes: (1) detailed rules for privacy and security, technical interoperability, and financial obligations; (2) vendor contract requirements; (3) ongoing governance structure and participation; and (4) enforcement mechanisms.
11 Qualified Organization (QO)* –QOs are entities that have permission to access, consume and make available HIE services on the statewide HIE network. –QOs meet a set of established criteria, have gone through an approval process, and have signed agreements to abide by Statewide Policy Guidance. –QOs ensure that participants and vendors with which they have contracts meet the requirements to carry out statewide policies. Qualified Organization Participant –A provider or entity that participates in the statewide network through a QO. Statewide HIE Components (continued) *Note: As the Work Group develops criteria and requirements for QOs, it will be important to consider access to the statewide HIE network through means other than Qualified Organizations.
12 Core HIE Services –Foundational services hosted by NC HIE that facilitate exchange health information across organizational boundaries, such that multiple entities can: Identify and locate each other in a manner they both trust; Reconcile the identity of the individual patient to whom the information pertains; Exchange information in a secure manner Statewide HIE Components (continued) Provider Directory Message / Record Routing / Return Receipt Identity Management and Authentication NHIN Gateway Security Services Transaction LoggingConsent Management Terminology ServiceTransformation Service Patient Matching / RLS Immuniz Access Lab Normalization Med Hx Lab Results Delivery Rad Results Delivery CCD Exchange Lab routing for reporting Quality Reporting Procedure Results Delivery Rad Image Delivery CCD Translation Access to Aggregated Data Clinical Decision Support Disease Surveillance Value-Added HIE Services –Services that support the clinical priorities and use cases to help providers, patients, and care givers improve the safety, quality, and cost effectiveness of heath care. –Value-added services will be accessible via core services –Value-added Services can be offered at the state, regional, or enterprise level. –Value-Added services will be incrementally deployed based on feasibility, cost, and magnitude of benefits Phase 1 Value Added Services proposed in Operational Plan Phase 2 Value-Added Services proposed in Operational Plan Final decision regarding phased implementation will be informed by forthcoming statewide HIE RFP
13 Technical Relationships: Core HIE Services, QOs, & QO Participants Provider Directory Message / Record Routing / Return Receipt Identity Management and Authentication NHIN Gateway Security ServicesTransaction Logging Consent ManagementTerminology ServiceTransformation ServicePatient Matching / RLS Large Hospital System Physician Practice Physicians (IPA, PHO, PO) Regional HIO Hospital Physician Practice Example QOs... Example QO Participants... Key Points: *Core services provide a foundation for identifying QOs, ensuring security, and providing a gateway to other QOs and additional HIE services *QOs link to core services by conformance to interoperability specifications *QOs provide a gateway to core services for their participants Key Points: *Core services provide a foundation for identifying QOs, ensuring security, and providing a gateway to other QOs and additional HIE services *QOs link to core services by conformance to interoperability specifications *QOs provide a gateway to core services for their participants NC HIE
14 Provider Directory Message / Record Routing / Return Receipt Identity Management and Authentication NHIN Gateway Security ServicesTransaction Logging Consent ManagementTerminology ServiceTransformation ServicePatient Matching / RLS Large Hospital System Physician Practice Physicians (IPA, PHO, PO) Hospital Physician Practice Technical Relationships: Value-added Services, QOs, & QO Participants Large Hospital System Physician Practice NC Immunization Registry 3. CCD Translation Key Points: *Value-added Services are available to network participants and can be hosted by different entities. For example: 1.NC HIE could host a CCD Exchange service 2.The Dept of Health could host an Immunization Access service 3.A QO could host a CCD Translation service *Based on considerations of efficiency and practicality, the NC HIE Tech/Clinical Ops Work Group continues to evaluate the ideal location for Value-added Services Key Points: *Value-added Services are available to network participants and can be hosted by different entities. For example: 1.NC HIE could host a CCD Exchange service 2.The Dept of Health could host an Immunization Access service 3.A QO could host a CCD Translation service *Based on considerations of efficiency and practicality, the NC HIE Tech/Clinical Ops Work Group continues to evaluate the ideal location for Value-added Services NC HIE 1. CCD Exchange 2. Immuniz Access Regional HIO
15 Policy/Contractual Relationships: Interconnecting Participants State of North Carolina Provides Input Manages Work Groups Statewide Policy Guidance* * Statewide Policy Guidance will be approved by NC HIE Board Governance Clinical/Tech Ops Finance Legal/Policy NC HIE Qualified Organization QO Participant HIE Vendor EHR Vendor Provides access to data Contract for access to HIE services Contracts for Technical services Abide Statewide Policy Guidance Contract for technical services Output Abide Statewide Policy Guidance HIE Vendor Contract for technical services Abide Statewide Policy Guidance Contracts for access to HIE services, with reciprocating agreement to abide by Statewide Policy Guidance
16 Criteria for Qualified Organizations
17 Proposed Selection Criteria for Qualified Organizations (STRAWMAN – FOR DISCUSSION ONLY) 1.Organized as a non-profit or for-profit corporation with a certificate of good standing. 2.Agree to comply with Statewide Policy Guidance (including technical specifications and privacy and security requirements) and ensure QO participants comply with them. 3.Agree to comply with “fair information” policy principles and require that QO participants comply with them. 4.Provide list of current participants and plan for adding more participants. 5.Submit a Program Plan that describes specific activities in which the QO will engage (e.g., provider outreach, managing agreements with participants). 6.Obtain the required insurance in amounts specified by the NC HIE Board. 7.Submit financial statement showing minimum net worth of amount determined by NC HIE. Important Topics to Consider in Selection of Criteria Extent to which criteria limit entities that could serve as QOs Establishing and maintaining overall system efficiency Understanding the administrative implications of compliance Important Topics to Consider in Selection of Criteria Extent to which criteria limit entities that could serve as QOs Establishing and maintaining overall system efficiency Understanding the administrative implications of compliance
18 1. QO is organized as a non-profit or for-profit corporation with a certificate of good standing Implementation Considerations QO applicants would submit articles of incorporation and certificates. Additional Issues/Questions Is it important to distinguish between non- and for-profit organizational tax status? Should QOs be limited to organizations that are either provider or payer entities? Work Group Preliminary Recommendation AcceptRejectFurther Development Required
19 2. Compliance with Statewide Policy Guidance (including tech specifications and privacy & security requirements) and ensure QO participants’ compliance Implementation Considerations Criterion is consistent with NC HIE principle that “Qualified Organizations will have a participation agreement/contract with the Statewide HIE, binding participants to compliance with the Statewide HIE’s policy guidance and rules...” QO applicant will need to conduct a test that demonstrates the entities capabilities to access and consume statewide HIE services in accordance with agreed upon technical specifications. Additional Issues/Questions TBD Work Group Preliminary Recommendation AcceptRejectFurther Development Required
20 3. Agree to comply with “fair information” policy principles and require that QO participants comply with them Implementation Considerations NC HIE will need to define “fair information” policy principles. Fair information policy principles in other states include: –Commitment to Share Information with other QOs –Commitment to Population and Public Health –Individual Choice –Collection, Use, and Disclosure Limitation (e.g., QOs will collect, use, and/or disclose individually identifiable information only to the extent necessary to accomplish a specified purpose(s) and never to discriminate inappropriately) –Data Quality and Integrity (e.g., QOs will take reasonable steps to ensure that individually identifiable health information is complete, accurate, up-to-date to the extent necessary for the patient’s or QO’s intended purposes and has not been altered or destroyed). Additional Issues/Questions TBD Work Group Preliminary Recommendation AcceptRejectFurther Development Required
21 4. Provide list of current participants and plan for adding more participants Implementation Considerations NC HIE will need to define the information that QOs will be required to collect from their participants. NC HIE will need to define the periodicity of the updating the list of participants (i.e., will participation lists be updated periodically or immediately upon the addition or removal of participants?) Additional Issues/Questions What constitutes participation? Is it access to the QOs services or actual use? What level of rigor will be applied to measuring the credibility of plans for adding more participants? Should there be a minimum threshold for number of QO participants? Should there be prescribed limits on the rates charged to QO participants? Work Group Preliminary Recommendation AcceptRejectFurther Development Required
22 5. Submit a Program Plan that describes specific activities in which the QO will engage Implementation Considerations Potential activities that QOs could be required to address include: 1.Marketing the HIE and recruiting participants 2.Enrolling and billing participants for QO and HIE services 3.Collecting and maintaining agreements with their participants 4.Maintaining a help desk to field participant questions 5.Creating and maintaining fair grievance process 6.Allocate resources for participation in state-wide HIE collaborative process Additional Issues/Questions Should the Program Plan contain a mission statement which defines its goals/objectives with regard to information sharing in the state of North Carolina? How frequently will a QO’s Program Plan be assessed? Work Group Preliminary Recommendation AcceptRejectFurther Development Required
23 6. Obtain insurance in amounts specified by the NC HIE Board Implementation Considerations Insurance products could include: –Directors and officers insurance –Cyber-liability insurance Additional Issues/Questions TBD Work Group Preliminary Recommendation AcceptRejectFurther Development Required
24 7. Submit financial statement showing minimum net worth Implementation Considerations Establishing a reasonable threshold will be essential to ensure that this criterion isn’t overly restrictive. Additional Issues/Questions Are there QO candidates that wouldn’t disclose their financial statements? Work Group Preliminary Recommendation AcceptRejectFurther Development Required
25 Next Steps
26 Governance Workgroup – Next Steps Finalize Qualified Organization selection criteria recommendation for Board Develop recommendations related to selection process. High level overview of steps might include: –NC HIE establishes application process for interested entities. –NC HIE establishes application review process. –Those entities that meet the selection criteria are provisionally qualified for specified period of time. –Board may change/strengthen criteria based on initial implementation experience. –NC HIE establishes ongoing re-qualification process. Develop recommendations related to enforcement and oversight: –Define Metrics –Create evaluation process (ongoing compliance) –Establish processes for Dispute resolution Organizations seeking to voluntarily rescind QO status Expulsion of non-compliant QOs
27 NC HIE Workgroups...Working Timelines JanFebMarAprMayJunJul Develop Qualified Org Criteria Qualified Organizations Participation Agreements Develop Participation Agreement Tasks Legal/Policy Workstream Finalize draft legislation 2011 Enforcement and Oversight Define Oversight Roles and Enforcement Mechanisms Develop RFPReview, Negotiate, Award Core Services Deploy Services Develop Privacy and Security Policy and Procedures
28 Public Comment
29 Attachments
30 Principles to Guide Development of Qualified Organizations 1.Workgroup recommends a Qualified Organization approach to participation in the NC statewide HIE. 2.The NCHIE should establish an application process for organizations that wish to participate as a Qualified Organizations. The Statewide HIE will need to verify Qualified Organizations (through a structured review or accreditation process). 3.Qualified Organizations will have a participation agreement/contract with the Statewide HIE, binding participants to compliance with the Statewide HIE’s policy guidance and rules and there will also be policies and processes in place to identify “bad actors” and terminate their participation. Accountability and enforcement of policies must be central in implementing this model. 4.Accepted Qualified Organizations would be able to connect to the Statewide HIE to access core and value-added services. The following principles were developed by the Work Group and endorsed by the NC HIE Board at its July 2010 meeting to guide the development of Qualified Organizations:
31 5.Participation in the Statewide HIE will be voluntary. If an organization elects to withdraw its participation, they will be subject to reasonable withdrawal rules and processes. 6.Statewide policy would include application process, privacy and security rules, technical rules, financial rules, vendor contract requirements, ongoing governance structure and participation and enforcement mechanisms. 7.The Statewide HIE should have a commitment to a principle of “ No Provider Left Behind ” and provide reasonable alternate pathways for eligible providers that are not part of a Qualified Organization to be able to participate. 8.The Workgroup recommends that the Clinical/Technical Operations and Finance Workgroups explore including an internet-based connection portal that clinicians could access in cases where participating through another Qualified Organization is not a possibility and suggested that the NCHIE should consider partnering with the Regional Extension Center for identification and outreach of those providers. Principles to Guide Development of Qualified Organizations
32 Approaches to Qualified Organization Criteria Mandatory –One set of mandatory criteria for all QOs –State example: Maryland Establishment of “Optional” Criteria –One set of mandatory criteria that all QOs (or categories of QOs) must meet; additional “optional” criteria –State example: Tennessee Creation of an Exceptions Process –One set of mandatory criteria for all QOs, ability to appeal for exceptions on a case- by-case basis or by stakeholder category –State example: Tennessee Tiering of Qualified Organizations –Data sharing partners are grouped by size, service level, and organization type, among other factors. Different criteria are applied to each group (or tier). For instance, small provider groups may be required to meet different criteria than large IDNs. –State example: Oregon