North Carolina Health Information ExchangeGovernance Workgroup
Date: March 31, 2011Time: 2:00 pm – 4:00 pm
Location: NC Respiratory Care1100 Navaho Drive, Suite 242, Raleigh, NC
Dial in: 1-866-922-3257; Participant Code: 654 032 36#
2
Agenda
Topic Leads Time
Welcome• Roll call• Review progress to date and today’s objectives
Co-Chairs 2:00 – 2:10
Development of Recommendations Related to Qualified Organizations (QOs) Selection Criteria
Co-Chairs & Manatt
2:10 – 3:45
Next Steps Co-Chairs & Manatt
3:45 – 3:50
Public Comment N/A 3:50 – 4:00
3
Statewide HIE Governance...Primary Tasks1. Who Will Participate in Statewide HIE Status1. Participation Model Board determined participation to be voluntary
Board determined that participation would be through “Qualified Organizations”
2. Definition of Qualified Organization Board approved definition of a Qualified Organization Board approved principles for Qualified Organizations
3. Candidates for Qualified Organizations Workgroup and Board identified candidate types of organizations4. Criteria for Qualified Organizations To be developed
2. Rules and Policies for Participation Status1. Participation Mechanism Board determined that Qualified Organizations must sign a
participation agreement with NC HIE2. Terms and Conditions To be developed and informed by Governance, Legal/Policy and
Clinical/Technical Operations Workgroups
3. Enforcement and Oversight Status1. Enforcement Approach Board determined that there will be a process and policies
established for ongoing oversight2. Enforcement and Oversight Roles and
ResponsibilitiesTo be developed
3. Enforcement and Oversight Mechanisms To be developed
4
Statewide HIE Governance...Today’s Objectives
Continue Process of Developing Recommendations for QO Approach Selection Criteria (today’s primary focus)
Review draft criteria recommendations made by Workgroup at last meeting
Continue development of recommendations for remaining selection criteria
Process for Selecting Oversight and Enforcement of Obligations
5
Criteria for Qualified Organizations
6
Proposed Selection Criteria for Qualified Organizations(STRAWMAN – FOR DISCUSSION ONLY)
1. Organized as a non-profit or for-profit corporation with a certificate of good standing.
2. Agree to comply with Statewide Policy Guidance (including technical specifications and privacy and security requirements) and ensure QO participants comply with them.
3. Agree to comply with “fair information” policy principles and require that QO participants comply with them.
4. Provide list of current participants and plan for adding more participants.
5. Submit a Program Plan that describes specific activities in which the QO will engage (e.g., provider outreach, managing agreements with participants).
6. Obtain the required insurance in amounts specified by the NC HIE Board.
7. Submit financial statement showing minimum net worth of amount determined by NC HIE.
Important Topics to Consider in Selection of Criteria Extent to which criteria limit entities that could serve as QOs Establishing and maintaining overall system efficiency Understanding the administrative implications of compliance
Important Topics to Consider in Selection of Criteria Extent to which criteria limit entities that could serve as QOs Establishing and maintaining overall system efficiency Understanding the administrative implications of compliance
7
Draft QO Criteria Recommendations fromWorkgroup’s March 3 Meeting
8
1. QO is organized as a non-profit or for-profit corporation with a certificate of good standing
Implementation Considerations• QO applicants would submit articles of incorporation and certificates.
Workgroup Recommendation: • QO participation should be open to both non-profit and for-profit
entities and selection criteria should not limit the types of organizations that can be a QO. – The definition of QOs and related criteria – at least at this phase – should
reflect that the main focus of QOs is to be an organizer/ aggregator of providers for the purposes of connecting them to the statewide network.
Work Group Preliminary Recommendation
Accept Reject Further Development Required
X
9
2. Compliance with Statewide Policy Guidance (including tech specifications and privacy & security requirements) and ensure QO participants’ compliance
Implementation Considerations• Criterion is consistent with NC HIE principle that “Qualified Organizations will have a
participation agreement/contract with the Statewide HIE, binding participants to compliance with the Statewide HIE’s policy guidance and rules...”
• QO applicant will need to conduct a test that demonstrates the entities capabilities to access and consume statewide HIE services in accordance with agreed upon technical specifications.
Workgroup Recommendation• QOs should be required to comply with Statewide Policy Guidance (including technical
specifications and privacy & security requirements) as well as ensure the compliance of QO participants with whom they have contracts.
Work Group Preliminary Recommendation
Accept Reject Further Development Required
X
10
3. Agree to comply with “fair information” policy principles and require that QO participants comply with them
Implementation Considerations• NC HIE will need to define “fair information” policy principles.
Workgroup Recommendation:• QOs should be required to comply with fair information policy
principles as well as ensure the compliance of QO participants with whom they have contracts; however, principles must be refined and carefully crafted so that they explicitly state related obligations.
Work Group Preliminary Recommendation
Accept Reject Further Development Required
X X
11
Additional Proposed Criteria for Discussion
12
4. Provide list of current participants and plan for adding more participants
Implementation Considerations• NC HIE will need to define the information that QOs will be required to collect from their
participants.
• NC HIE will need to define the periodicity of the updating the list of participants (i.e., will participation lists be updated periodically or immediately upon the addition or removal of participants?)
Additional Issues/Questions• What constitutes participation? Is it access to the QOs services or actual use?
• What level of rigor will be applied to measuring the credibility of plans for adding more participants?
• Should there be a minimum threshold for number of QO participants?
• Should there be prescribed limits on the rates charged to QO participants?
Work Group Preliminary Recommendation
Accept Reject Further Development Required
13
5. Submit a Program Plan that describes specific activities in which the QO will engage
Implementation Considerations• Potential activities that QOs could be required to address include:
1. Marketing the HIE and recruiting participants2. Enrolling and billing participants for QO and HIE services3. Collecting and maintaining agreements with their participants4. Maintaining a help desk to field participant questions5. Creating and maintaining fair grievance process6. Allocate resources for participation in state-wide HIE collaborative process
Additional Issues/Questions• Should the Program Plan contain a mission statement which defines its goals/objectives with
regard to information sharing in the state of North Carolina?
• How frequently will a QO’s Program Plan be assessed?
Work Group Preliminary Recommendation
Accept Reject Further Development Required
14
6. Obtain insurance in amounts specified by the NC HIE Board
Implementation Considerations• Insurance products could include:
– Directors and officers insurance– Cyber-liability insurance
Additional Issues/Questions• TBD
Work Group Preliminary Recommendation
Accept Reject Further Development Required
15
7. Submit financial statement showing minimum net worth
Implementation Considerations• Establishing a reasonable threshold will be essential to ensure that this
criterion isn’t overly restrictive.
Additional Issues/Questions• Are there QO candidates that wouldn’t disclose their financial statements?
Work Group Preliminary Recommendation
Accept Reject Further Development Required
16
Next Steps
17
Governance Workgroup – Next Steps
• Finalize Qualified Organization selection criteria recommendations for Board
• Develop recommendations related to selection process. High level overview of steps might include:
– NC HIE establishes application process for interested entities. – NC HIE establishes application review process. – Those entities that meet the selection criteria are provisionally qualified for specified period
of time.– Board may change/strengthen criteria based on initial implementation experience.– NC HIE establishes ongoing re-qualification process.
• Develop recommendations related to enforcement and oversight:– Define Metrics– Create evaluation process (ongoing compliance)– Establish processes for
• Dispute resolution• Organizations seeking to voluntarily rescind QO status• Expulsion of non-compliant QOs
18
NC HIE Workgroups...Working Timelines
Jan Feb Mar Apr May Jun Jul
Develop Qualified Org CriteriaDevelop Qualified Org CriteriaQualified Organizations
Qualified Organizations
Participation Agreements
Participation Agreements
Develop Participation AgreementDevelop Participation Agreement
Tasks
Legal/Policy WorkstreamLegal/Policy Workstream
Finalize draft legislationFinalize draft legislation
2011
Enforcement and OversightEnforcement and Oversight
Define Oversight Roles and Enforcement Mechanisms
Define Oversight Roles and Enforcement Mechanisms
Develop RFPDevelop RFP Review, Negotiate, AwardReview, Negotiate, AwardCore ServicesCore Services Deploy Services Deploy Services
Develop Privacy and Security Policy and ProceduresDevelop Privacy and Security Policy and Procedures
19
Public Comment
20
Attachments
21
Principles to Guide Development of Qualified Organizations
1. Workgroup recommends a Qualified Organization approach to participation in the NC statewide HIE.
2. The NCHIE should establish an application process for organizations that wish to participate as a Qualified Organizations. The Statewide HIE will need to verify Qualified Organizations (through a structured review or accreditation process).
3. Qualified Organizations will have a participation agreement/contract with the Statewide HIE, binding participants to compliance with the Statewide HIE’s policy guidance and rules and there will also be policies and processes in place to identify “bad actors” and terminate their participation. Accountability and enforcement of policies must be central in implementing this model.
4. Accepted Qualified Organizations would be able to connect to the Statewide HIE to access core and value-added services.
The following principles were developed by the Work Group and endorsed by the NC HIE Board at its July 2010 meeting to guide the development of Qualified Organizations:
22
5. Participation in the Statewide HIE will be voluntary. If an organization elects to withdraw its participation, they will be subject to reasonable withdrawal rules and processes.
6. Statewide policy would include application process, privacy and security rules, technical rules, financial rules, vendor contract requirements, ongoing governance structure and participation and enforcement mechanisms.
7. The Statewide HIE should have a commitment to a principle of “No Provider Left Behind” and provide reasonable alternate pathways for eligible providers that are not part of a Qualified Organization to be able to participate.
8. The Workgroup recommends that the Clinical/Technical Operations and Finance Workgroups explore including an internet-based connection portal that clinicians could access in cases where participating through another Qualified Organization is not a possibility and suggested that the NCHIE should consider partnering with the Regional Extension Center for identification and outreach of those providers.
Principles to Guide Development of Qualified Organizations
23
Qualified Organizations Business, Technical & Legal Relationships
24
Statewide HIE ComponentsNorth Carolina Health Information Exchange (NC HIE)
– NC HIE is North Carolina’s public-private partnership that supports an open and transparent, statewide, collaborative process which creates statewide policy guidance (i.e., “rules of the road”) for the statewide HIE network
– NC HIE provides core technology services and selected “value-added” services accessible via the statewide HIE network.
State of North Carolina– The State of North Carolina, working through the NC State HIT Coordinator and its various
Departments, (1) identifies and protects the public interest through its regulatory roles, (2) collects, stores, and provides access to health information in support of its various missions, such as Medicaid and public health, and (3) supports efforts to obtain public funds for HIE.
NC HIE Policy Guidance– Statewide Policy Guidance, developed by the NC HIE through the Workgroup process and
with Board approval, provides a common and consistent technical, privacy, security, and legal framework for participants in HIE and ensures the secure, interoperable exchange of data through the statewide network.
– Statewide Policy Guidance typically includes: (1) detailed rules for privacy and security, technical interoperability, and financial obligations; (2) vendor contract requirements; (3) ongoing governance structure and participation; and (4) enforcement mechanisms.
25
Qualified Organization (QO)*– QOs are entities that have permission to access, consume and make available HIE services on
the statewide HIE network.
– QOs meet a set of established criteria, have gone through an approval process, and have signed agreements to abide by Statewide Policy Guidance.
– QOs ensure that participants and vendors with which they have contracts meet the requirements to carry out statewide policies.
Qualified Organization Participant– A provider or entity that participates in the statewide network through a QO.
Statewide HIE Components (continued)
* Note: As the Work Group develops criteria and requirements for QOs, it will be important to consider access to the statewide HIE network through means other than Qualified Organizations.
26
Core HIE Services– Foundational services hosted by NC HIE that facilitate
exchange health information across organizational boundaries, such that multiple entities can:
• Identify and locate each other in a manner they both trust;
• Reconcile the identity of the individual patient to whom the information pertains;
• Exchange information in a secure manner
Statewide HIE Components (continued)
Provider Directory
Message / Record Routing / Return Receipt
Identity Management and Authentication
NHIN Gateway
Security Services
Transaction Logging Consent Management
Terminology Service Transformation Service
Patient Matching / RLS
Immuniz Access
Immuniz Access
Lab Normalization
Med Hx
Lab Results Delivery
Lab Results Delivery
Rad Results Delivery
CCD Exchange Lab routing for reporting
Quality Reporting
Procedure Results Delivery
Rad Image Delivery
CCD Translation
Access to Aggregated
Data
Clinical Decision Support
Disease Surveillance
Value-Added HIE Services– Services that support the clinical priorities and use
cases to help providers, patients, and care givers improve the safety, quality, and cost effectiveness of heath care.
– Value-added services will be accessible via core services
– Value-added Services can be offered at the state, regional, or enterprise level.
– Value-Added services will be incrementally deployed based on feasibility, cost, and magnitude of benefits
Phase 1 Value Added Services proposed in Operational PlanPhase 2 Value-Added Services proposed in Operational PlanFinal decision regarding phased implementation will be informed by forthcoming statewide HIE RFP
27
Technical Relationships: Core HIE Services, QOs, & QO Participants
Provider DirectoryMessage / Record
Routing / Return ReceiptIdentity Management and
Authentication
NHIN Gateway
Security Services Transaction Logging
Consent Management Terminology Service Transformation Service Patient Matching / RLS
Large Hospital System
Large Hospital System
Physician Practice
Physician Practice
Physicians (IPA, PHO, PO)
Physicians (IPA, PHO, PO)
Regional HIORegional HIO
HospitalHospitalPhysician Practice
Physician Practice
Physician Practice
Physician Practice
Example QOs...
Example QO Participants...
Key Points:* Core services provide a foundation for identifying QOs, ensuring security,
and providing a gateway to other QOs and additional HIE services* QOs link to core services by conformance to interoperability specifications* QOs provide a gateway to core services for their participants
Key Points:* Core services provide a foundation for identifying QOs, ensuring security,
and providing a gateway to other QOs and additional HIE services* QOs link to core services by conformance to interoperability specifications* QOs provide a gateway to core services for their participants
NC HIE
28
Provider DirectoryMessage / Record
Routing / Return ReceiptIdentity Management and
Authentication
NHIN Gateway
Security Services Transaction Logging
Consent Management Terminology Service Transformation Service Patient Matching / RLS
Large Hospital System
Large Hospital System
Physician Practice
Physician Practice
Physicians (IPA, PHO, PO)
Physicians (IPA, PHO, PO)
HospitalHospitalPhysician Practice
Physician PracticePhysician
Practice
Physician Practice
Technical Relationships: Value-added Services, QOs, & QO Participants
Large Hospital System
Large Hospital System
Physician Practice
Physician Practice
Physician Practice
Physician Practice
NC Immunization Registry
NC Immunization Registry
3. CCD Translation
Key Points:* Value-added Services are available to network participants and can be hosted by
different entities. For example:1. NC HIE could host a CCD Exchange service2. The Dept of Health could host an Immunization Access service3. A QO could host a CCD Translation service
* Based on considerations of efficiency and practicality, the NC HIE Tech/Clinical Ops Work Group continues to evaluate the ideal location for Value-added Services
Key Points:* Value-added Services are available to network participants and can be hosted by
different entities. For example:1. NC HIE could host a CCD Exchange service2. The Dept of Health could host an Immunization Access service3. A QO could host a CCD Translation service
* Based on considerations of efficiency and practicality, the NC HIE Tech/Clinical Ops Work Group continues to evaluate the ideal location for Value-added Services
NC HIENC HIE
1. CCD Exchange
2. Immuniz Access
2. Immuniz Access
Regional HIORegional HIO
29
Policy/Contractual Relationships: Interconnecting Participants
State of North
Carolina
State of North
Carolina
Provides Input
Manages
Work Groups Statewide Policy Guidance*
* Statewide Policy Guidance will be approved by NC HIE Board
GovernanceClinical/Tech
OpsFinance
Legal/Policy
NC HIENC HIE Qualified Organization
Qualified Organization
QO Participant
QO Participant
HIE Vendor
EHR Vendor
Provides access to data
Contract for access to HIE services
Contracts for Technical services
Abide Statewide Policy Guidance
Contract for technical services
Output
Abide Statewide Policy Guidance
Abide Statewide Policy Guidance
HIE Vendor
Contract for technical services
Abide Statewide Policy GuidanceContracts for access
to HIE services, with reciprocating agreement to abide by Statewide Policy Guidance
30
Approaches to Qualified Organization Criteria• Mandatory
– One set of mandatory criteria for all QOs– State example: Maryland
• Establishment of “Optional” Criteria– One set of mandatory criteria that all QOs (or categories of QOs) must meet;
additional “optional” criteria – State example: Tennessee
• Creation of an Exceptions Process– One set of mandatory criteria for all QOs, ability to appeal for exceptions on a case-
by-case basis or by stakeholder category – State example: Tennessee
• Tiering of Qualified Organizations– Data sharing partners are grouped by size, service level, and organization type,
among other factors. Different criteria are applied to each group (or tier). For instance, small provider groups may be required to meet different criteria than large IDNs.
– State example: Oregon