contracting for hisp services

Contracting for HISP ServicesSession 7

April 13, 2010

2

Agenda• Introduction

– Potential levels of offerings– Key issues– Key questions for you– Elements of the RFP– Key questions to ask vendors

• Panelists– Greg Chittim, Rhode Island Quality Institute Consultant; Director of

Provider Services, Arcadia Solutions – Fred Richards, COO/CIO, Ohio Health Information Partnership LLC– Christopher M. Henkenius, Program Director, NeHII, Inc.

• Q&A

• Poll

3

To HISP or not to HISP….

...That may be the question, but the answer is not so simple

• Potential levels of offerings– Set the playing field– Designate a "HISP of Last Resort"– Provide core services to HISPs– Be the HISP

4

Potential Levels of Offerings

• Set the playing field– Certifying or Qualifying HISP entities– Establish minimum service and interoperability

requirements for "network of networks"– Serve as matchmaker (Vendor marketplace)

Costs Revenue Options• Establishing and maintaining a

governance operation• Establishing a certification or

qualification process

• Registration/certification fees for HISP vendors

5


• Designate a “HISP of Last Resort”– Level playing field plus...– Contract with one or several HISP vendors that will provide

services to any provider – Provide vouchers to help cover the costs for providing HISP

services to underserved areas where market drivers don't justify investment

Costs Revenue Options• Establishing and maintaining a

governance operation• Establishing a certification or

qualification process• Vouchers


• Sponsoring state agency where current process is replaced by Direct-mediated service

6


• Provide core services to HISPs– Level playing field plus...– State-level provider directory services– Certificate Authority provision– Customers = HISP vendors

Costs Revenue Options• Level playing field plus...• Development and maintenance

of provider directory and CA service

• Customer support services


• Provider directory access

7


• Be the HISP– Contract with a single vendor to provide statewide services– Provide HISP services directly as the state or SDE

(for those states with infrastructure already in place)– Customers = Providers

Costs Revenue Options• Provider directory• Certificate authority• Network services• Customer support services

• Subscription or membership fees

• Transaction-based fees

8

Key Issues

• Establishing trust• Contractual and legal agreements• Compliance with HIPAA• Risk assessment and mitigation• Encryption• Certificate issuance, management, discovery• Transparency• Minimum necessary• Separation of functions

9

Questions for you

• How is your state or SDE intending to ensure that providers in your state have access to HISP services?

• What approaches to contracting with HISP vendors are you currently employing or planning to employ?

10

What goes into a RFP?

• General terms and conditions – These will not typically change from one RFP to another.

• Special terms and conditions – Assuming that states build their RFP off of a shared

template, states will be able to select the options that work for them from a set of special terms and conditions.

• Scope of work/services – These are typically completed by the contract monitor or

state point of contact.

11

What goes into a RFP cont…

• Specifications based on extensive input from stakeholders

• A clear vision of the tasks the HIE will perform• Well-defined technical expectations• Maintenance and upgrade needs• Vendor must be cooperative and flexible to adapt to

technological and administrative changes• Build performance metrics and milestones into contracts• Include general timeframes and costs

12

Key questions to ask HISP vendors

• Describe your applicable credentials, certifications and experience.

• Are you on the state's preferred vendor list?• Does your solution/service meet all applicable state and

federal laws?• How does your solution/service accommodate our particular

state requirements?• Describe your existing privacy, security safeguards including

your security plan.• Does your solution describe your approach to connecting to

other HISPs?

13

Key questions to ask HISP vendors

• Describe your planned outreach efforts for new providers.

• Are you a member/participant of the Direct Project?

• Does your solution/service comply with the principles of the HHS Privacy and Security Framework?

• Does your solution comply with standards of the PCI Security Standards Council?

Rhode Island Quality Institute Presentation

15

Rhode Island Quality Institute

What the Rhode Island Quality Institute is working to achieve:• Leverage this state’s unique characteristics to demonstrate how

the health care system can be improved through collaborative innovation

• Foster connectivity between and among the health care team and the patient

• Increase accuracy, responsiveness, and effectiveness in health care by using technology to standardize, streamline, and speed up the retrieval and delivery of patient data statewide

• Help the health care team consistently deliver care that is based on best-known practices

• Create a system that inspires and rewards improved professional performance

16

RIQI’s Approach to HISP Services

How is RIQI contracting with HISP to enable these key tenets?

Recall from earlier RIQI’s approach to implementation, specifically a convener for a market-based approach to connecting providers and HISP vendors:

17

Application-to-Participate

Evaluation categories include:• Basic business information (demographics, size, product lines)• RI REC requirements (discounts, support processes)• Financial information (revenue, ownership)• Direct Project contribution (community/pilot involvement)• Minimum HISP specifications (best practices, functionality)• Technology system specifications (processes, infrastructure)• Additional information (free text)

Opportunities for Reuse:• HISP contacts and communications• Application-to-Participate• Scoring tool

Distributed via PDF and an online form on the www.docEHRtalk.org website

http://www.docehrtalk.org/

18

HISP VendorsThe following HISP vendors expressed interest in participating and have received the Application-to-Participate:

OHIP Presentation

20

OHIP HIE: Snapshot

• EHR Loan Program• Welch Allyn EHR

Tool• ProOhio Program

200 TouchPoints

Direct Project Participant• HISP• Open Provider Directory• Consent Management• Certif icate Authority

7 Regional Partners5 Preferred EHR Vendors

• Allscripts• eClinicalWorks• eMDs• NextGen• Sage

Addressing the Gaps• Increasing ePrescribing• Increasing Hospital Lab Orders• Continuity of Care Documents

Business Partner ProgramFor those EHR vendors who were not chosen as preferred vendors, this program of fers them the ability to agree to OHIP HIE protocols to produce 1 consistent interface for each vendor

Multi-State Collaborative• Part of a workgroup w/ NY, NJ, MA,

CA• Leading a workgroup w/ CO, MS, DE

and VT

Grant CollaborationProvide support for HealthBridge’s Beacon and REC grant programs to ensure that Ohio is successful in all its programs

21

OHIP HIE: Phased Strategy

22

OHIP HIE: Contracted Services

• Secure email messaging to known and trusted providers

• Tightly –controlled provider verification process that assigns addresses to authenticated providers

• Enable a provider’s ability to obtain patient consent prior to reviewing a secure message

• Providers can exchange with any Direct provisioned user (not limited to OHIP)

• OHIP will serve as vendor Direct Pilot Community

23

OHIP HIE: HISP-related Costs

• Certifying HISPs in state– Identification and expectations for SDEs

• Privacy and security – Cost to support consent management layer– SDE liability in Direct framework

• Depth and width of provider directory– Extent of validation and related liability– Maintenance of provider directory(s)

• Cost to providers– EHR or HISP vendor purchases or upgrades to support

framework

24

OHIP HIE: Special Challenges

• Stringent consent requirements concerning the viewing of patient data

• Unknown issues surrounding large scale implementation of digital certificates and certificate management

• Required conversion between SMTP and XDR/XDM messages

• Liability issues of conversion and delivery

NeHII Presentation

26

Introduction

• NeHII, Inc. – Statewide HIE in Nebraska

• Role of HIO Shared Services, Inc.– Subsidiary of NeHII, Inc.– Established product roadmap– Service provider for NeHII and external clients– Health Information Services Provider (HISP)

• Transport, routing, certificates for lines of service• Services

– Legal, security, assessment

27

Trust

• Policy HISP Services– The criticality of managing trust– Interoperability of transport– Transparency in operational policies– Certificates and identify management– Evaluate and asses trust in other exchanges– Direct enabling– Certificate discoverability

28

Questions Worth Asking

• What is the primary component of a HISP?• What did Nebraska consider for the HISP model?• Will I be able to communicate with other entities

with separate HISP providers? • What are considerations for working with a HISP?• Am I going to be able to exchange secure

messages to HIEs, HIE Participants, and other providers?

29

Business Model

• Fee for Service Business Model– Provider directory– Certificate authority– Direct messaging

• Cost Models – ROI Based– Subscription model– Transaction model– HIE-based model

31

Poll