Direct Boot Camp 2 0 Federal Agency requirements for exchange via direct
Upcoming SlideShare
Loading in...5
×

Like this? Share it with your network

Share

Direct Boot Camp 2 0 Federal Agency requirements for exchange via direct

  • 3,120 views
Uploaded on

 

More in: Technology
  • Full Name Full Name Comment goes here.
    Are you sure you want to
    Your message goes here
    Be the first to comment
No Downloads

Views

Total Views
3,120
On Slideshare
1,363
From Embeds
1,757
Number of Embeds
18

Actions

Shares
Downloads
8
Comments
0
Likes
2

Embeds 1,757

http://www.ahier.net 1,536
http://8852684919029181544_72bbacf1329e217dafa25c3e01ab7d6ba8675714.blogspot.com 59
http://www.scoop.it 39
https://twitter.com 37
http://www.linkedin.com 28
http://cloud.feedly.com 16
http://www.newsblur.com 14
http://newsblur.com 13
http://digg.com 3
http://conversation.ecairn.com 2
http://www.inoreader.com 2
https://web.tweetdeck.com 2
http://www.wellsphere.com 1
http://www.yatedo.com 1
http://tweetedtimes.com 1
http://www.ehnac.org 1
https://www.google.com 1
http://reitbok4.rssing.com 1

Report content

Flagged as inappropriate Flag as inappropriate
Flag as inappropriate

Select your reason for flagging this presentation as inappropriate.

Cancel
    No notes for slide
  • The IPO team implemented slight modifications during the pilotAdjusted application settings and account configurations for user preferencesImproved result file inline view to meet RMC workflow requirementsThe IPO team collected valuable feedback regarding referral workflow Manual process for uploading referral results to AHLTA was documentedGroup notifications were not working as expected in practice (this has been corrected)Feedback will be used for proposed future enhancements as neededThe IPO team credits success to all pilot stakeholdersAir Force Deployment Operations and Hill AFB StaffUtah Health Information Network and Secure Exchange Solutions (SES)Intermountain Healthcare (McKay-Dee Hospital)

Transcript

  • 1. FHA Directed Exchange Workgroup Update August 13, 2013
  • 2. Problem Statement Problem: • Federal agencies (CMS, DoD, VA, IHS, SSA) have an interest or requirement to utilize Direct for the exchange of PHI, but operate under stringent privacy and security policies that must be met by any parties with which they exchange information Approach: • Educate the federal partners on Direct technology, policies and guidelines • Develop a common understanding of the agency use cases and security requirements • Identify/Develop and maintain a set a baseline authoritative documents & FAQs • Publish common federal agency policy and supporting implementation guidance Benefit of a Common Policy: • Will greatly increase adoption of Direct in the exchange of health information between federal agencies and non-federal entities/individuals • Provides common federal Direct policy for use by non-federal entities 2
  • 3. Focused Workgroups • Directed Exchange Workgroup (Glen Crandall, IPO VLER Health) – The overarching goal of the FHA Directed Exchange Workgroup is to support implementation of directed exchange by federal partner • Directed Exchange Security SubWG (Mike Davis, VHA) – Define standards and gaps among agency security polices pertaining to Directed Exchange that may inhibit full participation in Direct by Federal Agencies by: – Defining gaps between federal policy and current direct policy – Conducting a Risk assessment to document gaps – Defining common policy and mitigation strategies – Providing recommendations to ONC as needed 3
  • 4. Focused Workgroups Cont. • Directed Exchange Interoperability SubWG (Bob Dieterle, CMS esMD) – Review of technology and implementation issues – Provide recommendations on technical solutions, consistent with Applicability Statement, to implement policy requirements – Example of topics presented by expert authorities in these areas: Automated Blue Button, Mod Spec Provider Directory efforts, DirectTrust.org, Trust Bundles, Delivery Notification, Reference Implementation Changes, Author of Record and Federal PKI 4
  • 5. Authoritative Documents • There are four Directed Exchange core documents designated as authoritative – Applicability Statement for Secure Health Transport Version 1.1, 10 July 2012 – Implementation Guide for Delivery Notification – Implementation Guide for Direct Project Trust Bundle Distribution, Version 1.0, 14 March 2013 – Direct: Implementation Guidelines to Assure Security and Interoperability (ONC) • In addition, Federal agencies deploying Direct will also need to include relevant Federal law, regulations, NIST FIPS/Special Publications, FISMA, OMB directives, FPKI policy, Presidential Directives (i.e. HSPD-12) etc. 5
  • 6. Methodology Characteristics • Our Process: – Determine Use Cases – Identify Risks/Concerns using outreach sessions with Agency Stakeholders. – Categorize/Group similar risks and validate risks are in scope for the assessment. – Determine potential outcomes of risk – Determine Impact of each risk based on Risk Evaluation Criteria – Develop a Level of Assurance Document – Developed an Issues paper for Federal Bridge PKI discussion – Prioritize risks and make recommendations – Document results and provide risk assessment report to WG
  • 7. Identified Risks 90 Risks/Concerns identified in the following categories: Multi-Tiered Direct System Certificate Authorities Patient Use of Federal Direct Policy Guidance Self-signed Certificates (not Trust Anchor certs) Portfolio Risk Endpoint (Sender/Receiver) Authentication Overall trust of Domain and HISP STA/HISP Operating Policies and Trust Identify Management Legal Safeguards/ BAAs and MOU Key Management
  • 8. Sender Receiver Sender’s HISP to Receiver’s HISP Define Federal Trust Environment 8 Sender Pre-Cursor Federal Policy Conditions to Establish Mutual Trust Receiver Bind Sender’s Direct Address to Trust Policy Bind Receiver’s Direct Address to Trust Policy Directed Exchange Specifications Sender to Sender’s HISP Receiver’s HISP to Receiver Sender/Receiver Specific Conditions Routing Information Directory Push the Message Verify Receiver Verify Sender Sender’s HISP Push the Message Receiver’s HISP Get the Message Locate Receiver’s HISP Address
  • 9. Centers for Medicare & Medicaid Services 9
  • 10. Electronic Submission of Medical Documentation (esMD)  Medicare receives 4.8 M claims per day.  CMS’ Office of Financial Management estimates that each year • the Medicare FFS program issues more than $28.8 B in improper payments (error rate 2011: 8.6%). • the Medicaid FFS program issues more than $21.9 B in improper payments (3-year rolling error rate: 8.1%). www.paymentaccuracy.gov  Claim review contractors issue over 1.5 million requests for medical documentation each year.  Current prior authorization pilot requires exchange of over 1.2 million requests/responses per year  Registration for esMD services is required to receive documentation requests – utilizes Provider Directories to establish and maintain ESI
  • 11. Electronic Submission of Medical Documentation (esMD) Supporting Multiple Transport Standards and Provider Directory ECM ZPICs PERM MACs Content Transport Services RACs CERT Baltimore Data Center Medicare Private Network Internal PD EHR / HISP Direct Enabled Direct EDI Translator HIH CONNECT Compatible Practice Management Systems and Claims Clearinghouse EDI – X12 Compatible Federated External PD
  • 12. 12 Department of Defense
  • 13. 13 DoD VLER Health Direct Project
  • 14. This document contains Booz Allen Hamilton Inc. proprietary and confidential information and is intended solely for internal use. This document contains Booz Allen Hamilton Inc. proprietary and confidential information and is intended solely for internal use. DoD VLER Health Direct Stage 1 Pilot – Hill AFB, Utah 14 McKay-Dee Hospital Ogden, UT • Schedule Appointment 1 • Patient Record is Flagged 2 • Result is viewed w/ VLER Direct 4 5 • Result is manually uploaded to AHLTA Patient Scheduler • Patient is seen • Result sent via Direct Radiology Clinic 3 Hill Air Force Base Ogden, UT Referral Management Center 75th Medical Group Mammography Results Go Live occurred July 18, 2013 – Hill AFB RMC Staff successfully processed four (4) Direct messages (17 as of 8/8/13) – These exchanges were the first live use of Direct at DoD The pilot showed that Direct Messaging can be successful at DoD – Uses national standards for secure Health Information Exchange (HIE) – Aligns to Meaningful Use objectives and the national agenda for HIE – DPII can be used to replace the functionality of the fax machine and in so doing also eliminates the inherent security-related problems associated with faxing CLR to MTFs – Conforms to DoD security and privacy policies while not impacting workflow Direct Message Existing Workflow Key
  • 15. Indian Health Service 15
  • 16. IHS and DIRECT- Current Status • IHS Pursuing DIRECT to Meet Meaningful Use Stage II Secure Messaging Requirements – Integrate with PHR to provide secure messaging transport means for patient-provider messaging – Provide mechanism for Transition of Care delivery for external referrals • Implemented DIRECT Prototype Environment – Successfully installed, configured DIRECT reference implementation v 3.0.1 for secure message exchange as proof of concept – Tested the implementation for content validation with NIST and CERNER – Implemented webmail client to provide user interface for patients and provider. This provides ability compose messages, view message inbox, and provide message management – Partial integration of webmail client with PHR-user can view and compose messages from within PHR – Successfully analyzed and implemented separate message store server, provides ability to manage accounts, configure email functions, capture performance metrics, and auditing
  • 17. IHS and DIRECT- Continuing Work • Remaining Tasks to be Completed – Implementing and testing certificate discovery – Analysis and design related to implementation of Direct Trust – Complete integration of webmail client with PHR- single sign on etc. – Implementing receipt of messages to Patient – Analysis and design of implementing domains and email address for different tribal communities • Issues/Concerns – Federal Standards – Establishing policy and guidelines for use cases – Related Risks/policy concerns
  • 18. Social Security Administration 18
  • 19. Authorized Release of Information to a Trusted Entity  Annual SSA Disability Statistics • ~3.5 million initial disability applications per year • ~1 million additional medical disability decisions • ~15 million requests for medical evidence each year (3-4 per case) • 500,000+ sources: doctors, hospitals • $500 million in payment for evidence • Over 11.7 million adults and children are receiving benefits based on their disabilities • Over $11 billion paid each month to these individuals Claimant SSA/DDS Providers File Disability Claim Request Evidence Claim Determination Medical Evidence What is collected during case intake? Demographics Allegation List of Treating Sources Medications List of Labs/Procedure Vocational Background Educational Background Work Experience Patient Authorization How can you apply for disability? Field Office 800 Service Web Site How does SSA interact with healthcare organizations & providers today? Mail Fax ERE Web Site ERE Web Services Secure File Transfer eHealth Exchange
  • 20. Department of Veterans Affairs 20
  • 21. Overview of Department of Veterans Affairs (VA) Direct Activities Melissa Sands Analyst, VA Direct Virtual Lifetime Electronic Record (VLER) Health Department of Defense (DoD)/VA Interagency Program Office (IPO)
  • 22. 22 Initial High-level VA Use Cases: Provider-to-Provider Messaging (Feb. 2014) Referral authorization and results reporting (e.g., mammograms) Patient-Mediated Messaging (Feb. 2014) Veteran sends their Continuity of Care Document (CCD) through Blue Button in My HealtheVet Future Work: – Consolidated-Clinical Document Architecture (C-CDA) – Meet 2014 Certification (Sep. 2014) – Considering sharing other provider-to-provider personal health information (e.g., rural health, mental health, home health, etc.) – starting in June 2014 VA Direct Use Cases
  • 23. 23 VA Direct Implementation  VA partnering with DoD to use its Direct software. The initial production installation of the Direct web portal and transport services is scheduled for Feb. 2014.  Initial pilot – Mammography Referrals/Reports – Between Salt Lake City VA Medical Center and Utah Health Information Network (UHIN)/Intermountain Health who provide mammograms to both VA and DoD. DoD has also started a mammography pilot with UHIN/Intermountain Health in July 2013.  Expanded pilots in 2014 after initial pilot implementing multiple use cases.