0
HIT Policy CommitteeInformation Exchange Workgroup  NwHIN Conditions for Trusted Exchange      Request For Information (RF...
Our Eight QuestionsActors, Accreditation and Validation Bodies, and Validation Entity Eligibility1. Question 8: We solicit...
Nationwide Health Information NetworkGovernanceConditions of Trusted Exchange•   Conditions for Trusted Exchange (CTEs) – ...
Accreditation and Validation ProcessOverview Similar to the permanent certification program for HIT, the National Coordin...
Actors and Associated Responsibilities8. ONC’s roles & delegation of responsibilities to the private sector.              ...
ONC Role8. Voluntary Nature of ProcessRole                                                         CommentsWe solicit feed...
Validation Process9. Voluntary Nature of ProcessRole                                                         Comments9(a) ...
Conditions for Trusted ExchangeSafeguards[S-1]: An NVE must comply as if it were a covered entity, and must treat all impl...
Conditions for Trusted ExchangeInteroperability[I-1]: An NVE must be able to facilitate secure electronic health informati...
Conditions for Trusted ExchangeBusiness Practices[BP-1]: An NVE must send and receive any planned electronic exchange mess...
Validation Process10. Validation MethodRole                                                                    Comments10 ...
Validation Process11. Comparative ModelsRole                                                    Comments11. What successfu...
NwHIN Validated Entity (NVE) EligibilityCriteriaOverviewThe RFI considers the following criteria that NVEs must meet to be...
Eligibility Criteria13. Organizational PurposeRole                                                            Comments13 (...
Eligibility Criteria14. Prior ExperienceRole                                                            Comments14. Should...
Eligibility Criteria15. Other Criteria to ConsiderRole                                                           Comments1...
Eligibility Criteria16. Tax Exempt StatusRole                                                          Comments16. Should ...
Upcoming SlideShare
Loading in...5
×

NwHIN Governance RFI 5-15-12

490

Published on

Published in: Business, Technology
0 Comments
0 Likes
Statistics
Notes
  • Be the first to comment

  • Be the first to like this

No Downloads
Views
Total Views
490
On Slideshare
0
From Embeds
0
Number of Embeds
1
Actions
Shares
0
Downloads
2
Comments
0
Likes
0
Embeds 0
No embeds

No notes for slide

Transcript of "NwHIN Governance RFI 5-15-12"

  1. 1. HIT Policy CommitteeInformation Exchange Workgroup NwHIN Conditions for Trusted Exchange Request For Information (RFI) May 15, 2012 1
  2. 2. Our Eight QuestionsActors, Accreditation and Validation Bodies, and Validation Entity Eligibility1. Question 8: We solicit feedback on the appropriateness of ONC’s role in coordinating the governance mechanismand whether certain responsibilities might be better delegated to, and/or fulfilled by, the private sector.Question 9: Would a voluntary validation process be effective for ensuring that entities engaged in facilitatingelectronic exchange continue to comply with adopted CTEs? If not, what other validation processes could beleveraged for validating conformance with adopted CTEs? If you identify existing processes, please explain the focusof each and its scope.Question 10: Should the validation method vary by CTE? Which methods would be most effective for ensuringcompliance with the CTEs? (Before answering this question it may be useful to first review the CTEs we areconsidering to adopt, see section “VI. Conditions for Trusted Exchange.”Question 11: What successful validation models or approaches exist in other industries that could be used as amodel for our purposes in this context?Question 13: Should there be an eligibility criterion that requires an entity to have a valid purpose (e.g., treatment)for exchanging health information? If so, what would constitute a “valid” purpose for exchange?Question 14: Should there be an eligibility criterion that requires an entity to have prior electronic exchangeexperience or a certain number of participants it serves?Question 15: Are there other eligibility criteria that we should also consider?Question 16: Should eligibility be limited to entities that are tax-exempt under section 501(c)(3) of the IRC? If yes,please explain why. 2
  3. 3. Nationwide Health Information NetworkGovernanceConditions of Trusted Exchange• Conditions for Trusted Exchange (CTEs) – Three Domains: – Safeguards: focus on the protection of individually identifiable health information (IIHI) to ensure its confidentiality, integrity, and availability and to prevent unauthorized or inappropriate access, use, or disclosure. • Example [S-1]: An NVE must comply as if it were a covered entity, and must treat all implementation specifications as “required.” – Interoperability: focus on the technical standards and implementation specifications needed for exchanging electronic health information. • Example [I-2]: An NVE must follow required standards for establishing and discovering digital certificates. – Business Practices: focus on the operational and financial practices to which NVEs would need to adhere in support of trusted electronic health information exchange. • Example [BP-2]: An NVE must provide open access to the directory services it provides to enable planned electronic exchange. 3
  4. 4. Accreditation and Validation ProcessOverview Similar to the permanent certification program for HIT, the National Coordinator would approve a single body to accredit and oversee validation bodies. Validation bodies would evaluate an entity’s conformance to adopted CTEs as opposed to a particular product’s (e.g., EHR technology) certification to certification criteria. Certified HIT could be used by an entity as a way to demonstrate conformance with certain adopted CTEs Accreditation body would be expected to conform to internationally accepted standards for accreditation bodies Validation bodies - upon accreditation by the accreditation body and authorization from the National Coordinator - would subsequently perform the validation of entities‘ conformance to adopted CTEs. Validation could use different methodologies (self-attestation, laboratory testing for conformance, certification, accreditation) and could vary depending on CTE type and potential methodology burden. 4
  5. 5. Actors and Associated Responsibilities8. ONC’s roles & delegation of responsibilities to the private sector. Suggested Existing Authorities and/orProposed Role Lead Alternatives to Consider1. Endorsing and adopting CTEs, publishing ONC In accordance with the National Coordinator‘sguidance authority at section 3001(c)(1)(A) and processes identified at section 3004 under the PHSA, and publishing interpretative guidance2. Facilitating the receipt of input from the HIT ONC In accordance with processes identified atPolicy and Standards Committees and other sections 3002(b)(3) and 3003(b)(2) of theinterested parties on: PHSA • revisions to CTEs, • new CTEs, and • the appropriate retirement of CTEs3. Selection and oversight processes for an ONC ONC would approve a single body to accreditaccreditation body and oversee “validation bodies”.4. Authorizing and overseeing validation bodies ONCresponsible for validating that eligible entities havemet adopted CTEs5. Administering a process to classify the readiness ONC [ONC would have to adopt specificfor nationwide adoption and use of technical certification criteria that could be used tostandards and implementation specifications to certify other types of HIT through establishedsupport interoperability related CTEs certification program.6. Overall oversight of all entities and processes ONCestablished as part of the governance mechanism. 5
  6. 6. ONC Role8. Voluntary Nature of ProcessRole CommentsWe solicit feedback on the appropriateness of ONC’srole in coordinating the governance mechanism andwhether certain responsibilities might be better delegatedto, and/or fulfilled by, the private sector. 6
  7. 7. Validation Process9. Voluntary Nature of ProcessRole Comments9(a) Would a voluntary validation process be effective for ensuring that entities engaged in facilitating electronic exchange continue to comply with adopted CTEs?9(b) What other validation processes could be leveraged for validating conformance with adopted CTEs? 7
  8. 8. Conditions for Trusted ExchangeSafeguards[S-1]: An NVE must comply as if it were a covered entity, and must treat all implementation specifications as“required.”[S-2]: An NVE must only facilitate electronic health information exchange for parties it has authenticated andauthorized, either directly or indirectly.[S-3]: An NVE must ensure that individuals are provided with a meaningful choice regarding whether their IIHImay be exchanged by the NVE.[S-4]: An NVE must only exchange encrypted IIHI.[S-5]: An NVE must make publicly available a notice of its data practices describing why IIHI is collected, how it isused, and to whom and for what reason it is disclosed.[S-6]: An NVE must not use or disclose de-identified health information to which it has access for anycommercial purpose.[S-7]: An NVE must operate its services with high availability.[S-8]: If an NVE assembles or aggregates health information that results in a unique set of IIHI, then it mustprovide individuals with electronic access to their unique set of IIHI.[S-9]: If an NVE assembles or aggregates health information which results in a unique set of IIHI, then it mustprovide individuals with the right to request a correction and/or annotation to this unique set of IIHI.[S-10]: An NVE must have the means to verify that a provider requesting an individual’s health informationthrough a query and response model has or is in the process of establishing a treatment relationship with thatindividual. 8
  9. 9. Conditions for Trusted ExchangeInteroperability[I-1]: An NVE must be able to facilitate secure electronic health information exchangein two circumstances: 1) when the sender and receiver are known; and 2) when theexchange occurs at the patient’s direction.[I-2]: An NVE must follow required standards for establishing and discovering digitalcertificates.[I-3]: An NVE must have the ability to verify and match the subject of a message,including the ability to locate a potential source of available information for a specificsubject. 9
  10. 10. Conditions for Trusted ExchangeBusiness Practices[BP-1]: An NVE must send and receive any planned electronic exchange message fromanother NVE without imposing financial preconditions on any other NVE.[BP-2]: An NVE must provide open access to the directory services it provides to enableplanned electronic exchange.[BP-3]: An NVE must report on users and transaction volume for validated services. 10
  11. 11. Validation Process10. Validation MethodRole Comments10 (a) Should the validation method vary by CTE?10 (b) Which methods would be most effective for ensuring compliance with CTEs?Examples of validation methods from RFI: self-attestation, laboratory testing for conformance,certification, accreditation 11
  12. 12. Validation Process11. Comparative ModelsRole Comments11. What successful validation models or approaches exist in other industries that could be used as a model for our purposes in this context? 12
  13. 13. NwHIN Validated Entity (NVE) EligibilityCriteriaOverviewThe RFI considers the following criteria that NVEs must meet to be eligible:Meet all solvency and financial responsibility requirements imposed by the statutes and regulatoryauthorities of the State or States in which it, or any subcontractor performing some or all of its functions,would serve.Make some type of financial disclosure filingProvide evidence that it has a surety bond or some other form of financial securityHave the overall resources and experience to fulfill its responsibilities in accordance with the CTEswhen performing health information exchange servicesHave at least one year of experienceServe a sufficient number of providers to permit a finding of effective and efficient administration;however, no prospective NVE would be deemed ineligible if it only served providers located in a singleStateHave to be a valid business or governmental entity operating in the United States.Have not had civil monetary penalties, criminal penalties, or damages imposed, or have been enjoinedfor a HIPAA violation within two years prior to seeking validationNot be listed on the Excluded Parties List System maintained by the General Services AdministrationNot be listed on the List of Excluded Individuals and Entities maintained by the Office of InspectorGeneralWould not be appropriate to limited to tax-exempt 501(c)(3) organizations.Some of the eligibility criteria being considered may be inapplicable to fed/State governmental entities. 13
  14. 14. Eligibility Criteria13. Organizational PurposeRole Comments13 (a) Should there be an eligibility criterion that requires an entity to have a valid purpose (e.g., treatment) for exchanging health information?13 (b) If so, what would constitute a valid purpose for exchange? 14
  15. 15. Eligibility Criteria14. Prior ExperienceRole Comments14. Should there be an eligibility criterion that requires an entity to have prior electronic exchange experience or a certain number of participants it serves? 15
  16. 16. Eligibility Criteria15. Other Criteria to ConsiderRole Comments15. Are there other eligibility criteria that we should also consider? 16
  17. 17. Eligibility Criteria16. Tax Exempt StatusRole Comments16. Should eligibility be limited to entities that are tax- exempt under section 501(c)(3) of the IRC? If yes, please explain why.? 17
  1. A particular slide catching your eye?

    Clipping is a handy way to collect important slides you want to go back to later.

×