Direct Boot Camp 2 0 Federal Agency requirements for exchange via direct


Published on

Published in: Technology
  • Be the first to comment

No Downloads
Total views
On SlideShare
From Embeds
Number of Embeds
Embeds 0
No embeds

No notes for slide
  • The IPO team implemented slight modifications during the pilotAdjusted application settings and account configurations for user preferencesImproved result file inline view to meet RMC workflow requirementsThe IPO team collected valuable feedback regarding referral workflow Manual process for uploading referral results to AHLTA was documentedGroup notifications were not working as expected in practice (this has been corrected)Feedback will be used for proposed future enhancements as neededThe IPO team credits success to all pilot stakeholdersAir Force Deployment Operations and Hill AFB StaffUtah Health Information Network and Secure Exchange Solutions (SES)Intermountain Healthcare (McKay-Dee Hospital)
  • Direct Boot Camp 2 0 Federal Agency requirements for exchange via direct

    1. 1. FHA Directed Exchange Workgroup Update August 13, 2013
    2. 2. Problem Statement Problem: • Federal agencies (CMS, DoD, VA, IHS, SSA) have an interest or requirement to utilize Direct for the exchange of PHI, but operate under stringent privacy and security policies that must be met by any parties with which they exchange information Approach: • Educate the federal partners on Direct technology, policies and guidelines • Develop a common understanding of the agency use cases and security requirements • Identify/Develop and maintain a set a baseline authoritative documents & FAQs • Publish common federal agency policy and supporting implementation guidance Benefit of a Common Policy: • Will greatly increase adoption of Direct in the exchange of health information between federal agencies and non-federal entities/individuals • Provides common federal Direct policy for use by non-federal entities 2
    3. 3. Focused Workgroups • Directed Exchange Workgroup (Glen Crandall, IPO VLER Health) – The overarching goal of the FHA Directed Exchange Workgroup is to support implementation of directed exchange by federal partner • Directed Exchange Security SubWG (Mike Davis, VHA) – Define standards and gaps among agency security polices pertaining to Directed Exchange that may inhibit full participation in Direct by Federal Agencies by: – Defining gaps between federal policy and current direct policy – Conducting a Risk assessment to document gaps – Defining common policy and mitigation strategies – Providing recommendations to ONC as needed 3
    4. 4. Focused Workgroups Cont. • Directed Exchange Interoperability SubWG (Bob Dieterle, CMS esMD) – Review of technology and implementation issues – Provide recommendations on technical solutions, consistent with Applicability Statement, to implement policy requirements – Example of topics presented by expert authorities in these areas: Automated Blue Button, Mod Spec Provider Directory efforts,, Trust Bundles, Delivery Notification, Reference Implementation Changes, Author of Record and Federal PKI 4
    5. 5. Authoritative Documents • There are four Directed Exchange core documents designated as authoritative – Applicability Statement for Secure Health Transport Version 1.1, 10 July 2012 – Implementation Guide for Delivery Notification – Implementation Guide for Direct Project Trust Bundle Distribution, Version 1.0, 14 March 2013 – Direct: Implementation Guidelines to Assure Security and Interoperability (ONC) • In addition, Federal agencies deploying Direct will also need to include relevant Federal law, regulations, NIST FIPS/Special Publications, FISMA, OMB directives, FPKI policy, Presidential Directives (i.e. HSPD-12) etc. 5
    6. 6. Methodology Characteristics • Our Process: – Determine Use Cases – Identify Risks/Concerns using outreach sessions with Agency Stakeholders. – Categorize/Group similar risks and validate risks are in scope for the assessment. – Determine potential outcomes of risk – Determine Impact of each risk based on Risk Evaluation Criteria – Develop a Level of Assurance Document – Developed an Issues paper for Federal Bridge PKI discussion – Prioritize risks and make recommendations – Document results and provide risk assessment report to WG
    7. 7. Identified Risks 90 Risks/Concerns identified in the following categories: Multi-Tiered Direct System Certificate Authorities Patient Use of Federal Direct Policy Guidance Self-signed Certificates (not Trust Anchor certs) Portfolio Risk Endpoint (Sender/Receiver) Authentication Overall trust of Domain and HISP STA/HISP Operating Policies and Trust Identify Management Legal Safeguards/ BAAs and MOU Key Management
    8. 8. Sender Receiver Sender’s HISP to Receiver’s HISP Define Federal Trust Environment 8 Sender Pre-Cursor Federal Policy Conditions to Establish Mutual Trust Receiver Bind Sender’s Direct Address to Trust Policy Bind Receiver’s Direct Address to Trust Policy Directed Exchange Specifications Sender to Sender’s HISP Receiver’s HISP to Receiver Sender/Receiver Specific Conditions Routing Information Directory Push the Message Verify Receiver Verify Sender Sender’s HISP Push the Message Receiver’s HISP Get the Message Locate Receiver’s HISP Address
    9. 9. Centers for Medicare & Medicaid Services 9
    10. 10. Electronic Submission of Medical Documentation (esMD)  Medicare receives 4.8 M claims per day.  CMS’ Office of Financial Management estimates that each year • the Medicare FFS program issues more than $28.8 B in improper payments (error rate 2011: 8.6%). • the Medicaid FFS program issues more than $21.9 B in improper payments (3-year rolling error rate: 8.1%).  Claim review contractors issue over 1.5 million requests for medical documentation each year.  Current prior authorization pilot requires exchange of over 1.2 million requests/responses per year  Registration for esMD services is required to receive documentation requests – utilizes Provider Directories to establish and maintain ESI
    11. 11. Electronic Submission of Medical Documentation (esMD) Supporting Multiple Transport Standards and Provider Directory ECM ZPICs PERM MACs Content Transport Services RACs CERT Baltimore Data Center Medicare Private Network Internal PD EHR / HISP Direct Enabled Direct EDI Translator HIH CONNECT Compatible Practice Management Systems and Claims Clearinghouse EDI – X12 Compatible Federated External PD
    12. 12. 12 Department of Defense
    13. 13. 13 DoD VLER Health Direct Project
    14. 14. This document contains Booz Allen Hamilton Inc. proprietary and confidential information and is intended solely for internal use. This document contains Booz Allen Hamilton Inc. proprietary and confidential information and is intended solely for internal use. DoD VLER Health Direct Stage 1 Pilot – Hill AFB, Utah 14 McKay-Dee Hospital Ogden, UT • Schedule Appointment 1 • Patient Record is Flagged 2 • Result is viewed w/ VLER Direct 4 5 • Result is manually uploaded to AHLTA Patient Scheduler • Patient is seen • Result sent via Direct Radiology Clinic 3 Hill Air Force Base Ogden, UT Referral Management Center 75th Medical Group Mammography Results Go Live occurred July 18, 2013 – Hill AFB RMC Staff successfully processed four (4) Direct messages (17 as of 8/8/13) – These exchanges were the first live use of Direct at DoD The pilot showed that Direct Messaging can be successful at DoD – Uses national standards for secure Health Information Exchange (HIE) – Aligns to Meaningful Use objectives and the national agenda for HIE – DPII can be used to replace the functionality of the fax machine and in so doing also eliminates the inherent security-related problems associated with faxing CLR to MTFs – Conforms to DoD security and privacy policies while not impacting workflow Direct Message Existing Workflow Key
    15. 15. Indian Health Service 15
    16. 16. IHS and DIRECT- Current Status • IHS Pursuing DIRECT to Meet Meaningful Use Stage II Secure Messaging Requirements – Integrate with PHR to provide secure messaging transport means for patient-provider messaging – Provide mechanism for Transition of Care delivery for external referrals • Implemented DIRECT Prototype Environment – Successfully installed, configured DIRECT reference implementation v 3.0.1 for secure message exchange as proof of concept – Tested the implementation for content validation with NIST and CERNER – Implemented webmail client to provide user interface for patients and provider. This provides ability compose messages, view message inbox, and provide message management – Partial integration of webmail client with PHR-user can view and compose messages from within PHR – Successfully analyzed and implemented separate message store server, provides ability to manage accounts, configure email functions, capture performance metrics, and auditing
    17. 17. IHS and DIRECT- Continuing Work • Remaining Tasks to be Completed – Implementing and testing certificate discovery – Analysis and design related to implementation of Direct Trust – Complete integration of webmail client with PHR- single sign on etc. – Implementing receipt of messages to Patient – Analysis and design of implementing domains and email address for different tribal communities • Issues/Concerns – Federal Standards – Establishing policy and guidelines for use cases – Related Risks/policy concerns
    18. 18. Social Security Administration 18
    19. 19. Authorized Release of Information to a Trusted Entity  Annual SSA Disability Statistics • ~3.5 million initial disability applications per year • ~1 million additional medical disability decisions • ~15 million requests for medical evidence each year (3-4 per case) • 500,000+ sources: doctors, hospitals • $500 million in payment for evidence • Over 11.7 million adults and children are receiving benefits based on their disabilities • Over $11 billion paid each month to these individuals Claimant SSA/DDS Providers File Disability Claim Request Evidence Claim Determination Medical Evidence What is collected during case intake? Demographics Allegation List of Treating Sources Medications List of Labs/Procedure Vocational Background Educational Background Work Experience Patient Authorization How can you apply for disability? Field Office 800 Service Web Site How does SSA interact with healthcare organizations & providers today? Mail Fax ERE Web Site ERE Web Services Secure File Transfer eHealth Exchange
    20. 20. Department of Veterans Affairs 20
    21. 21. Overview of Department of Veterans Affairs (VA) Direct Activities Melissa Sands Analyst, VA Direct Virtual Lifetime Electronic Record (VLER) Health Department of Defense (DoD)/VA Interagency Program Office (IPO)
    22. 22. 22 Initial High-level VA Use Cases: Provider-to-Provider Messaging (Feb. 2014) Referral authorization and results reporting (e.g., mammograms) Patient-Mediated Messaging (Feb. 2014) Veteran sends their Continuity of Care Document (CCD) through Blue Button in My HealtheVet Future Work: – Consolidated-Clinical Document Architecture (C-CDA) – Meet 2014 Certification (Sep. 2014) – Considering sharing other provider-to-provider personal health information (e.g., rural health, mental health, home health, etc.) – starting in June 2014 VA Direct Use Cases
    23. 23. 23 VA Direct Implementation  VA partnering with DoD to use its Direct software. The initial production installation of the Direct web portal and transport services is scheduled for Feb. 2014.  Initial pilot – Mammography Referrals/Reports – Between Salt Lake City VA Medical Center and Utah Health Information Network (UHIN)/Intermountain Health who provide mammograms to both VA and DoD. DoD has also started a mammography pilot with UHIN/Intermountain Health in July 2013.  Expanded pilots in 2014 after initial pilot implementing multiple use cases.