SlideShare a Scribd company logo

NwHIN Governance RFI 5-15-12

Download as PPT, PDF
Brian Ahier
Brian Ahier
BusinessTechnology
1 of 17
HIT Policy Committee Information Exchange Workgroup NwHIN Conditions for Trusted Exchange Request For Information (RFI) May 15, 2012 1
Our Eight Questions Actors, Accreditation and Validation Bodies, and Validation Entity Eligibility 1. Question 8: We solicit feedback on the appropriateness of ONC’s role in coordinating the governance mechanism and whether certain responsibilities might be better delegated to, and/or fulfilled by, the private sector. Question 9: Would a voluntary validation process be effective for ensuring that entities engaged in facilitating electronic exchange continue to comply with adopted CTEs? If not, what other validation processes could be leveraged for validating conformance with adopted CTEs? If you identify existing processes, please explain the focus of each and its scope. Question 10: Should the validation method vary by CTE? Which methods would be most effective for ensuring compliance with the CTEs? (Before answering this question it may be useful to first review the CTEs we are considering to adopt, see section “VI. Conditions for Trusted Exchange.” Question 11: What successful validation models or approaches exist in other industries that could be used as a model for our purposes in this context? Question 13: Should there be an eligibility criterion that requires an entity to have a valid purpose (e.g., treatment) for exchanging health information? If so, what would constitute a “valid” purpose for exchange? Question 14: Should there be an eligibility criterion that requires an entity to have prior electronic exchange experience or a certain number of participants it serves? Question 15: Are there other eligibility criteria that we should also consider? Question 16: Should eligibility be limited to entities that are tax-exempt under section 501(c)(3) of the IRC? If yes, please explain why. 2
Nationwide Health Information Network Governance Conditions of Trusted Exchange • Conditions for Trusted Exchange (CTEs) – Three Domains: – Safeguards: focus on the protection of individually identifiable health information (IIHI) to ensure its confidentiality, integrity, and availability and to prevent unauthorized or inappropriate access, use, or disclosure. • Example [S-1]: An NVE must comply as if it were a covered entity, and must treat all implementation specifications as “required.” – Interoperability: focus on the technical standards and implementation specifications needed for exchanging electronic health information. • Example [I-2]: An NVE must follow required standards for establishing and discovering digital certificates. – Business Practices: focus on the operational and financial practices to which NVEs would need to adhere in support of trusted electronic health information exchange. • Example [BP-2]: An NVE must provide open access to the directory services it provides to enable planned electronic exchange. 3
Accreditation and Validation Process Overview  Similar to the permanent certification program for HIT, the National Coordinator would approve a single body to accredit and oversee validation bodies.  Validation bodies would evaluate an entity’s conformance to adopted CTEs as opposed to a particular product’s (e.g., EHR technology) certification to certification criteria.  Certified HIT could be used by an entity as a way to demonstrate conformance with certain adopted CTEs  Accreditation body would be expected to conform to internationally accepted standards for accreditation bodies  Validation bodies - upon accreditation by the accreditation body and authorization from the National Coordinator - would subsequently perform the validation of entities‘ conformance to adopted CTEs.  Validation could use different methodologies (self-attestation, laboratory testing for conformance, certification, accreditation) and could vary depending on CTE type and potential methodology burden. 4
Actors and Associated Responsibilities 8. ONC’s roles & delegation of responsibilities to the private sector. Suggested Existing Authorities and/or Proposed Role Lead Alternatives to Consider 1. Endorsing and adopting CTEs, publishing ONC In accordance with the National Coordinator‘s guidance authority at section 3001(c)(1)(A) and processes identified at section 3004 under the PHSA, and publishing interpretative guidance 2. Facilitating the receipt of input from the HIT ONC In accordance with processes identified at Policy and Standards Committees and other sections 3002(b)(3) and 3003(b)(2) of the interested parties on: PHSA • revisions to CTEs, • new CTEs, and • the appropriate retirement of CTEs 3. Selection and oversight processes for an ONC ONC would approve a single body to accredit accreditation body and oversee “validation bodies”. 4. Authorizing and overseeing validation bodies ONC responsible for validating that eligible entities have met adopted CTEs 5. Administering a process to classify the readiness ONC [ONC would have to adopt specific for nationwide adoption and use of technical certification criteria that could be used to standards and implementation specifications to certify other types of HIT through established support interoperability related CTEs certification program. 6. Overall oversight of all entities and processes ONC established as part of the governance mechanism. 5
ONC Role 8. Voluntary Nature of Process Role Comments We solicit feedback on the appropriateness of ONC’s role in coordinating the governance mechanism and whether certain responsibilities might be better delegated to, and/or fulfilled by, the private sector. 6
Validation Process 9. Voluntary Nature of Process Role Comments 9(a) Would a voluntary validation process be effective for ensuring that entities engaged in facilitating electronic exchange continue to comply with adopted CTEs? 9(b) What other validation processes could be leveraged for validating conformance with adopted CTEs? 7
Conditions for Trusted Exchange Safeguards [S-1]: An NVE must comply as if it were a covered entity, and must treat all implementation specifications as “required.” [S-2]: An NVE must only facilitate electronic health information exchange for parties it has authenticated and authorized, either directly or indirectly. [S-3]: An NVE must ensure that individuals are provided with a meaningful choice regarding whether their IIHI may be exchanged by the NVE. [S-4]: An NVE must only exchange encrypted IIHI. [S-5]: An NVE must make publicly available a notice of its data practices describing why IIHI is collected, how it is used, and to whom and for what reason it is disclosed. [S-6]: An NVE must not use or disclose de-identified health information to which it has access for any commercial purpose. [S-7]: An NVE must operate its services with high availability. [S-8]: If an NVE assembles or aggregates health information that results in a unique set of IIHI, then it must provide individuals with electronic access to their unique set of IIHI. [S-9]: If an NVE assembles or aggregates health information which results in a unique set of IIHI, then it must provide individuals with the right to request a correction and/or annotation to this unique set of IIHI. [S-10]: An NVE must have the means to verify that a provider requesting an individual’s health information through a query and response model has or is in the process of establishing a treatment relationship with that individual. 8
Conditions for Trusted Exchange Interoperability [I-1]: An NVE must be able to facilitate secure electronic health information exchange in two circumstances: 1) when the sender and receiver are known; and 2) when the exchange occurs at the patient’s direction. [I-2]: An NVE must follow required standards for establishing and discovering digital certificates. [I-3]: An NVE must have the ability to verify and match the subject of a message, including the ability to locate a potential source of available information for a specific subject. 9
Conditions for Trusted Exchange Business Practices [BP-1]: An NVE must send and receive any planned electronic exchange message from another NVE without imposing financial preconditions on any other NVE. [BP-2]: An NVE must provide open access to the directory services it provides to enable planned electronic exchange. [BP-3]: An NVE must report on users and transaction volume for validated services. 10
Validation Process 10. Validation Method Role Comments 10 (a) Should the validation method vary by CTE? 10 (b) Which methods would be most effective for ensuring compliance with CTEs? Examples of validation methods from RFI: self-attestation, laboratory testing for conformance, certification, accreditation 11
Validation Process 11. Comparative Models Role Comments 11. What successful validation models or approaches exist in other industries that could be used as a model for our purposes in this context? 12
NwHIN Validated Entity (NVE) Eligibility Criteria Overview The RFI considers the following criteria that NVEs must meet to be eligible: Meet all solvency and financial responsibility requirements imposed by the statutes and regulatory authorities of the State or States in which it, or any subcontractor performing some or all of its functions, would serve. Make some type of financial disclosure filing Provide evidence that it has a surety bond or some other form of financial security Have the overall resources and experience to fulfill its responsibilities in accordance with the CTEs when performing health information exchange services Have at least one year of experience Serve a sufficient number of providers to permit a finding of effective and efficient administration; however, no prospective NVE would be deemed ineligible if it only served providers located in a single State Have to be a valid business or governmental entity operating in the United States. Have not had civil monetary penalties, criminal penalties, or damages imposed, or have been enjoined for a HIPAA violation within two years prior to seeking validation Not be listed on the Excluded Parties List System maintained by the General Services Administration Not be listed on the List of Excluded Individuals and Entities maintained by the Office of Inspector General Would not be appropriate to limited to tax-exempt 501(c)(3) organizations. Some of the eligibility criteria being considered may be inapplicable to fed/State governmental entities. 13
Eligibility Criteria 13. Organizational Purpose Role Comments 13 (a) Should there be an eligibility criterion that requires an entity to have a valid purpose (e.g., treatment) for exchanging health information? 13 (b) If so, what would constitute a valid purpose for exchange? 14
Eligibility Criteria 14. Prior Experience Role Comments 14. Should there be an eligibility criterion that requires an entity to have prior electronic exchange experience or a certain number of participants it serves? 15
Eligibility Criteria 15. Other Criteria to Consider Role Comments 15. Are there other eligibility criteria that we should also consider? 16
Eligibility Criteria 16. Tax Exempt Status Role Comments 16. Should eligibility be limited to entities that are tax- exempt under section 501(c)(3) of the IRC? If yes, please explain why.? 17

Recommended

Projekt EHR-Qtn. Ewaluacja kryteriów EuroRec Seal 2010-2011 - Marcin Zawisza
Projekt EHR-Qtn. Ewaluacja kryteriów EuroRec Seal 2010-2011 - Marcin ZawiszaProjekt EHR-Qtn. Ewaluacja kryteriów EuroRec Seal 2010-2011 - Marcin Zawisza
Projekt EHR-Qtn. Ewaluacja kryteriów EuroRec Seal 2010-2011 - Marcin ZawiszaWydział ds. eZdrowia, Departament Polityki Zdrowotnej, Urząd Marszałkowski w Łodzi
 
Fixing nhs
Fixing nhsFixing nhs
Fixing nhsBrian Ahier
 
HIT Fridsma NHIN Direct Project
HIT Fridsma NHIN Direct ProjectHIT Fridsma NHIN Direct Project
HIT Fridsma NHIN Direct ProjectBrian Ahier
 
Frisse - One Step at a Time
Frisse - One Step at a TimeFrisse - One Step at a Time
Frisse - One Step at a TimeBrian Ahier
 
2.ChangeOn@gntech 골목길 배길효
2.ChangeOn@gntech 골목길 배길효2.ChangeOn@gntech 골목길 배길효
2.ChangeOn@gntech 골목길 배길효ChangeON@
 
Sociopresentation
SociopresentationSociopresentation
Sociopresentationzoyayaya
 
Workshop 03
Workshop 03Workshop 03
Workshop 03republic
 
Creation de chemise
Creation de chemiseCreation de chemise
Creation de chemiseinutile95
 

Recommended

Projekt EHR-Qtn. Ewaluacja kryteriów EuroRec Seal 2010-2011 - Marcin Zawisza
Projekt EHR-Qtn. Ewaluacja kryteriów EuroRec Seal 2010-2011 - Marcin ZawiszaProjekt EHR-Qtn. Ewaluacja kryteriów EuroRec Seal 2010-2011 - Marcin Zawisza
Projekt EHR-Qtn. Ewaluacja kryteriów EuroRec Seal 2010-2011 - Marcin ZawiszaWydział ds. eZdrowia, Departament Polityki Zdrowotnej, Urząd Marszałkowski w Łodzi
 
Fixing nhs
Fixing nhsFixing nhs
Fixing nhsBrian Ahier
 
HIT Fridsma NHIN Direct Project
HIT Fridsma NHIN Direct ProjectHIT Fridsma NHIN Direct Project
HIT Fridsma NHIN Direct ProjectBrian Ahier
 
Frisse - One Step at a Time
Frisse - One Step at a TimeFrisse - One Step at a Time
Frisse - One Step at a TimeBrian Ahier
 
2.ChangeOn@gntech 골목길 배길효
2.ChangeOn@gntech 골목길 배길효2.ChangeOn@gntech 골목길 배길효
2.ChangeOn@gntech 골목길 배길효ChangeON@
 
Sociopresentation
SociopresentationSociopresentation
Sociopresentationzoyayaya
 
Workshop 03
Workshop 03Workshop 03
Workshop 03republic
 
Creation de chemise
Creation de chemiseCreation de chemise
Creation de chemiseinutile95
 
Brian Grim
Brian GrimBrian Grim
Brian GrimBrian Ahier
 
Cdc e health_record
Cdc e health_recordCdc e health_record
Cdc e health_recordBrian Ahier
 
ONC 2015 Edition EHR Certification Criteria
ONC 2015 Edition EHR Certification CriteriaONC 2015 Edition EHR Certification Criteria
ONC 2015 Edition EHR Certification CriteriaBrian Ahier
 
Big Data and VistA Evolution, Theresa A. Cullen, MD, MS
Big Data and VistA Evolution, Theresa A. Cullen, MD, MSBig Data and VistA Evolution, Theresa A. Cullen, MD, MS
Big Data and VistA Evolution, Theresa A. Cullen, MD, MSBrian Ahier
 
South Carolina-Liam and William
South Carolina-Liam and WilliamSouth Carolina-Liam and William
South Carolina-Liam and Williamklei8103
 
Trio credentialsdeck ebooksv2 (2)
Trio credentialsdeck ebooksv2 (2)Trio credentialsdeck ebooksv2 (2)
Trio credentialsdeck ebooksv2 (2)TRIO media group
 
Διαδικτυακή Δημοσιογραφία (Θ) (Ζ')-Η δολοφονία του Παύλου Φύσσα
Διαδικτυακή Δημοσιογραφία (Θ) (Ζ')-Η δολοφονία του Παύλου ΦύσσαΔιαδικτυακή Δημοσιογραφία (Θ) (Ζ')-Η δολοφονία του Παύλου Φύσσα
Διαδικτυακή Δημοσιογραφία (Θ) (Ζ')-Η δολοφονία του Παύλου ΦύσσαVana Petmeza
 
NHIN Workgroup
NHIN WorkgroupNHIN Workgroup
NHIN WorkgroupBrian Ahier
 
Hitpc.20090716.Certification Workgroup
Hitpc.20090716.Certification WorkgroupHitpc.20090716.Certification Workgroup
Hitpc.20090716.Certification Workgroupsdaviss
 
EHR Certification for Medical Practices
EHR Certification for Medical PracticesEHR Certification for Medical Practices
EHR Certification for Medical PracticesMichael Duffy
 
EHR Certification Requirements For Medical Practices
EHR Certification Requirements For Medical PracticesEHR Certification Requirements For Medical Practices
EHR Certification Requirements For Medical PracticesMichael Patrick
 
Fairness Opinion on Debate
Fairness Opinion on DebateFairness Opinion on Debate
Fairness Opinion on DebateGiana Araujo
 
Comp8 unit2 lecture_slides
Comp8 unit2 lecture_slidesComp8 unit2 lecture_slides
Comp8 unit2 lecture_slidesCMDLMS
 
Provider Authentication for Health Information Exchange
Provider Authentication for Health Information ExchangeProvider Authentication for Health Information Exchange
Provider Authentication for Health Information ExchangeBrian Ahier
 
Governance Workgroup 9-3-10
Governance Workgroup 9-3-10Governance Workgroup 9-3-10
Governance Workgroup 9-3-10Brian Ahier
 
Hitscbriefing091912
Hitscbriefing091912Hitscbriefing091912
Hitscbriefing091912Rich Elmore
 
ONC’s Proposed Strategy on Governance for the Nationwide Health Information N...
ONC’s Proposed Strategy on Governance for the Nationwide Health Information N...ONC’s Proposed Strategy on Governance for the Nationwide Health Information N...
ONC’s Proposed Strategy on Governance for the Nationwide Health Information N...Brian Ahier
 
Privacy and Security Tiger Team Authentication Recommendations
Privacy and Security Tiger Team Authentication RecommendationsPrivacy and Security Tiger Team Authentication Recommendations
Privacy and Security Tiger Team Authentication RecommendationsBrian Ahier
 
Gaining assurance over 3rd party soc 1 and soc 2 reporting 7-2014
Gaining assurance over 3rd party soc 1 and soc 2 reporting 7-2014Gaining assurance over 3rd party soc 1 and soc 2 reporting 7-2014
Gaining assurance over 3rd party soc 1 and soc 2 reporting 7-2014Accounting_Whitepapers
 
Open ID in Government
Open ID in GovernmentOpen ID in Government
Open ID in GovernmentKarthik Ethirajan
 
Running head CONTRACT CLOSEOUT 1CONTRACT CLOSEOUT 16.docx
Running head CONTRACT CLOSEOUT 1CONTRACT CLOSEOUT 16.docxRunning head CONTRACT CLOSEOUT 1CONTRACT CLOSEOUT 16.docx
Running head CONTRACT CLOSEOUT 1CONTRACT CLOSEOUT 16.docxjoellemurphey
 
Onc regulations-faq-092110-v3[1]
Onc regulations-faq-092110-v3[1]Onc regulations-faq-092110-v3[1]
Onc regulations-faq-092110-v3[1]rlpowers1
 

More Related Content

Viewers also liked

Cdc e health_record
Cdc e health_recordCdc e health_record
Cdc e health_recordBrian Ahier
 
ONC 2015 Edition EHR Certification Criteria
ONC 2015 Edition EHR Certification CriteriaONC 2015 Edition EHR Certification Criteria
ONC 2015 Edition EHR Certification CriteriaBrian Ahier
 
Big Data and VistA Evolution, Theresa A. Cullen, MD, MS
Big Data and VistA Evolution, Theresa A. Cullen, MD, MSBig Data and VistA Evolution, Theresa A. Cullen, MD, MS
Big Data and VistA Evolution, Theresa A. Cullen, MD, MSBrian Ahier
 
South Carolina-Liam and William
South Carolina-Liam and WilliamSouth Carolina-Liam and William
South Carolina-Liam and Williamklei8103
 
Trio credentialsdeck ebooksv2 (2)
Trio credentialsdeck ebooksv2 (2)Trio credentialsdeck ebooksv2 (2)
Trio credentialsdeck ebooksv2 (2)TRIO media group
 
Διαδικτυακή Δημοσιογραφία (Θ) (Ζ')-Η δολοφονία του Παύλου Φύσσα
Διαδικτυακή Δημοσιογραφία (Θ) (Ζ')-Η δολοφονία του Παύλου ΦύσσαΔιαδικτυακή Δημοσιογραφία (Θ) (Ζ')-Η δολοφονία του Παύλου Φύσσα
Διαδικτυακή Δημοσιογραφία (Θ) (Ζ')-Η δολοφονία του Παύλου ΦύσσαVana Petmeza
 

Viewers also liked (7)

Brian Grim
Brian GrimBrian Grim
Brian Grim
 
Cdc e health_record
Cdc e health_recordCdc e health_record
Cdc e health_record
 
ONC 2015 Edition EHR Certification Criteria
ONC 2015 Edition EHR Certification CriteriaONC 2015 Edition EHR Certification Criteria
ONC 2015 Edition EHR Certification Criteria
 
Big Data and VistA Evolution, Theresa A. Cullen, MD, MS
Big Data and VistA Evolution, Theresa A. Cullen, MD, MSBig Data and VistA Evolution, Theresa A. Cullen, MD, MS
Big Data and VistA Evolution, Theresa A. Cullen, MD, MS
 
South Carolina-Liam and William
South Carolina-Liam and WilliamSouth Carolina-Liam and William
South Carolina-Liam and William
 
Trio credentialsdeck ebooksv2 (2)
Trio credentialsdeck ebooksv2 (2)Trio credentialsdeck ebooksv2 (2)
Trio credentialsdeck ebooksv2 (2)
 
Διαδικτυακή Δημοσιογραφία (Θ) (Ζ')-Η δολοφονία του Παύλου Φύσσα
Διαδικτυακή Δημοσιογραφία (Θ) (Ζ')-Η δολοφονία του Παύλου ΦύσσαΔιαδικτυακή Δημοσιογραφία (Θ) (Ζ')-Η δολοφονία του Παύλου Φύσσα
Διαδικτυακή Δημοσιογραφία (Θ) (Ζ')-Η δολοφονία του Παύλου Φύσσα
 

Similar to NwHIN Governance RFI 5-15-12

Hitpc.20090716.Certification Workgroup
Hitpc.20090716.Certification WorkgroupHitpc.20090716.Certification Workgroup
Hitpc.20090716.Certification Workgroupsdaviss
 
EHR Certification for Medical Practices
EHR Certification for Medical PracticesEHR Certification for Medical Practices
EHR Certification for Medical PracticesMichael Duffy
 
EHR Certification Requirements For Medical Practices
EHR Certification Requirements For Medical PracticesEHR Certification Requirements For Medical Practices
EHR Certification Requirements For Medical PracticesMichael Patrick
 
Fairness Opinion on Debate
Fairness Opinion on DebateFairness Opinion on Debate
Fairness Opinion on DebateGiana Araujo
 
Comp8 unit2 lecture_slides
Comp8 unit2 lecture_slidesComp8 unit2 lecture_slides
Comp8 unit2 lecture_slidesCMDLMS
 
Provider Authentication for Health Information Exchange
Provider Authentication for Health Information ExchangeProvider Authentication for Health Information Exchange
Provider Authentication for Health Information ExchangeBrian Ahier
 
Governance Workgroup 9-3-10
Governance Workgroup 9-3-10Governance Workgroup 9-3-10
Governance Workgroup 9-3-10Brian Ahier
 
Hitscbriefing091912
Hitscbriefing091912Hitscbriefing091912
Hitscbriefing091912Rich Elmore
 
ONC’s Proposed Strategy on Governance for the Nationwide Health Information N...
ONC’s Proposed Strategy on Governance for the Nationwide Health Information N...ONC’s Proposed Strategy on Governance for the Nationwide Health Information N...
ONC’s Proposed Strategy on Governance for the Nationwide Health Information N...Brian Ahier
 
Privacy and Security Tiger Team Authentication Recommendations
Privacy and Security Tiger Team Authentication RecommendationsPrivacy and Security Tiger Team Authentication Recommendations
Privacy and Security Tiger Team Authentication RecommendationsBrian Ahier
 
Gaining assurance over 3rd party soc 1 and soc 2 reporting 7-2014
Gaining assurance over 3rd party soc 1 and soc 2 reporting 7-2014Gaining assurance over 3rd party soc 1 and soc 2 reporting 7-2014
Gaining assurance over 3rd party soc 1 and soc 2 reporting 7-2014Accounting_Whitepapers
 
Running head CONTRACT CLOSEOUT 1CONTRACT CLOSEOUT 16.docx
Running head CONTRACT CLOSEOUT 1CONTRACT CLOSEOUT 16.docxRunning head CONTRACT CLOSEOUT 1CONTRACT CLOSEOUT 16.docx
Running head CONTRACT CLOSEOUT 1CONTRACT CLOSEOUT 16.docxjoellemurphey
 
Onc regulations-faq-092110-v3[1]
Onc regulations-faq-092110-v3[1]Onc regulations-faq-092110-v3[1]
Onc regulations-faq-092110-v3[1]rlpowers1
 
Interoperability testing - Test Quickly and Securely
Interoperability testing - Test Quickly and SecurelyInteroperability testing - Test Quickly and Securely
Interoperability testing - Test Quickly and SecurelyCompliancy Group
 
EHR Certification HIMSS Presentation
EHR Certification HIMSS PresentationEHR Certification HIMSS Presentation
EHR Certification HIMSS PresentationBrian Ahier
 
Cyber_Management_Issues.pdf
Cyber_Management_Issues.pdfCyber_Management_Issues.pdf
Cyber_Management_Issues.pdfAliAhmed675993
 
Kantara - Consent & Information Sharing WG Update
Kantara - Consent & Information Sharing WG UpdateKantara - Consent & Information Sharing WG Update
Kantara - Consent & Information Sharing WG Updatekantarainitiative
 

Similar to NwHIN Governance RFI 5-15-12 (20)

NHIN Workgroup
NHIN WorkgroupNHIN Workgroup
NHIN Workgroup
 
Hitpc.20090716.Certification Workgroup
Hitpc.20090716.Certification WorkgroupHitpc.20090716.Certification Workgroup
Hitpc.20090716.Certification Workgroup
 
EHR Certification for Medical Practices
EHR Certification for Medical PracticesEHR Certification for Medical Practices
EHR Certification for Medical Practices
 
EHR Certification Requirements For Medical Practices
EHR Certification Requirements For Medical PracticesEHR Certification Requirements For Medical Practices
EHR Certification Requirements For Medical Practices
 
Fairness Opinion on Debate
Fairness Opinion on DebateFairness Opinion on Debate
Fairness Opinion on Debate
 
Comp8 unit2 lecture_slides
Comp8 unit2 lecture_slidesComp8 unit2 lecture_slides
Comp8 unit2 lecture_slides
 
Provider Authentication for Health Information Exchange
Provider Authentication for Health Information ExchangeProvider Authentication for Health Information Exchange
Provider Authentication for Health Information Exchange
 
Governance Workgroup 9-3-10
Governance Workgroup 9-3-10Governance Workgroup 9-3-10
Governance Workgroup 9-3-10
 
Hitscbriefing091912
Hitscbriefing091912Hitscbriefing091912
Hitscbriefing091912
 
ONC’s Proposed Strategy on Governance for the Nationwide Health Information N...
ONC’s Proposed Strategy on Governance for the Nationwide Health Information N...ONC’s Proposed Strategy on Governance for the Nationwide Health Information N...
ONC’s Proposed Strategy on Governance for the Nationwide Health Information N...
 
Privacy and Security Tiger Team Authentication Recommendations
Privacy and Security Tiger Team Authentication RecommendationsPrivacy and Security Tiger Team Authentication Recommendations
Privacy and Security Tiger Team Authentication Recommendations
 
Gaining assurance over 3rd party soc 1 and soc 2 reporting 7-2014
Gaining assurance over 3rd party soc 1 and soc 2 reporting 7-2014Gaining assurance over 3rd party soc 1 and soc 2 reporting 7-2014
Gaining assurance over 3rd party soc 1 and soc 2 reporting 7-2014
 
Open ID in Government
Open ID in GovernmentOpen ID in Government
Open ID in Government
 
Running head CONTRACT CLOSEOUT 1CONTRACT CLOSEOUT 16.docx
Running head CONTRACT CLOSEOUT 1CONTRACT CLOSEOUT 16.docxRunning head CONTRACT CLOSEOUT 1CONTRACT CLOSEOUT 16.docx
Running head CONTRACT CLOSEOUT 1CONTRACT CLOSEOUT 16.docx
 
Onc regulations-faq-092110-v3[1]
Onc regulations-faq-092110-v3[1]Onc regulations-faq-092110-v3[1]
Onc regulations-faq-092110-v3[1]
 
Interoperability testing - Test Quickly and Securely
Interoperability testing - Test Quickly and SecurelyInteroperability testing - Test Quickly and Securely
Interoperability testing - Test Quickly and Securely
 
Iso private security
Iso private securityIso private security
Iso private security
 
EHR Certification HIMSS Presentation
EHR Certification HIMSS PresentationEHR Certification HIMSS Presentation
EHR Certification HIMSS Presentation
 
Cyber_Management_Issues.pdf
Cyber_Management_Issues.pdfCyber_Management_Issues.pdf
Cyber_Management_Issues.pdf
 
Kantara - Consent & Information Sharing WG Update
Kantara - Consent & Information Sharing WG UpdateKantara - Consent & Information Sharing WG Update
Kantara - Consent & Information Sharing WG Update
 

More from Brian Ahier

AMA Digital Health Study
AMA Digital Health Study AMA Digital Health Study
AMA Digital Health Study Brian Ahier
 
DoD onboarding slides
DoD onboarding slidesDoD onboarding slides
DoD onboarding slidesBrian Ahier
 
2015 Edition Proposed Rule Modifications to the ONC Health IT Certification ...
2015 Edition Proposed Rule Modifications to the ONC Health IT Certification ...2015 Edition Proposed Rule Modifications to the ONC Health IT Certification ...
2015 Edition Proposed Rule Modifications to the ONC Health IT Certification ...Brian Ahier
 
Remarks to Public Forum on National Health IT Policy
Remarks to Public Forum on National Health IT PolicyRemarks to Public Forum on National Health IT Policy
Remarks to Public Forum on National Health IT PolicyBrian Ahier
 
Accountable Care Workgroup: Draft Recommendations
Accountable Care Workgroup: Draft RecommendationsAccountable Care Workgroup: Draft Recommendations
Accountable Care Workgroup: Draft RecommendationsBrian Ahier
 
FTC Spring Privacy Series: Consumer Generated and Controlled Health Data
FTC Spring Privacy Series: Consumer Generated and Controlled Health DataFTC Spring Privacy Series: Consumer Generated and Controlled Health Data
FTC Spring Privacy Series: Consumer Generated and Controlled Health DataBrian Ahier
 
Mobile Device Tracking Seminar
Mobile Device Tracking SeminarMobile Device Tracking Seminar
Mobile Device Tracking SeminarBrian Ahier
 
HIT Policy Committee FDASIA Update
HIT Policy Committee FDASIA UpdateHIT Policy Committee FDASIA Update
HIT Policy Committee FDASIA UpdateBrian Ahier
 
Meaningful Use Workgroup Stage 3 Recommendations
Meaningful Use Workgroup Stage 3 Recommendations Meaningful Use Workgroup Stage 3 Recommendations
Meaningful Use Workgroup Stage 3 Recommendations Brian Ahier
 
Mark Bertolini of Aetna at JP Morgan Healthcare 2014
Mark Bertolini of Aetna at JP Morgan Healthcare 2014Mark Bertolini of Aetna at JP Morgan Healthcare 2014
Mark Bertolini of Aetna at JP Morgan Healthcare 2014Brian Ahier
 
DeSalvo Remarks to HIT Policy Committee 1-14-13
DeSalvo Remarks to HIT Policy Committee 1-14-13DeSalvo Remarks to HIT Policy Committee 1-14-13
DeSalvo Remarks to HIT Policy Committee 1-14-13Brian Ahier
 
Patient Identification and Matching Initiative Stakeholder Meeting
Patient Identification and Matching Initiative Stakeholder MeetingPatient Identification and Matching Initiative Stakeholder Meeting
Patient Identification and Matching Initiative Stakeholder MeetingBrian Ahier
 
The Pulse of Liquid Health Data
The Pulse of Liquid Health DataThe Pulse of Liquid Health Data
The Pulse of Liquid Health DataBrian Ahier
 
Direct Boot Camp 2.0 - Tennesse Directories
Direct Boot Camp 2.0 - Tennesse DirectoriesDirect Boot Camp 2.0 - Tennesse Directories
Direct Boot Camp 2.0 - Tennesse DirectoriesBrian Ahier
 
Direct Boot Camp 2 0 IWG Provider Directory Pilots
Direct Boot Camp 2 0 IWG Provider Directory PilotsDirect Boot Camp 2 0 IWG Provider Directory Pilots
Direct Boot Camp 2 0 IWG Provider Directory PilotsBrian Ahier
 
Direct20: Modular Specifications - Provider Directories
Direct20: Modular Specifications - Provider DirectoriesDirect20: Modular Specifications - Provider Directories
Direct20: Modular Specifications - Provider DirectoriesBrian Ahier
 
Delivery Notifications in Direct Background & Implementation Guidance
Delivery Notifications in Direct Background & Implementation GuidanceDelivery Notifications in Direct Background & Implementation Guidance
Delivery Notifications in Direct Background & Implementation GuidanceBrian Ahier
 
Direct 2.0 Boot Camp: Deep Dive Into the Direct Trusted Agent Accreditation P...
Direct 2.0 Boot Camp: Deep Dive Into the Direct Trusted Agent Accreditation P...Direct 2.0 Boot Camp: Deep Dive Into the Direct Trusted Agent Accreditation P...
Direct 2.0 Boot Camp: Deep Dive Into the Direct Trusted Agent Accreditation P...Brian Ahier
 

More from Brian Ahier (20)

Draft TEFCA
Draft TEFCADraft TEFCA
Draft TEFCA
 
Future is Now
Future is NowFuture is Now
Future is Now
 
AMA Digital Health Study
AMA Digital Health Study AMA Digital Health Study
AMA Digital Health Study
 
DoD onboarding slides
DoD onboarding slidesDoD onboarding slides
DoD onboarding slides
 
2015 Edition Proposed Rule Modifications to the ONC Health IT Certification ...
2015 Edition Proposed Rule Modifications to the ONC Health IT Certification ...2015 Edition Proposed Rule Modifications to the ONC Health IT Certification ...
2015 Edition Proposed Rule Modifications to the ONC Health IT Certification ...
 
Remarks to Public Forum on National Health IT Policy
Remarks to Public Forum on National Health IT PolicyRemarks to Public Forum on National Health IT Policy
Remarks to Public Forum on National Health IT Policy
 
Accountable Care Workgroup: Draft Recommendations
Accountable Care Workgroup: Draft RecommendationsAccountable Care Workgroup: Draft Recommendations
Accountable Care Workgroup: Draft Recommendations
 
FTC Spring Privacy Series: Consumer Generated and Controlled Health Data
FTC Spring Privacy Series: Consumer Generated and Controlled Health DataFTC Spring Privacy Series: Consumer Generated and Controlled Health Data
FTC Spring Privacy Series: Consumer Generated and Controlled Health Data
 
Mobile Device Tracking Seminar
Mobile Device Tracking SeminarMobile Device Tracking Seminar
Mobile Device Tracking Seminar
 
HIT Policy Committee FDASIA Update
HIT Policy Committee FDASIA UpdateHIT Policy Committee FDASIA Update
HIT Policy Committee FDASIA Update
 
Meaningful Use Workgroup Stage 3 Recommendations
Meaningful Use Workgroup Stage 3 Recommendations Meaningful Use Workgroup Stage 3 Recommendations
Meaningful Use Workgroup Stage 3 Recommendations
 
Mark Bertolini of Aetna at JP Morgan Healthcare 2014
Mark Bertolini of Aetna at JP Morgan Healthcare 2014Mark Bertolini of Aetna at JP Morgan Healthcare 2014
Mark Bertolini of Aetna at JP Morgan Healthcare 2014
 
DeSalvo Remarks to HIT Policy Committee 1-14-13
DeSalvo Remarks to HIT Policy Committee 1-14-13DeSalvo Remarks to HIT Policy Committee 1-14-13
DeSalvo Remarks to HIT Policy Committee 1-14-13
 
Patient Identification and Matching Initiative Stakeholder Meeting
Patient Identification and Matching Initiative Stakeholder MeetingPatient Identification and Matching Initiative Stakeholder Meeting
Patient Identification and Matching Initiative Stakeholder Meeting
 
The Pulse of Liquid Health Data
The Pulse of Liquid Health DataThe Pulse of Liquid Health Data
The Pulse of Liquid Health Data
 
Direct Boot Camp 2.0 - Tennesse Directories
Direct Boot Camp 2.0 - Tennesse DirectoriesDirect Boot Camp 2.0 - Tennesse Directories
Direct Boot Camp 2.0 - Tennesse Directories
 
Direct Boot Camp 2 0 IWG Provider Directory Pilots
Direct Boot Camp 2 0 IWG Provider Directory PilotsDirect Boot Camp 2 0 IWG Provider Directory Pilots
Direct Boot Camp 2 0 IWG Provider Directory Pilots
 
Direct20: Modular Specifications - Provider Directories
Direct20: Modular Specifications - Provider DirectoriesDirect20: Modular Specifications - Provider Directories
Direct20: Modular Specifications - Provider Directories
 
Delivery Notifications in Direct Background & Implementation Guidance
Delivery Notifications in Direct Background & Implementation GuidanceDelivery Notifications in Direct Background & Implementation Guidance
Delivery Notifications in Direct Background & Implementation Guidance
 
Direct 2.0 Boot Camp: Deep Dive Into the Direct Trusted Agent Accreditation P...
Direct 2.0 Boot Camp: Deep Dive Into the Direct Trusted Agent Accreditation P...Direct 2.0 Boot Camp: Deep Dive Into the Direct Trusted Agent Accreditation P...
Direct 2.0 Boot Camp: Deep Dive Into the Direct Trusted Agent Accreditation P...
 

Recently uploaded

Ensure the security of your HCL environment by applying the Zero Trust princi...
Ensure the security of your HCL environment by applying the Zero Trust princi...Ensure the security of your HCL environment by applying the Zero Trust princi...
Ensure the security of your HCL environment by applying the Zero Trust princi...Roland Driesen
 
Monte Carlo simulation : Simulation using MCSM
Monte Carlo simulation : Simulation using MCSMMonte Carlo simulation : Simulation using MCSM
Monte Carlo simulation : Simulation using MCSMRavindra Nath Shukla
 
It will be International Nurses' Day on 12 May
It will be International Nurses' Day on 12 MayIt will be International Nurses' Day on 12 May
It will be International Nurses' Day on 12 MayNZSG
 
Lucknow 💋 Escorts in Lucknow - 450+ Call Girl Cash Payment 8923113531 Neha Th...
Lucknow 💋 Escorts in Lucknow - 450+ Call Girl Cash Payment 8923113531 Neha Th...Lucknow 💋 Escorts in Lucknow - 450+ Call Girl Cash Payment 8923113531 Neha Th...
Lucknow 💋 Escorts in Lucknow - 450+ Call Girl Cash Payment 8923113531 Neha Th...anilsa9823
 
Insurers' journeys to build a mastery in the IoT usage
Insurers' journeys to build a mastery in the IoT usageInsurers' journeys to build a mastery in the IoT usage
Insurers' journeys to build a mastery in the IoT usageMatteo Carbone
 
Call Girls Pune Just Call 9907093804 Top Class Call Girl Service Available
Call Girls Pune Just Call 9907093804 Top Class Call Girl Service AvailableCall Girls Pune Just Call 9907093804 Top Class Call Girl Service Available
Call Girls Pune Just Call 9907093804 Top Class Call Girl Service AvailableDipal Arora
 
How to Get Started in Social Media for Art League City
How to Get Started in Social Media for Art League CityHow to Get Started in Social Media for Art League City
How to Get Started in Social Media for Art League CityEric T. Tung
 
Mysore Call Girls 8617370543 WhatsApp Number 24x7 Best Services
Mysore Call Girls 8617370543 WhatsApp Number 24x7 Best ServicesMysore Call Girls 8617370543 WhatsApp Number 24x7 Best Services
Mysore Call Girls 8617370543 WhatsApp Number 24x7 Best ServicesDipal Arora
 
The Coffee Bean & Tea Leaf(CBTL), Business strategy case study
The Coffee Bean & Tea Leaf(CBTL), Business strategy case studyThe Coffee Bean & Tea Leaf(CBTL), Business strategy case study
The Coffee Bean & Tea Leaf(CBTL), Business strategy case studyEthan lee
 
Call Girls Electronic City Just Call 👗 7737669865 👗 Top Class Call Girl Servi...
Call Girls Electronic City Just Call 👗 7737669865 👗 Top Class Call Girl Servi...Call Girls Electronic City Just Call 👗 7737669865 👗 Top Class Call Girl Servi...
Call Girls Electronic City Just Call 👗 7737669865 👗 Top Class Call Girl Servi...amitlee9823
 
FULL ENJOY Call Girls In Mahipalpur Delhi Contact Us 8377877756
FULL ENJOY Call Girls In Mahipalpur Delhi Contact Us 8377877756FULL ENJOY Call Girls In Mahipalpur Delhi Contact Us 8377877756
FULL ENJOY Call Girls In Mahipalpur Delhi Contact Us 8377877756dollysharma2066
 
Call Girls In DLf Gurgaon ➥99902@11544 ( Best price)100% Genuine Escort In 24...
Call Girls In DLf Gurgaon ➥99902@11544 ( Best price)100% Genuine Escort In 24...Call Girls In DLf Gurgaon ➥99902@11544 ( Best price)100% Genuine Escort In 24...
Call Girls In DLf Gurgaon ➥99902@11544 ( Best price)100% Genuine Escort In 24...lizamodels9
 
FULL ENJOY Call Girls In Majnu Ka Tilla, Delhi Contact Us 8377877756
FULL ENJOY Call Girls In Majnu Ka Tilla, Delhi Contact Us 8377877756FULL ENJOY Call Girls In Majnu Ka Tilla, Delhi Contact Us 8377877756
FULL ENJOY Call Girls In Majnu Ka Tilla, Delhi Contact Us 8377877756dollysharma2066
 
Yaroslav Rozhankivskyy: Три складові і три передумови максимальної продуктивн...
Yaroslav Rozhankivskyy: Три складові і три передумови максимальної продуктивн...Yaroslav Rozhankivskyy: Три складові і три передумови максимальної продуктивн...
Yaroslav Rozhankivskyy: Три складові і три передумови максимальної продуктивн...Lviv Startup Club
 
Call Girls Navi Mumbai Just Call 9907093804 Top Class Call Girl Service Avail...
Call Girls Navi Mumbai Just Call 9907093804 Top Class Call Girl Service Avail...Call Girls Navi Mumbai Just Call 9907093804 Top Class Call Girl Service Avail...
Call Girls Navi Mumbai Just Call 9907093804 Top Class Call Girl Service Avail...Dipal Arora
 
Enhancing and Restoring Safety & Quality Cultures - Dave Litwiller - May 2024...
Enhancing and Restoring Safety & Quality Cultures - Dave Litwiller - May 2024...Enhancing and Restoring Safety & Quality Cultures - Dave Litwiller - May 2024...
Enhancing and Restoring Safety & Quality Cultures - Dave Litwiller - May 2024...Dave Litwiller
 
Call Girls in Gomti Nagar - 7388211116 - With room Service
Call Girls in Gomti Nagar - 7388211116 - With room ServiceCall Girls in Gomti Nagar - 7388211116 - With room Service
Call Girls in Gomti Nagar - 7388211116 - With room Servicediscovermytutordmt
 
Organizational Transformation Lead with Culture
Organizational Transformation Lead with CultureOrganizational Transformation Lead with Culture
Organizational Transformation Lead with CultureSeta Wicaksana
 

Recently uploaded (20)

Ensure the security of your HCL environment by applying the Zero Trust princi...
Ensure the security of your HCL environment by applying the Zero Trust princi...Ensure the security of your HCL environment by applying the Zero Trust princi...
Ensure the security of your HCL environment by applying the Zero Trust princi...
 
Monte Carlo simulation : Simulation using MCSM
Monte Carlo simulation : Simulation using MCSMMonte Carlo simulation : Simulation using MCSM
Monte Carlo simulation : Simulation using MCSM
 
Forklift Operations: Safety through Cartoons
Forklift Operations: Safety through CartoonsForklift Operations: Safety through Cartoons
Forklift Operations: Safety through Cartoons
 
It will be International Nurses' Day on 12 May
It will be International Nurses' Day on 12 MayIt will be International Nurses' Day on 12 May
It will be International Nurses' Day on 12 May
 
Lucknow 💋 Escorts in Lucknow - 450+ Call Girl Cash Payment 8923113531 Neha Th...
Lucknow 💋 Escorts in Lucknow - 450+ Call Girl Cash Payment 8923113531 Neha Th...Lucknow 💋 Escorts in Lucknow - 450+ Call Girl Cash Payment 8923113531 Neha Th...
Lucknow 💋 Escorts in Lucknow - 450+ Call Girl Cash Payment 8923113531 Neha Th...
 
Insurers' journeys to build a mastery in the IoT usage
Insurers' journeys to build a mastery in the IoT usageInsurers' journeys to build a mastery in the IoT usage
Insurers' journeys to build a mastery in the IoT usage
 
Call Girls Pune Just Call 9907093804 Top Class Call Girl Service Available
Call Girls Pune Just Call 9907093804 Top Class Call Girl Service AvailableCall Girls Pune Just Call 9907093804 Top Class Call Girl Service Available
Call Girls Pune Just Call 9907093804 Top Class Call Girl Service Available
 
How to Get Started in Social Media for Art League City
How to Get Started in Social Media for Art League CityHow to Get Started in Social Media for Art League City
How to Get Started in Social Media for Art League City
 
Mysore Call Girls 8617370543 WhatsApp Number 24x7 Best Services
Mysore Call Girls 8617370543 WhatsApp Number 24x7 Best ServicesMysore Call Girls 8617370543 WhatsApp Number 24x7 Best Services
Mysore Call Girls 8617370543 WhatsApp Number 24x7 Best Services
 
The Coffee Bean & Tea Leaf(CBTL), Business strategy case study
The Coffee Bean & Tea Leaf(CBTL), Business strategy case studyThe Coffee Bean & Tea Leaf(CBTL), Business strategy case study
The Coffee Bean & Tea Leaf(CBTL), Business strategy case study
 
Call Girls Electronic City Just Call 👗 7737669865 👗 Top Class Call Girl Servi...
Call Girls Electronic City Just Call 👗 7737669865 👗 Top Class Call Girl Servi...Call Girls Electronic City Just Call 👗 7737669865 👗 Top Class Call Girl Servi...
Call Girls Electronic City Just Call 👗 7737669865 👗 Top Class Call Girl Servi...
 
FULL ENJOY Call Girls In Mahipalpur Delhi Contact Us 8377877756
FULL ENJOY Call Girls In Mahipalpur Delhi Contact Us 8377877756FULL ENJOY Call Girls In Mahipalpur Delhi Contact Us 8377877756
FULL ENJOY Call Girls In Mahipalpur Delhi Contact Us 8377877756
 
Call Girls In DLf Gurgaon ➥99902@11544 ( Best price)100% Genuine Escort In 24...
Call Girls In DLf Gurgaon ➥99902@11544 ( Best price)100% Genuine Escort In 24...Call Girls In DLf Gurgaon ➥99902@11544 ( Best price)100% Genuine Escort In 24...
Call Girls In DLf Gurgaon ➥99902@11544 ( Best price)100% Genuine Escort In 24...
 
FULL ENJOY Call Girls In Majnu Ka Tilla, Delhi Contact Us 8377877756
FULL ENJOY Call Girls In Majnu Ka Tilla, Delhi Contact Us 8377877756FULL ENJOY Call Girls In Majnu Ka Tilla, Delhi Contact Us 8377877756
FULL ENJOY Call Girls In Majnu Ka Tilla, Delhi Contact Us 8377877756
 
unwanted pregnancy Kit [+918133066128] Abortion Pills IN Dubai UAE Abudhabi
unwanted pregnancy Kit [+918133066128] Abortion Pills IN Dubai UAE Abudhabiunwanted pregnancy Kit [+918133066128] Abortion Pills IN Dubai UAE Abudhabi
unwanted pregnancy Kit [+918133066128] Abortion Pills IN Dubai UAE Abudhabi
 
Yaroslav Rozhankivskyy: Три складові і три передумови максимальної продуктивн...
Yaroslav Rozhankivskyy: Три складові і три передумови максимальної продуктивн...Yaroslav Rozhankivskyy: Три складові і три передумови максимальної продуктивн...
Yaroslav Rozhankivskyy: Три складові і три передумови максимальної продуктивн...
 
Call Girls Navi Mumbai Just Call 9907093804 Top Class Call Girl Service Avail...
Call Girls Navi Mumbai Just Call 9907093804 Top Class Call Girl Service Avail...Call Girls Navi Mumbai Just Call 9907093804 Top Class Call Girl Service Avail...
Call Girls Navi Mumbai Just Call 9907093804 Top Class Call Girl Service Avail...
 
Enhancing and Restoring Safety & Quality Cultures - Dave Litwiller - May 2024...
Enhancing and Restoring Safety & Quality Cultures - Dave Litwiller - May 2024...Enhancing and Restoring Safety & Quality Cultures - Dave Litwiller - May 2024...
Enhancing and Restoring Safety & Quality Cultures - Dave Litwiller - May 2024...
 
Call Girls in Gomti Nagar - 7388211116 - With room Service
Call Girls in Gomti Nagar - 7388211116 - With room ServiceCall Girls in Gomti Nagar - 7388211116 - With room Service
Call Girls in Gomti Nagar - 7388211116 - With room Service
 
Organizational Transformation Lead with Culture
Organizational Transformation Lead with CultureOrganizational Transformation Lead with Culture
Organizational Transformation Lead with Culture
 

NwHIN Governance RFI 5-15-12

  • 1. HIT Policy Committee Information Exchange Workgroup NwHIN Conditions for Trusted Exchange Request For Information (RFI) May 15, 2012 1
  • 2. Our Eight Questions Actors, Accreditation and Validation Bodies, and Validation Entity Eligibility 1. Question 8: We solicit feedback on the appropriateness of ONC’s role in coordinating the governance mechanism and whether certain responsibilities might be better delegated to, and/or fulfilled by, the private sector. Question 9: Would a voluntary validation process be effective for ensuring that entities engaged in facilitating electronic exchange continue to comply with adopted CTEs? If not, what other validation processes could be leveraged for validating conformance with adopted CTEs? If you identify existing processes, please explain the focus of each and its scope. Question 10: Should the validation method vary by CTE? Which methods would be most effective for ensuring compliance with the CTEs? (Before answering this question it may be useful to first review the CTEs we are considering to adopt, see section “VI. Conditions for Trusted Exchange.” Question 11: What successful validation models or approaches exist in other industries that could be used as a model for our purposes in this context? Question 13: Should there be an eligibility criterion that requires an entity to have a valid purpose (e.g., treatment) for exchanging health information? If so, what would constitute a “valid” purpose for exchange? Question 14: Should there be an eligibility criterion that requires an entity to have prior electronic exchange experience or a certain number of participants it serves? Question 15: Are there other eligibility criteria that we should also consider? Question 16: Should eligibility be limited to entities that are tax-exempt under section 501(c)(3) of the IRC? If yes, please explain why. 2
  • 3. Nationwide Health Information Network Governance Conditions of Trusted Exchange • Conditions for Trusted Exchange (CTEs) – Three Domains: – Safeguards: focus on the protection of individually identifiable health information (IIHI) to ensure its confidentiality, integrity, and availability and to prevent unauthorized or inappropriate access, use, or disclosure. • Example [S-1]: An NVE must comply as if it were a covered entity, and must treat all implementation specifications as “required.” – Interoperability: focus on the technical standards and implementation specifications needed for exchanging electronic health information. • Example [I-2]: An NVE must follow required standards for establishing and discovering digital certificates. – Business Practices: focus on the operational and financial practices to which NVEs would need to adhere in support of trusted electronic health information exchange. • Example [BP-2]: An NVE must provide open access to the directory services it provides to enable planned electronic exchange. 3
  • 4. Accreditation and Validation Process Overview  Similar to the permanent certification program for HIT, the National Coordinator would approve a single body to accredit and oversee validation bodies.  Validation bodies would evaluate an entity’s conformance to adopted CTEs as opposed to a particular product’s (e.g., EHR technology) certification to certification criteria.  Certified HIT could be used by an entity as a way to demonstrate conformance with certain adopted CTEs  Accreditation body would be expected to conform to internationally accepted standards for accreditation bodies  Validation bodies - upon accreditation by the accreditation body and authorization from the National Coordinator - would subsequently perform the validation of entities‘ conformance to adopted CTEs.  Validation could use different methodologies (self-attestation, laboratory testing for conformance, certification, accreditation) and could vary depending on CTE type and potential methodology burden. 4
  • 5. Actors and Associated Responsibilities 8. ONC’s roles & delegation of responsibilities to the private sector. Suggested Existing Authorities and/or Proposed Role Lead Alternatives to Consider 1. Endorsing and adopting CTEs, publishing ONC In accordance with the National Coordinator‘s guidance authority at section 3001(c)(1)(A) and processes identified at section 3004 under the PHSA, and publishing interpretative guidance 2. Facilitating the receipt of input from the HIT ONC In accordance with processes identified at Policy and Standards Committees and other sections 3002(b)(3) and 3003(b)(2) of the interested parties on: PHSA • revisions to CTEs, • new CTEs, and • the appropriate retirement of CTEs 3. Selection and oversight processes for an ONC ONC would approve a single body to accredit accreditation body and oversee “validation bodies”. 4. Authorizing and overseeing validation bodies ONC responsible for validating that eligible entities have met adopted CTEs 5. Administering a process to classify the readiness ONC [ONC would have to adopt specific for nationwide adoption and use of technical certification criteria that could be used to standards and implementation specifications to certify other types of HIT through established support interoperability related CTEs certification program. 6. Overall oversight of all entities and processes ONC established as part of the governance mechanism. 5
  • 6. ONC Role 8. Voluntary Nature of Process Role Comments We solicit feedback on the appropriateness of ONC’s role in coordinating the governance mechanism and whether certain responsibilities might be better delegated to, and/or fulfilled by, the private sector. 6
  • 7. Validation Process 9. Voluntary Nature of Process Role Comments 9(a) Would a voluntary validation process be effective for ensuring that entities engaged in facilitating electronic exchange continue to comply with adopted CTEs? 9(b) What other validation processes could be leveraged for validating conformance with adopted CTEs? 7
  • 8. Conditions for Trusted Exchange Safeguards [S-1]: An NVE must comply as if it were a covered entity, and must treat all implementation specifications as “required.” [S-2]: An NVE must only facilitate electronic health information exchange for parties it has authenticated and authorized, either directly or indirectly. [S-3]: An NVE must ensure that individuals are provided with a meaningful choice regarding whether their IIHI may be exchanged by the NVE. [S-4]: An NVE must only exchange encrypted IIHI. [S-5]: An NVE must make publicly available a notice of its data practices describing why IIHI is collected, how it is used, and to whom and for what reason it is disclosed. [S-6]: An NVE must not use or disclose de-identified health information to which it has access for any commercial purpose. [S-7]: An NVE must operate its services with high availability. [S-8]: If an NVE assembles or aggregates health information that results in a unique set of IIHI, then it must provide individuals with electronic access to their unique set of IIHI. [S-9]: If an NVE assembles or aggregates health information which results in a unique set of IIHI, then it must provide individuals with the right to request a correction and/or annotation to this unique set of IIHI. [S-10]: An NVE must have the means to verify that a provider requesting an individual’s health information through a query and response model has or is in the process of establishing a treatment relationship with that individual. 8
  • 9. Conditions for Trusted Exchange Interoperability [I-1]: An NVE must be able to facilitate secure electronic health information exchange in two circumstances: 1) when the sender and receiver are known; and 2) when the exchange occurs at the patient’s direction. [I-2]: An NVE must follow required standards for establishing and discovering digital certificates. [I-3]: An NVE must have the ability to verify and match the subject of a message, including the ability to locate a potential source of available information for a specific subject. 9
  • 10. Conditions for Trusted Exchange Business Practices [BP-1]: An NVE must send and receive any planned electronic exchange message from another NVE without imposing financial preconditions on any other NVE. [BP-2]: An NVE must provide open access to the directory services it provides to enable planned electronic exchange. [BP-3]: An NVE must report on users and transaction volume for validated services. 10
  • 11. Validation Process 10. Validation Method Role Comments 10 (a) Should the validation method vary by CTE? 10 (b) Which methods would be most effective for ensuring compliance with CTEs? Examples of validation methods from RFI: self-attestation, laboratory testing for conformance, certification, accreditation 11
  • 12. Validation Process 11. Comparative Models Role Comments 11. What successful validation models or approaches exist in other industries that could be used as a model for our purposes in this context? 12
  • 13. NwHIN Validated Entity (NVE) Eligibility Criteria Overview The RFI considers the following criteria that NVEs must meet to be eligible: Meet all solvency and financial responsibility requirements imposed by the statutes and regulatory authorities of the State or States in which it, or any subcontractor performing some or all of its functions, would serve. Make some type of financial disclosure filing Provide evidence that it has a surety bond or some other form of financial security Have the overall resources and experience to fulfill its responsibilities in accordance with the CTEs when performing health information exchange services Have at least one year of experience Serve a sufficient number of providers to permit a finding of effective and efficient administration; however, no prospective NVE would be deemed ineligible if it only served providers located in a single State Have to be a valid business or governmental entity operating in the United States. Have not had civil monetary penalties, criminal penalties, or damages imposed, or have been enjoined for a HIPAA violation within two years prior to seeking validation Not be listed on the Excluded Parties List System maintained by the General Services Administration Not be listed on the List of Excluded Individuals and Entities maintained by the Office of Inspector General Would not be appropriate to limited to tax-exempt 501(c)(3) organizations. Some of the eligibility criteria being considered may be inapplicable to fed/State governmental entities. 13
  • 14. Eligibility Criteria 13. Organizational Purpose Role Comments 13 (a) Should there be an eligibility criterion that requires an entity to have a valid purpose (e.g., treatment) for exchanging health information? 13 (b) If so, what would constitute a valid purpose for exchange? 14
  • 15. Eligibility Criteria 14. Prior Experience Role Comments 14. Should there be an eligibility criterion that requires an entity to have prior electronic exchange experience or a certain number of participants it serves? 15
  • 16. Eligibility Criteria 15. Other Criteria to Consider Role Comments 15. Are there other eligibility criteria that we should also consider? 16
  • 17. Eligibility Criteria 16. Tax Exempt Status Role Comments 16. Should eligibility be limited to entities that are tax- exempt under section 501(c)(3) of the IRC? If yes, please explain why.? 17