April 6 th , 2017 1 Agenda Welcome, Introductions & HITOC - - PowerPoint PPT Presentation

Health Information Technology Oversight Council April 6th, 2017

1

Agenda

Welcome, Introductions & HITOC Business Oregon Health Policy Board Update Direct Secure Messaging – National Landscape and Oregon Work Strategic planning work Working lunch

• Update on PDMP Gateway efforts

OpenNotes Update Behavioral Health Collaborative (BHC) Report and Recommendations Oregon HIT Program Updates Public Comment

2

Goals of HIT-Optimized Health Care

• 1. Sharing Patient

Information Across the Care Team

• Providers have access to

meaningful, timely, relevant and actionable patient information to coordinate and deliver “whole person” care.

• 2. Using Aggregated

Data for System Improvement

• Systems (health systems,

CCOs, health plans) effectively and efficiently collect and use aggregated clinical data for quality improvement, population management and incentivizing health and prevention.

• In turn, policymakers use

aggregated data and metrics to provide transparency into the health and quality of care in the state, and to inform policy development.

• 3. Patient Access to

Their Own Health Information

• Individuals and their

families access their clinical information and use it as a tool to improve their health and engage with their providers.

4

Oregon Health Policy Board Update

Susan Otter, Director of HIT Karen Joplin, OHPB member liaison to HITOC

4

Direct Secure Messaging Landscape

Rim Cothren Consultant, Health Tech Solutions

5

Direct Secure Messaging Overview

• Direct secure messaging is a secure, encrypted

communication system for healthcare practitioners to share protected health information (PHI)

• Allows structured or unstructured data to be shared and

become part of the patient’s health record data

• Allows messages to only be shared between trusted,

vetted parties, and across organizational boundaries and EHR vendors

• Supports meaningful use
• HIPAA compliant

Vision for Direct

“A simple, secure, scalable, standards-based way for participants to send authenticated, encrypted health information directly to known, trusted recipients over the Internet.” That vision led to some important design decisions: – Modeled after email workflow and standards – Leverages public key infrastructure and digital certificates – Designed to be person-to-person – Designed to be content-agnostic

7

Trust model

• Providers must use a Health Information Service

Provider (HISP) to communicate with providers outside their organization and/or their specific EHR

• Both provider’s HISPs must be a member of the same

“trust community” to exchange messages

8

Trust Model

Three digital certificates used in exchange process:

• 1. Digital certificates (called “trust anchors”) used to

establish trust between service providers

• 2. Digital certificates used to encrypt a message for the

intended recipient – May be tied to an organization or address (individual) – Most are tied to an organization

• 3. Digital certificates used to sign a message to

authenticate the sender (but not for non-repudiation) – Certificate is in the hands of the HISP

9

Issues

• Direct standard is defined in the Applicability Statement

for Secure Health Transport – But no standards development organization manages that document

• “Authenticated” and “known, trusted recipients” creates a

high bar for security and identity proofing – Policies for security and identity proofing were not uniform Led to establishing

10

https://www.directtrust.org/

especially

DirectTrust

• Member-led organization
• Accredits organizations

involved in Direct messaging

• Manages a trust community

and a trust bundle (collection

• f trust anchors)
• Coordinates testing among

HISPs

• Sponsors workgroups on

policy and standards

11

Accreditation

• Independent 3rd-party assessment of policies and procedures to
• fficially recognize a capability
• Most HISPs are DirectTrust-accredited
• Many HISPs use DigiCert as their CA and RA
• Many HISPs will only exchange with accredited

HISPs

12

Certificate Authority (CA) - Ps & Ps for issuing and securing digital certificates Registration Authority (RA) - Ps & Ps for verifying requests for digital certificates Health Information Service Provider (HISP) - Ps & Ps for securing PHI

Meaningful Use and Direct

Objective Measure MU 2 MU 3 Direct

Health Information Exchange Electronically transmit care summary for care transitions >10% >50% Non-Direct

• ptions, but Direct

is most common Incorporate received care summary into EHR >40% Reconcile meds, allergies, problems into EHR >80% Patient Electronic Access View, download, or transmit >5% >80% Available via an application of patient’s choosing >80% Via an API Secure Electronic Messaging Send a message to patient or their authorized representative >5% Many non-Direct

• ptions

13

Providers remain most common Direct message recipients Thresholds represent those required in the Medicaid EHR Incentive Program

Issues created by MU

• Direct was designed to be content agnostic

But many systems can only accept Direct messages with care summaries attached

• Direct was designed to send messages between known

individuals But many Direct messages are sent by automated systems when convenient to send, potentially

• verloading recipients

Other use cases are possible

14

Other Issues with current use

• Workflow-related

– Provider-specific address vs. facility-level vs. other user (e.g., medical records, front desk)

• Address discovery

– Challenges finding appropriate address (especially when it varies by use case)

• Identity management

– Some directories and EHRs require unique identifiers like an NPI, which is problematic for non-clinical Direct users

15

Prevalence

Per DirectTrust, in 2016:

• 41 accredited HISPs
• 350+ EHRs
• 70,000 health care organizations
• 1.4 million Direct addresses
• 98 million Direct transactions

16

includes

Trends

• Most Direct messages sent by EHRs to meet MU

requirements

• Many HIEs see decreasing use of Direct messaging
• Prevalence makes it an attractive tool
• Simplicity makes it an attractive transport mechanism
• HIEs that do use Direct use it for reasons other than MU

that require secure transmission of PHI

– Standard forms – Help desk tickets

17

What’s next?

• Participation by Federal Agencies

– Creating a federal government “trust community” that meets a higher bar for identity proofing

• DirectTrust white paper on recommendations for

improved use

• New use cases in line with the original vision for Direct

– Content agnostic – PHI-bearing exchange between individuals

• Use by patients

– Many Personal Health Records (PHRs) are Direct-enabled – Identity proofing remains a concern

• “Direct” as transport between systems

– Leverage “simple” and “scalable” use of SMTP and S/MIME

18

Direct Secure Messaging for Oregon

Presented by: Britteny Matero, HIE Programs Manager

19

Oregon’s Strategic Plan: Role of Direct secure messaging

20

GOAL: Providers have access to meaningful, timely, relevant and actionable patient information at the point of care. Strategic direction from 2013: Continue to pursue statewide Direct secure messaging as a baseline for HIE

• Leverages Meaningful Use, national standards
• Support providers who face barriers, and fill gaps in HIE

environment Achieving statewide Direct secure messaging through:

• Providers, hospitals, health systems
• Community and organizational HIEs, and
• State-level efforts, including CareAccord

OHA’s Statewide Direct Secure Messaging Efforts (March 2014)

21

 CareAccord –

 Target outreach to care team members without options locally or

within their EHR

 Pilot CareAccord HISP integration into an EHR

 Facilitate access to Direct secure messaging addresses

across Oregon

 Initial statewide provider directory

 Demonstrate value of Direct secure messaging:

 Work with providers, CCOs, local HIEs and others to test Direct

and promote use of accredited HISPs

 Track and report on use of Direct secure messaging  Personal Health Record pilot with NATE and CareAccord

CareAccord Overview

CareAccord is a nationally accredited Health Information Service Provider (HISP) offering Direct secure messaging services to enable the secure sharing of electronic protected health information (ePHI) for patient care coordination. CareAccord fills gaps for entities facing barriers to participating in HIE

22

CareAccord

• CareAccord is the state of Oregon’s Health Information

Service Provider (HISP)

– Administered by the Oregon Health Authority – Began offering services in May 2012 – First state to receive EHNAC/DTAAP* accreditation as a HISP – No cost at this time – Offer web-portal Direct secure messaging services – Serve as the HISP for OCHIN Epic through EHR integration – Administer the Flat File Directory service

*Electronic Healthcare Network Accreditation Commission (EHNAC) Direct Trusted Agent Accreditation Program (DTAAP)

23

Who CareAccord Serves (as of 2/2017)

• Webportal services:

– 128 organizations – 1,140 users

• As HISP for OCHIN Epic:

– 89 organizations – 421 users

• Organization types served by Care:

– Ambulatory, Behavioral Health, FQHC, RHC, Dental, Acute Care, Public Health, CCO, Lab, Pediatrics, Pharmacy, IPA, Hospice, Long-term Care, POLST, Radiology & Imaging, Social Service, Governmental, Naturopath, Allopath

24

Oregon Organizations by Category

25

Where CareAccord is Serving

26

CareAccord Message Transactions

**Tripled message exchange in 2015-2016 and on track to at least double 2016 numbers in 2017. 27

CareAccord Use Cases

• Enabling safety-net providers to meet Medicaid meaningful use

requirements for HIE (Objective 7) through OCHIN Epic HISP

• Serving social services, long term care, CCOs, and other entities

that don’t have certified EHR technology or face other barriers to participating in HIE

• Supporting Oregon state governmental programs who collect or

share protected information

– Expanding POLST submissions through Direct – Piloting public health reporting opportunities – Piloting medical record requests and responses between Vocational Rehabilitation (DHS) and hospitals – DHS long term services and supports care coordination with CCOs through Aging & People with Disabilities (APD) and contracted Area Agencies on Aging (AAA) – Using Direct to send requested attestation supporting documentation to the Medicaid EHR Incentive Program

28

CareAccord in 2017 and beyond

• Working with current CareAccord users to increase use of

Direct and connect with other trading partners

• Continued work on state pilots to assist state programs in

moving towards electronic exchange for care coordination

• Assessing current structure of CareAccord program

– Currently OHA supports full operations of CareAccord as the accredited

• HISP. This offers maximum flexibility for innovation and pilot testing

new uses of Direct – Exploring converting CareAccord to contracting for HISP services from the CareAccord technology vendor, Mirth, which currently operates as an accredited HISP in its own right. Considerations: ongoing support for EHR Integration and Flat File Directory

• Assessing the future of the CareAccord program

– As Oregon’s network of HIEs spread to fill gaps, the need and value of CareAccord may shift

29

Flat File Directory for DSM Addresses

• Identifies Direct secure messaging addresses across

Oregon

– Open to organizations using DirectTrust member HISPs – Monthly simple file compilation and exchange – Supports use of Direct, including to meet federal Meaningful Use requirements for sharing Summaries of Care

• Includes 21 participant organizations who

– use 9 unique and interoperable HISPs – serve nearly 550 health care organizations and – Include more than 8,650 Direct addresses (facility and provider)

• Future plans

– Expanding the Flat File Directory to contain Direct addresses from the state of Washington and California – Transition to Statewide Provider Directory

30

Flat File Extract as of March 2017

31 ORGANIZATION UNIQUE INDIVIDUAL UNIQUE FACILITY- LEVEL TOTALS Bay Clinic 64 64 Blue Mountain Health District 7 7 CareAccord 923 923 Childhood Health Associates of Salem (CHAS) 12 12 Curry Health 4 4 Golden Dawn Clinic 4 4 Hillsboro Pediatric Clinic 14 14 House Call Providers 22 22 Reliance eHealth Collaborative (formerly JHIE) 528 528 Kaiser Permanente 1,633 31 1664 Legacy 694 204 898 Legacy Health (formerly Silverton Health) 53 53 Lake Health District 6 1 7 OCHIN 301 137 438 OHSU 1,802 2 1804

• St. Charles Health System

137 4 141 The Corvallis Clinic 109 109 The Oregon Clinic 244 26 270 Tuality 207 10 217 Pediatric Specialists of Pendleton 4 4 Providence 1,480 12 1492 Total: 8,244 431 8,675 **Unique facility-level does not yet include CareAccord facility-level addresses; however, these are included in the previous slide totals for health care organizations served

Oregon’s Strategic Plan Update: Role of Direct secure messaging

32

Discussion for 2017-2020 Strategic Plan Update Continue Strategic direction?

• Pursue statewide Direct secure messaging as a baseline

for HIE Continue approach to statewide Direct secure messaging? through:

• Providers, hospitals, health systems use HISPs for MU

and other uses

• Community and organizational HIEs support Direct as
• ne service where appropriate, and
• Continued State-level efforts
• CareAccord serves those facing barriers to HIE

 Directory of Direct addresses  Demonstrate value of Direct

32

Strategic Plan Update

Sean Carey Lead Policy Analyst

33

Update to Goals of HIT-Optimized Care

• Overall, the current goals remain highly relevant to HIT/

HIE efforts in Oregon

• OHPB and HITOC members have previously

commented on the opportunity to bring patients to the front of the goals

• Some work has changed over time and there are new

concepts to include

• Purpose of this discussion to review and update current

goals, but not spend significant time on visioning or goal development

34

Goal 1

• 1. Sharing Patient Information Across the Care Team

Providers have access to meaningful, timely, relevant and actionable patient information to coordinate and deliver “whole person” care.

• 1. Patient Information Across the Care Team

Oregonians have their core health information available wherever they are seen statewide so their providers can deliver person-centered, coordinated care.

35

Goal 2

• 2. Using Aggregated Data for System Improvement

Systems (health systems, CCOs, health plans) effectively and efficiently collect and use aggregated clinical data for quality improvement, population management and incentivizing health and prevention. In turn, policymakers use aggregated data and metrics to provide transparency into the health and quality of care in the state, and to inform policy development.

• 2. Using Data to Improve the Health of All Oregonians

Clinical and administrative data are efficiently collected and used to support quality improvement, population health management, and value-based

• payment. Aggregated data and metrics are also used by policymakers to

monitor performance and inform policy development.

36

Goal 3

• 3. Patient Access to Their Own Health Information

Individuals and their families access their clinical information and use it as a tool to improve their health and engage with their providers.

• 3. Oregonians Meaningfully Engage With Their Health

Information

Individuals and their families can meaningfully engage with their clinical information to understand their health and collaborate with their providers.

37

HIE Strategy

• Broad consensus at Feb HITOC to pursue a robust

network of HIEs for statewide information exchange

• Many efforts underway, major gaps remain
• In reviewing goals, objectives and strategies:

– Any concerns or gaps? – Are the strategies sufficient? – Anything else to consider?

38

Labs Hospitals Health plans CCOs

HIE HIE HIE

Physicians and Clinics Labs Hospitals Pharmacies Physicians and Clinics Labs Hospitals CCO Pharmacies Physicians and Clinics

Robust HIE Model with lite services

*Services/ programs in development State Data Sources (e.g., public health registries)

** Not shown: connections between organizations/ national frameworks for exchange

Lightweight facilitating infrastructure CareAccord

(Direct secure messaging)

PDMP Gateway* CQMR* Provider Directory* EDIE Lightweight Services

39

HIE Strategy

HIE Goals

• 1. Oregonians have their core health information available wherever they are

seen statewide

• 2. HIE is meaningful to providers, takes into account usability and workflow,

prioritizes high-value use cases

• 3. HIE supports the coordinated care model, patient engagement, and other

alternative payment models

40

HIE Strategy

Objectives

• 1. Robust HIE is available to coordinated care settings (PCPCH, CCBHC,

CMHP, etc.)

• 2. Network of Networks (HIE-to-HIE) is enabled with lightweight infrastructure,

coordination and shared standards

• 3. HIE infrastructure is available for payers and other risk-bearing entities
• 4. HIE is available statewide, across state lines, and coordinated with national

efforts

• 5. Lightweight HIE services are available to providers who face barriers
• 6. Providers will have access to certified EHR technology

41

HIE Strategy

HIE Principles

• Democratize the data
• Use established standards where possible
• Consider and prioritize filling gaps
• Leverage existing investments where possible
• Establish minimums, not maximums
• Consider provider workflow
• Prioritize high-value data
• Build value around shared use cases
• Monitor and adapt based on changing environment (such as meaningful

use, value-based payment efforts, personal health records, etc.)

42

43

Strategies Efforts and Timeline

Objectives In Place Planned Future Potential Targeted Convene and influence stakeholders HITOC/ workgroups HIT Commons X X X X X X Incentivize adoption and meaningful use of EHRs Medicaid EHR incentive program X Support regional HIEs for robust exchange HIE Onboarding Program Other onboarding programs X X X Provide enabling infrastructure and services Flat file Provider Directory, CQMR MPI, RLS, Notifications HIE Connections X X X Provide baseline HIE capacity CareAccord, EDIE, PreManage X Compatibility/ technical coordination / rules

• f the road (“network of networks”)

HIT Commons, HOP X X Offer education and technical assistance OMMUTAP Other TA/ Education X X X Provide access to high value state and other data PDMP Gateway, POLST Prescription fill info, PH registries X Support innovation/ initiatives/ pilots OpenNotes, Telehealth, ONC grants X X X X X X Support for providers facing resource barriers HIT Commons, Community-led efforts X X

Glide Path to Robust HIE coverage

44

HIE entity coverage

Gaps

Path over time

Governance – HIT Commons Update

• Completed OHLC and OHA Sensing Sessions with

multiple stakeholder groups has gathered significant feedback and insight

– Still to come: Provider focus group, sponsored by OMA

• Sought input on:

– Opportunities/Scope – high priority HIT efforts – Challenges and advice going forward

45

Sensing sessions attendees

• Health Systems –

– OHSU, Legacy, Providence, Kaiser, Tuality, Asante, St. Charles, Samaritan, OAHHS

• Provider groups

– MVIPA, Cascadia, Children’s Health Alliance, OMA

• CCOs and Health plans

– PacificSource, FamilyCare, Care Oregon, IHN-CCO, Trillium, WVCH, WOAH, EOCCO

• Health IT and Data Organizations

– HIEs: Reliance eHealth Collaborative, Regional Health Information Collaborative (RHIC) – OCHIN, Quality Corporation

46

Themes: Opportunities

Providers have access to meaningful, timely, relevant and actionable patient information to coordinate and deliver “whole person” care. Strong support for HIE Network of Networks

Specific opportunities identified include:

• Expanding robust HIE efforts
• Coordinating the “Network of Networks”
• Setting common data standards
• Statewide e-Referrals
• Access to public health and other high-value data sources (e.g.,

prescription fill information)

47

Themes: Opportunities: (cont.)

Systems (health systems, CCOs, health plans) effectively and efficiently collect and use aggregated clinical data for quality improvement, population management and incentivizing health and prevention. Aligned interest in supporting HIT needed for alternative payment models (e.g., CPC+) Specific opportunities identified include:

• Data aggregation
• Master Patient Index
• Metrics consolidation/alignment
• Statewide Provider Directory
• Data governance and data use culture

48

Themes: Opportunities: (cont.)

Individuals and their families access their clinical information and use it as a tool to improve their health and engage with their providers. Specific opportunities identified include:

• Open Notes
• Clinical data aggregation and sharing controlled by patients and

family

• Aggregating patient portal data for a single patient view

49

Themes: Challenges/barriers:

• How to ensure all stakeholders and perspectives

represented

• Need critical mass or “All In”
• Caution against another layer of bureaucracy
• Need executive buy-in/support from each organization

50

Next steps: Options for consideration

Options for HIT Commons

• Strong statewide HIT Commons

– Develop a legal/organizing structure for major statewide initiatives with broad stakeholder impact – Develop shared principles, agreements, funding, etc.

• Initiative-focused HIT Commons

– Select high-value, specific initiatives – Establish governance structure(s) as needed for each initiative – to include stakeholders affected by the specific initiative

• Status Quo –

– Governance would be established ad hoc for specific initiatives as opportunities arise

51

Next Steps: HIT Commons Advisory Group

Limited duration group to advise OHLC and OHA

• Short term (4-6 months), small group with cross
• rganizational representation

In Scope: Business Case Development

• Recommend go forward approach based on stakeholder

themes and feedback

• Define Governance decision making authority
• Recommend composition of members of an HIT

Commons board/supporting structures as necessary

• Recommend financing plan
• Phasing and approach to implementing HIT Commons

52

Strategic Planning Work: Next Steps

• We’ve covered a lot of ground!
• Work underway to incorporate discussions from last 9

months of HITOC meetings into revised strategic plan

• Draft plan will be sent to HITOC members prior to June

meeting for review –plan to review prior to meeting

• Limited discussion in June for feedback, questions, and

clarifications needed

• Staff will revise in June/ early July and send to members
• Final update will be considered by HITOC in August for

approval

53

Oregon HIT/ HIE Strategic Plan

• Objective, methodology and scope
• Vision, Goals, Principles, and Challenges
• Role of the State and Statewide Efforts Recommendations

– Goal 1 – Goal 2 – Goal 3

• Recommendations for statewide HIE

– Services and programs – Infrastructure and technology

• The HIT Commons

– Governance – Network of networks – Other Opportunities – Funding

• Appendix

– Future envisioned efforts (Additional statewide services)

54

PDMP Gateway Update

Drew Simpson, OHA Jake Carl, Appriss

55

HITOC’s Role in the Behavioral Health Collaborative’s HIT Recommendations

Marta Makarushka Lead Policy Analyst

56

Context for HITOC’s Role

• The BHC identified HIT as a priority recommendation for

improving the BH system due to HIT’s fundamental role in sharing of patient information for improved care as well as measuring progress and outcomes

• One of HITOC’s roles is to oversee and weigh in on the state’s

HIT/HIE strategy, which includes providing OHIT input regarding approaches and priorities

• BHC participants were a diverse group of leaders and

stakeholders representing all aspects of the BH system, however, HIT expertise was limited

57

Review of BHC’s Data/Technology Implementation Plan

Please spend 5 minutes reviewing the handout. The first section labeled Technology, is the most closely related to HITOC’s work. Some ‘Action Items’ are at a very high level, others are specific

• deliverables. Some are likely to raise questions that will require

further discussion. 1. Reactions to the list of Technology action items

• Priority of the items (Currently part of HIT/HIE strategy)
• Role that HITOC should play
• Areas with reservations or other concerns or considerations

2. Reactions to the items on the Data, Services, and Other lists flagged for HITOC

58

High Level Overview of Recommendations

• Adoption of EHRs
• HIE for care coordination
• Data for treatment and quality improvement
• Support for performance-based measures and payment

models

• Patient access (e.g. better management of ROIs and

care plans)

59

Timeline and Next steps

BHC’s current ask is that by June, HITOC develop a recommended 2-year workplan for achieving the HIT/HIE priorities identified under HITOC’s purview

• Based on today’s discussion (including priorities and

HITOC’s role):

– OHIT will flesh out a draft workplan to present to and review with a subgroup of HITOC members in May – Subgroup to review and suggest edits – Final workplan draft to be brought to June HITOC meeting for final discussion and ‘approval’ prior to submission to the BHC implementation committee

60

Oregon HIT Program Updates

Susan Otter Director of HIT

61

Public Comment

62

Next Meeting

June 1st, 2017 12:30p- 3:45p

63