Upload
others
View
0
Download
0
Embed Size (px)
Citation preview
© 2018 The MITRE Corporation. All rights reserved. Approved for Public Release; Distribution Unlimited. Case Number 18-0621.
Health Information Sharing Maturity Model
G. Hamilton
T. Novak
March 8, 2018
The MITRE Corporation operates the Centers for Medicare & Medicaid Services (CMS) Alliance to
Modernize Healthcare (CAMH), a federally funded research and development center (FFRDC)
dedicated to strengthening the nation’s health care system. MITRE operates CAMH in partnership
with CMS and the Department of Health and Human Services.
| 2 |
© 2018 The MITRE Corporation. All rights reserved. Approved for Public Release; Distribution Unlimited. Case Number 18-0621.
What is Health Information Sharing (HIS)
The sharing of health and healthcare
information (HIS)
Electronically across key participants
and stakeholders to
Improve health and healthcare practices
▪ Ensures health information is available at the
right place at the right time for the right person
▪ Lowers burden on healthcare providers and
patients
▪ Improves efficiency of healthcare system and
lowers costs
▪ Best of all, IMPROVES HEALTH OUTCOMES!
| 3 |
Enabling Health Information Sharing:The HIS Maturity Model (HISMM)
© 2018 The MITRE Corporation. All rights reserved. Approved for Public Release; Distribution Unlimited. Case Number 18-0621.
▪ A maturity model will enable Health Information Sharing by:
– Providing states with a mechanism to assess the maturity of health information exchange within a state’s
healthcare Enterprise.
– Ensuring the most effective use of scarce resources, leveraging common efforts, both public and private
– Ensuring that best practices and lessons learned, such as increased modularity, are incorporated
– Improving reuse of solutions across states
▪ HIS Maturity Model benefits
– Helps prioritize areas that may require technology supports/enhancements
▪ Reveals the mitigations and workarounds needed to support a program
– Helps you understand gaps, where you may need to make more Health Information Technology (HIT)
investments
▪ Demonstrates how to mature a capability based on cost/benefit analysis and resource
– Helps with overall HIT planning
▪ Helps identify gaps and determine steps to incrementally improve the capability
▪ Provides the steps to use in building the roadmap to improve the capability
| 4 |
Why Do We Care About Maturity Levels
© 2018 The MITRE Corporation. All rights reserved. Approved for Public Release; Distribution Unlimited. Case Number 18-0621.
Low Maturity
• share inaccurate information• require manual entry • have inefficient workflows
HIS capabilities that:
• share accurate information• enable automation• have efficient workflows
High Maturity
• better care coordination for patients
• less burden on providers• reductions in admin staff and
contractors
HIS capabilities that:
Results in: Results in:
Overall, a capability with a high maturity can achieve delivery system reform goals
• medical errors• provider burden• need for additional staffing
| 5 |
Proposed HIS Capabilities to Include in Maturity Model
© 2018 The MITRE Corporation. All rights reserved. Approved for Public Release; Distribution Unlimited. Case Number 18-0621.
Only select the ones that support your program goals
Admission, Discharge and Transfer (ADT) Events/Encounter Alerting
Advanced Directives
Analytics Reporting
Care Plans
Claims Information Sharing/All-Payer Claims Databases
Death Reporting
Disease and Public Health Registry Information
Electronic Prescribing
Eligibility and Benefits Information
EMS Integration
Financial Information
Health Record
Image Sharing
Immunization Registry
Lab Orders
Lab Results
Patient Consent
Patient Education
Patient-Generated Data
Patient Identifier
Patient Portal Information
Patient Record Locator
Population Health Information
Prescription Monitoring
Provider Attribution
Provider Directory
Quality Reporting
Referral Management
Risk Assessment
Social Determinants of Health
| 6 |
© 2018 The MITRE Corporation. All rights reserved. Approved for Public Release; Distribution Unlimited. Case Number 18-0621.
HIS Maturity Model Components
▪ Programs: The Why (Goal)
– Provides understanding of what capabilities are needed
to achieve a State Medicaid Agency goal
▪ Example: Behavioral Health Integration
▪ Capabilities: The What
– The functionality you are exploring
▪ Example: Provider Directory
▪ Dimensions: The How
– The tool/mechanism that supports a specific
functionality
▪ Example: Measure the level of Usability
| 7 |
HIS Maturity Model Components: Program Sheets
© 2018 The MITRE Corporation. All rights reserved. Approved for Public Release; Distribution Unlimited. Case Number 18-0621.
Example: Behavioral Health
Integration Program
▪ Used to Identify
– Main objectives
– Outcomes
– Stakeholders
– Relevant capabilities
▪ How to use:
– To review capabilities and identify priorities
– Refer to relevant Capability sheet to help estimate
maturity level and target level
– To identify additional stakeholders and outcomes
– As a communication tool to socialize needs with
stakeholders
Purpose: To layout what is needed to attain program goals.
| 8 |
HIS Maturity Model Components: Capability Sheets
© 2018 The MITRE Corporation. All rights reserved. Approved for Public Release; Distribution Unlimited. Case Number 18-0621.
▪ Identify
– Programs
– Stakeholders
– Low, medium, high, maturity level summary
▪ Provides a common mechanism for
communication
▪ How to use:
– Review capability description
– Identify additional stakeholders
– Review maturity level descriptions – to
estimate as is and target maturity state
Purpose: Provides a capability definition and example of maturity levels to
help communication/understanding
Capability Example: ADT Events
| 9 |
HIS Maturity Model Dimensions: Criteria for Assessment
© 2018 The MITRE Corporation. All rights reserved. Approved for Public Release; Distribution Unlimited. Case Number 18-0621.
Is the data being shared, timely, usable, high quality, complete and relevant?Information Quality
What is the maturity of the data transport mechanisms used? Push/PullTransport
What mechanisms are in place to ensure data is shared securely?Security
What is the level of adoption of the Application Programming Interface (API) used?Transaction/Query
How easy is the information to consume? Is the information incorporated into the workflow?Usability/Workflow
How many different mechanisms are available?Alignment/DuplicationCan all possible participant types (providers, patients, payers, ...) for the capability, participate, and how many are actually participating?Participation
Can patients control (provide consent) who has access to data about them to a granularity appropriate to the capability?Consent/Privacy
How mature are the processes to govern data involved in exchanges?Data Governance
How mature is the organizational structure and associated processes to govern exchanges for this capability?Stakeholder Governance
What are the resources available to sustain efforts for any capability; people, funds, skills, leadership?Sustainability
People & Process
Dimensions
Governance Dimensions
Technical Dimensions
| 10 |
HIS Maturity Model Assessment Steps
© 2018 The MITRE Corporation. All rights reserved. Approved for Public Release; Distribution Unlimited. Case Number 18-0621.
Identify Program
Identify the State program goal that will drive the needed Information Technology (IT) capabilities
Identify Capabilities & Stakeholders
Use the program sheets to determine and prioritize the required capabilities
and identify all stakeholders that will be involved in the assessment
Review Capability
Sheets
Use capability sheets to determine expectations for the capability maturity level
Use Dimensions
Assess current maturity for each capability against each dimension.
Target Maturity Level and
Identify Gaps
Determine target maturity for each capability against each
dimension. Use dimension sheet to identify gaps to achieve
desired level.
Identify Steps to Address
Identify incremental steps to address the gaps.
Use these identified steps to inform a roadmap
to improve capability.
| 11 |
HIS Maturity Model on Centers for Medicare & Medicaid Services (CMS) zONE
© 2018 The MITRE Corporation. All rights reserved. Approved for Public Release; Distribution Unlimited. Case Number 18-0621.
▪ HISMM available for review on zONE
▪ Maturity Model
– Executive Summary
– Presentation
– Spreadsheet model
▪ Information/Capability sheets
– Behavioral Health
– ADT Events
– Health Record Information
▪ Discussion Forum
– Leave comments, ask questions!
▪ Instructions available for access
| 12 |
For More Information
© 2018 The MITRE Corporation. All rights reserved. Approved for Public Release; Distribution Unlimited. Case Number 18-0621.
To learn more or provide feedback on the HIS Maturity
Model, please contact Tom Novak ([email protected]).
| 13 |
Follow up
To download a copy of this presentation, visit:
https://health.mitre.org/himss18
© 2018 The MITRE Corporation. All rights reserved. Approved for Public Release; Distribution Unlimited. Case Number 18-0621.
Data Interoperability to Reduce Clinician Burden
Follow us on social media: @MITREhealth
| 14 |
Reference Slides
| 15 |
How a Maturity Model is Used to Improve a Capability
© 2018 The MITRE Corporation. All rights reserved. Approved for Public Release; Distribution Unlimited. Case Number 18-0621.
▪ A maturity model shows how a capability can be improved “step by step”
▪ Each level lays out critical success factors for the capability
– Expectations are made clear
▪ As objectives to improve the capability to get to the next level are clear this enables:
– Incremental Improvement: Helps identify gaps and determine steps to incrementally improve the capability
– Roadmap Development: Provides the steps one can use to build the roadmap for improving the capability
▪ Identify realistic target
– Can determine which level is achievable for the capability based on cost/benefit analysis and resources
| 16 |
How a Maturity Model is Used to Improve a Capability (Continued)
© 2018 The MITRE Corporation. All rights reserved. Approved for Public Release; Distribution Unlimited. Case Number 18-0621.
technical people and process governance
level Information Quality transport Security Transaction/Query Alignment/Duplication Dimension
Usability/ Workflow participation consent/ privacy data governance stakeholder governance sustainability
Is the information timely, of high quality, complete and relevant ?
Is the mechanism used to exchange the data
standardized, documented, and proven? Ensure that the protocol
supports required communication between participants (e.g., request and response). Average across exchanges for the capability maturity level.Transport maturity levels for the capability maturity
level.
What mechanisms are in place to ensure data is shared securely?
What is the level of adoption of the APIs used?
How many different mechanisms for this
capability are in use by end users?
How easy is the data to consume? Is the data incorporated into the
workflow
Can all possible participant types (providers, patients, payers...) for the capability participate, and how many
actual participants are participating?
Can patients control (provide consent) who has access to data about them
to a granularity appropriate to the
capability?
How mature are the processes to govern data involved in exchanges?
Are common agreements in place, in use, and enforced between
participants?
How mature are the organizational structure
and associated processes to govern exchanges for
this capability?
What are the resources available to sustain efforts for any capability; people, funds, skills, leadership?
0 No exchanges occurring for information in this capability area
1 Information available in external systems.Some Information is non-human readable
Mainly unstructured, little structured meta data, across multiple systems
No metrics defined for information quality.
All protocols custom and private and not
documented
Baseline CIA policies have been defined but implementation is ad
hoc and manualSeparation of duties mainly admin
definedSystems meet all required Federal
and state security policies CIA needs defined
Using DIRECT (to push information)
Multiple efforts that duplicate capability, with
no effort to reconcile
Information available in separate system
Information is available but not readily accessible.
less than 25% of the potential participant types (as defined by capability) and not all participants of
those types exchanging
all or nothing general consent only
some exchanges of the same type of data for the
capability do not have governance agreements in
place
no governance organizational structure in
place
Uncertainty in funding over the next year.Funding is unstable
Inconsistent leadership support.
2 Measurable metrics defined for information qualityMeasurable metrics defined for information
completenessSome (not all) information from less than 50% of
external systemsSearchable: Results mainly unstructured, ad-hoc
formats or PDF with key meta-data structuredHuman readable
Identification of process improvement
documented non-standard protocols
Some automation to meet CIA baseline policies. These processes are repeatable require no manual
input.Identification of all policies that
could be automated.Commitment to tracking policy
conformance is in place.Ongoing efforts to further automate.Baseline requirements met, threats
identified and plan to mitigate defined
Undocumented API (to query information)-
proprietary
Multiple efforts that duplicate capability,
Identification of areas of overlap
Information available in same system but not
integrated.Requires extensive manual
effort to reconcile, or duplicate data entryAreas identified for
automation and improvement .
less than 25% of the potential participant types (as defined by capability)
but all participants of those types exchanging
all or nothing consent to data access for specific providers but no other
participant types
all exchanges of the same type of data have
governance agreements in place but not from a
common basis
governance organizational structure in place but does not include representation
from all stakeholders (participant types that
participate in capability) and defined governance
processes exist
Uncertainty in funding over the next 5 years
Funding source is unstableInconsistent leadership
support.
3 Information searchable within workflowSome information are from less than 50% of
available external systems Data mainly structured
Human readable. Measurement of information quality against
defined metrics ad-hocMeasurement of information completeness against
defined metrics ad-hocUse cases for relevance determined. With some
metrics identified.
At least one documented standard protocol in use.
And used consistently across the organization.
Metrics collected on APIs.
Full automation to enforce need to know, separation of duties and least
privilege policies.Tracking is in place to track
conformance with policies, and identify areas for further
automation.CIA requirements monitored.Plan to address threats to CIA
implemented
Using proven standards (XDS-b, API standardized)
for query
Multiple efforts that overlap capability, with business case specific variations identified
•Information available in same system, can be
reconciled into workflow with minimal manual
effort.Metrics identified for
tracking UsabilitySome automated control, areas identified for further
automation.
at least 50% of the potential participant types (as defined by capability)
exchanging but not all participants
consent to access specific classes of data for specific
providers but other participant types
all exchanges of the data for the capability are
governed by a common governance agreement used by all exchanges
governance organizational structure in place
including representation from all stakeholders, and
defined governance processes exist
Certainty of funding over the next 3 years
Funding source is unstableConsistent leadership
support.
4 Information searchable within workflowSome information are from more than 50% of
available external systems Available same day
Human readableInformation quality enforcement with repeatable
processProcess to track and enforce information
completeness
Mostly documented standards-based protocols. Used
consistently internally and externally within the
organization.
Full automation to enforce of specified policies to meet need to
know, separation of duties and least privilege policies and CIA.
Metrics for improvement are defined for policies.
CIA requirements enforced, threat mitigation in place.
Using 1 or more documented, published,
and standards-based API(s)
Multiple efforts that have minimal overlap of
capability and ongoing efforts to reduce
duplicated capabilities
Information in same system, reconciled into workflow, with quality
controlUsability metrics captures
areas identified for improvement
Majority of capability automated, requiring
minimal input
at least 50% of the potential participant types (as defined by capability) exchanging with at least
75% of possible participants of those types
exchanging
consent to access specific classes of data in specific
ways (e.g., viewing, annotating, adding,
updating) for specific providers but no other
participant types
data exchange governance has quantitative
measurement in place to assess process
governance organizational structure in place
including representation from all stakeholders and
defined governance processes have
quantitative measurement in place to assess process
Certainty of funding over the next 3 years
Funding source is stableLeadership is engaging and
providing direction.
5 All information from more than 70% of available systems
Process to incorporate data from remaining systems in place
Mostly real time, or on-demandIncorporable at a computable level (semantic and
syntactic interoperabilityInformation quality improvement process in place
Information completeness improvement process in place
Human readable
Only use of approved standards-based protocols
Full automation to enforce need to know, separation of duties and least
privilege policies, and CIAMetrics for security policies are
tracked , enforced and improvedCIA enforced
CIA Threat mitigation monitored with continual improvement
Use only documented, published, and standards-
based API (based on recommended standard –e.g., those documented in
ONC Interoperability Standards Advisory)
Single common mechanism used per
capability. Process in place to ensure
no further duplication
Real time information available on demand in same system, reconciled
into workflow, with quality control.
Process fully automated, manual input only for
human decision makingProcess for Continual
improvement of usability in place
at least 95% of potential participants of all
potential participant types (as defined by capability)
are exchanging
consent to access specific classes of data in specific
ways (e.g., viewing, annotating, adding,
updating) for specific participants of any type
based on quantitative metrics collected about
data governance, the governance agreements
and process are continuously improved.
governance organizational structure in place
including representation from all stakeholders, and
defined governance processes have
quantitative measurement and are continuously improved based on
measurements
Certainty of funding over the next 5 years
Funding source is stableLeadership is providing
direction, incorporating as part of mission.
MITA similarities:
TA Integration & Utility: Utility TA Intermediary and Interface
TA Access & Delivery: Security & Privacy
TA Integration & Utility: Utility
TA Integration & Utility: Utility
TA Integration & Utility: Utility
BA Utility or Value to Stakeholders
TA Access & Delivery: Security & Privacy
IA Data Management Strategy
BA Standards Management: Manage Business Relationship
Information
BA Utility or Value to Stakeholders
Number of dimensions:
11
0
1
2
3Information…
Transport
Security
Transaction/Q…
Usability/…Participation
Consent /…
Stakeholder…
Sustainability
ADT Events :Current State
ADT Events
| 17 |
How a Maturity Model is Used to Improve a Capability (Concluded)
© 2018 The MITRE Corporation. All rights reserved. Approved for Public Release; Distribution Unlimited. Case Number 18-0621.
The HIT Modular Functions Stack identifies the foundational components, core infrastructure, and health IT functionality needed for multiple use cases required to enable Alternative Payment Models (APMs).