Disclaimer: The content in this space is DRAFT and will change in the next coming weeks once recordings have been listened to.


GOVERNANCE

Strongest Outcome: Purpose of Governance is to establish an acceptable level of TRUST based on risks associated with USE.Acceptable level of trust and Risk vary depending on Use Case

--

Establish Framework

What Does Governance need to address?

  • Must work in Low and High Tech environments

  • Need to understand processes we need policies around

  • change mgmt

  • credentials

  • V&V

  • Need to understand levels of assurance, level of Authority

  • What is the durability? (Acceptable level of trust)

  • Who are the accredited executors of these processes?

Roles/Rights/Responsibilities

  • Needs to be process to deal with grievances and the Remediation of data

  • Self Correcting

  • Consequences

  • Evidence of correctness

  • Who participates? (Identify Stakeholders)

  • What is appropriate use?

Didn't establish what Governance is but what is needed for Governance

Reason directories work is because of reliance

How do we trust that any given certificate (trusted or not) is relevant to the organization/indiv thery'asserting directory data about


OPERATIONS



Content goes both ways- up/down

Operationally, data is vetted multiple times at multiple ways/places

All data doesn't exist at all levels

Ability to trace the source of data (provenance)

Data provenance Being able to trace where the data came from

Different data has different uses

As long as we can tell what it is and how it can be used- depending on Use Cases

Not all data can be 

Different levels of trust

Legislative requirement or not

Standardized Credentials

More than just directory, its set(s) of data

Not fixed, can change day to day.

Didn't see people authenticating and correcting; rather see people make recommendations and say this is wrong. Need someone to process it

During the 2nd exercise the room broke out into groups and focused on:

  1. Governance

  2. Operations

  3. Funding/Resources



FUNDING/RESOURCES

Major Takeaway: We may disagree on what content should be there but if it is there it ought to be correct.

Private funding may be available IF make "safe harbor"

when you say what will you pay for- need to know what to get done, who is responsible

what does it mean to have a national director of the KIND of info NPESS puts out vs what NPESS is supposed to do

Was consensus on NPESS being approved, no consensus of what NPESS should be

from CMS current position NPESS will not become a provider directory, it is out of scope for NPESS.

What is scope? what isn't? What are the constraints for NPESS? This needs to be clarified.

Given that...should the government have a national provider directory? No consensus.

Can NPESS be open source to contribute to making NPESS better?

Need willingness to help.

Notion of marketplace of provider data

If create a system where you can "complain" about the content of NPESS, needs to be accountability

Look to SMART of FHIR model, NPESS adopt practices

  • who gets to complain

  • who complain repeatedly?

It was noted: That NPESS directory has been updated in order to receive dig end pts (direct address) and can make available to facilitate info sharing. Not same as a national provider directory.



LEGAL


3 models

  1. Pure Government
  2. Private Organization/body
  3. Hybrid

at a minimum must have a legal authority to operate,

Gov't can be payer, operator or regulator- can set standards

legislative or regulatory or hybrid

scope of operations- safe harbor was included

governance and guiding body

must be adaptable

must have accuracy and efficiency stds

data standards

content, elements, format

Privacy and security of data about providers

authority to modify/delegation

Data provenance

Must account for consistent funding source

What happens if we run into data blocking?

Scope of content, domains, potential for scope creep.

Who has to engage, who can engage, who shouldn't engage



VIRTUAL- OPERATIONS

Operations, timing and exchange protocol w/ multiple authoritative sources

  • directory of directories

  • Who are auth sources?

  • The auth sources would determien time

  • Understanding of landscape

Need for recommended best practices for subscriptions or current status of particular elements

Need to simplify the FHIR content for the end user

Who will generate and pay certificates?

Certificate maintenance



  • No labels