Reminder: Do not include any PHI or PII in Confluence. If you require 508 accessibility assistance or any other support for this system, then please send an email to onc-jira-questions@healthit.gov
Disclaimer: The content in this space is DRAFT and will change in the next coming weeks once recordings have been listened to.
GOVERNANCE
Strongest Outcome: Purpose of Governance is to establish an acceptable level of TRUST based on risks associated with USE.Acceptable level of trust and Risk vary depending on Use Case
--
Establish Framework
What Does Governance need to address?
Must work in Low and High Tech environments
Need to understand processes we need policies around
change mgmt
credentials
V&V
Need to understand levels of assurance, level of Authority
What is the durability? (Acceptable level of trust)
Who are the accredited executors of these processes?
Roles/Rights/Responsibilities
Needs to be process to deal with grievances and the Remediation of data
Self Correcting
Consequences
Evidence of correctness
Who participates? (Identify Stakeholders)
What is appropriate use?
Didn't establish what Governance is but what is needed for Governance
Reason directories work is because of reliance
How do we trust that any given certificate (trusted or not) is relevant to the organization/indiv thery'asserting directory data about
OPERATIONS
Content goes both ways- up/down
Operationally, data is vetted multiple times at multiple ways/places
All data doesn't exist at all levels
Ability to trace the source of data (provenance)
Data provenance Being able to trace where the data came from
Different data has different uses
As long as we can tell what it is and how it can be used- depending on Use Cases
Not all data can be
Different levels of trust
Legislative requirement or not
Standardized Credentials
More than just directory, its set(s) of data
Not fixed, can change day to day.
Didn't see people authenticating and correcting; rather see people make recommendations and say this is wrong. Need someone to process it
During the 2nd exercise the room broke out into groups and focused on:
Governance
Operations
Funding/Resources
Legal
FUNDING/RESOURCES
Major Takeaway: We may disagree on what content should be there but if it is there it ought to be correct.
Private funding may be available IF make "safe harbor"
when you say what will you pay for- need to know what to get done, who is responsible
what does it mean to have a national director of the KIND of info NPESS puts out vs what NPESS is supposed to do
Was consensus on NPESS being approved, no consensus of what NPESS should be
from CMS current position NPESS will not become a provider directory, it is out of scope for NPESS.
What is scope? what isn't? What are the constraints for NPESS? This needs to be clarified.
Given that...should the government have a national provider directory? No consensus.
Can NPESS be open source to contribute to making NPESS better?
Need willingness to help.
Notion of marketplace of provider data
If create a system where you can "complain" about the content of NPESS, needs to be accountability
Look to SMART of FHIR model, NPESS adopt practices
who gets to complain
who complain repeatedly?
It was noted: That NPESS directory has been updated in order to receive dig end pts (direct address) and can make available to facilitate info sharing. Not same as a national provider directory.
LEGAL
3 models
- Pure Government
- Private Organization/body
- Hybrid
at a minimum must have a legal authority to operate,
Gov't can be payer, operator or regulator- can set standards
legislative or regulatory or hybrid
scope of operations- safe harbor was included
governance and guiding body
must be adaptable
must have accuracy and efficiency stds
data standards
content, elements, format
Privacy and security of data about providers
authority to modify/delegation
Data provenance
Must account for consistent funding source
What happens if we run into data blocking?
Scope of content, domains, potential for scope creep.
Who has to engage, who can engage, who shouldn't engage
VIRTUAL- OPERATIONS
Operations, timing and exchange protocol w/ multiple authoritative sources
directory of directories
Who are auth sources?
The auth sources would determien time
Understanding of landscape