Department of Veterans Affairs (VA) Electronic Health Record Open Source Custodial Agent (CA) Request for Information (RFI) VA RI-0194

Transcription

1 I. Instructions Department of Veterans Affairs (VA) Electronic Health Record Open Source Custodial Agent (CA) Request for Information (RFI) VA RI-0194 This is a Request for Information only. Do not submit a proposal or quote. The Department of Veterans Affairs (VA) Technology Acquisition Center (TAC) is soliciting for information related to the objective described below. Interested parties are invited to review the following Statement of Objectives and to make comments or suggestions. Note that specific questions are posed throughout the document and are repeated in the Information Requested section at the end. This was intentional and for your convenience. The goal of this RFI is to provide a procurement framework that may be used for a subsequent acquisition. Nothing in this document should be considered binding or in any way obligate VA to perform. Although VA has identified questions of particular relevance, we welcome comments on any part of this document. II. Statement of Objectives Background The Department of Veterans Affairs (VA), Office of Information &Technology (OI&T) is responsible for the development and maintenance of the Veterans Health Information Systems and Technology Architecture (VistA), VA s Electronic Health Record (EHR). VistA is built from more than 100 discrete applications that together comprise our highly integrated and fully-automated health information system. VistA is the electronic information service that enables clinical care delivery at 152 VA health care facilities and 928 ambulatory care and community-based outpatient clinics worldwide. VistA is central to the quality of care that VA delivers to Veterans. Designed by clinicians for clinicians, VistA is patient-centric and embodies the clinical workflow processes that support VA s models of care. It has enabled measurable improvements in the quality of care we provide. VistA is stable and reliable; it is available 99.95% of the time and performs well in both large hospital and small office settings. VA believes that VistA s rate of innovation and improvement has slowed substantially, and the codebase unnecessarily isolated from private sector components, technology, and outcomeimproving impact. To address this issue, VA is investigating proven mechanisms that will open the aperture to broader-based public and private sector contributions and faster implementation. Department of Veterans Affairs Page 1 of 23

2 Goals VA believes that the most reliable, most cost effective, and based on experience quickest mechanism to re-position this tremendous national asset and to keep pace with innovation is to create a custodial agent based on well-understood open source business models. By doing so, we will provide a transparent mechanism to incorporate new features and capabilities into the source code, provide industry a high fidelity signal of our intentions and uniform acceptance criteria, and better proliferate those innovations inside our hospitals and clinics. Our intention is to create a structured, deliberate, and predictable migration path from our custom and proprietary EHR software to an openly architected, modular, and standards-based platform. We believe that a non-governmental custodian will achieve all these objectives quickly and efficiently. The rationale for these expectations is discussed below. Accelerated Rate of Innovation VistA s capabilities evolved endogenously over the many years it has been in successful production, and are the result of the contributions of many innovations, including those that came from within VA itself. However, today s health care environment in which new models of care are continuously developed and deployed is utterly dependent upon the accelerating technological development of new medical devices, improved IT infrastructure, services, and wireless communications. In order to sensibly benefit from these advances, VA must address fundamental structural constraints that will inhibit its ability to keep pace with health services delivery. Specifically, VA believes that a structured, deliberate, and predictable migration from our custom and proprietary EHR software to an openly architected, modular, and standards-based platform will achieve four crucial objectives: 1) It will unleash EHR innovation inside and outside VA. 2) It will release VA s captive dependency on any particular component or service and give our clinicians access to the best available tools and solutions. 3) It will reduce the costs and risks of reliable implementation (and integration) of new functional modules that improve VistA s capabilities. 4) It will measurably improve health outcomes for our nation s Veterans. 5) It will enable other providers in the public and private health care system to benefit from, contribute to, and interoperate with this national asset. Ease of Component Integration In order to better leverage distributed innovation, it must be possible to reliably and rapidly integrate, test, and certify changes, updates, and enhancements to the EHR software and the business rules embedded in it. Early in VistA s life cycle, VA facilities locally tested and developed improvements. As VistA evolved and grew to encompass a very broad set of functions, it also became a system with Department of Veterans Affairs Page 2 of 23

3 many modifications and customizations, thousands of which are isolated from the mainline. Further, while clinical functions and the user interface evolved over time, the underlying architecture of the software progressed at a much slower rate, resulting in a codebase that does not benefit from state-of-the-art software development methodologies and environments. As a result, integration and deployment of code changes and customizations are difficult and labor-intensive processes. VistA s current software architecture unnecessarily slows development of individual improvements, and the deployment of mainline updates requires the careful reintegration of local modifications at each facility. VA believes that in order to efficiently maintain VistA s high performance, it must make significant improvements to the component integration process, and that this would be best accomplished in an open source framework. National Benefit by Market Creation Although a national leader in the use of advanced EHR systems, VA is, happily, not alone. This is best evidenced by the proliferation and use of as well as the very large investment in EHR software by both the public and private sectors. The proposed ecosystem in which the entire health care community has ready access to open source EHR software would produce benefits for all EHR users, including VA. It would facilitate innovation via a common code base and create a means for developers of proprietary EHR systems and modules to integrate with a common frame. It would simultaneously make open source innovations available to the existing EHR user base. Indeed, a successful open source framework will broadly extend the market for vendors and system integrators, who will have means to certify the interoperability of their software and the ability to bundle it with value added services. VA believes that the creation of an EHR ecosystem is a key enabler to the rapid development and deployment of innovations that will benefit the entire market. Users of the Open Source EHR clearly benefit, but we believe that the value extends to all public and private stakeholders, even those using other EHRs. By making open source enhancements available to all EHR users, the best minds in the public sector, the private sector, and academia will have an unfettered opportunity to examine and improve this essential element of health care delivery. The EHR Open Source Ecosystem Open source communities establish governance policies and procedures that provide a level playing field for all community members, from individual contributors to large commercial and government enterprises. A well-constructed open source model provides the structure for the distribution of code, the management of the architecture and product roadmaps, and protection of intellectual property. It creates an environment in which innovators are comfortable contributing to the product and users are comfortable relying on the product to run their businesses. Department of Veterans Affairs Page 3 of 23

4 As open source communities such as Apache, 1 Eclipse 2, and Mozilla 3 have demonstrated, the open source model can lead to reliable, predictable, safe and robust software. Open source software development methodologies typically result in high quality software delivered in less time and at lower cost than is achieved with alternative development methods. Open source software is in wide use in many businesses and government agencies. 4 VA believes that an open source approach to EHR development, launched with VA s VistA EHR, provides the best framework to accelerate the rate of innovation, provide more efficient component integration, and create an ecosystem that taps the best of the health care community to create high quality EHR systems. VA envisions an EHR Open Source ecosystem facilitated and guided by a central body, the EHR Custodial Agent (CA). The CA essentially defines the relationship between and interactions among developers, users, vendors, and service providers. In a fully mature ecosystem any member of the community an individual or an organization - may participate as a developer to improve the codebase and contribute innovations. Users can incorporate EHR Open Source software into their health care delivery operations and may combine custom applications with other open source and proprietary components. Vendors can offer EHR products that incorporate software from the codebase and may offer complementary products (either open source or proprietary) that interact with the Open Source EHR. Service providers will find opportunities to assist innovators, operators, and clinicians in many aspects of development, on-site implementation, and use of the EHR Open Source code. 1 The Apache community has developed and released numerous products, including web server, database and other software. Apache s open source HTTP Web Server is the most often used software of its type, powering more than 100 million web sites worldwide. See: Hhttp:// 2 Eclipse s open source products include large-scale software development tools used by IT professionals. NASA s Jet Propulsion Laboratory used Eclipse open source products in the Mars Rover project is an example. See: Hhttp:// 3 Mozilla is the open source community that developed and released the Firefox internet browser and the Thunderbird and calendaring applications, among others. Firefox is the second most popular web browser worldwide. See: Hhttp:// 4 Open source software is in widespread use within national security agencies. Examples: The Domestic Nuclear Detection Office of the Department of Homeland Security has used open source software including the Red Hat version of the Linux operating system. The Army has used the open source Battle Command Innovation Platform. Clinician s in DoD worldwide health care system use AHLTA-Mobile, which relies on open source software to run a point-of-care handheld medical assistant application. DoD policy provides that open source software will be given equal consideration when software is procured. DoD maintains an open source software development forum, Hwww.Forge.milH, to enable the collaborative development and use of open source software. Department of Veterans Affairs Page 4 of 23

5 The figure depicts a simple schematic of the ecosystem, where developers contribute code to, and users draw code from, the Custodial Agent. The Custodial Agent provides a structure such that all of the following interactions can occur in an orderly, reliable, and efficient manner: Users can acquire, install, use, and maintain an Open Source EHR system based on a certified codebase Users can acquire, install and use proprietary software that has been certified for the codebase Users can develop their own innovations and have them certified; these innovations may also be accepted as part of the codebase Any member of the community may improve the EHR Open Source codebase, and contribute their results, if they wish, to the Custodial Agent Organizations and commercial vendors can build open source products based on the codebase Organizations and commercial vendors can build proprietary products and technologies and have them certified Vendors can mix and match proprietary and open source code in their offerings System integrators can offer services to users for integration, installation, support, and maintenance of products derived from the codebase System integrators can offer services to innovators for development, integration, test, and delivery of code to the CA Department of Veterans Affairs Page 5 of 23

6 Academic and research institutions can participate in EHR innovation by both using and contributing open source code In summary, in a mature open source ecosystem, all members of the community may participate to improve the codebase and anyone individuals and organizations may contribute innovations. Innovations take many forms from software enhancements, to education and training, to identification of gaps in the product, service or support capabilities. We outline the governance mechanisms below. What factors will most impact the ecosystem's ability to significantly contribute to the codebase? Which open source ecosystems are most successful and how could they inform the structure and governance of the Custodial Agent? What are the best practices that guide institutions in the transition from passive software users to active open source participants? Creation of the CA The development of the EHR Open Source ecosystem begins with the creation of the CA, which serves as its central governing body. VA will likely seek a vendor to establish and manage the CA. Upon creation of the CA, VA will make an initial code contribution of the complete and current version of the VistA EHR. Then, VA will obtain its first certified, cost-free, perpetually licensed code delivery and will obtain all versions of the EHR code from the CA from that date forward. Codebase Modernization The Open Source EHR software, or codebase, is the shared resource at the heart of the ecosystem. The current VistA codebase is extremely large and complex, is based on an older architectural model, and lacks state-of-the-art development environments, tools and automated procedures for quality control. Combined, these make it harder to maintain, update, and deliver new EHR capabilities. Recognizing the barrier to innovation that this presents, VA intends to separately and contemporaneously initiate a codebase modernization project, or code refactoring, effort. Although there are multiple ways to achieve VA s goals, we believe that the following steps would produce the best results and remain most closely aligned with the desired operation of the ecosystem: VA initiates a project request to the CA for codebase refactoring The CA approves the refactoring project and assigns project responsibility to VA VA contracts with a vendor for design of the refactoring task VA publishes the refactoring design to the open source community and receives feedback to improve the design The CA approves the final design for refactoring VA executes the refactoring task under the auspices of the CA project The refactoring project proceeds and abides by all of the monitoring and reporting procedures that CA implements to ensure the openness and transparency of its projects Department of Veterans Affairs Page 6 of 23

7 Artifacts generated during the project, including architecture documentation, application program interface (API) definition, and code, are presented to the CA for acceptance and certification Assuming acceptance and certification, contributed code becomes part of the codebase The EHR codebase is critical to the delivery of care so it is important to note that the refactoring work must not be disruptive to its continuous use. How could the ecosystem be best engaged in the refactoring effort? What challenges should the CA anticipate during migration? Ecosystem Operation A robust open source ecosystem takes time to mature but can begin successful operation from the moment it is created. VA believes that a properly established and administered CA, with active support from VA and industry leaders, will create value immediately and foster the growth of the ecosystem. The interactions of users of and contributors to the codebase are fundamental to the operation of the ecosystem in all stages of its evolution and are described below. Additionally VA recognizes that this new ecosystem will be created in an existing environment of continuous development. Nothing in this description should be viewed as prejudicial against current vendors or activities; current projects should continue to completion on time and with high quality. Use of the Codebase Users, from large enterprises to small physician offices, will have many options for acquisition and deployment of the Open Source EHR. A user may download certified code from the CA and manage the installation, integration, testing, and configuration directly. The user may choose to add features or combine the code with other open source or proprietary technology, and may even choose to brand the derivative software themselves. A user may obtain certified code embedded in bundled products and services from value-added vendors such as commercial system integrators or non-profit user groups. In this case, a vendor downloads certified code from the CA and adds value via customization, integration, test, configuration, installation, and support. Again, this may include integration with other open source or proprietary technology, and the end product may be branded by the vendor. A single entity, such as a clinic, office or hospital, may belong to a larger health care organization or integrated delivery network that manages software products and services. Similar to a value-added vendor, the user group obtains certified code from the CA and provides products and services to individual users. Department of Veterans Affairs Page 7 of 23

8 Users have two paths for acquisition of EHR Open Source software: direct download from the Custodial Agent or via bundled products from a value-added vendor. Models of Contribution The vitality of any open source initiative relies on the quality and robustness of its codebase, which is dependent on the contributions of a broad and diverse community. While the CA manages the process of placing code into the codebase, it is worth noting that any innovator is free to develop ideas and software that add to, build on, or extend the EHR Open Source codebase. There are several ways that the new software born of these ideas can be considered for insertion into the codebase. When the CA considers a particular improvement to be a priority, it may initiate a project. The CA will seek a project sponsor and assign a project lead. The sponsor and lead for a project need not be the same entity, though in practice they often are. Any CA member may sponsor an idea for an improvement and propose it. If accepted, the CA will initiate a project and assign a project lead to oversee its execution. Note that an idea may simply be the definition of a desired function or a set of requirements and may or may not be accompanied by software in either a partial or fully-formed state. Department of Veterans Affairs Page 8 of 23

9 Ideas may be proposed to the CA by individuals or organizations that lack the resources or expertise to serve as the idea sponsor. In order to assist with idea development, the CA may help connect these ideas with resources that can incubate them. In all cases, the code produced by a CA-approved project is submitted for certification by the CA and, upon successful certification, is then accepted into the codebase. The CA may choose not to accept some ideas and contributions, but members of the community may choose to develop these ideas independently. Code contributions that have been declined by the CA for acceptance into the codebase may still be submitted for certification of interoperability. The Custodial Agent considers a full range of ideas, from fully-formed and sponsored to conceptual and unsponsored. Projects are formed to implement all approved ideas. The Role of Certification In the operation of the ecosystem users rely on certification as an assurance that the software they use meets the standards set by the CA. Contributors and vendors rely on certification as a way to communicate that the code, products, and services that they offer meet the standards set by the CA. Because it is a critical function to nearly all members of the ecosystem, it is the responsibility of the CA to both define and carry out certification. There are two general types of certification: All code that enters the codebase, through any of the paths described in the Contribution Model below, must pass certification to demonstrate that it operates as intended and meets the standards set by the CA. Software and technology that is not intended to reside in the codebase but interacts with the Open Source EHR or provides complementary functions may be certified to demonstrate interoperability. Department of Veterans Affairs Page 9 of 23

10 The Custodial Agent is responsible for certification. All code contributed to the codebase must be certified before acceptance. Complementary software may be certified to assure interoperability with the codebase. Elements of the EHR Custodial Agent The degree of central control in an open source ecosystem varies from none in communities consisting solely of independent contributors, to significant in those with strong centralized governance. Given that electronic health records are safety-of-life applications, that must operate reliably and without interruption, VA believes stakeholders will require a strong central control, or directed open source, model. The directed model we envision employs a centralized decision-making process that creates and enforces clearly defined product releases and roadmaps, project schedules, certification, and quality control, with explicitly identified resources, iterative and continual feedback and peer reviews. The directed model does not, however, inhibit asynchronous and independent innovations but rather facilitates them as the platform becomes ever more modular, transparent, and architecturally open. The CA is the mechanism for implementing a directed open source model for the EHR. As envisioned its responsibilities should include governance, licensure, and certification. The sections below describe the CA s proposed functions in more detail, which have been broken out into governance, development, and deployment. The goal of this RFI is to provide a Department of Veterans Affairs Page 10 of 23

11 procurement framework that may be used for a subsequent acquisition; please comment on any portion of this working model. The Custodial Agent establishes the framework that enables members of the ecosystem to interact in an orderly, reliable, and efficient manner. Governance Bylaws A set of rules articulated in the bylaws will govern the CA. The organization will create and maintain these rules, and crucially, the same set of rules will govern all activities and all members. Governance will be open, transparent, and collaborative. The following are examples of items that will appear in the bylaws: All members sign same agreements with no bilateral agreements between CA and individual members An established set of Intellectual Property guidelines and policies An established set of open software development processes and guidelines No confidential information (all deliberations of board and councils are open) Definition of board member responsibilities and terms Department of Veterans Affairs Page 11 of 23

12 Roles, responsibilities, rights of general membership Given the importance of openness and transparency in fostering a collaborative environment, the CA should formulate and publish the following documents, among others: Membership Agreement Terms of Use Antitrust Agreement Usage Agreement Intellectual Property Agreement Copyright Infringement Notification Board There are at least four well-known templates (Apache, Eclipse, Mozilla, and GNOME) used to establish a starter set for written governance. What are their most important elements? Are there additional examples of governance that you recommend? A central decision-making body, or board, is key to the execution of a directed open source model as it sets priorities for the Custodial Agent and makes decisions that determine the structure and operation of the organization (and by extension of the surrounding ecosystem). The Custodial Agent will be governed by a board, with responsibility for policies, plans, and procedures. Initially, the board will be composed of a small number of members including VA. Over time, as the ecosystem and Custodial Agent membership expands, the size of the board may also expand. What are the rights and responsibilities of the board? What are the selection criteria for board membership? When and how should the board expand? Membership The EHR Open Source ecosystem delivers maximum benefit when there is broad participation from a diverse set of organizations and individuals. VA believes that the Custodial Agent should reflect this breadth and diversity in its membership. The barrier to membership should be low, allowing all who can contribute code, money, time, expertise or intellectual property to join. Department of Veterans Affairs Page 12 of 23

13 Many members may choose to participate in subcommittees focused on administrative or technical governance. For example, technical governance will address questions related to architecture, requirements management, and product management. Is a broadly inclusive membership model best for an open source custodial agent? What criteria are important as conditions for membership? What should be the rights and responsibilities of membership? Licensure VA expects that the CA will use an Open Source Initiative (OSI) Approved license but is open to alternative frameworks that may accomplish its objectives, e.g. the licensure templates of the Creative Commons. We believe the following open source attributes are important: Royalty-free source code Open access to all source code in the codebase Non discriminatory, non restrictive access Rights to make derivative works and redistribute them Rights to package, service, support, redistribute, brand and price with or without attribution Principles of openness, transparency, and meritocracy applying to all projects and activities. Please comment on the proposed license model or recommend a license model that would lead to the behavior the CA intends to promote. US IRS Status The CA must establish policies and procedures that ensure full compliance with all applicable U.S. and International laws. We believe that a non-profit organization under section 501(c)(3) of the U.S. Internal Revenue Code may provide the most effective structure for the CA. To be taxexempt under section 501(c)(3) of the Internal Revenue Code, the CA must be organized and operated exclusively for exempt purposes set forth in section 501(c)(3), and none of its earnings may benefit any private shareholder or individual. In addition, it may not attempt to influence legislation as a substantial part of its activities, and it may not participate in any campaign activity for or against political candidates. Please comment on the advantages and disadvantages of candidate legal structures (e.g., for profit, not-for-profit) for the CA. Department of Veterans Affairs Page 13 of 23

14 Fiscal VA intends to create the CA and provide the funds for its initial operation. Over time, as the ecosystem and membership grow, we anticipate that the CA will develop a self-sustaining business model, supported by the breadth of membership. Please provide comments on business models that result in a fiscally self-sufficient Custodial Agent. Requirements Management Requests for changes to the CA codebase can come from virtually any community member, including from within the CA. The development of new innovations will form the basis for many requests, but requests may also be generated for component upgrades, code improvement, bug fixes, compliance, performance enhancements, etc. The CA should have responsibility and authority to entertain these requests and to make decisions to accept or disallow them. Requests that are accepted form a set of requirements on the codebase. Requirements management is the process of entertaining and resolving requests and prioritizing and tracking the requirements associated with approved requests. Importantly, VA envisions requirements management as a function separate from (but subordinate to) the central governance board, and one that involves members with significant technical and clinical expertise. Please comment on organizational structures and processes that enable effective open source requirements management. Product Management The Open Source EHR will initially be comprised of the VA s existing VistA EHR codebase. The CA should generate and document an initial definition of the Open Source EHR product, capturing not only a functional description of the software but documenting supported components (such as client and server operating systems, database managers, application program interfaces, etc.). As the codebase evolves with refactoring, new features, and enhancements, the CA will have responsibility and authority to map the product content to a series of scheduled product releases. Maintenance and distribution of the product roadmap provides clear information to all community members and transparency into the product evolution. VA envisions product management as a function separate from (but subordinate to) the central governance board, and one that involves members with significant technical and clinical expertise. Please comment on organizational structures and processes that enable effective open source product management. Department of Veterans Affairs Page 14 of 23

15 Architecture A clear and accessible definition of the components of the codebase, how they function, and how they interact is required to enable collaborative, distributed, and innovation-accelerating development. This definition, which describes the system architecture, is also the foundation for the certification and interoperability of both open source and proprietary technology. Modernizing and enhancing the codebase will require changes to the architecture. Consideration, approval, documentation, and communication of changes to the architecture are important functions of the CA. VA envisions management of the architecture as a function separate from (but subordinate to) the central governance board and one that involves members with significant technical and clinical expertise. Projects What kind of input should VA, standards organizations, the community, and other interested parties have in the evolution of the CA technology? As the board determines CA priorities, it forms projects to initiate, assign resources to, manage, track, and report on the required actions. Projects are approved by and can be terminated by the board. All work and development associated with the CA is under the control of a project. Each project has a sponsor and a project lead; these roles are often filled by the same entity. Each project must conform to the basic open source rules of engagement: meritocracy, transparency, peer review and open participation. Every project has a charter that sets out its mission and scope, the expected contributions to the project, and any potential intellectual property issues. The project charter is a living document that will be updated to reflect the evolution of the mission and development processes over time. The board approves the charter when a new project is created, and the board must also approve any changes. Project leads are expected to ensure that: All projects operate effectively by providing leadership to guide the project s overall direction and by removing obstacles, solving problems, and resolving conflicts All project plans, technical documents and reports are publicly available All projects conform to the bylaws and policies, and operate using open source rules of engagement Projects have adequate resources to meet their commitments. The resulting software is certified and delivered on time and within budget Marketing Gaining participation in the EHR Open Source ecosystem requires potential members to have awareness of the effort and a deep and operational understanding of its identity and offerings. The CA should take on traditional marketing roles including promotion and development of messaging and should develop a marketing communications plan that reaches the community Department of Veterans Affairs Page 15 of 23

16 of existing and potential members. The CA should not be involved in or inhibit the branding and market communications of its members. What are the most important elements of communication that the Custodial Agent should engage in, in order to promote community awareness and participation? Development VA is committed to supporting open source development principles in order to realize the benefits, to VA and to the community, of collaborative efforts of public and private organizations and individuals. Accordingly, as it shepherds the growth of the ecosystem, the CA should maintain principles of openness, transparency, and peer review, to promote participation by all and assign roles based on merit. The classic development model involves a set of innovators collaborating to design, develop, test, and deploy software that is then contributed to a common code repository. Everyone members and non-members has access to the software. The CA enables this model by providing the technical information (architecture, documentation, product roadmaps, etc.) required by developers and by maintaining shared resources such as a code repository. Further, CA provides structure for the contribution process and carries out certification as the final step in accepting software into the codebase. Code Repository The CA will manage a code repository. All code that is the responsibility of the CA will be stored and managed by the code repository. This includes the EHR Open Source codebase, including development and pre-release versions of code. Users frequently rely on technology outside of the EHR Open Source codebase as part of their EHR implementations. Code for these complementary technologies may reside in the code repository as a convenience to users. What features of a common code repository make it most useful to an open source ecosystem? Development Tools The CA will provide a suite of development tools to contributors for the development and evaluation of EHR software. How important is a common development environment to the developer community? What development environment and tools would you recommend and why? Documentation Clear, consistent documentation of the codebase is key to the clear, consistent communication of the function, interaction, and state of the code that makes up the EHR Open Source product. Department of Veterans Affairs Page 16 of 23

17 The CA will provide documentation and will enforce a development process that generates documentation. What methods of generating, sharing, and maintaining documentation provide the most value to the open source community? Innovation Support Support to the development community is the best way to promote innovation and creativity. Over time, the CA could provide or enable such aids as facilities for the acceptance and sharing of code, intellectual property and ideas; sandboxes for development and test; a course curriculum; directed research, and innovation grants. What actions might the Custodial Agent take to foster innovation and the healthy growth of the ecosystem? Deployment The CA should support the user community in its use of the codebase, the products derived from it, and products that interact with it. Some functions may be provided by the CA directly and others may be provided by members of the ecosystem. Education The CA will support a repository of common education artifacts that can be downloaded by the user education community. Support EHR software provides safety-of-life functions and requires support to ensure its continuous operation. The CA should enable, and not in any way inhibit, various models of support for the codebase and derived products. What models of support provide the maximum benefit to the user community, and what actions should the Custodial Agent take to enable them? Certification It is critical that users, and the community in general, have assurance that the EHR Open Source code that they receive from the CA not only provides the intended function, but that it operates properly with other code (open source or proprietary), operates with all supported components and in all intended environments, and meets requirements in areas such as usability and performance. The CA will define certification criteria and processes; certification must be a rigorous process that admits only code that clearly meets stringent standards. Department of Veterans Affairs Page 17 of 23

18 Certification applies to code that is contributed to become part of the codebase. It also may be applied to other open source or proprietary code that is not intended to become part of the codebase, but is intended to interoperate with the EHR Open Source code. When fully defined, certification may include some or all of the following: Functional Testing Architectural Compliance Verification Interoperability Testing Section 508 Compliance Stress Testing Performance Testing Regression Testing Governance Compliance Testing Customer Satisfaction Privacy Protections and Systems Security What suite of tests must certification include in order to adequately assure the function and quality of code accepted into the codebase? Are there methods of administering the certification process that ensure efficient operation? Can self-certification play a role? Complementary Products and Services Users will require functions that are not included in the EHR Open Source product. They may also require services in order to make the best use of the open source code. We expect valueadded vendors that provide or develop these complementary functions and services to be an active part of the EHR Open Source ecosystem. The framework created by the CA should not inhibit but should encourage this development. Further, the CA may take explicit actions to promote and grow the ecosystem. What actions should the CA take (or avoid) to encourage and sustain the growth of the EHR Open Source ecosystem? III. Information Requested Contractors having the skills and capabilities necessary to perform the stated requirements, as well as entities with experience in creating or participating in open source or electronic health record communities, should submit a response of no more than 50 pages in length, single spaced, 12 point font minimum that addresses the above information. The Government will not review any other data or attachments that are in excess of 50 pages. In response to the RFI, Department of Veterans Affairs Page 18 of 23

19 interested contractors shall submit the following information no later than March 4, 2011, 4 PM Eastern Standard Time to Elizabeth Dean (Elizabeth.Dean2@va.gov) and Kevin Loesch (Kevin.Loesch@va.gov). Any inquiries or questions can be directed to Elizabeth Dean. VA intends to adhere to the following schedule for this RFI: 2/18/11: RFI release date 3/4/11: RFI responses due 3/25/11: RFI response evaluation completes Please provide the following information in response to the RFI. Business Information 1.1. Name of Organization: 1.2. DUNS Number: 1.3. Type of Organization: (For-profit company, Non-profit entity, College or University, Government agency) 1.4. Past Experience: Is your organization currently providing similar open source software solutions to another government agency or other non-government customers? If so, identify the agency or non-government customer and provide the following information on a maximum of three similar projects completed within the last three years for which the responder was a prime or subcontractor: a. The name, address, and value of each project. b. The Prime Contract Type, Firm Fixed-Price, or Time and Material. c. The name, telephone and address of the owner of each project. d. A description of each project, including difficulties and successes. e. Your organization s role (Prime or Sub) and services provided for each project Capabilities/Qualifications a. Technical Capability: Description of the capabilities/qualifications/skills your organization possesses to perform services and products described in the Statement of Objectives. b. Teaming Arrangements: Does your organization possess in-house capabilities to independently provide some or all of the Custodial Agent services described in the Statement of Objectives? If not, please describe any existing or planned teaming/subcontracting arrangements and any associated approach previously used. c. Socio-Economic Status: Indicate whether your organization, subcontractors, teaming partners, joint ventures have a Federal Socio-Economic status, e.g., Small Business, Service-Disabled Veteran Owned Small Business, Veteran Owned Small Business, Woman-Owned Small Business, Disadvantaged Small Business, and Hub Zone. If Service-Disabled or Veteran Owned Small Business, is your company and or partners registered in VA s VetBiz repository? d. Commercial Availability: Description of the length of time your services and products have been commercially available. e. Price Information: Provide your price and related discount history for the same or similar services and products. If applicable, provide information if services and products are available under any Federal Contract Vehicle, e.g., GWACs, GSA Federal Supply Schedule, etc. Department of Veterans Affairs Page 19 of 23

20 f. Key Personnel: Please describe your organization s capacity to provide key personnel with experience and knowledge in establishing and managing open source software environments, as well as supporting management, planning and communication capabilities. These core capabilities include: i. Identification of healthcare stakeholders and ability to market EHR Open Source community participation. ii. Ability to identify and develop governance structures and associated processes to facilitate open source concept of operations. iii. Software configuration management, software source code quality assurance and software test and validation. iv. Open source software licensing arrangements. v. Establishment of open source board of Directors. vi. Ability to create and deliver formal presentations to VA management and executive leadership and VA stakeholders. vii. Ability to produce well-written, organized and succinct reports. viii. Ability to manage competing priorities and to adjust quickly and efficiently to changes in work direction Other Market Information: Provide any other relevant information, however this information must be included within the 50 page limitation. General Information 2.1. How familiar are you with the VistA EHR? 2.2. What is your interest in the EHR Open Source initiative? 2.3. Could your organization independently meet the entire range of Custodial Agent requirements described in the objectives? 2.4. If you answered NO to question (2.3), what requirements could your organization meet? 2.5. What challenges do you foresee in meeting the Custodial Agent requirements and what suggestions can you provide to mitigate them? The EHR Open Source Ecosystem 2.6. What factors will most impact the ecosystem's ability to begin significantly contributing to the codebase? 2.7. Which open source ecosystems are most successful and how could they inform the structure and governance of the Custodial Agent? 2.8. What are best practices for guiding institutions in the transition from software users to open source participants? Codebase Modernization 2.9. How could the ecosystem be best engaged in the refactoring effort? What challenges should the CA anticipate during migration? Department of Veterans Affairs Page 20 of 23

21 Bylaws There are at least four well-known templates (Apache, Eclipse, Mozilla, and GNOME) that many use to establish the starter set for written governance. What are their most important elements? Are there additional examples of governance that you recommend? Board What are the rights and responsibilities of the board? What are the selection criteria for board membership? When and how should the board expand? Membership Is a broadly inclusive membership model best for an open source custodial agent? What criteria are important as conditions for membership? What should be the rights and responsibilities of membership? Licensure Please comment on the proposed licensing model or recommend a license model that would lead to the behavior that the CA intends to promote. US IRS Status Please comment on the advantages and disadvantages of candidate legal structures (e.g. profit, not-for-profit) for the CA. Fiscal Please provide comments on business models that result in a fiscally self-sufficient Custodial Agent. Requirements Management Please comment on organizational structures and processes that enable effective open source requirements management. Product Management Please comment on organizational structures and processes that enable effective open source product management. Architecture What kind of input should VA, standards organizations, the community, and other interested parties have in the technical direction of the evolution of the CA technology? Department of Veterans Affairs Page 21 of 23

22 Marketing What are the most important elements of communication that the Custodial Agent should engage in, in order to promote community awareness and participation? Code Repository What features of a common code repository make it most useful to an open source ecosystem? Development Tools How important is a common development environment to the developer community? What development environment and tools would you recommend and why? Documentation What methods of generating, sharing, and maintaining documentation provide the most value to the open source community? Innovation Support What actions might the Custodial Agent take to foster innovation and the healthy growth of the ecosystem? Support What models of support provide the maximum benefit to the user community, and what actions should the Custodial Agent take to enable them? Certification What suite of tests must certification include in order to adequately assure the function and quality of code accepted into the codebase? Are there methods of administering the certification process that ensure efficient operation? Can self-certification play a role? Complementary Products and Services What actions should the Custodial Agent take (or avoid) to encourage and sustain the growth of the EHR Open Source ecosystem? SWOT Analysis Please provide an analysis of the Strengths, Weaknesses, Opportunities, and Threats of the open source approach outlined in the RFI with respect to achieving the listed goals Please provide recommended changes that would remediate Weaknesses and Threats. Acquisition Strategy 3.1. The Government has preliminarily selected NAICS code , Computer System Design Services, size standard $25M as applicable for the planned Electronic Health Department of Veterans Affairs Page 22 of 23

23 Record Custodial Agent support. If you believe another NAICS code should be applicable, please identify the NAICS code along with supporting rationale Please provide details on your involvement in any prior U.S. Government open source acquisitions regarding proposed contract type and unique terms and conditions Please identify Government contract vehicles that you recommend for this acquisition and provide supporting rationale. Department of Veterans Affairs Page 23 of 23