The system must achieve certification as a modular EMR for 170.314(e)(1) prior to July 2013. If our system is certified for this requirement as part of a certified EHR solution, will you also require separate modular certification? This will be based on ONC guidance. However, we believe that the proposed solution may need a modular EMR certification in order for KHIN participating providers and hospitals to use this solution in conjunction with their own EMR to achieve MU 2014 Edition compliance. Audit Functionality provide information to patients regarding access to their personal health information Does this refer to access to personal health information by others via the patient portal, or to providing patients with information on who has accessed their data within the HIE? Within the HIE. Our HIE vendor has the capability to run audit reports on who has accessed a patients information in the HIE. We would expect that this report could be requested by the patient through the portal. Quick Links ability to embed or allow URL quick links to health care provider specific patient portal and vice versa. Does this refer to linking out to health care provider portals where the patient may have to log-in separately, or do you envision establishing deeper integration such as SSO? SSO would be ideal but a separate log in is acceptable. Do you envision having some sort of provider directory where a patient could find a provider and then link in this fashion? If so, would the directory be maintained by KHIN? We envision that the portal will display the data from the HIE which will include the facility name where the patient received care. We envision that the facility name would have next to it a URL quick link to the facility patient portal log in page. Ideally the link would display next to the facility name. If this is not possible a look up would be sufficient. KHIN will maintain the directory. Calendar ability to provide patient with calendar view of previous health care events. Can you define this a bit more? For example, would this be a calendar maintained by the patient and/or populated with data from other sources? Populated with data from the HIE. Would this be a way for a patient to manage/view past and upcoming appointments? Yes, the patient should be able to view past appointments and what happened at these appointments. This data would come from the HIE. If you have a solution to display upcoming appointments please describe it. 1
Is the intent to show a calendar view of past illnesses, surgeries, procedures, etc? Yes Scheduling ability to perform patient self scheduling. Are you asking for the ability to request an appointment, or to actually schedule an appointment? Self-scheduling generally requires tight integration with EHR and/or PM systems, and the willingness and ability of other vendors to integrate at this level varies widely. Also, self-scheduling with providers is often challenging based on provider availability, appointment types and complexity, and other factors. Again looking for a little more definition/clarity. We acknowledge that this is difficult but are interested in innovative ideas and solutions. The patient s ability to select the provider(s) for whom data will be shared in KHIN. Does this mean that from within the patient portal, the patient can decide which providers with access to KHIN can see their data? Or does this mean that the patient can decide that data from certain providers will be shareable within KHIN, while data from other providers will not be shareable? Also, how do you envision this working? For example, will the patient have a list of providers and they check/select those who can provide/view, or will they check/select those who are restricted? Any clarification you can provide will be appreciated! We envision that eventually technology will enable patients to determine who has access to their health data. This should be managed through a longitudinal patient portal. The ONC Privacy Pin specifically requested that HIEs give consideration regarding how they will accomplish this in the future. We acknowledge that this is difficult and may not yet be available. However, we are interested in finding a partner that has given consideration to this and has a vision of how this might be handled in the future. Ability to deliver listing of patient information that has been accessed in KHIN, date, time and facility location. We assume that KHIN will provide access data, and vendor will display that data in patient portal correct? Yes How many patients does Kansas HIN anticipate will use the patient portal within the 5 years? If it is a phased in approach, any insight as to the goals associated to utilization would be helpful. We anticipate that data from all patients in Kansas (approximately 2.8million) will be in the portal in the next 5 years and that some patients from surrounding states will also have data in the exchange. Note, not all of these patients will access the patient portal but the portal must be available if they choose to do so. 2
I would plan on a gradual increase over the 5 years. There are currently 90,000+ in the exchange and it has been increasing about 15,000-20,000 per month since we went live in August 2012. What is Kansas HIN s planned business model around this project? KHIN charges a fee to its Participants to utilize the exchange and the Patient Portal For hosting requirements, would KHIN like a price assuming a supplier hosted solution, a KHIN hosted solution, or both? Both, but remember KHIN is already hosting the HIE data with our HIE technology partner. So depending upon your technology solution your company may not have to host the data. Questions under Section V. BUSINESS AND FUNCTIONAL REQUIREMENTS The RFP states that the patient portal must meet all MU requirements. Please clarify what criteria you expect the patient portal to meet. Please review the MU requirements for the patient portal released in the Federal Register /Vol. 77, No. 171 /Tuesday, September 4, 2012 /Rules and Regulations Questions under APPENDIX A Business and Functional Requirements Checklist Does KHIN have patient educational materials today for use in the patient portal? No For registration for patients, does KHIN wish for single factor or two factor authentication when matching patients through the portal? Please describe your solution for both. Are there specific disease states KHIN is targeting for the patient portal disease management features? No, we would be interested in your ideas. For a solution which is not a bespoke development project but based upon an existing supplier product what 'source code' would be expected and for what purpose? We will require the source code for the application to be escrowed. Would KHIN specific customization configuration of the Supplier Product be sufficient to meet this requirement? Yes. 3
What Versions of Firefox, Chrome, Safari are needing to be supported and on what platforms (PC, Mac, ios (iphone/ipad), Android)? In general KHIN seeks compatibility with the majority of the popular web browsers in use today. We recognize this is a constantly developing field and wish commitment that the vendor will provide updates to provide compatibility with emerging browser technologies coming into popular use. In general KHIN is seeking ongoing compatibility with the last three versions of Internet Explorer, Firefox, Chrome and Safari on both PC and Mac. Additionally, KHIN also seeks knowledge of the proposed solutions compatibility with IE6, IE7 and IE8 and mobile browsers for ios and Android. General Under the Privacy and Security heading is the following statement: Partitioning of data among providers may be required in data sharing agreements between KHIN and data providers. The proposed solution will provide maximum control of providers data by the provider while enabling peer to peer sharing among providers. Can you provide a bit more insight/clarification on what this means? It appears to focus primarily on provider sharing of data, so it is not entirely clear how this applies to the patient portal. We would like to understand if you are storing patient data at rest how you plan to manage this. Will you use a federated, centralized or hybrid solution? And if you are storing data at rest how can Participants be assured that you will not use the data for purposes that have not been approved by KHIN, the Participant and/or the patient. What are the State privacy/security and data protection laws? Please go to the Kansas Health Information Exchange website http://www.khie.org/ to review all Kansas HIE legislation, regulation and rules. You may also visit the KHIN website at http://www.khinonline.org to review KHIN Policies and Procedures What are the State breach notification laws, rules and regulations? Please see website above and specifically refer to the Kansas Health Information Exchange Technology Act. How many total users does the solution need to support? The total population of Kansas is approximately 2.8million. We would expect that users from surrounding states that border Kansas would also participate. So the vendor should plan to make available health data for 3million+ patients. A 50% access rate by patients should be planned for. How many concurrent users should we assume will be using the system at any one time (assuming a user session of 20 minutes)? 4
We do not know and would be interested in your projections. 5