IT Audit Plan Overview Project Case Sudy

by | Apr 1, 2021 | programming | 0 comments

*** Plagiarism is not acceptable *** Overview of Project –For this assignment, you will tackle the comprehensive task of auditing the IT and IS for an organization operating in a domain of your choice. You will apply the IT auditing process to a selected case study. The case study I have chosen is ONC Releases Second Draft of TEFCA PAPER -Appendix 3: QHIN Technical frame work (Page 70 onward only not entire document) Instructions: Research Paper in in APA format. Plagiarism is not acceptable. (Please consider this top priority). For Week 3 project complete instructions are specified. All instructions or tasks must be addressed.(Try to address all the information specified in each task ) Kindly Review the attached PPT. Paper must be included APA format References only and in-text citations. The references you cite should be credible, scholarly, or professional sources and Not older than 3 year
onc_releases_second_draft_of_tefca.pdf

instructions_for_project.docx

sample_classmate_project_week1_to_week5.docx

Unformatted Attachment Preview

Trusted Exchange Framework
and Common Agreement (TEFCA)
Draft 2
TABLE OF CONTENTS
Introduction to the Trusted Exchange Framework and Common Agreement (TEFCA)…………… 3
Appendix 1: The Trusted Exchange Framework (TEF) ………………………………………………….. 24
Appendix 2: Minimum Required Terms & Conditions (MRTCs) ………………………………………. 32
Appendix 3: Qualified Health Information Network (QHIN) Technical Framework ……………. 70
Introduction to the Trusted Exchange
Framework and Common Agreement (TEFCA)
April 19, 2019
TABLE OF CONTENTS
Executive Summary ………………………………………………………………………………………………… 4
Introduction ………………………………………………………………………………………………………….. 6
What are the Trusted Exchange Framework (TEF) and the Common Agreement? ……………….. 9
What can the Common Agreement be used for? …………………………………………………………. 14
The Common Agreement’s Relationship to HIPAA ………………………………………………………. 17
What Privacy and Security Requirements are Included in the Common Agreement?………….. 18
Major Updates to Draft 2 of the TEF and MRTCs …………………………………………………………. 21
What are the Next Steps? ………………………………………………………………………………………. 22
Executive Summary
For decades, many health care providers, health plans, and individuals have sought a health care system
that enables a patient’s Electronic Health Information (EHI) 1 to flow when and where it matters most.
Even though most hospitals and clinicians use electronic health records (EHRs), connectivity across
systems and networks remains fragmented and interoperable uses of EHI vary. Often these variations in
interoperability are not due to technical issues, but rather caused by deficits in trust between
organizations and by anti-competitive behavior that results in the holding of patient EHI. Congress
recognized these gaps in the 21st Century Cures Act (Cures Act) 2 , and laid out a path to promote
nationwide interoperability.
The Office of the National Coordinator for Health Information Technology (ONC) leads implementation of
key provisions under Title IV of the Cures Act, which includes defining the requirement for health IT
developers of certified health IT to publish application programming interfaces (APIs) that can be used
“without special effort” to drive individual, clinician, and payer access to clinical data; and the
development of a comprehensive approach to address information blocking. Additionally, in section 4003
of the Cures Act, Congress directed ONC to “develop or support a trusted exchange framework, including
a common agreement among health information networks (HINs) nationally.”3 In developing a Trusted
Exchange Framework (TEF) and a Common Agreement that meets the industry’s needs, ONC has focused
on three high-level goals:



Provide a single “on-ramp” to nationwide connectivity.
Enable Electronic Health Information to securely follow the patient when and where it is needed.
Support nationwide scalability.
The TEF and the Common Agreement will be distinct components that together aim to create technical
and legal requirements for sharing EHI at a nationwide scale across disparate HINs. The TEF describes a
common set of principles that facilitate trust between HINs. These principles serve as “rules of the road”
for nationwide electronic health information exchange. The Common Agreement will provide the
governance necessary to scale a functioning system of connected HINs that will grow over time to meet
the demands of individuals, clinicians, and payers. The architecture will follow a “network of networks”
structure, which allows for multiple points of entry and is inclusive of many different types of health care
entities. Stakeholders have the option of participating at multiple levels of the TEF and Common
Agreement exchange environment, as is appropriate for them.
ONC embarked on this work by holding stakeholder discussions, public listening sessions, and an initial
comment period. In January 2018, ONC released the first draft of the Trusted Exchange Framework (TEF
Capitalized terms are included in the MRTCs Draft 2, Section 1 (Appendix 2).
Pub. L. 114–255 (Dec 13, 2016).
3 Id.
1
2
Introduction to the Trusted Exchange Framework (TEF) and the Common Agreement
4
Draft 1) for public comment. The TEF Draft 1 outlined the minimum set of principles, terms, and conditions
to support the development of a Common Agreement that would enable data exchange across disparate
health information networks.
ONC reviewed all of the public comments on the TEF Draft 14, and has now released an updated draft
package for public comment. In particular, we look forward to receiving comments on the three
complementary documents: the TEF Draft 2, the Minimum Required Terms and Conditions Draft 2 (MRTCs
Draft 2), and the Qualified Health Information Network (QHIN) Technical Framework Draft 1 (QTF Draft
1).5 The TEF sets forth the aspirational principles for trusted exchange that apply to a broad audience of
HINs. The MRTCs constitute the required terms and conditions that would be binding for those who elect
to sign the Common Agreement. The QTF would be incorporated by reference in the Common Agreement
and details the technical components for exchange among QHINs. As they serve different purposes, ONC
separated these parts into three appendices so that commenters could comment on each part in context.
Your comments will help inform the final versions of the TEF and the Common Agreement.
ONC is concurrently issuing a Notice of Funding Opportunity (NOFO)6 to select a Recognized Coordinating
Entity (RCE) to develop, update, implement, and maintain the Common Agreement and the QTF.
The MRTCs Draft 2 requires support for a minimum set of Exchange Purposes for sending and receiving
EHI. The proposed exchange modalities for exchanging EHI include QHIN Targeted Query, QHIN Broadcast
Query, and QHIN Message Delivery, which will facilitate core use cases for interoperability, including
Individuals’ electronic access to and use of their EHI.
Under the MRTCs Draft 2, the Common Agreement will require strong privacy and security protections for
all entities who elect to participate, including entities not covered by the Health Insurance Portability and
Accountability Act (HIPAA). Establishing baseline privacy and security requirements is important for
building and maintaining confidence and trust that EHI shared pursuant to the Common Agreement will
be appropriately protected.
The Cures Act’s focus on trusted exchange is an important step forward to advance an interoperable
health system that empowers individuals to use their EHI to the fullest extent, enables providers and
communities to deliver smarter, safer, and more efficient care, and promotes innovation and competition
at all levels.
Capitalized terms in this document are defined in Section 1 of the MRTCs Draft 2 (Appendix 2).
Public comments on TEF Draft 1 are available at: https://beta.healthit.gov/sites/default/files/page/201802/Copy%20of%20tefca%20draft_public_comments%20final.xlsx
5 The MRTCs were previously referred to as “Part B” in TEF Draft 1.
6 The Notice of Funding Opportunity (NOFO) for the Recognized Coordinating Entity (RCE) Cooperative Agreement
is available at: https://www.healthit.gov/topic/onc-funding-opportunities/trusted-exchange-framework-andcommon-agreement-recognized
4
Introduction to the Trusted Exchange Framework (TEF) and the Common Agreement
5
Introduction
The U.S. health care system must evolve to ensure individuals have access to safe, effective, and efficient
care. Such a transformation requires the interoperable exchange of EHI across the care continuum. The
Cures Act’s 7 focus on trusted exchange is an important next step toward advancing the establishment of
an interoperable health system that:



Empowers individuals to use their Electronic Health Information to the fullest extent;
Enables providers and communities to deliver smarter, safer, and more efficient care; and
Promotes innovation and competition at all levels.
For EHI to move when and where it is needed most, networks that facilitate connectivity need to agree to
the right mix of technical standards, policies, and legal terms and conditions. The TEF and the Common
Agreement will provide the means to build on the industry’s commitment to increase trust across
networks, while promoting the privacy, security, and appropriate use of EHI.
In January 2018, ONC released the TEF Draft 1 for a public comment period. The TEF Draft 1 included two
parts: “Part A — Principles for Trusted Exchange”, and “Part B — Minimum Required Terms and Conditions
for Trusted Exchange.” ONC received more than 200 public comments from stakeholders across the
industry, including individuals, health care systems, payers, purchasers, care providers (e.g., long-term
and post-acute care, behavioral health, community-based and safety net providers, and emergency
medical services), health IT developers, federal stakeholders, and other stakeholders that enable
widespread health information exchange to occur. ONC reviewed those comments and engaged with
federal partners in the development of Draft 2, including the HHS Office for Civil Rights, the Department
of Veterans Affairs, the Department of Defense, the Social Security Administration, the National Institute
of Standards and Technology, and the Centers for Medicare & Medicaid Services. Additionally, ONC’s
federal advisory committee, the Health Information Technology Advisory Committee (HITAC), created a
Task Force to review TEF Draft 1 and provide recommendations.8
The modified draft ONC released for public comment on April 19, 2019 is broken into three parts that are
included as Appendices to this document. These parts are:
1) The TEF Draft 2 (Appendix 1): formerly “Part A — Principles for Trusted Exchange”;
2) The Minimum Required Terms and Conditions (MRTCs) Draft 2 (Appendix 2): formerly “Part
B — Minimum Required Terms and Conditions for Trusted Exchange;” and
3) The QHIN Technical Framework Draft 1 (Appendix 3)
Pub. L. 114–255 (Dec 13, 2016).
The HITAC TEF Task Force recommendations are available at: https://www.healthit.gov/topic/federal-advisorycommittees/recommendations-national-coordinator-health-it.
7
8
Introduction to the Trusted Exchange Framework (TEF) and the Common Agreement
6
An “On-Ramp” for Data Exchange
Currently, there are more than 100 regional health information exchanges 9 and multiple national level
organizations that support health information exchange. While these organizations have made significant
progress in advancing interoperability, connectivity across HINs is still limited due to variations in the
participation and data use agreements that govern data exchange. This results in fragmentation and gaps
in interoperability. It also means that HINs, health care providers, health plans, and individuals participate
in multiple forms of data exchange, which can be extremely costly and burdensome, in order to access all
of an individual’s data. According to a recent survey of about 70 hospitals, a majority of respondents
indicated that they required three or more methods for exchanging data and about three in 10 hospitals
used five or more methods to be interoperable. 10 Continuing with the status quo is not enough to ensure
all stakeholders have efficient methods for engaging in health information exchange.
The TEF and the Common Agreement seek to scale health information exchange nationwide and ensure
that HINs, health care providers, health plans, individuals, and many more stakeholders can access realtime, interoperable health information. A single network that comprehensively addresses all use cases for
all users is not feasible for a variety of reasons, including, technical limitations, security concerns,
variations in use cases, and resource limitations. However, establishing a Common Agreement that
enables existing and future networks to share EHI with each other without having to join multiple
networks is feasible and achievable.
The industry has done significant work to broaden the exchange of data, build trust frameworks, and
develop participation agreements that enable providers to exchange data across organizational
boundaries. A national exchange agreement must leverage what is working well to encourage and
facilitate growth. Such an agreement must also create a balance between being overly prescriptive and
unintentionally adding burden that impedes interoperability, while also minimizing the current variations
that prohibit data flow. To that end, once finalized, the TEF and the Common Agreement will build on
existing trust frameworks, infrastructure, and capabilities. These efforts will enable participating HINs to
work together to provide an on-ramp to EHI regardless of what health IT developer an organization uses,
health information exchange or network they contract with, or how far across the country an individual’s
records are located.
To develop a TEF and a Common Agreement that meet the needs of the industry, ONC has focused in on
three high-level goals:
1) Provide a single “on-ramp” to nationwide connectivity: Currently, many health systems and
providers are in a position where they must join multiple networks that do not connect with one
another in order to receive the information they need to care for their patients. These gaps
prevent data from flowing and can have serious health consequences to patients. This is also
financially costly to providers that must spend resources to connect to multiple networks.
Julia Adler-Milstein, Sunny C. Lin, and Ashish K. Jha. The Number Of Health Information Exchange Efforts Is
Declining, Leaving The Viability Of Broad Clinical Data Exchange Uncertain. Health Affairs Vol. 35 No. 7: July 2016.
https://doi.org/10.1377/hlthaff.2015.1439
10 Jordan Everson, PhD. “Measuring the Interoperability Network” Presented at ONC Annual Meeting, November
30, 2017. Washington, D.C.
9
Introduction to the Trusted Exchange Framework (TEF) and the Common Agreement
7
Providers and individuals need a way to connect to one network, which then becomes a
gateway to all other networks that have EHI on individuals and populations. The TEF and the
Common Agreement seek to provide a single “on-ramp” to allow all types of health care
stakeholders to join any network they choose and be able to participate in nationwide
exchange.
2) Enable EHI to securely follow the patient when and where it is needed: The TEF and the
Common Agreement are designed to ease the flow of EHI, providing patients and their health
care providers with secure access to their information when and where they need it most. This
will help empower patients to play a more active role in managing and shopping for their care. It
will also provide the foundation for improved care coordination and quality improvement
among health care providers. Further, the TEF and the Common Agreement would apply
appropriate safeguards that help ensure EHI is exchanged in a safe and secure environment for
appropriate purposes. Addressing these gaps, which currently exist in exchange environments,
would spur greater trust and confidence in electronic exchange among both providers and
patients.
3) Support nationwide scalability: The TEF and the Common Agreement aim to scale
interoperability nationwide. This will be done by defining a floor of legal and technical
requirements, which will enable stakeholders to access, exchange, and use relevant EHI across
disparate networks. In order for this to happen, HINs must agree on a minimum set of
principles, terms, and conditions that enable trust. HINs, providers, users, health IT developers,
and other stakeholders may build on the minimum required terms and conditions in the TEF and
the Common Agreement to create valuable services for the unique constituencies they serve.
Consistent ‘‘rules of the road’’ for nationwide electronic exchange will minimize the current
legal and technical policy variations that prohibit EHI from flowing as it should and allow for a
more innovative, efficient, and extensible electronic marketplace.
Introduction to the Trusted Exchange Framework (TEF) and the Common Agreement
8
What are the Trusted Exchange Framework (TEF) and the Common
Agreement?
The TEF and the Common Agreement are distinct components that aim to create a technical and legal
infrastructure for broadly sharing EHI across disparate HINs to enable nationwide data exchange. ONC will
maintain the TEF and will work with an industry-based Recognized Coordinating Entity (RCE) to develop,
update, implement, and maintain the Common Agreement. The RCE will establish a process to
continuously identify new standards and use cases to add to the Common Agreement and will convene
virtual public listening sessions to allow the industry to provide objective and transparent feedback
around the development of updates to the Common Agreement. ONC will have final approval of the
Common Agreement and all subsequent updates.
The Trusted Exchange Framework (TEF)
To support the Cures Act’s goal of advancing health information exchange among health information
networks, the TEF creates a common set of principles that are designed to facilitate trust between HINs
and by which all HINs should abide in order to enable widespread data exchange. These principles are
standardization; transparency; cooperation and non-discrimination; privacy, security, and patient safety;
access; and data driven accountability. These principles are non-binding, but are the foundational
concepts that guide the development of the Common Agreement to support the ability of stakeholders
to access, exchange, and use relevant EHI across disparate HINs and sharing arrangements.
The Common Agreement
ONC intends to select and work with an industry-based entity, known as the RCE, to develop, update,
implement, and maintain a Common Agreement, the terms of which will be subject to ONC approval. This
Common Agreement would be based on the TEF noted above and would be comprised of three parts:


Minimum Required Terms and Conditions (MRTCs): ONC will develop the MRTCs, which will
consist of mandatory minimum required terms and conditions with which Qualified Health
Information Networks (QHINs) may voluntarily agree to comply. The MRTCs are not a full end-toend trust agreement. Rather, the MRTCs focus on the areas of variation among currently existing
trust agreements that impede nationwide interoperability. The Common Agreement would
include the MRTCs, as well as additional required terms and conditions developed by the RCE.
Additional Required Terms and Conditions (ARTCs): In addition to the MRTCs, the Common
Agreement would include additional required terms and conditions that are necessary for an
Introduction to the Trusted Exchange Framework (TEF) and the Common Agreement
9

effective data sharing agreement. These may include provisions that govern interactions between
the RCE and the QHINs. For example, ARTC provisions would cover determination of fee schedules
and compliance; QHIN Application, Onboarding, and Designation requirements; a process for
surveilling and testing QHIN compliance with the Common Agreement; an arbitration process for
adjudicating non-compliance; and an audit-appropriate process for accepting and investigating
complaints, and for suspending and potentially terminating a non-compliant QHIN. The RCE will
develop the ARTCs and will ensure that the ARTCs do not conflict with t …
Purchase answer to see full
attachment

Submit a Comment

Your email address will not be published. Required fields are marked *

Order your essay today and save 30% with the discount code ESSAYHELP

Order Now