PA eHealth Collaborative Office

Community Shared Services Implementation

Request for Information

  1. Background: Health information exchange or HIE is the electronic movement of health–related information among unaffiliated organizations according to nationally recognized standards. HIE provides the opportunity to improve quality and safety of care, improve efficiency, reduce costs and make care more convenient for patients. Pennsylvania has at least 10 organizations that are offering or planning to develop HIE within and beyond the state. Of the ten, some are planning regional efforts serving several county areas while three are planning statewide coverage. Thereis little overlap either in standards adopted or technology vendors used. Given the reality of the marketplace, the PA eHealth Collaborative plans to provide a network of networks, with an overarching HIE-Network governing entity being proposed to provide a thin layer of community shared services (CSS). These services will support thesecure, confidential information exchange from one organization to another to enableproviders to send and receive relevant timely patient data needed to make treatment and care decisions.

HIE is not a new idea.It has been worked on at the federal, state and regional levels since at least the mid-1990s. The American Recovery and Reinvestment Act (ARRA) of 2009 dedicated federal funds to assist states in enabling HIE, particularly with regard to assisting providers in achieving “meaningful use.” Meaningful use is a program, under the Centers for Medicare and Medicaid Services (CMS), that offers incentives to providers to adopt electronic health record technology with the goals of improved care, quality and efficiency, and reduced healthcare costs. Pennsylvania was awarded $17.1 million, including a match requirement, to enable and advance HIE in the Commonwealth.

Pennsylvania eHealth Collaborative

Governor Tom Corbett established the Pa eHealth Collaborative (eHCO) via executive order on July 27, 2011. The purpose of the Collaborative is to improve healthcare delivery and healthcare outcomes in Pennsylvania by providing, as appropriate, leadership and strategic direction for public and private, federally-funded and state-funded investments in health information technology initiatives, including HIE capabilities and other related HIT initiatives. This strategic direction is required to take into consideration external stakeholder community needs, complement Commonwealth agency operations, and ensure ongoing interagency cooperation.

The eHCOinitiated a stakeholder engagement process in July 2011 that has ultimately resulted in Pennsylvania’s strategic plan (found at: More than 150 individuals from various segments of the Pennsylvania healthcare community, patient advocacy groups, local and state government, academia, and the legal community participated via five committees (called Tiger Teams) in formulating the recommendations leading to the strategic plan. Special attention was given to ensure participation by provider communities representing the unserved and underserved. The committees included Business and Operations; Finance and Sustainability; Legal, Privacy and Security; Communication and Outreach; and Evaluation and Performance. A DIRECT Project Tiger Team, drawn from the Business and Operations Committee, focused on the DIRECT Project. The DIRECT Project specifies a simple and secure way for participants to send authenticated, encrypted health information directly to known, trusted recipients over the internet in the form of a “secure email”.

Most stakeholders expressed the belief that the primary role of a governing entity at the state level should be governance, not service delivery. Governance would include development/adoption of standards for transactions and systems, educating HIE participants regarding standards, and working with HIE participants to ensure compliance. Starting from a list of 34 functions, participants selected 14 functions for further examination and these became the basis forsubsequent committee work and the CSS Implementation Request for Proposals (RFP) (The Notice of Forthcoming Procurement can be found at:

Stakeholders also identified a variety of other issues to be addressed, including how consent should be managed, whether and how shared services should be implemented, secondary uses of data, and interoperability with national and other states’ HIE efforts. Stakeholders agreed at the outset that the Commonwealth should work on compliance with the Office of the National Coordinator for Health Information Technology (ONC)DIRECT and Meaningful Use programs. Stakeholders articulated a desire to ensure providers serving the Commonwealth’s most vulnerable populations are expressly included throughout the strategic planning process. This includes the underinsured, uninsured, and providers serving the Medicaid population.

For additional information regarding the stakeholder engagement event and its findings, please refer to the Strategic Plan Appendix C - Pennsylvania eHealth Collaborative Stakeholder Planning Session Findings and its appendices, published August 9, 2011 and found at:

Underpinning the Commonwealth’s HIE-Network strategy is a connection model (Figure A). This model identifies a number of organizations that have important roles in successfully establishing HIE services. These organizations need to collaborate in order to provide critical functions necessary to enable the Pennsylvania infrastructure for HIE.

Figure A – Commonwealth HIE Connection Model

Community Shared Services (CSS)

A number of services need to be provided on a centralized basis to make it possible for each participant in the HIE-Network to have proper access to health information. These services must ensure each participant is identified and authorized by an overarching security layer and must factor in patient preferences for data sharing.

The CSS will provide added business value through the various functions and services it will offer, including supporting an overarching security layer trusted by all HIE-Network participants, coordinating health information exchange between HIE-Network participants, and supporting record discovery.

Figure B provides a summary overview of the CSS.

Figure B – Community Shared Services

  1. Vision: The vision for HIE in Pennsylvania is to strengthen the healthcare system and improve both healthcare delivery and healthcare outcomes. This would be achieved through the timely, secure and authorized exchange of patient health information among all healthcare providers willing to participate, including those providers which serve vulnerable, underinsured, uninsured, Medicare and Medicaid patients living in both rural and urban settings.

Pennsylvania’s HIE-Network will support the meaningful use of health information technology, patient‐centered healthcare and continuous improvements in access, quality, outcomes and efficiency of care.

Pennsylvania will adopt an HIE model that considers the needs of stakeholders, communities and Commonwealth agencies and achieves stakeholder support to enable the use of health information technology and advance HIE.

The privacy and security of all Pennsylvanians’ health information is a priority of paramount importance to the Commonwealth. Therefore, every effort will be made to address the concerns of stakeholders and patients.

It is our objective to significantly reduce preventable medical errors, lessen the likelihood of redundant tests and procedures, support healthcare delivery innovation, and diminish overall healthcare costs.

The HIE-Network will adhere to federal standards for exchange and will connect entities offering HIE services, integrated health systems, community hospitals, providers, labs and other systems that have patient data needed to make treatment and transition of care decisions.

Prior to and during the stakeholder planning process, it was clear that stakeholders want to advance HIE in Pennsylvania. Based on the assessment conducted as part of the planning process, the Commonwealth is well positioned to move forward in an accelerated manner to achieve the Commonwealth’s HIE goals. After several years of effort, electronic health record (EHR) adoption by both healthcare facilities and practitioners is becoming sufficiently widespread to shift the real focus from EHR adoption to the meaningful use and exchange of health information to improve the health status of Pennsylvanians.

  1. Current Stakeholder Engagement: Beginning May 1, 2012, the eHCO has re-engaged the stakeholder community through the formation of a Participant Workgroup. Members of this group represent the HIEs in Pennsylvania which are either already functioning or which are planning to be functional within the next 12 to 24 months. These are the participants which will be connecting to the CSS layer. The Participant Workgroup is divided into several Tiger Teams:
  2. Technical Tiger Team: The Technical Tiger Team will define the functional and architectural requirements of the CSS based on identified use cases. This work will include a phased approach to CSS services and will be used to define the procurement requirements associated with the proposed technical infrastructure. The phasing will take into consideration the priorities of the participating organizations, the national HIE funding priorities, and the growth and evolution of the eHCO. The work of this Tiger Team is expected to be completed by June 29, 2012.
  3. Financial Tiger Team: The Financial Tiger Team will focus on the CSS financial requirements. A phased approach will be refined to support the evolution of CSS and the HIE Network from both a financial and sustainability perspective. This Tiger Team will be responsible for reviewing the current financial plan and determining the impact of the technical and policy Tiger Teams’ requirements. The work of this Tiger Team is expected to be completed by July 27, 2012, but the team may be further engaged beyond that as needed.
  4. Policy and Operations Tiger Team: The Policy and Operations Tiger Team will address the policies and procedures that will support the movement of and access to information in the CSS. This Tiger Team will take Federal and State laws into consideration as well as leverage the work of other HIE initiatives. The primary focus of the policies and procedures will be on patient privacy and consent, system security and access control requirements, and data use and participation agreements. The work of this Tiger Team is expected to be completed by July 27, 2012.
  5. HIE Certification Ad Hoc Tiger Team: The HIE Certification Ad Hoc Tiger Team will be formed to focus solely on HIE certification requirements (including business plan requirements), and a process for application, evaluation, and renewal of HIEs seeking certification. Expected completion for this Tiger Team has not yet been determined.
  6. Public Key Infrastructure (PKI) Assessment and Design: The eHCO is contracting with a contractor to perform a PKI assessment, analysis and design to assist in determining the security infrastructure requirements for the CSS. The first portion of this work will define the PKI for the CSS layer itself, and the work products will be made publicly available as part of the CSS Implementation RFP. This work is expected to be completed by the first week of July, 2012. Further phases of this engagement will assess the Commonwealth’s current VPN infrastructure and the JNET PKI, and determine if either of these security infrastructures can be used to support the Commonwealth Internal HIE (CI-HIE).
  7. Functions and Phases: The CSS will consist of a set of core and value-added services implemented in phases. The core services will create a foundation for HIE-Network participants to exchange health information across their entity domains, and will support both push and pull transactions. These core services are expected to be provided to all HIE-Network participants as a “bundled” service offering. Value added services are those functions that can be provided at the CSS layer to minimize operational costs and maximize value to the participants.The value added services will be offered to the HIE-Network participants, and will offer a “pick and choose” selection for them. The Participant Workgroup is also contemplating “optional” services which may support evolution of the CSS in future contract years, but which may or may not be implemented.

The following list is based on estimated timing for the phases, and the services expected are still being reviewed and are subject to change.

Phase 1 (December 2011 through June 2013) is focused on the DIRECT pilot project, the HISP certification program, and the completion of the CSS Implementation RFP.

Phase 2 (July 2013 to December 2013) is expected to involve implementation of the following functions:

Core Services

  • Individual Level Provider Directory (ILPD)
  • Entity Level Provider Directory (ELPD)
  • White Pages Look Up
  • Batch Upload and Download
  • Indexing Services
  • Federated Trust Services
  • Gateway Services (HIE to HIE communications, HIE to HISP communications, HISP to HISP communications, and NwHIN gateway communications)
  • Opt-out Registry
  • Reporting Registry
  • Provider Portal
  • Patient Portal – audit report request and viewing
  • DIRECT Messaging (provider to provider and provider to patient)
  • Patient Opt-out/back-in Notification
  • Audit Reporting and Logging
  • Administrative Reporting

Value Added Services

  • Provider-to-provider communication and document exchange
  • Provider look-up and referral requirements discovery
  • Provider messaging
  • Reportable labs
  • Chief complaint (reason for emergency department visit) to support public health reporting
  • Immunizations reporting and viewing

Phase 3 (January 2014 to December 2015) is expected to involve implementation of the following functions:

Core Services

  • Public Health Alerts

Value Added Services

  • Meaningful use (quality) reporting
  • Universal scheduling
  • Provider verification services

Phase 4 (January 2016 to December 2017)

Core Services

  • CI-HIE Communications

Value Added Services

  • Eligibility and authentication inquiry
  • Claims submission
  1. Objectives: This RFI is issued to meet several key objectives:
  2. Gain insight into potential pricing structures for the CSS services.
  3. Gain insight into service standards common in the supplier community.
  4. Obtain feedback on the procurement model being proposed for the CSS.
  1. Proposed Procurement Model: The functional requirements listed in Section 5 will support the services required from the CSS layer. These services may be further grouped intofour core modulesor lots(security, technical, testing, and project management/integration) which are further broken down into service components. There is a possibility of additional services being offered on an optional basis to support the growth of the CSS layer over a longer term. The eHCO is considering a multiple lot contract approachand would allow suppliers to respond to any or all of the lots. A separate procurement for Independent Verification and Validation (IV&V) Services is being considered. The supplier awarded the IV&V engagement would be precluded from any of the CSS Implementation RFP lots. Presently, the intent is to issue an RFQ for the IV&V services from the Master IT Services Invitation to Qualify (ITQ). In order to receive the RFQ a contractor must be qualified on the ITQ within the IV&V category. More information on the IT ITQ is available at: lots being considered are comprised of the following service components:

Security Services: The security services will be dependent upon the outcome of the PKI Assessment and Design work, but may include the following (or additional) components:

  • System Certificates, X.509, etc.
  • Patient Defined Access
  • HISP and HIE Security Certificate Services
  • User Security Certificates

Technical Components:

  • Public Health Index Services
  • Record Locator Services
  • Content Based Routing
  • White Pages application
  • Authoritative Participant Services Directory
  • Patient Identification Index Service
  • Patient Consent Services
  • System Notifications, Auditing, and Logging

Testing Services:

  • HIE Interoperability Testing
  • HISP Interoperability Testing
  • CSS Sandbox

Project Management and Integration Services

  • Overarching Project Management of the CSS
  • Interoperability of all service components
  • Integration of all functional components

The actual CSS components are subject to change as they are currently being discussed with the stakeholder community. Additional information, as well as finalized and approved work products of both the 2011 Stakeholder Engagement and the current Participant Workgroup, can be found on our website at:

  1. RFI Responses. Responses should address the following items:
  1. Company name, address, and a contact person’s telephone number and email address. Indicate the nature of the business organization.
  2. Provide a listing of current HIE clients, including project name, location, and a brief description.
  3. Please provide your current marketing materials and/or product documentation which may include advertising documents, research documents, comparative analyses of your current products/services to other available products/services, whitepapers, documents about your products written by others, etc. Please provide only that information which is already currently available, typically through your marketing strategy.
  4. Pricing structure: Without providing actual costs, comment on the pricing structure for these components (i.e. enterprise licensing, CALs, annual or monthly support services fee, subscription fee, etc.)
  5. Comment on the Proposed Procurement Model provided in #7, above.
  6. Provide standard service level agreements used with clients for similar services. Include additional SLAs of which the eHCO should be aware.
  7. Provide responses in Microsoft Office or compatible format. The Commonwealth currently uses Microsoft Office 2007.
  8. Responses are due no later than Monday, July 9, 2012 at 2:00 pm EDT. Responses are to be emailed to:

This RFI is issued for information and planning purposes only and does not constitute a procurement. The Commonwealth will not award a contract on the basis of the RFI or otherwise pay for information received. Responses to this RFI are not required for participation in any subsequent RFP or RFQ.

Page 1 of 1