1. ConnectVirginia: Cybersecurity and Health Information Exchange Presented To: Health and Human Resources Sub-Panel, Governor’s Secure Commonwealth Initiative December 16, 2013 M ICHAEL M ATTHEWS

2. Hospital EHR Adoption by State

3. Physician EHR Adoption by State

4. EHR Adoption Trendlines

5. HIE: Where we are….

6. HIE: What we believe…. Many respondents agree that having patient information at or before the point of care will improve care coordination (96%), provide a more complete (95%) and accurate patient medical history (94%), improve test/procedure coordination (94%) and identify discrepancies in patient information (94%). Respondents are slightly less likely to agree that having medical information at or before the point of care will improve the quality of care (88%), streamline patient communication (88%), allow for more timely health maintenance screening (87%) and allow for easier public health reporting (84%). Respondents are least likely to agree that having medical information at or before the point of care will reduce health care costs (59%), create additional work tasks (54%), decrease face time with patients (43%) and generate information that is not valuable(40%). There seems to be a gap in awareness of electronic health information exchange participation: 77% of provider respondents say they exchange health information electronically and only 26% of consumer respondents say their provider has asked them to participate in electronic health information exchange. Providers are more likely to agree than consumers that electronic health information exchange will improve care coordination, provide a more accurate medical history and that patient information will be used responsibly.

7. eHealth Exchange 7

8. eHealth Exchange Participants Alabama One Health Record Centers for Medicare and Medicaid Services (CMS) Childrens’ Hospital of Dallas Community Health Information Collaborative (CHIC) Conemaugh Health System Department of Defense (DOD) Department of Veterans Affairs Dignity Health Douglas County Individual Practice Association (DCIPA) Eastern Tennessee Health Information Network (etHIN) EHR Doctors ▫Hawaii Pacific Health Geisinger Health HealthBridge ▫HealtheConnections RHIO Central New York HEALTHeLINK (Western New York) Idaho Health Data Exchange Indiana Health Information Exchange (IHIE) Inland Northwest Health Services (INHS) Kaiser Permanente 8 Lancaster General Health Marshfield Clinic Medical University of South Carolina (MUSC) MedVirginia MultiCare Health System National Renal Administrators Association (NRAA) New Mexico Health Information Collaborative (NMHIC) North Carolina Healthcare Information and Communications Alliance, Inc. (NCHICA) OCHIN Quality Health Network San Diego Beacon Social Security Administration (SSA) South Carolina Health Information Exchange (SCHIEx) South East Michigan Health Information Exchange (SEMHIE) Strategic Health Intelligence University of California, Davis Utah Health Information Network (UHIN) Walgreens Wright State University

9. eHealth Exchange Growth

10. Wounded Warriors 70 DoDVA DoD-VA Continuum of Care Private Sector Care 60%40% Veterans receive approximately 40% of their care outside of VA treatment facilities. Up to 60% of service member’s healthcare is provided outside of the Military Health System.

12. 12 Developed by TS in collaboration with NeHC, funding provided by ONC NHIN Work Group has recommended this framework to the HIT Policy Committee Requirements/ Expectations Identity and Authentication Transparent Oversight Accountability and Enforcement Technical Requirements Universal Components of Trust

13. Permitted Purposes Permitted Users Consent and Authorization Privacy and Security Secondary or Future Use Minimum Participation Requirements Local Autonomy AGREED UPON BUSINESS, POLICY AND LEGAL REQUIREMENTS/ EXPECTATIONS Validation of exchange partners Potential validation mechanisms IDENTITY AND AUTHENTICATION General oversight and governance Breach management Dispute resolution TRANSPARENT OVERSIGHT Suspension and termination Allocation of risk Liability limitations ACCOUNTABILITY AND ENFORCEMENT Define specifications Architecture of exchange Differing specifications for different stakeholders Interoperability and base system operation IDENTIFICATION OF MINIMUM TECHNICAL REQUIREMENTS Requirements/ Expectations Identity and Authentication Transparent Oversight Accountability and Enforcement Technical Requirements

14. HIEs and Emergency Preparedness 1.Understand the State’s disaster response policies and align with the State agency designated for Emergency Support Function #8 (Public Health and Medical Services) before a disaster occurs. 2.Develop standard procedures approved by relevant public and private stakeholders to share electronic health information across State lines before a disaster occurs. 3.Consider enacting the Mutual Aid Memorandum of Understanding to establish a waiver of liability for the release of records when an emergency is declared and to default state privacy and security laws to existing Health Insurance Portability and Accountability Act (HIPAA) rules in a disaster. States should also consider using the Data Use and Reciprocal Support Agreement (DURSA) in order to address and/or expedite patient privacy, security, and health data- sharing concerns. 4.Assess the State’s availability of public and private health information sources and the ability to electronically share the data using HIE(s) and other health data-sharing entities. 5.Consider a phased approach to establishing interstate electronic health information-sharing capabilities.

16. COV Agency Node 16

18. Sustainability Update – Health Systems 18 Signed MOUs:  Augusta  UVA  Centra  Mary Washington  Bon Secours (MedVirginia)  VCU (MedVirginia)  Sentara  Inova MOUs in Legal/Process:  Valley Health  VHC  Carilion  HCA  LifePoint  Riverside 83% = $960, 075 Target = $1,200,975

19. 19 Governance Framework Phase I January 20, 2012– February 7, 2014 Phase II February 8, 2014 – July 31, 2016 Phase III July 31, 2016 –

20. 20 Current Model Phase I January 20, 2012– February 7, 2014 Phase II February 8, 2014 – July 31, 2016 Phase III July 31, 2016 –  ConnectVirginia is NOT a legal entity, it is a contract activity  Governing Body of 22 members  Multi-stakeholder  Heavy policy engagement

21. 21 Recommended Model Phase I January 20, 2012– February 7, 2014 Phase II February 8, 2014 – July 31, 2016 Phase III July 31, 2016 –  Virginia non-stock, non-member corporation  It will apply for federal tax exemption per 501(c)(3)  Governed by a self-perpetuating Board of Directors (11 members)  Secretary of HHR and Health Commissioner will remain members of the Board  Standing committees with Board and non- Board members in order to retain stakeholder engagement

22. Health IT and Health Information Exchange: Pillars of Innovation Presented To: Health and Human Resources Transition Work Group December 13, 2013 M ICHAEL M ATTHEWS