Skip to content

Commit

Permalink
Update faq page
Browse files Browse the repository at this point in the history
  • Loading branch information
@MEspositoE14s
MEspositoE14s committed Sep 21, 2023
1 parent c74729f commit 7f067ac
Showing 1 changed file with 17 additions and 176 deletions.
193 changes: 17 additions & 176 deletions common/faq.html
View file
Original file line number Diff line number Diff line change
Expand Up @@ -17,24 +17,33 @@

<!-- Use the accurate heading level to maintain the document outline -->
<h1>About DPC: </h1>
<h2 class="usa-accordion__heading" id="accordion__dpc-info">
<h2 class="usa-accordion__heading" id="accordion__dpc-start">
<button class="usa-accordion__button" aria-expanded="false" aria-controls="a1">
How can I get more information?
When will onboarding and new applications start again?
</button>
</h2>
<div id="a1" class="usa-accordion__content">
<p>We've paused on taking applications for production data and onboarding existing applicants. This is temporary while we make improvements to our ID verification and onboarding process. We'll refresh our <a href="/updates.html">updates page</a> when onboarding and applications resume. We'll also post an announcement in our Google Group. In the meantime, the <a href="https://sandbox.dpc.cms.gov/users/sign_in">sandbox environment</a> is still available for testing.</p>
</div>

<h2 class="usa-accordion__heading" id="accordion__dpc-info">
<button class="usa-accordion__button" aria-expanded="false" aria-controls="a2">
How can I get more information?
</button>
</h2>
<div id="a2" class="usa-accordion__content">
<ul>
<li>Technical documentation is available in the <a href="/docsV1.html">API Documentation</a>.</li>
<li>A DPC Google Group has been created to provide answers to questions and to support providers and developers who are implementing Data at the Point of Care.</li>
</ul>
</div>

<h2 class="usa-accordion__heading" id="accordion__dpc-pilot">
<button class="usa-accordion__button" aria-expanded="false" aria-controls="a2">
<button class="usa-accordion__button" aria-expanded="false" aria-controls="a3">
How is the Data at the Point of Care pilot program different from Blue Button 2.0 and Beneficiary Claims Data API (BCDA)?
</button>
</h2>
<div id="a2" class="usa-accordion__content">
<div id="a3" class="usa-accordion__content">
<ul>
<li>Blue Button 2.0 provides FHIR-formatted data for one individual Medicare beneficiary at a time, to registered applications with beneficiary authorization. See <a href="https://bluebutton.cms.gov/">https://bluebutton.cms.gov/</a>.</li>
<li>BCDA provides FHIR-formatted bulk data files to Medicare Shared Savings Program Accountable Care Organizations (MSSP ACOs) for all of the beneficiaries assigned to a given ACO. See <a href="https://bcda.cms.gov/">https://bcda.cms.gov/</a>.</li>
Expand All @@ -43,11 +52,11 @@ <h2 class="usa-accordion__heading" id="accordion__dpc-pilot">
</div>

<h2 class="usa-accordion__heading" id="accordion__cms-feedback">
<button class="usa-accordion__button" aria-expanded="false" aria-controls="a3">
<button class="usa-accordion__button" aria-expanded="false" aria-controls="a4">
What type of information does CMS want as feedback?
</button>
</h2>
<div id="a3" class="usa-accordion__content">
<div id="a4" class="usa-accordion__content">
<ul>
<li>Usefulness of the data to evaluate how helpful CMS claims data is for impacting treatment, provider burden, and quality of care for Fee-for-Service (FFS) providers at the point of care</li>
<li>Ease of implementation for vendors and providers to evaluate how easy it is to configure and get started with requesting and receiving claims data</li>
Expand All @@ -59,11 +68,11 @@ <h2 class="usa-accordion__heading" id="accordion__cms-feedback">
</div>

<h2 class="usa-accordion__heading">
<button class="usa-accordion__button" aria-expanded="false" aria-controls="a4">
<button class="usa-accordion__button" aria-expanded="false" aria-controls="a5">
How will CMS make sure that the data is secure and protected?
</button>
</h2>
<div id="a4" class="usa-accordion__content">
<div id="a5" class="usa-accordion__content">
<ul>
<li>Data at the Point of Care secures Protected Health Information (PHI) and Personally Identifiable Information (PII) and has multiple layers of protection, such as encryption in transit and at rest, security certification requirements of connecting vendors, auditing and analytics to look for suspicious activity, terms of service restrictions, public and private security keys, and IP address restriction.</li>
<li>Data at the Point of Care is built based on privacy requirements defined by HIPAA.</li>
Expand Down Expand Up @@ -103,172 +112,4 @@ <h2 class="usa-accordion__heading">
<ul>
<li>Any Fee-for-Service provider or Health IT vendor can request access to synthetic data via <a href={{ site.sbx_register }}>our sandbox</a></ul>
</div>

<h1>About Production Pilot:</h1>
<h2 class="usa-accordion__heading">
<button class="usa-accordion__button" aria-expanded="false" aria-controls="c1">
I've tested my solution with synthetic data - how do I get access to production data?
</button>
</h2>
<div id="c1" class="usa-accordion__content">
We're excited to invite you to apply to be a production pilot participant! You can <a href={{ site.email_register }} target="_blank" rel=noopener>email DPC</a> to be added to the queue for production access.
</div>

<h2 class="usa-accordion__heading">
<button class="usa-accordion__button" aria-expanded="false" aria-controls="c2">
How will I know my organization is ready to join the pilot?
</button>
</h2>
<div id="c2" class="usa-accordion__content">
DPC is looking for healthcare organizations who meet the following criteria:

<ol>
<li>
You can answer questions about your healthcare organization, including but not limited to EHR and/or data vendor information, number of providers, provider specialties, and/or number of Medicare beneficiaries seen annually
</li>
<li>
You can provide documentation explaining the workflows implemented in your DPC solution for attribution and the clinical display of data. This can be satisfied with workflow diagrams or written procedures.
<ol>
<li>
Attribution (what is your system/user's selection criteria in identifying the patients to be included in requests for data, how do you determine if a patient has an active treatment relationship with the assigned provider, etc.)
</li>
<li>
Data Security processes (who makes the requests, how is that process protected, etc)
</li>
</ol>
</li>
<li>
You can attest that your software solution meets the security requirements for DPC, specifically one or more of the following requirements:
<ol>
<li>
Completed and holds an active ONC Health IT Certification
</li>
<li>
Active HITRUST self-validation assessment (valid for one year from implementation if currently pursuing the HITRUST validated assessment)
</li>
<li>
Active HITRUST Validated Assessment
</li>
<li>
EHNAC Accreditation
</li>
</ol>
</li>
<li>
You can answer questions regarding your experience testing your solution in sandbox
</li>
<li>
You can demonstrate your DPC solution to the DPC engineering and research team
</li>
</ol>
</div>

<h2 class="usa-accordion__heading">
<button class="usa-accordion__button" aria-expanded="false" aria-controls="c3">
How should I prepare for the demo of our DPC solution?
</button>
</h2>
<div id="c3" class="usa-accordion__content">
Here's a list of starter questions to help guide your plan for the demo. As we see your solution, additional technical questions may arise.
<ol>
<li>
Walk us through your end-to-end workflow.
<ol>
<li>
How do you attribute patients to practitioners?
</li>
<li>
How will practitioner see the data in your system?
</li>
</ol>
</li>
<li>
How frequently will your organization make requests to the API? How quickly will you need the data returned?
</li>
<li>
What is your retry logic for requests that fail?
</li>
<li>
What will you do if you don't get data back for some of the requested patients? For example, data for patients outside of the 18 month lookback period for a given provider will not be returned at this time.
</li>
<li>
How will the data be used? For example, are you using the data for aggregate population reporting, or for insights into the needs of an individual patient?
</li>
<li>
Where does the application live?
<ol>
<li>
Would there be a separate instance if you bring on another practice during pilot or MVP?
</li>
</ol>
</li>
<li>
During onboarding in the early phases of pilot, we'll be providing keys directly to the practitioner organization to grant access to production via secure email - we will not be using the same web portal as our sandbox environment. Please consider how to best communicate with the practitioner to securely transfer secrets if necessary.
</li>
<li>
Are you ready for breaking changes during pilot?
<ol>
<li>
As we introduce new features into pilot, how will you incorporate those changes into your solution?
</li>
</ol>
</li>
<li>
How did you test your DPC solution? What documentation did you use the most?
</li>
</ol>
</div>

<h2 class="usa-accordion__heading">
<button class="usa-accordion__button" aria-expanded="false" aria-controls="c4">
What are the limitations on the data I’ll receive during the pilot?
</button>
</h2>
<div id="c4" class="usa-accordion__content">
Our goal with the production pilot is not to grant early access to DPC production data, but rather to test specific technical and workflow solutions in a production environment with actual users. The pilot phase of DPC is a learning experience for CMS as well as for our partner organizations, which means that we will make breaking changes to the code while organizations are working in production, and will be looking for feedback from our pilot participants to help us grow. A few limitations for you to know up front:

<ul>
<li>
Claims data access may be limited by the number of claims or the number of beneficiaries requested or returned during the pilot.
</li>
<li>
New patient information will not be immediately available. At this time only patients with a claim within the last 18 months for the attributed provider will be accessible.
</li>
<li>
DPC is not a final product yet. As we continue to gather feedback and do research, it is possible that significant changes may be made to the DPC API - participation in this pilot is a great opportunity to help influence the future direction of the API! We will communicate these changes to all of our production and sandbox community members as they come about, but we may identify the need to temporarily shut down production data access between now and our full release as part of our continued development efforts.
</li>
</ul>
</div>

<h2 class="usa-accordion__heading">
<button class="usa-accordion__button" aria-expanded="false" aria-controls="c5">
I applied to the DPC pilot, what next?
</button>
</h2>
<div id="c5" class="usa-accordion__content">
DPC will onboard one organization at a time. Depending on the backlog of organizations, this may mean that your organization will sit in the queue for a few months before it is your turn to onboard. We will keep you updated as much as we can and ask that you continue to test your solution in the sandbox during that time as any changes to the production environment will be changed in the sandbox environment first.
</div>

<h2 class="usa-accordion__heading">
<button class="usa-accordion__button" aria-expanded="false" aria-controls="c6">
What can I do while I’m waiting to join the pilot?
</button>
</h2>
<div id="c6" class="usa-accordion__content">
Good news: our sandbox environment matches the production environment, and we'll roll out new functionality in sandbox before sending it into production. Even if you are not able to participate in the production pilot at this juncture, please continue to test in the sandbox environment with synthetic data. Your feedback through the Google Group is invaluable to our researchers and engineers as we all work together to shape the future of DPC.
</div>

<h2 class="usa-accordion__heading">
<button class="usa-accordion__button" aria-expanded="false" aria-controls="c7">
Will AWS' HITRUST CSF certification satisfy the security requirements needed to access the production environment?
</button>
</h2>
<div id="c7" class="usa-accordion__content">
Yes, you can inherit AWS’ HITRUST certification if your DPC solution meets the following requirements:
<ol>
<li>The DPC solution is contained entirely within AWS Services that have received a HITRUST certification. See AWS' list of <a href="https://aws.amazon.com/compliance/services-in-scope/">HITRUST-certified services</a> under HITRUST CSF.</li>
<li>The DPC solution applies the controls listed on the <a href="https://hitrustalliance.net/srm-aws/">HITRUST website</a>. You should download the <a href="https://hitrustalliance.net/product-tool/hitrust-shared-responsibility-program/">AWS Custom HITRUST Shared Responsibility Matrix</a> to determine which HITRUST controls AWS customers can inherit as part of the Shared Responsibility Model.</li>
<li>You submit a valid and accepted External Inheritance request through the HITRUST website. Follow the instructions in the <a href="https://help.mycsf.net/user-guide">User Guide</a> to do so.</li>
</ol>
</div>
</div>

0 comments on commit 7f067ac

Please sign in to comment.