The Defense and Veterans Affairs departments want vendors to tell them about services and products they can offer to meet the current and future technical needs for the integrated electronic health record (iEHR) as it prepares to roll out its initial version.
DOD’s Tricare Management Activity, on behalf of the Interagency Program Office, has described the technical specifications, requirements and architecture for a standardized, interoperable iEHR environment and has published specific questions about vendor skills in a recent request for information published in Federal Business Opportunities. Responses are due by Aug. 24.
The DOD/VA Interagency Program Office will include the technical specifications in any future procurement for the iEHR.
The first iEHR version will be ready to turn on in two years at VA and DOD centers in San Antonio, Texas, and Hampton Roads, Va., for pharmacy and immunization.
Among its questions, Tricare inquired about a vendor's use of open source software in its product or if any of the vendor’s products were available through open source licensing. Tricare was also interested in the vendor’s experience with a health data dictionary or other mapping services; applying standards for health information exchange, such as used in the virtual lifetime electronic record (VLER); and standards and interoperability, such as the adoption of Health Level 7 Clinical Document Architecture (CDA r2) summary care document, web services, security and messaging.
[See also: GAO finds that 16 percent of eligible hospitals received EHR incentives.]
Tricare’s questions were targeted at gauging how well-versed vendors are with technical subjects, including:
• Services-oriented architecture (SOA), including wrapping existing software capabilities in such a way as to reuse them as SOA services and tools to evaluate SOA services and support prototyping of application functionality
• Portal application, including supporting a multi-tiered architecture, such as a presentation/user interface, application and data layers, and the use of a web-browser-based presentation layer and mobile applications
• Presentation layer, including how vendor solved issues when integrating user interfaces and the ability to integrate with a portal framework that works with identity management, access control, single sign-on, patient context management and security
• Data, including resolving issues around data synchronization between local, regional and central sites and disconnected environments and implementing Big Data solutions.
Tricare also had a long list of questions around network security, including if the vendor’s product had received any independent security certifications and procedures in place to assure secure coding. Other security questions were related to the ability of the vendor’s product to restrict access to protected health information, use of two-factor authentication, encryption, protection in the cloud environment and other safeguards.
[See also: Inside the CDC EHR report is a lack of critical definitions.]
An engineering and architecture compliance checklist, which will be included with any procurement, accompanied the questions about vendor capabilities. The checklist specifies requirements that all future iEHR products must adhere to, such as the system should be able to support 120,000 concurrent users and should support an average up time of 99.95 percent and 0 percent of scheduled down time.
