DPC Timeframes
Qui Van
Amy Gleason
As in the FAQ, here are the steps to get into the queue.
- When the provider/vendor feel that they have tested in the sandbox and are ready to request production access, they can email DPC...@cms.hhs.gov and include the following:
- Written summary of the rostering process and logic of how patients are added and removed from rosters and when physician intervention is required to renew an expired roster
- HITRUST validation or certification (or be prepared to share the HHS ONC HIT Technology certification information for the version you are using, including the CHPL ID and version)
- Confirmation of understanding the Terms of Service
- The initial providers NPIs for production use
- The DPC team will schedule a demo session. Remember, this is a pilot project and scheduling will move slowly.
Liam Morley
Amy Gleason
It is up to the provider to determine how to define if a patient is under an active treatment relationship and it is therefore appropriate to request access to patient data for treatment purposes. Because the provider is responsible for attesting that the active treatment relationship exists, we require that you document your rostering process and share it with us prior to accessing production data. These definitions and processes are up to the provider, and should be based on how your practice runs.
Additionally, at a minimum, you must have seen the patient in the last 18 months. Data at the Point of Care will expire patients from the roster after 90 days. With each roster addition or renewal, the provider will be attesting that each patient added or updated is under active treatment and that there is a treatment need for the data.
At a minimum, your rostering process documentation should include:
- The logic and process you use to create the initial roster
- The process and logic for automatic updates and additions to your rosters (e.g. time interval and some logic that they are still in active treatment or they are added to the roster again with each appointment, etc.)
- The circumstances and frequency in which a patient is not automatically added to the roster and when a provider might need to manually review whether the patient should be added.
Liz Blair
Data at the Point of Care Community
Hi Liz,
Thanks for your question. At this time, we do not have recommendations for creating and updating the patient group. Our only requirements related to the patient group are listed in our documentation here.
As we are still in our pilot phase, we are expanding our research and understanding of the patient group through research sessions and office hours. We will keep the Google Group updated as we have more information to share.
In the mean time, please feel free to engage with the other Google Group users and to share your own knowledge.
Best,
The DPC Team
Linda Van Horn
We are EHNAC Accredited for HIPAA Privacy and Security, a DirectTrust Accredited Trust Anchor, and EHNAC Accredited as a TNAP-QHIN. EHNAC is a HITRUST Auditor and the EHNAC Accreditation for HIPAA Privacy and Security addresses the same criteria as HITRUST. Will EHNAC Accreditation for HIPAA Privacy and Security qualify to meet the HIPAA Privacy and Security? see https://www.ehnac.org/
Data at the Point of Care (DPC) Community
Thanks for your question.
Our Terms of Service requires you to meet one of the following criteria:
- Completed and holds an active ONC Health IT Certification
- Active HITRUST self-validation assessment (valid for one year from implementation if currently pursuing the HITRUST validated assessment)
- Active HITRUST Validated Assessment
- HNAP Accreditation
We will accept the EHNAC accreditation if it was achieved through the TDRAAP-Comprehensive program. The TDRAAP-Basic is for consumer-facing applications and would not meet our security requirements.
Best,