What is the difference between current capabilities within the Community Sector and the CBI Tool?
Currently, there is limited capacity for analysis and reporting, an inability to track clients across sectors, inconsistent data quality and collection, and duplicate reporting within the Toronto Central Local Health Integration Network (TC LHIN) Community Sector. Through use of the CBI tool, HSPs and the TC LHIN gain a better understanding of service utilization and capacity across the Community Sector, have access to higher quality data, and will be able to query data and run standard reports.
How will participation in CBI impact an HSP?
Implementing CBI will not require any major changes to front line processes and usage of your existing client management systems. The project team will work with your vendor to design and implement automated uploads. Funding will be provided to your vendor directly to complete the work to avoid any costs to HSPs. HSPs will then have access to reports that will provide information on service utilization and data quality.
Will the CBI Tool be aligned with other initiatives within the GTA?
The CBI Project Team is looking to align this initiative with others in the GTA to provide an integrated, fulsome picture of healthcare services.
Who is the Electronic Services Provider (ESP) for the CBI Project and what role will that organization play?
DATIS (the Drug and Alcohol Treatment Information System), a program of the Centre for Addiction and Mental Health, has been selected as the ESP (with endorsement by the CBI Working Group) for the CBI Project. DATIS has been operating since 1994 to collect and host provincial addiction data and to provide reports to the Ministry of Health and Long-Term Care and Community Addictions HSPs for the purposes of health system planning. DATIS hosts the CBI data repository for a variety of reasons. For example, it currently holds one third of the Community Sector data, it is a provincially-funded non-profit organization, it meets the necessary privacy and security requirements, it has an existing relationship with the Institute of Clinical Evaluative Sciences, and it has the necessary IT infrastructure in place.
Will funding be provided for the CBI Project?
Funding will be provided directly to CMS vendors to assist with the costs of building, testing, and implementing the CBI Tool within their CMS. This includes training their HSPs on how to use the CBI Tool and supporting them through the HSP testing, validation, and Go Live processes.
What are the roles and responsibilities of HSPs and their vendors as it relates to the CBI Project?
For the purposes of the CBI Project, vendors are responsible for building the CBI Tool within their CMS to allow for HSPs to upload client data to the CBI data repository. Vendors will go through testing and validation to ensure that the Tool is functioning properly. Following this, vendors will support their HSPs through the HSP testing, validation, and Go Live processes. For the purposes of the CBI Project, HSPs are responsible for signing an Electronic Service Provider Agreement, completing the HSP testing, validation, and Go Live process with their vendor. For more details on vendor and HSP responsibilities during the CBI Project, please refer to the HSP CBI Implementation Checklist.
Who do HSPs and/or vendors contact if they have questions about the CBI Project?
HSPs and/or vendors can ask questions about the CBI Project using any of the following ways:
- Reconnect Project Management website: the HSP tab and the vendor tab on the CBI page have general and technical information about the project.
- Contact your vendor for questions about their timelines, status of the build, and specifics about the CBI Tool within your CMS.
- Contact the CBI Support Centre at email@example.com for questions about vendor and HSP credentials and the CBI data repository.
Project Scope and Eligibility Questions:
Are HSPs required to participate in CBI?
Participation in the CBI initiative is mandatory for all community sector organizations with a TC LHIN 2014-17 Multi-Sector Accountability Agreement (MSAA). Community sector organizations are required to participate in CBI, without exception. The agreement is identified in the TC LHIN obligations of the MSAA under section 3.4 eHealth/Information Technology Compliance.
What are the requirements for participation in the CBI Project?
For the purposes of the CBI Project, it is required that HSPs:
- Be a part of the Community Sector and have at least one (1) Functional Centre (FC) funded by the TC LHIN; and
- Currently use a CMS that has the necessary functionality to support the implementation of the CBI Tool.
If these prerequisites cannot be met, or if you have questions about HSP eligibility, please contact the CBI Support Centre at firstname.lastname@example.org.
A list of TC LHIN funded Functional Centres can be found here Functional Centre ID List.
What if a HSP does not have a CMS and/or a vendor?
If a HSP does not have a CMS and/or a vendor and they collect data manually (ex: using an Excel spreadsheet or an Access Database), it may be possible to implement with CBI’s Universal Build. The Universal Build is a small piece of software that can read structured data and provide scheduled uploads to CBI’s data repository.
In addition, the TC LHIN funded Client Information Management (CIM) project is proceeding with a RFP for a single CMS solution on behalf of HSPs in the Community Mental Health, Community Addictions, and Community Support Services sectors. The goal of this project is to select a vendor that will be able to immediately provide components of “core” modules (i.e. collection of demographic information, service activity tracking, assessment data, reporting, and case notes) common to HSPs regardless of sector and demonstrate the ability to deliver additional “speciality” modules as needed by HSPs. The selection process will be complete by the end of this fiscal year, and thus may provide a viable option for HSPs seeking a CBI-compatible vendor. More information on this project can be found here.
Privacy and Security Questions:
Will personal health information (PHI) be collected by the CBI Tool? If so, how will it be used?
Yes, PHI will be collected for the purpose of linking client records between HSPs. This will allow for analysis and reporting on how clients are using services within and across community sectors. Only HSPs can view PHI for their own clients.
What information will be accessible to the LHIN?
The LHIN will have access to de-identified aggregate reports. The initial reports include:
- Client counts
- Date analysis
- Data quality
These reports were approved by the Privacy, Security and Data Access Sub-Group. The LHIN does not have access to Personal Health Information.
What measures are being taken to ensure that the privacy and security of client information is protected?
As the Electronic Service Provider (ESP) for the CBI Project, DATIS is required to adhere to strict privacy and security standards. A Privacy Impact Assessment and Threat Risk Assessment (PIA/TRA) have also been completed on the process of transmitting HSP data to DATIS, the physical environment within which this data sits and the reporting environment. In addition, a Privacy & Security and Data Access sub-group was put in place to review all agreements and Privacy policies and procedures related to CBI.
What is the difference between the IAR and the CBI Tool?
While the IAR is a client-level viewer of an individual’s common assessments and PHI, the CBI Tool allows for aggregate reporting and does not currently provide access to PHI.
What data elements are being collected as part of the CBI Project and what if a HSP currently does not collect all of these elements?
Tier 1 of the CBI Project includes the collection of nineteen (19) data elements (i.e.: client demographic information, Functional Centre information, and admission and discharge information). For a complete list of data elements, please see the Data Elements List
At this time, if a HSP currently does not collect one or more of the data elements it will not be asked to start collecting them in order to upload to the CBI data repository. Very few of the data elements are mandatory elements required to implement. For more information contact the project team.
What if a HSP’s CMS vendor is DATIS?
Being that addictions data already sits within DATIS (the vendor for Catalyst), it will be collected differently for the CBI Project than for the CMH and CSS sectors (i.e.: CA HSPs will not submit using the CBI Web Services Client). As soon as the HSP has signed the Electronic Service Provider Agreement, their data can be uploaded to CBI by DATIS.
However, if a CA HSP uses a second vendor (for CMH FCs, for example) in addition to DATIS, they will have to undergo the testing and Go Live processes for the CBI Tool that is implemented within the second vendor’s CMS as well.
Implementation, Testing, Validation, and Go Live Questions:
What was the timeline for the development and implementation of the CBI?
The CBI project began in 2012. By the autumn of 2013, a test group of nine community sector HSPs and their respective vendors built and implemented the CBI schema. From there, they tested, validated and uploaded client data to CBI. The lessons learned from the CBI Test Phase were used to plan for the full roll-out implementation of the CBI Tool. Full roll-out across the TC LHIN began in November 2013.
What is involved in building and implementing the CBI Tool within a CMS?
The diagram below shows the stages required to go from conception to Go Live on CBI:
- Vendor builds and implements CBI schema
- Vendor tests and validates CBI schema
- HSP tests and validates schema
- HSP goes live on CBI
What are the privacy requirements of HSPs under the Personal Health Information Protection Act, 2004 (PHIPA) as it relates to the CBI Project, and more specifically the ESPA?
- All of the HSPs collecting personal health information are health information custodians (HICs) and must comply with their obligations under PHIPA. The requirements include taking reasonable steps to ensure that PHI in their custody or control is protected against theft, loss and unauthorized use or disclosure.
- Entering into the ESPA is one of the fundamental steps to protect the PHI that will be provided to CAMH by requiring them to maintain the physical, administrative and technical safeguards set out in the ESPA.
What changes to the current consent processes of HSPs are required to participate in the CBI Project?
- Since there is no sharing of PHI among agencies and no PHI will be provided to the TC LHIN, HSPs are not required to make any changes to their consent processes to participate in the CBI Project however it is up to each HSP to ensure appropriate consent is in place.
- PHIPA authorizes a HIC to use PHI for planning and evaluating programs and for improving/maintaining the quality of care.
- CAMH is acting as an agent of the HSPs for purposes of PHIPA, and therefore the provision of PHI to CAMH is a use of the information and not a disclosure of PHI.
What security protections are currently in place?
- Section 9 and Schedule F to the ESPA set out the minimum technical, physical and administrative protections that CAMH must comply with to ensure that PHI of the HSPs is maintained securely.
- These protections include authentication measures, regular vulnerability scanning, mandatory and ongoing training of staff, backup security and business recovery plans, routine surveillance of the premises and network security controls.
- Reconnect as lead agency undertook a PIA and TRA of the CBI Project. The Assessments identified no risks at a “High” level and assessed the residual risk level of the project to be “Low”.
- CAMH is undertaking its own PIA and TRA and has committed in the ESPA to remediate any security and privacy risks which could impact the CBI Project.
What processes have taken place to protect the interests of all HSPs in the ESPA?
- PARC engaged independent legal counsel (Ted Hyland of Iler Campbell) to review the ESPA to ensure that the interests of HSPs are protected.
- A number of amendments were proposed by independent counsel, mostly to clarify the ESPA. These amendments were incorporated into the ESPA.
- The CBI Working Group is comprised of 9 HSPs who have been involved in developing the ESPA.
- The Privacy and Data Access Sub-Group has also reviewed the ESPA to ensure that the interests of all parties to the ESPA are protected.
Why is CAMH an electronic services provider (ESP) and not a health information network provider (HINP)?
- The characterization of whether CAMH is an ESP or HINP depends on whether the HSPs using the electronic services will be sharing PHI electronically among themselves. If no PHI is to be shared electronically among the HSPs then CAMH will not be acting as a HINP.
- As none of the HSPs will be sharing PHI electronically among themselves, CAMH will not be acting as a HINP.
- An electronic services provider is defined as: “A person who provides good or services for the purpose of enabling a health information custodian to use electronic means to collect, use, modify, disclose, retain or dispose of personal health information.” (PHIPA, s. 10 (4))