|
Interim Progress Report - Budget Period Three
Critical Capacity: Ensure effective
communications connectivity among public health departments, healthcare
organizations, law enforcement organizations, public officials, and
others
Critical Capacity: Ensure the ongoing
protection of critical data and information systems and capabilities for
continuity of operations
Critical Capacity: Ensure secure electronic
exchange of clinical, laboratory, environmental, and other public health
information in standard formats between the computer systems of public
health partners
Workplan - Budget Period Four
Critical Capacity 11: Ensure effective
communications connectivity among public health departments, healthcare
organizations, law enforcement organizations, public officials, and
others
1. Implement a plan for connectivity of key
stakeholders involved in a public health detection and response
including a 24/7 flow of critical health information
2. Ensure at least 90 percent of the key stakeholders
can receive and send critical health information including alerts and
critical event data
3. Identify local health agencies to serve as model
sites for training and education, support for organizational capacity
building
4. Develop a system to support National
Smallpox Vaccination Program activities
5. Ensure that participants in the National
Smallpox Vaccination Program maintain a directory of smallpox
vaccination team members
Critical Capacity 12: To ensure a
method of emergency communication for participants in public health
emergency response that is fully redundant with standard
Telecommunications
1. Assess the capacity in your jurisdiction for
redundant communication systems/devices
2. Implement a second method of receiving critical alerts
3. Develop and acquire high frequency and satellite
voice/data communications systems between local, state, and federal
partners
4. Acquire technologies and use CDC standards to
develop UHF/VHF/HF data and/or voice communication capability between
key Public Health Partners
5. Develop broadcast auto-dialing voice messaging
capabilities
6. Provide for technological and staffing redundancy
of critical information and communication systems to support these
functions
7. Routinely assess the timeliness and
completeness of the redundant method of alerting
Critical Capacity13: To ensure the ongoing protection of
critical data and information systems and capabilities for continuity
of operations
1. Assess the existing capacity regarding
policies and procedures for protecting and granting access to secure
systems
2. Validate and verify Internet security, assess
vulnerability and security and continuity of operations practices, and
rapidly implement recommended remedial activities
3a. Establish a firewall to protect critical
information resources from the Internet
3b. Implement Public Key Encryption
3c. Develop role-based authorization technology and
processes to ensure selective authorization to information resources
3d. Institute server- and client-based virus
checking software to protect critical systems
3e. Contract with an independent IT security firm to
perform ongoing penetration testing and vulnerability analysis
3f. Integrate all remote access to health department
IT resources using commercial, off-the-shelf products for a single
method of authentication.
3g. Implement software systems and/or servers to
support other Critical Capacities
Critical Capacity 14: Ensure secure electronic exchange of
clinical, laboratory, environmental, and other public health
information in standard formats between computer systems of public
health partners
1. Assess xisting capacity to exchange electronic
data in compliance with public health information and data elements
exchange standards, vocabularies, and specifications
2. Ensure that the technical infrastructure
exists to exchange a variety of data types
3. Develop firewall capabilities and Web technology
and expertise to implement aan XML-compliant SOAP service for the
secure exchange of information over the Internet
4. Develop systems and databases to implement the
specifications, vocabularies, and standards to exchange like data with
public health partners
5. Implement message parsing technology to allow for
the creation and processing of public health information messages
6. Participate in national stakeholders
meetings, data modeling activities, and joint application development
sessions to help specify the data types that will be exchanged among
public health partners
7a. Adopt and implement LOINC as the standard
for electronic exchange of clinical laboratory results
7b. Identify
areas where refinement or extension of LOINC would enhance public
health emergency preparedness
Budget Period Three Progress Report
Using the Interim Progress Report template below, provide a
brief status report that describes progress made toward
achievement of each of the critical capacities and
critical benchmarks outlined in the continuation guidance
issued by CDC in February 2002. Applicants should describe their
agency’s overall success in achieving each critical capacity. The
progress report narratives should not exceed 1 page,
single-spaced, for each critical capacity. Applicants are welcome
to use bullet-point format in their answers, so long as the
information is clearly conveyed in the response.
CRITICAL CAPACITY: To ensure effective communications
connectivity among public health departments, healthcare
organizations, law enforcement organizations, public officials,
and others as evidenced by: a) continuous, high speed connectivity
to the Internet; b) routine use of e-mail for notification of
alerts and other critical communication; and c) a directory of
public health participants (including primary clinical personnel),
their roles, and contact information covering all jurisdictions.
Provide an update on progress during Project Year III
toward achieving this critical capacity:
- Thirty-four of the state’s thirty-five local health
agencies have routine access to the Internet, and participate in the
Intergovernmental Network. This allows them access to Internet-based
information and alerts, as well as to state- and locally-developed
Web-based applications.
- Washington State Department of Health (DOH) established
a mechanism for 24/7 monitoring of Center for Disease Control and
Prevention’s (CDC) Health Alert Network. Messages received are
rapidly forwarded to the
[Information omitted in accordance with R.C.W. 42.17.310(1)(ww)]
list serves. Those lists include over 500 public health officials
from state and local public health as well as many tribal
representatives. Local health officials in turn communicate via
e-mail and fax with hospitals and health care providers in their
communities. In the past six months, this system has been tested
frequently through the dissemination of urgent communications
related to Severe Acute Respiratory Syndrome (SARS), the smallpox
vaccination program and monkeypox.
- DOH purchased the BioTerrorism Readiness SuiteÒ
from Virtual Alert Inc.Ò . This highly
configurable software application will provide integrated and
targeted messaging functions with a secure Web portal for sensitive
and technically specific content for the public health system and
its emergency response partners. This software will provide the
basis for the Washington Secure Electronic Communication and Urgent
Response System (WA-SECURES) In the future, we will be able to use
WA-SECURES to distribute messages and alerts on a targeted basis to
those entities, as well as hospital staff, emergency managers,
laboratory staff, and clinicians across the state.
- Washington State maintains a paper directory of contact
information for key local and state public health personnel as well
as emergency management agencies. This information, which is updated
twice a year, is used for emergency contact between agencies. In the
future, we will incorporate this information into an electronic
public health directory that will be used by WA-SECURES for
automatic, electronic distribution of alerts and communication.
|
Critical Benchmark #11: Estimate the percentage of your
state’s population that lives in local jurisdictions that are covered by
the Health Alert Network
DOH Response: 100%
Critical Benchmark #12: Is your state’s communication system
capable of sending and receiving critical health information (including
alerts of emergency event data) among hospital emergency departments,
state and local officials and law enforcement officials, 24 hours a day, 7
days a week?
DOH Response: YES
Back to top
CRITICAL CAPACITY: To ensure a method of emergency
communication for participants in public health emergency response
that is fully redundant with e-mail.
Provide an update on progress during Project Year III
toward achieving this critical capacity:
- Washington State maintains a paper directory of contact
information for key local and state public health personnel as well
as emergency management agencies. This information, which is updated
twice a year, is used for emergency contact between agencies. In the
future, we will be incorporating this information into an electronic
public health directory that will be used by WA-SECURES for
automatic, electronic distribution of alerts and communication.
- Washington DOH worked closely with the state Emergency
Management Division to identify and determine how to use existing
emergency communication systems. Through the state Emergency
Operations Center, DOH can immediately contact all state and local
law enforcement agencies via a teletype system. This system was
tested in real-time during the anthrax events of 2001. We can also
contact all county emergency management agencies through an
emergency radio system. These agencies can, in turn, contact first
responders and public health agencies in their communities in the
event of an emergency.
|
CRITICAL CAPACITY: To ensure the ongoing protection of
critical data and information systems and capabilities for
continuity of operations. (See Appendix 6, IT function #8.)
Provide an update on progress during Project Year III
toward achieving this critical capacity:
- As part of the Local Public Health Emergency
Preparedness Assessment in 2002, DOH collected data on local health
jurisdiction needs and capacities for information technology and
implementation of the Public Health Information Network (PHIN). DOH
will analyze the data and use it to determine which identified gaps
in current capacity and the PHIN standards require funding. DOH
began working with Clallam, Island, Chelan and Douglas Counties to
upgrade hardware, software, and staff capacity to implement and
maintain secure networks. DOH has already provided assistance and
resources for increased network security, including installation of
and training around firewalls, in all the more populous counties in
the state.
- DOH has worked with the state Department of Information
Services (DIS) to implement a single portal for secure access to all
state-developed applications and data. Use of this portal requires
high security digital certificates, and will be necessary for access
to WA-SECURES, Public Health Issues Management Systems (PHIMS) and
other critical applications. Digital certificates have been issued
to at least one representative in each local health agency, and
training has been provided on their use.
- A disaster recovery plan is being developed for DOH
that will identify mechanisms by which all of the state’s mission
critical systems can be kept operating following an emergency,
whether naturally occurring such as an earthquake or due to
information system failures caused by virus attacks. DOH will
encourage local health agencies to develop similar plans.
|
Back to top
CRITICAL CAPACITY: To ensure secure electronic exchange of
clinical, laboratory, environmental, and other public health
information in standard formats between the computer systems of
public health partners. Achieve this capacity according to the
relevant IT Functions and Specifications.
Provide an update on progress during Project Year III
toward achieving this critical capacity:
- Over the past year, DOH reviewed its electronic data
interchange efforts (EDI) to determine the best strategy for public
health messaging from clinical laboratories and hospitals. This
review led to a decision to replace our current EDI software, a
package originally produced by PaperFree, with a more robust,
flexible application that will support a much more complex EDI
system. We are planning for and going through a selection process to
identify the best product, and will implement that change in 2003.
- Washington is exploring public health messaging from
hospitals through a pilot project to obtain birth defects data. The
messaging component of the pilot was a success. Further work has
been deferred until the new EDI system is in place.
- Washington actively participates at the national level
in the refinement and adoption of standard vocabularies necessary
for public health messaging. Washington is incorporating these
vocabularies into all messaging done through the state’s EDI system
where possible. Washington is also looking at alternative formats
for reporting organizations that are unable to submit messages using
standard codes, as an interim solution until standard codes are
universally adopted.
|
Back to top
Budget Year Four Workplan
For each Recipient Activity applicants should complete the work plan
templates attached below. Applicants are welcome to use bullet-point
format in their answers, so long as the information is clearly conveyed in
the response. All responses should be brief and concise. Please note
that full use of the CDC templates will meet all of the requirements for
submission of a progress report and work plan. Although no additional
information is required, grantees may elect to submit other essential
supporting documents via the web portal by uploading them as additional
electronic files.
CRITICAL CAPACITY #11: To ensure effective
communications connectivity among public health departments,
healthcare organizations, law enforcement organizations, public
officials, and others (e.g. hospitals, physicians, pharmacies,
fire departments, 911 Centers)
Recipient Activities:
1. Implement a plan for connectivity of key stakeholders involved
in a public health detection and response including a 24/7 flow of
critical health information, such as clinical data (build according to
IT functions #1-3 in Appendix 4), alerts, (build according to IT
Functions #7-9 in Appendix 4) and critical event data, (IT Functions
#1-3 in Appendix 4), among hospital emergency departments, state and
local public health officials, law enforcement, and other key
participants (e.g. physicians, pharmacies, fire departments, 911
Centers) (LINK TO CROSS CUTTING ACTIVITY INTEROPERABILITY OF IT
SYSTEMS, Attachment X) (CRITICAL BENCHMARK #18)
Strategies: What overarching approach(es) will be used to undertake
this activity?
| Note: Key stakeholders for the coming grant
year are defined as local and state public health agencies, hospital
emergency departments and emergency management agencies. Priority
stakeholders for following years are infectious disease specialists
and infection control practitioners, large clinician practices, law
enforcement agencies, first responders, individual clinicians and
pharmacists.
1. Assure 24/7 connectivity and communications between state
health department, local health agencies, emergency departments of
hospitals and emergency management agencies.
2. Assure at least three types of redundant communications
capability
[Information omitted in accordance with R.C.W. 42.17.310(1)(ww)]
are in place in state health department, local
health agencies and emergency departments of hospitals, and that
these connect with existing emergency management communications
systems.
3. Establish Internet-based alerting mechanisms for key
stakeholders.
|
Tasks: What key tasks will be conducted in carrying out each identified
strategy?
|
1a. In conjunction with Critical Benchmarks 7 and 9, develop
policies for roles and responsibilities of duty officers for each
key stakeholder.
1b. Develop a communication plan for development and
implementation of 24/7 emergency alerting capacity in all local and
state health agencies, hospital emergency departments, and emergency
management agencies.
1c. For each key stakeholder organization (each local health
agency, hospital emergency department, state health department, and
emergency management agency) establish a 24/7 duty officer role,
define a roster of individuals responsible for carrying out that
role, and provide training as necessary in conjunction with Focus
Area G.
1d. Assure that organizations lacking necessary equipment for
duty officer role (ie, pagers, cell phones, wireless radios) are
able to acquire such equipment. Technology solution needs to be
appropriate for each jurisdiction.
1e. Establish a process in each key stakeholder organization for
maintaining the duty officer role and for disseminating agency
contact information to other key stakeholders.
1f. Proceed with implementation of Washington State Electronic
Communications and Urgent Response System (WA-SECURES), to allow
automated voice and e-mail communications with key stakeholders
(initially local health departments, then hospital emergency
departments and emergency management agencies).
2a. Continue current program of assessing redundant communication
needs for hospitals and local health agencies.
2b. Identify gaps in redundant communication needs and provide
necessary technology to fill those gaps.
2c. Continue with implementation of the hospital communications
technology plan.
3a. Define the types of alerts that are routinely generated and
identify the following items:
-- Type of message
-- Current delivery format
-- Alert level (1 – immediate, 2 – prompt, 3 – next business
day)
-- Message confirmation required
-- Amount of information being delivered, pamphlet, one page,
book, e-mail
3b. Define standard alerting mechanisms for Internet-based
systems
-- What types of information should be disseminated via
Internet-based systems?
-- What limitations on access should there be to this
information?
-- What processes should be used for posting this information
to Internet sites?
3c. Review current public health, emergency response and
healthcare-related Internet sites, and identify appropriate sites
for dissemination of alerts and other information to key
stakeholders. Decision on appropriate sites to include consideration
of:
-- Type of system
-- System manager
-- Access/security level (1 – confidential info, 2 – sensitive
info, 3 – general release)
-- Support plan for 24/7 coverage/maintenance of web site
-- Use of web site by target stakeholder audience
3d. Engage existing organizations that provide Internet-based
information to key stakeholders in agreements to post alerts as
necessary, following defined alerting mechanisms (i.e., Harborview
Bed Count site, RAMSES, others as appropriate).
|
Timeline: What are the critical milestones and completion dates for
each task?
|
1a. Policy developed based on definition of 24/7 response in
Critical Benchmark 7.
1b. Communication plan developed for 24/7 implementation of
emergency alerting system.
1c. Duty officer role is established in each key stakeholder
organization and initial group of duty officers are trained –
December 2003.
1d. Equipment necessary for duty officer role distributed to key
stakeholders – January 2004.
1e. Process established for maintaining duty officer role and
disseminating contact information – January 2004.
1f. WA-SECURES is implemented in local health agencies – January
2004.
WA-SECURES is implemented in hospitals and with emergency
management agencies – August 2004.
2a, b, c – Redundant communications devices are distributed to
key stakeholders – August 2004.
3a. Types of alerts are defined – September 2003.
3b. Alerting mechanisms for Internet-based systems are defined –
October 2003.
3c. Existing Internet-based information systems are identified –
October 2003.
3d. Internet-based information dissemination organizations are
engaged to post alerts – December 2003.
|
Responsible Parties: Identify the person(s) and/or entity assigned to
complete each task.
|
1a. State and regional emergency response coordinators.
1b. DOH Washington Electronic Disease Surveillance System (WEDSS);
state and regional emergency response coordinators.
1c. Local health agencies, hospitals, state DOH, Focus Area G.
1d. DOH WEDSS.
1e. Local health agencies, hospitals, state DOH.
1f. DOH WEDSS; State and Regional Emergency Response
Coordinators.
2 a, b, c. DOH Emergency Response Program.
3a. State and Regional Emergency Response Coordinators.
3b. DOH WEDSS.
3c. DOH Communications Office.
3d. DOH WEDSS.
|
Evaluation Metric: How will the agency determine progress toward
successful completion of the overall recipient activity?
- Percentage of local health agencies that have
identified duty officer and established 24/7 coverage.
- Percentage of local health agencies and hospitals that
have wireless communication devices.
- Percentage of key stakeholders with access to
WA-SECURES alerting system.
- Percentage of key stakeholders receiving alerts via
identified Internet-based information systems.
|
Back to top
2. Ensure, by testing and documentation, at least 90 percent of the
key stakeholders involved in a public health response can receive and
send critical health information including alerts and critical event
data. (Build according to Appendix 4 - IT Functions and
Specifications.) (CRITICAL BENCHMARK #19)
Strategies: What overarching approach(es) will be used to undertake
this activity?
| Note: Key stakeholders for the coming grant
year are defined as local and state public health agencies, hospital
emergency departments and emergency management agencies. Priority
stakeholders for following years are infectious disease specialists
and infection control practitioners, large clinician practices, law
enforcement agencies, first responders, individual clinicians and
pharmacists.
1. In collaboration with Focus Areas A and F, routinely test and
document timeliness and completeness of communication and alerting
systems.
|
Tasks: What key tasks will be conducted in carrying out each identified
strategy?
| 1a. Define testing process for communication and
alerting systems. 1b. Test communication and alerting systems.
1c. Document results.
1d. Identify problem areas.
1e. Develop and implement solutions for problem areas.
1f. Test again. |
Timeline: What are the critical milestones and completion dates for
each task?
| 1a. Testing process is defined – December 2003. 1b.
Test is conducted – March 2004.
1c. Results are summarized – May 2004.
1d. Problem areas identified – June 2004.
1e. Solutions for problem areas developed and implemented – January
2005.
1f. Repeat test – March 2005. |
Responsible Parties: Identify the person(s) and/or entity assigned to
complete each task.
Evaluation Metric: How will the agency determine progress toward
successful completion of the overall recipient activity?
| Percentage of key stakeholders who document ability
to send and receive alerts. |
Back to top
3. Develop effective public health communications connectivity by
identifying local health agencies to serve as model sites for training
and education, support for organizational capacity building, and the
creation of knowledge management systems for public health
practitioners. In selecting sites, grantees should consider localities
that were among the 120 cities identified in the Response to Weapons
of Mass Destruction Act of 1997, are the largest population centers in
the state, are state capitals, have special significance for terrorism
preparedness and response (e.g., military base, strategic location,
international port of entry, special population), and are not direct
recipients of funding under this cooperative agreement.
Strategies: What overarching approach(es) will be used to undertake
this activity?
|
1. Review accomplishments in emergency preparedness by local
health agencies and identify model sites.
|
Tasks: What key tasks will be conducted in carrying out each identified
strategy?
| 1a. Develop criteria for model local health sites.
1b. Assess accomplishments of local health agencies against
criteria.
1c. Identify model sites. |
Timeline: What are the critical milestones and completion dates for
each task?
| 1a. Criteria are developed for model local health
sites – March 2004. 1b. Assessment of local health agencies against
criteria completed – June 2004.
1c. Model sites identified – August 2004. |
Responsible Parties: Identify the person(s) and/or entity assigned to
complete each task.
| 1a. Regional health agencies and Focus Area G. 1b.
DOH Emergency Response Program and Focus Area G; regional health
agencies.
1c. DOH Emergency Response Program and Focus Area G; regional
health agencies. |
Evaluation Metric: How will the agency determine progress toward
successful completion of the overall recipient activity?
| Model local health sites are identified. |
Back to top
4. (Smallpox) Develop a system to enhance public health capacity
for recruitment and tracking of participants, data collection,
storage, and management, reporting and evaluation activities related
to the National Smallpox Vaccination Program.
Strategies: What overarching approach(es) will be used to undertake
this activity?
|
1. Maintain Pre-event Vaccination Management System (PVMS) to
track participants and program data and to report information to
National Smallpox Vaccination Program.
|
Tasks: What key tasks will be conducted in carrying out each identified
strategy?
| 1. Establish maintenance framework for PVMS. |
Timeline: What are the critical milestones and completion dates for
each task?
| 1. Maintenance framework established – July 2003. |
Responsible Parties: Identify the person(s) and/or entity assigned to
complete each task.
Evaluation Metric: How will the agency determine progress toward
successful completion of the overall recipient activity?
| Maintenance framework established. |
Back to top
5. (Smallpox) Ensure that hospitals, clinics, and other
participants in the National Smallpox Vaccination Program maintain a
directory of smallpox vaccination team members and are provided
regular updates on implementation of program activities with
appropriate technical assistance.
Strategies: What overarching approach(es) will be used to undertake
this activity?
|
1. Define a specific process and requirements for participating
organizations to maintain smallpox team information.
2. Assure ongoing communication with organizations that maintain
smallpox response teams on program activities.
3. Link information as appropriate and necessary to state
Learning Management System in Focus Area G to help track team
members’ competencies and training.
|
Tasks: What key tasks will be conducted in carrying out each identified
strategy?
|
1a. Develop requirements and processes for participating
organizations to use in maintaining information about smallpox
response team members.
1b. Educate participating organizations about requirements and
processes.
2a. Develop and implement a communication plan for participating
organizations about smallpox response program activities.
3. Participate in planning for Learning Management System to
assure ability to track necessary information about smallpox
response members.
|
Timeline: What are the critical milestones and completion dates for
each task?
| 1a. Requirements and processes are defined –
September 2003. 1b. Participating organizations are educated about requirements
and processes – December 2003.
2a. Communication plan is developed and implemented – March 2004.
3. Participated in Learning Management System planning – August
2004. |
Responsible Parties: Identify the person(s) and/or entity assigned to
complete each task.
| 1a. Smallpox Vaccination Program Manager. 1b.
Regional Health Agencies.
2a. Smallpox Vaccination Program Manager.
3. Smallpox Vaccination Program Manager and Focus Area G. |
Evaluation Metric: How will the agency determine progress toward
successful completion of the overall recipient activity?
- Percentage of organization with smallpox response teams
that are maintaining required information on those teams.
- Successful implementation of communication plan.
|
Back to top
CRITICAL CAPACITY #12: To ensure a method of
emergency communication for participants in public health
emergency response that is fully redundant with standard
Telecommunications (telephone, e-mail, Internet, etc.).
Recipient Activities:
- Assess the capacity in your jurisdiction for redundant communication
systems/devices (two-way radios, cell phones, voice mail boxes,
satellite phones, amateur radio groups, hand radios or wireless
messaging), the capacity of existing systems at the state and local
level to broadcast and/or autodial to automatically distribute alerts
and messages to these systems/devices, and the capacity to link to the
emergency communication systems of local emergency response partners. If
necessary, make improvements during this budget cycle.
Strategies: What overarching approach(es) will be used to undertake
this activity?
| Note: Key stakeholders for the coming grant year are
defined as local and state public health agencies, hospital emergency
departments and emergency management agencies. Priority stakeholders
for following years are infectious disease specialists and infection
control practitioners, large clinician practices, law enforcement
agencies, first responders, individual clinicians and pharmacists.
1. Assure 24/7 connectivity and communications between state
health department, local health agencies, emergency departments of
hospitals and emergency management agencies.
2. Assure at least three types of redundant communications
capability (e-mail, voice-mail, wireless radios) are in place in
state health department, local health agencies and emergency
departments of hospitals, and that these connect with existing
emergency management communications systems.
3. Establish Internet-based alerting mechanisms for key
stakeholders.
|
Tasks: What key tasks will be conducted in carrying out each identified
strategy?
|
1a. In conjunction with Critical Benchmarks 7 and 9, develop
policies for roles and responsibilities of duty officers for each
key stakeholder.
1b. Develop a communication plan for development and
implementation of 24/7 emergency alerting capacity in all local and
state health agencies, hospital emergency departments, and emergency
management agencies.
1c. For each key stakeholder organization (each local health
agency, hospital emergency department, state health department, and
emergency management agency) establish a 24/7 duty officer role,
define a roster of individuals responsible for carrying out that
role, and provide training as necessary in conjunction with Focus
Area G.
1d. Assure that organizations lacking necessary equipment for
duty officer role (pagers, wireless handhelds, cell phones, wireless
radios) are able to acquire such equipment. Technology solution
needs to be appropriate for each jurisdiction.
1e. Establish a process in each key stakeholder organization for
maintaining the duty officer role and for disseminating agency
contact information to other key stakeholders.
1f. Proceed with implementation of WA-SECURES, to allow automated
voice and e-mail communications with key stakeholders (initially
local health departments, then hospital emergency departments and
emergency management agencies).
2a. Continue current program of assessing redundant communication
needs for hospitals and local health agencies.
2b. Identify gaps in redundant communication needs and provide
necessary technology to fill those gaps.
2c. Continue with implementation of the hospital communications
technology plan.
3a. Define the types of alerts that are routinely generated and
identify the following items:
-- Type of message
-- Current delivery format
-- Alert level (1 – immediate, 2 – prompt, 3 – next business
day)
-- Message confirmation required
-- Amount of information being delivered, pamphlet, one page,
book, e-mail
3b. Define standard alerting mechanisms for Internet-based
systems
-- What types of information should be disseminated via
Internet-based systems?
-- What limitations on access should there be to this
information?
-- What processes should be used for posting this information to
Internet sites?
3c. Review current public health, emergency response and
healthcare-related Internet sites, and identify appropriate sites
for dissemination of alerts and other information to key
stakeholders. Decision on appropriate sites to include consideration
of:
-- Type of system
-- System manager
-- Access/security level (1 – confidential info, 2 – sensitive
info, 3 – general release)
-- Support plan for 24/7 coverage/maintenance of web site
-- Use of web site by target stakeholder audience
3d. Engage existing organizations that provide Internet-based
information to key stakeholders in agreements to post alerts as
necessary, following defined alerting mechanisms (i.e., Harborview
Bed Count site, RAMSES, others as appropriate).
|
Timeline: What are the critical milestones and completion dates for
each task?
|
1a. Policy developed based on definition of 24/7 response in
Critical Benchmark 7.
1b. Communication plan developed for 24/7 implementation of
emergency alerting system.
1c. Duty officer role is established in each key stakeholder
organization and initial group of duty officers are trained –
December 2003.
1d. Equipment necessary for duty officer role distributed to key
stakeholders – January 2004.
1e. Process established for maintaining duty officer role and
disseminating contact information – January 2004.
1f. WA-SECURES is implemented in local health agencies – January
2004.
WA-SECURES is implemented in hospitals and with emergency
management agencies – August 2004.
2a, b, c – Redundant communications devices are distributed to
key stakeholders – August 2004.
3a. Types of alerts are defined – September 2003.
3b. Alerting mechanisms for Internet-based systems are defined –
October 2003.
3c. Existing Internet-based information systems are identified –
October 2003.
3d. Internet-based information dissemination organizations are
engaged to post alerts – December 2003.
|
Responsible Parties: Identify the person(s) and/or entity assigned to
complete each task.
| 1a. State and Regional Emergency Response
Coordinators.
1b. DOH WEDSS; State and Regional Emergency Response Coordinators.
1c. Local health agencies, hospitals, state DOH, Focus Area G.
1d. DOH WEDSS.
1e. Local health agencies, hospitals, state DOH.
1f. DOH WEDSS; State and Regional Emergency Response Coordinators.
2 a, b, c. DOH Emergency Response Program.
3a. State and Regional Emergency Response Coordinators.
3b. DOH WEDSS.
3c. DOH Communications Office.
3d. DOH WEDSS. |
Evaluation Metric: How will the agency determine progress toward
successful completion of the overall recipient activity?
- Percentage of local health agencies that have
identified duty officer and established 24/7 coverage.
- Percentage of local health agencies and hospitals that
have received wireless communication devices.
- Percentage of key stakeholders with access to
WA-SECURES alerting system.
- Percentage of key stakeholders receiving alerts via
identified Internet-based information systems.
|
Back to top
2. Implement a second method of receiving critical alerts such as
pagers, cell phones, voice mailboxes, or other devices to allow public
health participants to receive alerts in full redundancy with e-mail.
Strategies: What overarching approach(es) will be used to undertake
this activity?
| Same as Critical Capacity 12, Recipient Activity 1. |
Tasks: What key tasks will be conducted in carrying out each identified
strategy?
| Same as Critical Capacity 12, Recipient Activity 1. |
Timeline: What are the critical milestones and completion dates for
each task?
| Same as Critical Capacity 12, Recipient Activity 1. |
Responsible Parties: Identify the person(s) and/or entity assigned to
complete each task.
| Same as Critical Capacity 12, Recipient Activity 1. |
Evaluation Metric: How will the agency determine progress toward
successful completion of the overall recipient activity?
| Same as Critical Capacity 12, Recipient Activity 1. |
Back to top
3. Work with CDC, and as appropriate, other federal agencies, to
develop and acquire high frequency and satellite voice/data
communications systems between local, state, and federal partners.
These systems will be standards based to ensure interoperability.
Strategies: What overarching approach(es) will be used to undertake
this activity?
|
1. Use existing systems operated by state, local and federal
emergency management agencies.
2. Assure that key stakeholders are in routine communication with
emergency management agencies and are able to use existing emergency
communication systems when necessary.
|
Tasks: What key tasks will be conducted in carrying out each identified
strategy?
|
1. Identify existing emergency communication systems at local,
state and federal level.
2a. Establish contact between key partners and the appropriate
emergency management agency (i.e., between each local health agency
and hospital and their county emergency management agency).
2b. Establish community-based processes for key partners to gain
access to emergency communication systems.
2c. Test processes for all key partners.
|
Timeline: What are the critical milestones and completion dates for
each task?
|
1. Identifying existing systems – October 2003.
2a. Establish contact between partners and emergency management
agencies – December 2003.
2b. Establish community-based processes for gaining access to
systems – February 2003.
2c. Test processes – March 2003.
|
Responsible Parties: Identify the person(s) and/or entity assigned to
complete each task.
|
1a. DOH Office of Risk and Emergency Management, State Department
of Emergency Management.
2a. DOH Office of Risk and Emergency Management, State Department
of Emergency Management.
2b. State Department of Emergency Management.
|
Evaluation Metric: How will the agency determine progress toward
successful completion of the overall recipient activity?
- Identification of existing emergency communication
systems in each county.
- Percent of key partners that have demonstrated access
to existing emergency communication systems.
|
Back to top
4. Collaborate with local emergency service providers to acquire
technologies and utilize standards developed by CDC to develop
UHF/VHF/HF data and/or voice communication capability between key
Public Health Partners.
Strategies: What overarching approach(es) will be used to undertake
this activity?
|
1. Continue with development and implementation of Washington
Hospital and Emergency EMS Radio System (WHEERS) for emergency radio
communication between all hospitals and state emergency management.
2. Continue with assessment of radio communication needs,
geographic limitations and potential technology solutions for each
local health agency.
3. Assure establishment of duty officer roles for each key
stakeholder.
4. Connect local health agencies to the hospitals and emergency
management agencies in their communities when urgent access to
emergency communication systems is required.
|
Tasks: What key tasks will be conducted in carrying out each identified
strategy?
|
1. Continue with implementation of existing WHEERS plan.
2. Continue working with each local health agency to identify
needs and appropriate technology solutions.
3. As part of Critical Benchmark 18, establish duty officer for
each key stakeholder.
4. Assure that each local health agency has access to emergency
communication systems at hospitals and emergency management agencies
in their counties.
|
Timeline: What are the critical milestones and completion dates for
each task?
|
1. Deployment of emergency radio communications to all acute care
hospitals in state by August 2004.
2. Complete assessment of emergency communication needs and
identification of appropriate solutions by August 2004.
3. Establishment of duty officers for all key stakeholders by
January 2004.
4. Verification that each local health agency has access to
emergency communications systems in their counties by August 2004.
|
Responsible Parties: Identify the person(s) and/or entity assigned to
complete each task.
|
1. DOH Emergency Preparedness and Response Program.
2. DOH WEDSS Program.
3. Local health agencies, hospitals, state DOH.
4. DOH Office of Risk and Emergency Management.
|
Evaluation Metric: How will the agency determine progress toward
successful completion of the overall recipient activity?
- Percentage of acute care hospitals with access to
WHEERS.
- Percentage of local health agencies with completed
needs assessments and identified technology solutions.
- Percentage of key stakeholders establishing duty
officers.
- Percentage of local health agencies with verified
access to emergency communications systems.
|
Back to top
5. Develop broadcast auto-dialing voice messaging capabilities.
Strategies: What overarching approach(es) will be used to undertake
this activity?
| Same as Critical Capacity 12, Recipient Activity 1. |
Tasks: What key tasks will be conducted in carrying out each identified
strategy?
| Same as Critical Capacity 12, Recipient Activity 1. |
Timeline: What are the critical milestones and completion dates for
each task?
| Same as Critical Capacity 12, Recipient Activity 1. |
Responsible Parties: Identify the person(s) and/or entity assigned to
complete each task.
| Same as Critical Capacity 12, Recipient Activity 1. |
Evaluation Metric: How will the agency determine progress toward
successful completion of the overall recipient activity?
| Same as Critical Capacity 12, Recipient Activity 1. |
6. Provide for technological and staffing redundancy of critical
information and communication systems to support these functions.
(Build according to IT function #9 in Appendix 4.)
Strategies: What overarching approach(es) will be used to undertake
this activity?
| To be completed as part of multiple activities in
Critical Capacities 11 and 12. |
Back to top
7. Routinely assess the timeliness and completeness of the
redundant method of alerting, as it exists to reach participants in
public health response. (CRITICAL BENCHMARK #20)
Strategies: What overarching approach(es) will be used to undertake
this activity?
| Note: Key stakeholders for the coming grant
year are defined as local and state public health agencies, hospital
emergency departments and emergency management agencies. Priority
stakeholders for following years are infectious disease specialists
and infection control practitioners, large clinician practices, law
enforcement agencies, first responders, individual clinicians and
pharmacists.
1. In collaboration with Focus Areas A and F, routinely test and
document timeliness and completeness of communication and alerting
systems.
|
Tasks: What key tasks will be conducted in carrying out each identified
strategy?
|
1a. Define testing process for communication and alerting
systems.
1b. Test communication and alerting systems.
1c. Document results.
1d. Identify problem areas.
1e. Develop and implement solutions for problem areas.
1f. Test again.
|
Timeline: What are the critical milestones and completion dates for
each task?
| 1a. Testing process is defined – December 2003. 1b.
Test is conducted – March 2004.
1c. Results are summarized – May 2004.
1d. Problem areas identified – June 2004.
1e. Solutions for problem areas developed and implemented – January
2005.
1f. Repeat test – March 2005. |
Responsible Parties: Identify the person(s) and/or entity assigned to
complete each task.
Evaluation Metric: How will the agency determine progress toward
successful completion of the overall recipient activity?
| Percentage of key stakeholders who document ability
to send and receive alerts. |
Back to top
CRITICAL CAPACITY #13: To ensure the ongoing protection of
critical data and information systems and capabilities for
continuity of operations in accordance with IT function #8 (see
Appendix 4).
Recipient Activities:
1. Assess the existing capacity in your jurisdiction regarding
policies and procedures for protecting and granting access to secure
systems for the management of secure information, system backups, and
systems redundancy. If necessary, develop a proposal for improvements
during this budget cycle.
Strategies: What overarching approach(es) will be used to undertake
this activity?
|
1. Analyze results of assessments performed by public health
agencies and hospitals in 2003 to identify potential security
issues.
2. Work with individual organizations and facilities to assure
implementation of security improvements.
3. Develop and deploy model security policies and procedures to
public health agencies.
|
Tasks: What key tasks will be conducted in carrying out each identified
strategy?
| 1. Analyze results of assessments from
2003. 2. Identify necessary improvements for individual
organizations and facilities.
3. Develop and deploy model security policies and procedures to
public health agencies. |
Timeline: What are the critical milestones and completion dates for
each task?
| 1. Results of assessment are analyzed – October 2003.
2. Necessary improvements identified. – December 2003.
3. Model security policies developed and deployed to public health
agencies – March 2004. |
Responsible Parties: Identify the person(s) and/or entity assigned to
complete each task.
| 1. DOH and Regional Health Agencies. 2. DOH and
Regional Health Agencies.
3. DOH. |
Evaluation Metric: How will the agency determine progress toward
successful completion of the overall recipient activity?
- Assessment results analyzed.
- Percentage of organizations needing security
improvements that have made improvements.
|
Back to top
2. Perform regular independent validation and verification of
Internet security, vulnerability assessment, and security and
continuity of operations practices, and rapidly implement recommended
remedial activities.
Strategies: What overarching approach(es) will be used to undertake
this activity?
|
1. Establish process for testing security of public health agency
information systems.
2. Work with hospitals to determine best mechanism for verifying
security of hospital information systems.
|
Tasks: What key tasks will be conducted in carrying out each identified
strategy?
| 1. Establish process for testing security of public
health agency information systems. 2. Determine best mechanism for
verifying security of hospital information systems. |
Timeline: What are the critical milestones and completion dates for
each task?
| 1. Process for testing security established –
December 2003. 2. Mechanism for determining security of hospital
information systems identified – March 2004. |
Responsible Parties: Identify the person(s) and/or entity assigned to
complete each task.
| 1. DOH. 2. Washington State Hospital Association. |
Evaluation Metric: How will the agency determine progress toward
successful completion of the overall recipient activity?
- Process for testing security of public health agencies
established.
- Status of facility security evaluation compared with
Health Insurance Portability and Accountability Act (HIPAA)
requirements.
|
Back to top
3. Activities that may be considered:
a. Establish a firewall for the protection of critical
information resources from the Internet.
Strategies: What overarching approach(es) will be used to undertake
this activity?
|
1. Implement as necessary in individual public health agencies
and hospitals based on results of assessment.
2. Use national standards for selection of technology.
|
Tasks: What key tasks will be conducted in carrying out each identified
strategy?
| Same as Critical Capacity 13, Recipient Activity 1.
1a. Analyze results of assessments performed by public health
agencies and hospitals in 2003 to identify potential security
issues.
2a. Work with individual organizations and facilities to assure
implementation of security improvements.
3a. Develop and deploy model security policies and procedures to
public health agencies.
|
Timeline: What are the critical milestones and completion dates for
each task?
| Same as Critical Capacity 13, Recipient Activity 1.
1a. Analyze results of assessments from 2003.
2a. Identify necessary improvements for individual organizations
and facilities.
3a. Develop and deploy model security policies and procedures to
public health agencies. |
Responsible Parties: Identify the person(s) and/or entity assigned to
complete each task.
| Same as Critical Capacity 13, Recipient Activity 1.
1a. DOH and Regional Health Agencies.
2a. DOH and Regional Health Agencies.
3a. DOH. |
Evaluation Metric: How will the agency determine progress toward
successful completion of the overall recipient activity?
Same as Critical Capacity 13, Recipient Activity 1
- Assessment results analyzed.
- Percentage of organizations needing security
improvements that have made improvements.
|
Back to top
b. Implement Public Key Encryption (PKI), according to
specifications in IT Function #9 (see Appendix 4) or equivalent
methods of strong authentication for remote access from the
Internet.
Strategies: What overarching approach(es) will be used to undertake
this activity?
|
1. Implement as part of deployment of Washington PHIMS,
WA-SECURES and other applications as appropriate.
2. Use existing Washington State Internet security
infrastructure, with high security digital certificates issued to
key partners and access provided through single state portal –
Transact Washington.
|
Tasks: What key tasks will be conducted in carrying out each identified
strategy?
|
1. Continue working with Department of Information Services on
development and use of Transact Washington.
2a. Assure that applications requiring high levels of security
incorporate digital certificate access and authentication
mechanisms.
2b. Continue to issue digital certificates and provide training
to key partners.
|
Timeline: What are the critical milestones and completion dates for
each task?
|
1, 2a, 2b. All tasks are underway. Work will continue over the
course of the coming grant year.
|
Responsible Parties: Identify the person(s) and/or entity assigned to
complete each task.
| 1, 2a, 2b. DOH and state Department of Information
Services. |
Evaluation Metric: How will the agency determine progress toward
successful completion of the overall recipient activity?
| Number of key partners successfully using digital
certificates to access critical state applications. |
Back to top
c. Develop role-based authorization technology and processes to
ensure selective authorization to information resources using
technologies identified in IT Function #7 (see Appendix 4).
Strategies: What overarching approach(es) will be used to undertake
this activity?
| Same as Critical Capacity 13, Recipient Activity 3b.
|
d. Institute server- and client-based virus checking software
to protect critical systems.
Strategies: What overarching approach(es) will be used to undertake
this activity?
| Implemented as necessary based on the results of the
assessment. |
e. Contract with an independent IT security firm to perform
ongoing penetration testing and vulnerability analysis.
Strategies: What overarching approach(es) will be used to undertake
this activity?
| Implemented as necessary based on result of
assessment. |
f. Integrate all remote access to health department IT
resources using commercial, off-the-shelf products for a single
method of authentication.
Strategies: What overarching approach(es) will be used to undertake
this activity?
| Same as Critical Capacity 13, Recipient Activity 3b.
|
g. Implement software systems and/or servers to support
Critical Capacities elsewhere in this guidance. Provide training
and support on these systems to improve the ability of public
health participants to effectively use them.
Strategies: What overarching approach(es) will be used to undertake
this activity?
| Integrated into individual workplans for PHIMS,
WA-SECURES, PVMS and other relevant applications. |
Back to top
CRITICAL CAPACITY #14: To ensure secure electronic exchange
of clinical, laboratory, environmental, and other public health
information in standard formats between the computer systems of
public health partners. Achieve this capacity according to the
relevant IT Functions and Specifications (see Appendix 4).
Recipient Activities:
1. Assess the existing capacity in your jurisdiction to exchange
electronic data in compliance with public health information and data
elements exchange standards, vocabularies, and specifications as
referenced in the NEDSS initiative. (Build according to IT Functions
#1-9 in Appendix 4.) If necessary, develop a proposal for improvements
during this budget cycle. (LINK WITH CROSS CUTTING ACTIVITY
INTEROPERABILITY OF IT SYSTEMS, Attachment X)
Strategies: What overarching approach(es) will be used to undertake
this activity?
|
1. Review results of information technology assessment conducted
in 2002/2003.
2. Identify and assess capacity of key partners who may have been
missed in first assessment.
3. Develop plan for addressing needs related to electronic data
interchange, with implementation integrated into current EDI plans.
|
Tasks: What key tasks will be conducted in carrying out each identified
strategy?
|
1. Review results of information technology assessment.
2. Identify key partners who may have been missed in the first
assessment, and apply the same assessment to them.
3. Develop plan based on results of assessment analysis and on
current EDI plans.
|
Timeline: What are the critical milestones and completion dates for
each task?
| 1. IT assessment reviewed – October 2003. 2.
Assessment of partners missed in first round – January 2004.
3. Plan developed for addressing needs – March 2004. |
Responsible Parties: Identify the person(s) and/or entity assigned to
complete each task.
Evaluation Metric: How will the agency determine progress toward
successful completion of the overall recipient activity?
- Complete review and analysis of IT assessments for all
key partners.
- Development of plan to address needs.
|
Back to top
2. Ensure that the technical infrastructure exists to exchange a
variety of data types, including possible cases, possible contacts,
specimen information, environmental sample information, lab results,
facilities, and possible threat information. (Build according to IT
Functions #1-9 in Appendix 4). (CRITICAL BENCHMARK #21)
Strategies: What overarching approach(es) will be used to undertake
this activity?
|
1. Establish infrastructure, consistent with Public Health
Information Network (PHIN) and other national standards to support
electronic data interchange with a variety of partners, with initial
emphasis on hospital and clinical laboratories.
|
Tasks: What key tasks will be conducted in carrying out each identified
strategy?
|
1a. Work with DIRM to complete and get signed off the Information
Technology Plan
1b. Work with Department of Information Services (DIS) to resolve
security issues associated with EDI with state agencies, with focus
on EDI issues raised by electronic transactions to be performed
under the Bioterrorism Cooperative Agreement.
1c. Define functional requirements in Joint Application
Development sessions with laboratories.
1d. Identify prioritized LRN laboratories for implementation.
1e. Adapt existing software code from model projects and other
sources to meet Washington needs.
1f. Test system.
1g. Pilot system.
1h. Perform Quality Assurance review.
1i. Deploy system to prioritized laboratories.
|
Timeline: What are the critical milestones and completion dates for
each task?
| 1a. Get approval on Information Technology Plan –
June 2003. 1b. With DIS, resolve security issues for state EDI
applications – July 2003.
1c. Complete Joint Application Development sessions to obtain
functional requirements for laboratories – August 2003.
1d. Identify prioritized LRN laboratories for implementation –
October 2003.
1e. Adapt existing code to meet Washington’s needs – October 2003.
1f. Test system – December 2003
1g. Pilot system – January 2004
1h. QA Review – January 2004
1i. Deploy to prioritized laboratories – March 2004 |
Responsible Parties: Identify the person(s) and/or entity assigned
to complete each task.
Evaluation Metric: How will the agency determine progress toward
successful completion of the overall recipient activity?
- Approval by DIS to proceed with security solution.
- Demonstration of functional, secure electronic laboratory
reporting system.
- Number of laboratories submitting data electronically.
|
Back to top
3. Develop firewall capabilities and Web technology and expertise
to implement and maintain an XML-compliant SOAP service for the secure
exchange of information over the Internet.
Strategies: What overarching approach(es) will be used to undertake
this activity?
| To be completed as part of multiple recipient
activities associated with Critical Capacities 13 and 14. |
Back to top
4. Develop systems and databases to implement the specifications,
vocabularies, and standards to exchange like data with public health
partners.
Strategies: What overarching approach(es) will be used to undertake
this activity?
| To be completed as part of multiple recipient
activities associated with Critical Capacities 13 and 14. |
Back to top
5. Implement message parsing technology to allow for the creation
and processing of public health information messages.
Strategies: What overarching approach(es) will be used to undertake
this activity?
| To be completed as part of multiple recipient
activities associated with Critical Capacities 13 and 14. |
Back to top
6. Participate in national stakeholders meetings, data modeling
activities, and joint application development sessions to help specify
the data types that will be exchanged among public health partners and
to understand how to implement them.
Strategies: What overarching approach(es) will be used to undertake
this activity?
| To be completed as part of multiple recipient
activities associated with Critical Capacities 13 and 14. |
7. (HRSA/CDC Cross-Cutting Activity) Laboratory Data Standard
-
Adopt and implement LOINC as the standard for electronic exchange
of clinical laboratory results and associated clinical observations
between and among public health department laboratories,
hospital-based laboratories, and other entities, including
collaborating academic health centers, that have a major role in
responding to bioterrorism and other public health emergencies.
(CRITICAL BENCHMARK #22)
Strategies: What overarching approach(es) will be used to undertake
this activity?
|
1. Implement a system that accepts notifiable conditions reports
from clinical and hospital laboratories and delivers reports to
appropriate public health jurisdictions, using PHIN standards
including required coding formats such as LOINC.
Prioritize laboratories in the LRN, especially state and local
public health laboratories.
Establish expectation for hospitals to prepare for electronic
reporting of data to public health, including planning for
modifications to hospital information systems to permit generation
of electronic messages that meet required public health format.
|
Tasks: What key tasks will be conducted in carrying out each
identified strategy?
|
1a. Work with DOH Division of Information Resource Management (DIRM)
to complete and get signed off the Information Technology Plan
1b. Work with Department of Information Services to resolve
security issues associated with EDI with state agencies.
1c. Define functional requirements in JAD sessions with
laboratories.
1d. Define expectations for electronic reporting of data from
hospitals to public health agencies. Note – defining desired
direction only, not requiring reporting.
1e. Adapt existing software code from model sites and other
sources to meet Washington needs.
1f. Identify priority LRN laboratories for implementation.
1g. Test system.
1h. Pilot system.
1i. Perform quality assurance review.
1j. Deploy system to prioritized laboratories.
|
Timeline: What are the critical milestones and completion dates for
each task?
|
1a. Get approval on Information Technology Plan – June 2003.
1b. With DIS, resolve security issues for state EDI applications
– July 2003.
1c. Complete JAD sessions to obtain functional requirements for
laboratories – August 2003.
1d. Expectations defined for electronic reporting from hospitals
to public health agencies – August 2003.
1e. Identify prioritized LRN laboratories for implementation –
October 2003.
1f. Adapt existing code to meet Washington needs – October 2003.
1g. Test system – December 2003
1h. Pilot system – January 2004
1i. QA Review – January 2004
1j. Deploy to prioritized laboratories – March 2004
|
Responsible Parties: Identify the person(s) and/or entity assigned
to complete each task.
| 1a-c and e-j DOH WEDSS. 1d DOH WEDSS and Washington
State Hospital Association. |
Evaluation Metric: How will the agency determine progress toward
successful completion of the overall recipient activity?
- Approval by DIS to proceed with security solution.
- Demonstration of functional, secure electronic
laboratory reporting system.
- Number of laboratories submitting data electronically.
- Commitment from hospitals to prepare for electronic
reporting.
- Evaluate the data completeness for electronic versus
paper reports
- Evaluate the mean and median time to deliver electronic
versus paper reports.
|
- In connection with CDC-provided technical assistance, identify
areas where refinement or extension of LOINC would enhance public
health emergency preparedness.
Strategies: What overarching approach(es) will be used to undertake
this activity?
| To be completed as part of Critical Capacity 14,
Recipient Activity 7. |
Back to top
|
