(Attach B)
RFP Concept Paper # 61
Presented to Technology Governance Board (TGB)
Date Prepared: March 24
Name of RFP to be reviewed:
Iowa Prescription Drug Monitoring Program (IPDMP)
Agency:
Department of Public Health, Board of Pharmacy
RFP Reference #: unassigned
Release Date: May 1, 2008 (anticipated)
Projected cost over $50,000? Yes _X__ No ___
Projected agency staff hours over 750? Yes ___ No _X__
Cost:
List estimated total cost of RFP: $400,000 - $500,000 for program development and implementation;
annual support and maintenance costs vary depending on type of maintenance agreement.
Timelines:
The Board anticipates issuance of the RFP by May 1, 2008. Closing date for the RFP will be June
13, 2008. Evaluation of proposals and announcement of successful vendor is anticipated for July 1,
2008. Anticipated completion of program development, including application and data testing, is
October 1, 2008, (contract completion).
Goal:
The goal of the Iowa Prescription Drug Monitoring Program (IPDMP) is to provide health care
practitioners with real-time access to program data via the Internet. The program will collect dispensing
information from all outpatient pharmacies providing Schedule II through Schedule IV prescription
medications to patients in Iowa. Data collection/transmission will be accomplished by electronic
communication or by submittal of data disk or tape on at least a bi-weekly schedule. A prescriber may
request a profile on an individual patient to aid in making appropriate treatment decisions for a patient
requesting, or identified as needing, a controlled substance. A pharmacist may also request a profile
on an individual patient presenting a prescription for a controlled substance to aid in evaluating drug
therapy. Law enforcement and regulatory agencies may request information maintained by the
program regarding an individual who is the subject of an open investigation.
To measure the effectiveness of the IPDMP, the program will tabulate the number and types of
requests for reports of database information, and the source of those requests (i.e. prescriber,
pharmacist, law enforcement, statistics, out-of-state regulatory agencies, etc.), will be tabulated.
(Attach B)
Data will be provided by program personnel to law enforcement and regulatory agencies and requests
will be approved on a case-by-case basis by authorized program personnel upon receipt of evidence of
an open investigation regarding the subject of the request. The program will track the time elapsed
between prescription fill and availability of the prescription information in the database and will track
time elapsed between a request for data and the availability of the requested information. Most of the
data collected and used to evaluate program effectiveness will be tracked or tabulated using the
program database and web access applications.
Background:
The Board of Pharmacy applied for and, in July 2004, was awarded a federal grant in the amount of
$350,000 for the planning and implementation of a prescription drug monitoring program in Iowa. The
grant was awarded through the U.S. Department of Justice, Office of Justice Programs, Bureau of
Justice Assistance, Harold Rogers Prescription Drug Monitoring Program.
The initial proposal was to establish and implement the IPDMP through rule-making under the authority
granted the Board pursuant to Iowa Code Chapter 124. The IPDMP was originally intended to be a
database collection of controlled substances prescription records maintained or controlled by the Board
of Pharmacy. Prescribers, pharmacists, regulators, and enforcement agencies would be required to
submit requests for information regarding patients or prescribers from Board personnel who would
query the database, prepare a report, and deliver the report to the requestor. The original plan also
provided that Board personnel would review information in the database to proactively identify patients
who may be abusing or misusing controlled substances and to notify prescribers regarding those at-risk
patients. Following meetings and discussions with interested parties, the original plan for the IPDMP
was revised to eliminate proactive review of patient information, to provide for 24-hour access to
program data via Internet access, and to seek specific legislative authority for implementation and
maintenance of the IPDMP.
A second grant was sought and awarded to the Board of Pharmacy through the Harold Rogers
Prescription Drug Monitoring Program for an additional $292,963. The additional funding awarded in
July 2005 provides for expansion of the IPDMP program plan to provide for 24-hour access by
authorized health care practitioners to program data without Board personnel intervention.
The Iowa Legislature authorized establishment of the program, with a sunset date of July 1, 2009,
unless specifically extended by subsequent legislative authority. Federal grant funds are available for
approved program expenditures until March 31, 2009.
The authorizing legislation directed the Governor to appoint an advisory council to work with the Board
of Pharmacy and staff to establish the program including identification of required data elements, rules
regarding access to program data, education of the public and health professionals regarding the
program and program objectives, and development and adoption of administrative rules regarding the
program. Members of the Council were appointed in 2007 and have met in planning sessions to
identify and resolve questions regarding establishment of the program and the format of the program
and program data. Additional actions by the Council are pending publication of the RFP for
development of the database and Internet connectivity and selection of a vendor.
Expected Results in this Product:
(Attach B)
Data relating to prescriptions for specific controlled substance medications dispensed by Iowa
licensed pharmacists to Iowa patients will be transmitted to the program database and made
available to authorized health care practitioners engaged in the care and treatment of Iowa patients.
Data from pharmacies will be transmitted and incorporated into the program database no less
frequently than twice monthly, either by direct transmission between the pharmacy and the Board’s
data server or through a data switching company. Access to program information regarding a health
care practitioner’s patient will be provided, via secure Internet access restricted to registered health
care practitioners, 24/7. Treating health care practitioners will be able to query the program database
to identify any prescriptions for Schedule II, III, or IV controlled substances that have been dispensed
for the practitioner’s patient by any Iowa pharmacy on the authority of any prescribing practitioner.
Health care practitioners will be able to use this information in determining appropriate prescribing
and treatment for individual patients without fear of contributing to a patient’s abuse or dependence
on addictive drugs or diversion of those drugs to illicit use. Practitioners will have information needed
to make informed decisions regarding a patient’s need for these dangerous substances, enhancing
patient care and chronic or acute pain remedies.
Law enforcement and regulatory agencies involved in an investigation involving a specific individual
may request information regarding that individual upon submission of a valid warrant or subpoena for
the information. This ability to obtain information regarding illegal drug distribution activities from a
single source will shorten the time needed for a single investigation, enabling enforcement personnel
to complete more investigations in a timely manner.
Pilot Testing Completed:
The winning bidder’s product must pass acceptance testing. Tests will be developed by the Board and
the Advisory Council and will cover all criteria provided in the standards section below. Board staff will
monitor and evaluate the system.
FY ’08 Project Funds:
Funding is provided by the grant awarded through the U.S. Department of Justice, Office of Justice
Programs, Bureau of Justice Assistance, Harold Rogers Prescription Drug Monitoring Program, in the
total amount of $642,963. Funding is available for approved program activities until March 31, 2009.
Some of the Interested Parties:
Governor’s Office of Drug Control Policy
Iowa Association of Nurse Practitioners
Iowa Board of Medicine
Iowa Board of Nursing
Iowa Civil Liberties Union
Iowa Dental Association
Iowa Dental Board
Iowa Medical Society
Iowa Nurses Association
Iowa Nurse Practitioner Society
Iowa Osteopathic Medical Association
Iowa Pediatric Nurse Practitioners Association
Iowa Pharmacy Association
(Attach B)
Iowa Physician Assistant Society
Iowa Podiatric Medical Society
Iowa Society of Interventional Pain Physicians
National Association of Chain Drug Stores
Polk County Medical Society
Iowa licensed pharmacies, pharmacists, physicians and other prescribers, members of the public, and
other health professions regulatory boards and health professions associations and societies
Some of the Recipients of this Service:
Members of the health professions societies and associations that are identified above as “interested
parties” and pharmacists, prescribers, and Iowa patients. In addition, law enforcement agencies and
health professions regulatory agencies and boards may request program information or data relative to
active investigations.
Standards:
The database application must operate and be accessible 24 hours a day, 7 days a week, to ensure
availability of program data to qualified health care practitioners engaged in the care and treatment of
Iowa patients at any time of the day or week. The following requirements have been identified:
General Requirements:
The software must run on Windows 2003 Server.
The software must run in a .net or java environment.
The software must be able to produce reports using Microsoft Word and Excel and Adobe
Acrobat, as well as RTF format and XML.
The solution must be web-based, compatible with Microsoft Internet Explorer 6.0 or higher.
Board program staff must be able to adjust commonly altered variables such as codes, table
contents, report parameters, etc. without the services of a professional programmer.
The software must provide a basis for preparing various statistical and analytical reports.
The vendor must provide ongoing training and support.
The vendor must provide online maintenance of software.
The vendor shall provide complete documentation and user manuals for any software package
selected for purchase.
The software must store historical use and access data for the purposes of identifying any
individual adding or querying program data, including identification of the user, the data added or
accessed, the date and time of access, and any other information identified by the program
administrator.
The software must support multiple simultaneous users accessing the same application and the
same information.
The vendor shall provide for future updates and program enhancements on a regular basis as
part of a maintenance program; all updates and enhancements shall be fully tested by the vendor in a
simulated program environment prior to installation in the working environment.
The software must provide the ability to direct output of a data search to a printer at a user’s site.
The system must maintain an audit trail of all changes to patient and prescription information.
Data Repository and Management Requirements:
(Attach B)
Board program staff must be able to summarize information on a specific drug product, class,
ingredient, strength, and form for a specific date range or area of the state and to export the data to a
PDF report or spreadsheet.
Board program staff must be able to generate ad hoc reports utilizing any combination of program
data elements.
The system must provide a facility to form a query to search for patients based on different
combinations of their name, date of birth, address, telephone, prescriber, and drug used. This search
must be accessible to authorized users from the Internet and must also allow the user to select patients
from the result and generate a report that can be exported as a PDF document or Excel spreadsheet.
The system must provide a means to drill down to a patient through searches based on an
advanced search and then display all program information about the patient including pharmacies used,
prescribers, prescriptions dispensed including date, drug, strength, and quantity.
The system must provide a facility to archive prescriptions and their related data before a certain
date into an archive database and to remove those prescription records from the production database
and to retrieve prescriptions and their related data from the archive database.
The system must provide a report on archived prescriptions by name, date of birth, DEA number,
and date of dispensing.
The system must provide a means to audit the following actions: logins, logouts, query
executions, user administrations, and batch operation executions. The system must log the details of
the user involved and the time the action was performed.
The system must provide a means to audit and tabulate user access and queries executed via
the Internet. The system must log the details of the user involved and the time the action was
performed.
The system must allow the administrator to query, view, report, and archive audit log information
and Internet audit log information.
The system must provide a facility to extract prescription data for a particular patient or prescriber
within a specified period of time into acceptable report format.
The system must allow the administrator to add, edit, and display pharmacy information including
pharmacy National Practitioner Identification (NPI) number, pharmacy name, 3 address lines, city,
state, zip code, telephone number, DEA number, Iowa license number, license status, license
expiration date, and contact name.
The system must allow the administrator to add, edit, and display practitioner information
including DEA number, mailing name, last name, first name, middle name, specialty, 2 address lines,
city, state, zip code, telephone number, and DEA expiration date.
The system must provide the administrator a facility to print a report listing all sets of patients
where there is similarity per certain predefined criteria to allow the administrator to investigate whether
those patients should be consolidated into one for all queries and analyses and to link those patients
appearing to be the same so a query or analysis on any one of those patients retrieves the information
for all.
The system must allow the administrator to search on all prescriptions that have an unknown
DEA number and to correct bad DEA numbers through a “search and replace” function.
The system must allow the administrator to search all prescriptions that have an unknown NDC
code and to correct bad NDC codes through a “search and replace” function.
The system must maintain state licensing numbers for pharmacies and practitioners.
The system must provide a facility to load NDC data into NDC master tables: NDC product data,
ingredient data, and therapeutic class data.
(Attach B)
The system must provide a facility to upload a file containing pharmacy data. The system must
process the uploaded file and add or update the pharmacy’s information into the program database.
The system must provide the capability for data collection from different pharmacies as an
alternative to collection of all data from a single source. This must include a mechanism for pharmacies
to do a secure upload of their prescription data directly. Any errors during the upload must be tracked
and sent to the pharmacy’s coordinator or to the program administrator via e-mail. As part of this
functionality, the system must provide the ability to track which pharmacies have provided data and
which have not and to provide the ability to follow up with the pharmacy’s coordinator.
The system must provide a mechanism to review a list of pharmacies that have not timely
submitted prescription data to the program and to send an e-mail to or print a letter for these
pharmacies.
The system must provide a mechanism for the program administrator to upload a file for a
pharmacy that has sent the pharmacy’s data by diskette or CD, or to manually enter data submitted by
a pharmacy in hard-copy format. The system must also allow the administrator to specify an e-mail
address to be informed about the completion of the processing.
The system must provide a mechanism for the program administrator to view the results from the
processing of the files uploaded along with the ability to print a report for a specific file.
The system must provide a mechanism for the program administrator to undo a prescription data
file upload that was not appropriate.
The system must provide a facility to upload a file containing practitioner data. The system must
process the uploaded file and add/update the practitioner’s information into the database.
The system must provide the means to submit and process a file containing prescription data as
per the layout in the “ASAP Rules-Based Standard Implementation Guide for Prescription Monitoring
Programs,” from the American Society for Automation in Pharmacy. Specific data elements to be
submitted by pharmacies shall be identified by the program administrator. As part of the process the
system must validate the data for bad dates, preceding and succeeding spaces, duplicate prescriptions,
DEA numbers, NDC codes, etc.
The system must provide a means to maintain the original prescription information whenever any
corrections or changes are made to the record.
An address standardization utility must be incorporated into the system in order to standardize
addresses at the time of loading prescription data. This utility must validate and standardize the
address based on certain predefined assumptions or rule, validate the zip code or provide the correct
zip code, and flag incorrect addresses with an error.
The prescription loading function must allow for a specification that only data for particular DEA
drug schedules or specific drugs should be loaded.
The system must allow the program administrator to test run a prescription data load process
(administrator upload only) and to generate a report of errors encountered with the test run.
The upload process must check for required data fields.
The pharmacy upload process must provide the ability to pick up prescription data files from a
secure FTP location.
The system must provide pharmacies the ability to identify in their prescription upload whether a
prescription is a new prescription, modified prescription, refilled prescription, or deleted prescription.
A report must be provided that lists all prescriptions for a DEA schedule or a drug product within a
specific time period ordered by patient name, prescriber, or pharmacy.
The system must provide the ability to present information on patients without providing the actual
personal details of the patient. The system must provide the ability to present similar information on
prescribers and pharmacies.
(Attach B)
The system must provide a facility to load DEA registration data into DEA master tables:
registrant name, address, telephone number, DEA number, and DEA registration expiration.
The system must provide a facility to upload a file containing pharmacy data and add/update the
pharmacy information into the database.
The system must provide the ability to print the program identification on every report printed by
the administrator or from an Internet query.
The system must provide a facility to save a query and rerun it later.
Web Portal Requirements:
The system must provide “My Account” functionality where an authorized user can update contact
information.
The system must provide a user directory with contact information about all authorized users.
On any user’s home page, the system must display unexpired news items or alerts for the region
the user belongs to.
The system must provide for a default state value for an implementation and must use that value
as the state in any state field in a query or user contact information when the user has not entered a
different value for a state field.
The system must incorporate a facility to track web site usage and to provide statistics about that
usage.
The system must have system level parameters that can be easily maintained and must be used
for certain basic operations by the system including number of historical passwords, number of invalid
logins allowed, etc.
Security access in the system must be customizable as a set of functions that get attached to a
particular profile. A user must be linked to one or more such profiles to define the user’s access rights
to the system.
The system must maintain the following information on a user: name, title, organization,
telephone numbers, e-mail address, fax number, the region the user belongs to, preferred mode of
receiving communications (phone, fax, e-mail, message center, etc.), user type, and any identification
number based on the user type.
The system must provide an authorized user the ability to maintain news items, announcements,
memos, reference links to other important or related sites, and frequently asked questions (FAQ’s) for
handling regular issues.
The system must provide the ability to maintain system code vales (lists of values for specific
codes).
The system must provide an authorized user the ability to save a query and rerun it later.
The system must provide the program administrator the ability to view a list of all active users in
the system.
The system must provide the program administrator the ability to easily customize error
messages, header and footer displays, and other important system messages.
The system must provide a mechanism for a new user to register with responses to certain
questions before being provided a login account. These questions and their responses must be used
to authenticate the user for critical access functions.
The system must maintain an audit trail of all changes to information.
The system must provide an authorized user the ability to submit an alert on a suspected
offender. The alert information must include personal information, vehicle information, drug
information, practitioner information, contact information, and images.
(Attach B)
The system must provide an authorized user the ability to submit an alert on a suspected
prescription. The alert information must include patient information, prescriber information, drug
information, pharmacy information, contact information, and images.
The system must provide an authorized user the ability to submit an alert on a lost or stolen
prescription pad.
The system must provide an authorized user the ability to post or reject an alert, and to post an
alert to specific regions or to specific types of users.
The posting mechanism must post the alert on the web center as well as send it to users via fax
or e-mail, based on the preferred mode of communication identified as an attribute of the user.
The system must provide a facility to print a copy of an alert in a form than can be displayed on a
bulletin board.
The system must provide “Alert Search” functionality that captures the reason a user wants to
search for an alert and provide a user interface similar to the alert form that allows the user to specify
the alert search criteria. The search functionality must search for alerts across all regions the user has
access to. The criteria for searching must be an AND combination of all criteria the user has defined on
the search form. The system must capture and store the reason the user is searching for an alert.
The system must provide the user a facility to respond with information on an alert. The system
must allow the user to enter information into a text box and on submission, attach the response to the
alert in such a manner that any user who has access to the alert can also see the responses.
Responses shall identify the user recording the response and contact information (such as name, e-
mail, telephone, or fax) with the date and time the response is recorded.
The system must provide a user the ability to view alerts submitted by that user as well as all
alerts posted for that user’s region.
The system must provide the ability to create an alert with only comment information (an alert
about an event, meeting, etc.).
The system must provide an authorized user the ability to request and retrieve patient utilization
information via the web portal. Requested report parameters must include the following: patient’s
name, date of birth, address, alias names, family member names, telephone, and a date range for
which the information is being requested. The use of wildcard characters must be allowed.
The system must respond to an authorized user’s request by displaying a report (Excel
spreadsheet or PDF file) including all information meeting the criteria of the query. The system must
provide the ability to print a displayed report on a printer at the user’s site.
The system must provide the program administrator the facility to track all requests and alerts in
the system.
A statistical report on all alerts in the system must be provided with report parameters including
the region, alert type, and alert posting date range. The alert statistics report must address different
types of alerts.
A statistical report on all requests/queries submitted through the web portal must be provided with
report parameters including the requestor, request subject, request type, and request date range.
A statistical report on all alert searches in the system must be provided with report parameters
including the alert type, alert reason, and search date range.
Data Collection Requirements:
The vendor must ensure a solution including the reporting of dispensing data by pharmacies.
This may be accomplished through customization of a commercial off-the-shelf software package to
permit the use of web-based technologies for the reporting of dispensing data by pharmacies.
Alternatively, this may be accomplished by contracting with a pharmacy data collection and relay
(Attach B)
company (switch) such as Atlantic Associates or McKesson’s RelayHealth. The solution must track the
use of the system and provide the pharmacy with notification that a file has been received or rejected.
The vendor must ensure that the program administrator has the ability to and the training
necessary to collect, cleanse, and upload prescription data reported and submitted by pharmacies in
accordance with rules of the Board of Pharmacy (Board).
The Board will provide the vendor with a list of pharmacies required to report to the program. The
vendor will ensure that the appropriate pharmacy data is converted, as needed, for incorporation into
the program database.
The vendor shall ensure that pharmacy prescription data is collected in the format established by
the American Society for Automation in Pharmacy (ASAP), ASAP Telecommunications Format for
Controlled Substances, 2005 version, or as otherwise provided by rules of the Board. The data must
be collected by telephone modem connection, diskette, CD-ROM, tape, secure FTP, Virtual Private
Network (VPN), or other format or method approved by the Board.
Pharmacy prescription data shall be collected, at a minimum, twice a month or as agreed upon by
the Board. Data shall be reviewed to determine conformity with thresholds, established by the Board,
for accuracy and completeness. If any data submitted does not meet the threshold, the program
administrator or switch company, as appropriate, shall have the ability to return the data file to the
pharmacy for corrections and resubmission. If the returned data is not corrected and resubmitted by
the deadline established by the Board, the program administrator shall be notified.
The Board may also accept written paper reports such as the universal claim form, provided the
pharmacy has been granted a waiver from electronic submission by the Board. The program
administrator shall be able to enter data submitted on paper into the program data file.
The pharmacy prescription data collected shall include prescriptions for controlled substances
listed in Schedules II, III, and IV of the Iowa Uniform Controlled Substances Act and any other data
specified by Iowa law as amended from time to time.
Pharmacies under common ownership may be allowed to submit a single timely transmission of
prescription data provided each pharmacy site is clearly identified in the data for each dispensed
prescription.
The system shall record and provide a mechanism for documentation or reporting to the Board
receipt of each data transmission event from a pharmacy.
If data is to be directly transmitted by pharmacies to the Board, the vendor shall be responsible
for providing an application interface to convert license numbers, DEA numbers, and NDC numbers to
data fields. The software must provide the program administrator with notification that a DEA number
has been entered incorrectly if the entries do not meet requirements.
If data is to be transmitted by pharmacies through a switching company, the vendor shall be
responsible for ensuring the appropriate interface to convert license numbers, DEA numbers, and NDC
numbers to data fields is available. The system must provide the program administrator with
notification that a DEA number has been entered incorrectly if the entries do not meet requirements.
If data is to be directly transmitted by pharmacies to the Board, the vendor shall be responsible
for providing an application interface to format pharmacy prescription data in an agreed upon PC-
compatible text format for importation to a relational database. All plans and procedures for reporting
data shall be made in consultation with and subject to approval of the Board. The data shall be
transmitted by secure FTP or other mutually agreeable method.
If data is to be transmitted by pharmacies through a switching company, the vendor shall be
responsible for ensuring the appropriate interface to format pharmacy prescription data in an agreed
upon PC-compatible text format for importation to a relational database is available. All plans and
procedures for reporting data shall be made in consultation with and subject to approval of the Board.
The data shall be transmitted by secure FTP or other mutually agreeable method.
(Attach B)
The Board will own all data collected, cleansed, and transmitted from pharmacies or the switching
company to the program database.
The vendor shall ensure that the Board is able to prepare an electronic report upon demand that
identifies those pharmacies that have not submitted the required pharmacy prescription data and those
submissions that were rejected, including the reason for rejection.
Recommendations from DAS staff and CIO Council members:
From 10 of 11 JCIO members:
a) Is there duplication within Government? ................................................................................. Some
b) Can an existing program be modified to address a new need? .......................................... Possibly
c) Do you have any similar program in existence? ...................................................... A small portion
d) Have you sought RFP’s for similar programs in the past? ............................................................ No
e) Do you have RFP’s for similar programs? ..................................................................................... No
f) Do you have an RFP that could be used as a starting point for this program? ............................. No
g) Is there anything you could provide that could assist the agency with this RFP? ......................... No
h) Are there alternatives available to the agencies? ........................................................................ Yes
Recommendation of the JCIO to the TGB:
Authorize this RFP (or Sole Source Procurement) to be released for bid Yes _X_ No ___
Alternatives suggested by the JCIO (see additional comments below) Yes _X_ No ___
Additional JCIO comments: Corrections has a pharmacy program that has some of the
functionality described in the concept paper. DOC and IBP have discussed whether the
DOC program is a valid alternative to this RFP. After discussion between the IBP and
DOC, it has been determined that, although DOC Pharmacy has some of the functionality
required, it would require a major rewrite to meet the needs of the IBP. IBP will contact
DOC’s developer as the project progresses for possible assistance.
Recommendation of the IT RFP Advisory Group to the TGB:
Authorize this RFP (or Sole Source Procurement) to be released for bid Yes _X_ No ___
Alternatives suggested by the advisory group (see comments below) Yes ___ No _ X_
Additional comments from advisory group members: None