Return on Investment (ROI) Program Funding
Application
This template was built using the ITD ROI Submission
Intranet application. FINAL AUDIT REQUIRED: The Enterprise
Quality Assurance Office of the Information Technology Department is
required to perform post implementation outcome audits for all Pooled
Technology funded projects and may perform audits on other projects.
This is: A Pooled Technology Fund or Reengineering Fund Request. Amount
of funding requested: $265,000.00 An Agency IT Expenditure or Budget Request
(General Fund, Road Funds, Grants, etc.). Amount of funding requested:
$0.00
Section I: Proposal
Date:
8/20/02
Agency Name:
DHS - Cherokee
Project Name:
HIPAA, Network, PC - Cherokee
Agency Manager:
Allen Stange
Agency Manager Phone Number / E-Mail:
(712)225-6936 / astange@dhs.state.ia.us
Executive Sponsor (Agency Director or Designee):
Tony Morris
Project Summary:
Project funds are being requested to
assist the Cherokee MHI become HIPAA compliant. This involves costs
related to staff training, upgrading network hardware and software,
securing records, and creating systems and processes to monitor access to
and release of records.
Request for ROI Application Waiver:
Is this a request for a waiver? YES
Agencies are required to complete this funding
application when requesting funds for any Pooled Technology project, any
IT expenditure costing over $100,000, or any non-routine IT expenditure.
If you feel there is a compelling reason to waive this requirement,
please provide (in the box below) a brief description of the project or
expenditure, the budget amount, and a rationale for the waiver request.
Explanation:
Until a decision is made
regarding your waiver request, it is not necessary to complete any other portion
of this application. The ITD Enterprise Quality Assurance Office will convey
waiver request decisions within five working days of receipt.
A. Statutory or Other Requirements
Is this project or expenditure necessary for compliance with a Federal law,
rule, or order? YES (If "Yes", cite the specific Federal law, rule or order.)
Explanation: Helath Insurance Portability and
Accountability Act of 1996.
Is this project or expenditure required by state law, rule or order?
YES (If "YES",
cite the specific state law, rule or order. ) Explanation:
Does this project or expenditure meet a health, safety or security
requirement? YES (If "YES", explain.) Explanation: HIPAA is federal law. The Cherokee Mental Health Institute is
reposinsible for medical records of both patients and employees. We are also
considered a Business Associate, Trading Partner and Healthcare Provider under
the HIPPA Impact assessment criteria we filled out for our facility. The
facility is responsible for the security of the information that is collected,
stored and used for patient care as well as then given out under these federal
giudelines. We also submit claims for insurance billing, processing and
retriveal of funds.
The fiber system and switches were first installed
in June of 1997, many of our PCs were purchased from 95 to 97 with a few more in
98 and 99. Serveral network switches have begun failing and PCs are becoming
more difficult to keep running as motherboards are failing and parts are
becoming ever so difficult to obtain.
Our security system, energy
management and confidential hospital patient and employee information is all
being stored and used on the fiber system here. Correct monitored water
temperature for bathing is vital to the wealfare of our patients, correctly
monitored heating and cooling and security of our campus are important to our
patients and the citizens of Iowa.
Is this project or expenditure necessary for compliance with an enterprise
technology standard? YES (If "YES", cite the specific standard.)
Explanation:
Is this project or expenditure consistent with meeting the goals and
objectives of the State's strategic plans? YES (If "YES", cite the specific standard.)
Explanation:
[This section to be scored by
application evaluator.]
Evaluation (15 Points Maximum) If the
answer to these criteria is "no," the point value is zero (0). Depending
upon how directly a qualifying project or expenditure may relate to a
particular requirement (federal mandate, state mandate,
health-safety-security issue, or compliance with an enterprise technology
standard), or satisfies more than one requirement (e.g. it is mandated by
state and federal law and fulfills a health and safety mandate), 1-15
points awarded.
B. Customer Service Improvements
Summarize the extent to which the the
project or expenditure improves customer service to Iowa citizens or within
State government. Included would be such items as improving the quality of life,
reducing the government hassle factor, provding enhanced services, improving
work processes, etc. Response: Connectability
between mediacal records, physicians using the system, nurisng staff and
dictaion system users would improve with upgraded switches and PCs as well as
software to monitor access. Immediate access to medical records is extremely
important in a 24/7 facility 365 days a year. A complete assessment of HIPPA
compliance for our facility should be completed immediately showing us our
strenghts and weaknesses.
We are required to meet JCAHO (Joint
Commission on Accrediation of Health Orginations) standards and ensure security
of medical records and health information as requirred by them and under new
HIPPA rules and regulations.
[This section to be scored by
application evaluator.]
Evaluation (15 Points Maximum)
Minimally improves customer service (0-5 points).
Moderately improves customer service (6-10 points).
Significantly improves customer service (11-15 points).
C. Impact on Iowa's Citizens
Identify the main project or expenditure
stakeholders and summarize the extent to which each, especially citizens, is
impacted. Response: Without HIPAA compliance we
could in a position for law suits and federal penalties. This could also imped
our ability to collect monies from insurance companies, title 19, merit,
medicaid, medicare and other agencies that we work with in locating funding for
our patients (less revenue for the state). It could also interfere with the
ongoing treatment of medical care if we were unable to share medical information
with other entities when our patients are referred to them for further medical
treatment.
[This section to be scored by
application evaluator.]
Provide a pre-project or pre-expenditure
(before implementation) description of the impacted system or process.
Response: An assessment of HIPAA readiness needs to
be completed. Ideally from an outside source.
Presently our switches
were installed in June of 1997. They are running on 10 mb and failing. We could
redo our entire main hub and out laying switches for approximately 1/3 of what
was originally spent and have extended warranty and 100 mb speed. Most of our PC
were purchased in the 1997 and 1997 with a few in 98 and 99. They are beginning
to slow way down and parts are no longer avaible. We would need to implement and
install policies and procedueres as well as software to tract who has access to
what documents and to maintian logs of what information is sent out to other
individuals or facilities.
Provide a post-project or post-expenditure (after implementation) description
of the impacted system or process. In particular, note if the project or
expenditure makes use of information technology in reeengineering traditional
government processes. Response: 1) Continued
Training and Education for all staff. 2) Continued upgrading of the software
and hardware on the network to insure compliance. 3) Ongoing expenses for
secure record storage, supplies, and extra costs associated with this HIPAA
project, such as shredding and disposing of confidential material. 4)
Software monitoring of access to documents and record keeping. 5) Release of
information logs keep to be able to show patients and employees where their
information has been sent during the past 6 years.
[This section to be scored by
application evaluator.]
Evaluation (10 Points Maximum)
Minimal use of information technology to reengineer
government processes (0-3 points).
Moderate use of information technology to reengineer
government processes (4-6 points).
Significant use of information technology to reengineer
government processes (7-10).
E. Project Participants
List the project participants (i.e. single
agency, multiple agencies, State government enterprise, citizens, associations,
or businesses, other levels of government, etc.) and provide commentary
concerning the nature of participant involvement. Response: HIPAA is a state-wide project. This includes all DHS offices and
facilities. The Cherokee Mental Health Institute deals with Central Office,
other state institutions, Iowa City, Local Hospitals, Local doctors, Dentists,
County CPCs and County Mental Health Centers, law enforcements, judicial
offices, the Public and Private businesses.
[This section to be scored by
application evaluator.]
Evaluation (10 Points Maximum)
One agency (0-3 points).
Multiple agencies or levelsof government (4-6 points).
State government enterprise (7-10 points).
F. Risk
Describe the likelihood of successful technical implementation
of the project. This is not the same as meeting the programmatic (business) goal
of the project. Response: Federal law mandates
compliance. We will make the staff and man power available to impletment this
without additional salary dollars to our facitlity. We will be able to use the
knowledge of central office expertise for advise. We just do not have the monies
to cover upgrades and purchases of the software necessary to be incompliance at
this time. Successful projects that have been completed at CMHI would include
the installation of fiber campus network in the summer of 1997, implementation
and maitnenance of a dictation system for medical records fall of 1998,
installation of MP2 work order and inventory system and EMS energymanagement
system implementation during next fiscal year.
[This section to be scored by
application evaluator.]
Evaluation (5 Points Maximum)
High Overall Risk, Low Chance of Success (0-2 points).
Moderate Overall Risk, MOderate Chance of Success (3-4
points).
Low Overall Risk, High Chance of Success (5 points).
What is the programmatic (business) risk of not achieving the project goals
to Iowa citizens and employees? What are the risks to Iowans if this project
fails? Response: Pentalties and law suits could
happen if we are not incompliance and this would show up first in man hours
(money spent in wages) keeping track of releases and manaually doing the things
that the HIPPA law requires. Employees and patients would be covered under this
federal law to seek monitary compensations for errors in compliance from our
facility. Our staff are dependent upon the quick access to medical information
on our network in regard to medication, paharmacy drug reactions and history,
court reports and other medical record information as quickly as needed to
ensure the safety and health of our patients. Environmental controls and
operations such as locking doors, heat, cooling, cooking and water temperatures
are controled, monitored and recorded on computerized systems within our
facility. All of the day to day operations and long term improvements could be
improved by an upgrade in our technology structures. Security and monitoring
would also be greatly improved with the right tools and software.
[This section to be scored by
application evaluator.]
Evaluation (5 Points Maximum)
High Overall Risk, Low Chance of Success (0-2 points).
Moderate Overall Risk, MOderate Chance of Success (3-4
points).
Low Overall Risk, High Chance of Success (5 points).
G. Requestor Experience and Past Results
Provide three examples of
relevant agency IT projects, project management experience and results. List any
projects that required remediation and steps taken to resolve.
Response: 1) Implementation of new fiber backbone,
cisco switches and cabling of facility during the summer of 1997. DDM oversay
the project and began the installation. The IT staff at CMHI were the ones here
everyday dealing with the vedors, end computer users and have since maintained
the campus network. CMHI had a campus network in place before this project.
2) Implementation of a new medical records dictation systems. Server
maintenance, backup, end user training and ongoing upgrades of the system and
hardware has always been the reponsibility of the CMHI IT staff.
3)
JCAHO (Joint Commision Acrediation Healthcare Organizations) implemented new
guidelines for reporting data to them through the National Research Institute.
CMHI staff developed, implemented and have maitained this project database for
our own facility as well as for others.
[This section to be scored by
application evaluator.]
Evaluation (5 Points Maximum)
Minimal success(0-2 points).
Usually successful (3-4 points).
Almost always successful (5 points).
This criteria involves
rating the extent to which previous projects have successfully achieved
their objectives e.g. on time, on budget, minimal implementation problems,
positive programmatic impact, partnering with other agencies, and impact
on other agencies.
H. Funding Requirements
On a fiscal year basis, enter the estimated
cost by funding source:
FY04
FY05
FY06
Cost($)
% Total Cost
Cost($)
% Total Cost
Cost($)
% Total Cost
State General Fund
$0
0%
$0
0%
$0
0%
Pooled Tech. Fund
$265,000
100%
$0
0%
$0
0%
Federal Funds
$0
0%
$0
0%
$0
0%
Local Gov. Funds
$0
0%
$0
0%
$0
0%
Grant or Private Funds
$0
0%
$0
0%
$0
0%
Other Funds (Specify)
$0
0%
$0
0%
$0
0%
Total Project Cost
$265,000
100%
$0
100%
$0
100%
Non-Pooled Tech. Total
$0
0%
$0
0%
$0
0%
Is this project the first part of a future, larger project? YES (If "YES", explain.)
Explanation: Any training and maitaining of the
systems put into place for compliance would be handled by the facility at no
ongoing costs to the pooled technology fund.
Is this project a continuation of a previously begun project? YES (If "YES", explain.)
Explanation:
[This section to be scored by
application evaluator.]
Evaluation (10 Points Maximum)
This is the first year of a multi-year project / expenditure or
project / expenditure duration is one year (0-5 points)
The project / expenditure is of a multi-year nature and each annual
component produces a definable and stand-alone outcome, result or
product (2-8 points).
This is beyond the first year of a multi-year project / expenditure
(6-10 points)
The last part of this criteria involves rating the
extent to which a project or expenditure is at an advanced stage of
implementation and termination of the project / expenditure would waste
previously invested resources.
I. Source of Funds (Pooled Technology Funds Only)
On a fiscal year
basis, how much of the total project cost ($ amount and % ) would be
absorbed by your agency from non-Pooled Technology funds? If desired,
provide additional comment / response below. Response: After implementation our agengy would be responible for any on going
maintenance costs and the salaries of the employees needed to keep in
compliance. Pooled tech monies are being requested upfront to implement this
project starting with equipement being purchased by October 1, 2002, installed
completed by December 1, 2002, testing completed by January 1, 2003 and being
fully operational after January 1 , 2003. Evaluations of the all phases would be
completed by March 1, 2003. Our agency would then be responsible for any ongoing
expenses for maintenance, upgrades and training once implemented.
[This section to be scored by
application evaluator.]
Evaluation (5 Points Maximum)
0% (0 points)
1%-12% (1 point)
13%-25% (2 points)
25%-38% (3 points)
39%-50% (4 points)
Over 50% (5 points)
Section II: Financial Analysis
A. Project Budget Table
It is necessary to estimate and assign a
useful life figure to each cost identified in the project budget. Useful
life is the amount of time that project related equipment, products, or services
are utilized before they are updated or replaced. In general, the useful life of
hardware is three (3) years and the useful life of software is four (4) years.
Depending upon the nature of the expense, the useful life for other project
costs will vary between one (1) and four (4) years. On an exception basis, the
useful life of individual project elements or the project as a whole may exceed
four (4) years. Additionally, the ROI calculation must include all new
annual ongoing costs that are project related.
The Total Annual Prorated Cost (State Share) will be calculated based on the
following equation:
Budget Line Items
Budget Amount (1st Year Cost)
Useful Life (Years)
% State Share
Annual Ongoing Cost (After 1st Year)
% State Share
Annual Prorated Cost
Agency Staff
$0
1
0.00%
$0
0.00%
$0
Software
$30,000
4
100.00%
$4,500
100.00%
$12,000
Hardware
$235,000
3
100.00%
$0
0.00%
$78,333
Training
$0
4
0.00%
$0
0.00%
$0
Facilities
$0
1
0.00%
$0
0.00%
$0
Professional Services
$0
4
0.00%
$0
0.00%
$0
ITD Services
$0
4
0.00%
$0
0.00%
$0
Supplies, Maint, etc.
$0
1
0.00%
$0
0.00%
$0
Other
$0
1
0.00%
$0
0.00%
$0
Totals
$265,000
---
---
$4,500
---
$90,333
B. Tangible and/or Intangible Benefits
Respond to the following and
transfer data to the ROI Financial Worksheet as necessary:
1. Annual Pre-Project Cost - This section should be completed only if
state government operations costs are expected to be reduced as a result of
project implementation. Quantify all actual state government direct and indirect
costs (personnel, support, equipment, etc.) associated with the activity, system
or process prior to project implementation. Describe Annual
Pre-Project Cost:
Quantify Annual Pre-Project Cost:
State Total
FTE Cost(salary plus
benefits):
$0.00
Support Cost (i.e. office supplies,
telephone, pagers, travel, etc.):
$0.00
Other Cost (expense items other than FTEs
& support costs, i.e. indirect costs if applicable,
etc.):
$0.00
Total Annual Pre-Project
Cost:
$0.00
2. Annual Post-Project Cost - This section should be completed only if
state government operations costs are expected to be reduced as a result of
project implementation. Quantify all actual state government direct and indirect
costs (personnel, support, equipment, etc.) associated with the activity, system
or process after project implementation. Describe Annual
Post-Project Cost:
Quantify Annual Post-Project Cost:
State Total
FTE Cost(salary plus
benefits):
$0.00
Support Cost (i.e. office supplies,
telephone, pagers, travel, etc.):
$0.00
Other Cost (expense items other than FTEs
& support costs, i.e. indirect costs if applicable,
etc.):
$0.00
Total Annual Post-Project
Cost:
$0.00
3. Citizen Benefit - Quantify the estimated annual value of the
project to Iowa citizens. This includes the "hard cost" value of avoiding
expenses ("hidden taxes") related to conducting business with State government.
These expenses may be of a personal or business nature. They could be related to
transportation, the time expended on or waiting for the manual processing of
governmental paperwork such as licenses or applications, taking time off work,
mailing, or other similar expenses. As a "rule of thumb," use a value of $10 per
hour for citizen time savings and $.325 per mile for travel cost savings.
Travel
Savings
Number of Trips:
$0
Miles per Trip:
0
Trips per Year:
0
Number of Citizens Affected:
0
Rate per Mile
$0.325
Total Travel Savings:
$0
Transaction Savings
Number of annual online transactions:
0
Hours saved/transaction:
0
Number of Citizens affected:
0
Value of Citizen Hour
0
Total Transaction Savings:
$0
Other Savings (Describe)
$0
Total Savings:
$0
4. Opportunity Value/Risk or Loss avoidence - Quantify the estimated
annual non-operations benefit to State government. This could include
such items as qualifying for additional matching funds, avoiding the loss of
matching funds, avoiding program penalties/sanctions or interest charges,
avoiding risks to health/security/safety, avoiding the consequences of not
complying with State or Federal laws, providing enhanced services, avoinding the
consequences of not complying with enterprise technology standards, etc.
Response: Penalties could range in the thousands to
hundreds of thousands of dollors per year if we were not compliant or ever sued
by a patient for giving out information to the wrong sources. This has been
examined in court and already has cost the state money. I do not have an exact
dollor amount but a $1,000.00 dollar fine for every admission (approximately
1,330 admissions and 245 employees)during the last fical year would be
approxiamtely $1,575,000.00 or even more for just one lawsuit. Collection of
medicare dollars, medicad dollars and other insurance claims for services
redered could also be lost.
5.Benefits Not Readily Quantifiable - List and summarize the overall
non-quantifiable benefits (i.e., IT innovation, unique system application,
utilization of new technology, hidden taxes, improving the quality of life,
reducing the government hassle factor, meeting a strategic goal, etc.).
Response: Meeting federal requirements.
Rate the overall non-quantifiable benefits on a "1 - 10" basis, with "10"
being of highest importance: 10
Benefits Not Readily
Quantifiable
ROI Financial Worksheet
A. Total Annual Pre-Project cost (State Share from
Section II B1):
$0
B. Total Annual Post-Project cost (State Share from
Section II B2):
[This section to be scored by
application evaluator.]
Evaluation (10 Points Maximum)
Generates 0% annual return on investment (0 points)
Generates 1-3% annual return on investment (1 point)
Generates 4-6% annual return on investment (2 points)
Generates 7-10% annual return on investment (3 points)
Generates 11-15% annual return on investment (4 points)
Generates 16-20% annual return on investment (5 points)
Generates 21-25% annual return on investment (6 points)
Generates 26-44% annual return on investment (7 points)
Generates 45-63% annual return on investment (8 points)
Generates 64-82% annual return on investment (9 points)
Generates over 83% annual return on investment (10 points)
Note: For projects where no State Governmment Benefit,
Citizen Benefit, or Opportunity Value or Risk/Loss Avoidance Benefit is
created due to the nature of the project, the Benefit/Cost Ratio and
Return on Investment values are set to Zero.
Section III. Technology
A. Current Software Technology
1) Software (Client Side / Server Side / Mid-Range / Mainframe ) :
a) Application Software
Microsoft Office 97, SQL 7.0, Visual Basic, COBOL
b) Operating system
software PC - Windows 95,98,2000 Server: Windows NT
Midrange: UNIX
c)
Major interfaces to other systems, both internal and external MHR (Bull DPX20) and mainframe in central office
d) Other NA
2) Hardware (Client Side / Server Side / Mid-Range / Mainframe ) :
a) Platform, operating
system Server: NT Midrange: UNIX
b) Storage and physical environment
NA
c) Connectivity and bandwidth T1 line connecting us
to the wide area network, on campus multi mode fiber between swithces with 10 mb
speed and cat 5 to the desktop.
d) Logical and physical connectivity CISCO
switches, hubs and router.
e) Major interfaces to other systems, both internal and external
NA
f) Other NA
B. Proposed Technology
1) Software (Client Side / Server Side / Mid-Range / Mainframe ) :
a) Application Software
Software to monitor computer access to medical records,
record logs on releases of information and to prevent unauthorized access.
b) Operating system
software NA
c) Major interfaces to other systems, both internal and external
NA
d) General parameters if specific parameters are unknown or to be
determined NA
e) Other NA
2) Hardware (Client Side / Server Side / Mid-Range / Mainframe ) :
a) Platform, operating
system Upgrade all switches, hubs, routers and pcs.
b) Storage and
physical environment NA
c) Connectivity and bandwidth NA
d)
Logical and physical connectivity NA
e) Major interfaces to other systems, both
internal and external NA
f) General parameters if specific
parameters are unknown or to be determined NA
g) Other NA
C. Data Elements
Reord keeping of who has asscess to what
medical records, failed attempts when someone is trying to get in, logs listing
who has signed releases of information and what information was sent to whom and
by whom. It would be both analytical/reporting and able to keep track
D. Security / Data Integrity / Data Accuracy / Information Privacy
1) List the Security
Requirements of the project Software to monitor access and
to control security.
2) Describe how the security requirements will be integrated into this project
and tested. NA
3) Describe what measures will be taken to insure data
integrity, data accuracy and information privacy. NA
E. Project Schedule
Describe general time lines, resources, tasks, checkpoints, deliverables,
responsible parties, etc. Implementation to start with
equipement being purchased by October 1, 2002, installed completed by December
1, 2002, testing completed by January 1, 2003 and being fully operational after
January 1 , 2003. Evaluations of the all phases would be completed by March 1,
2003.
Section IV. Auditable Outcome Measures
For each of the below categories, list the auditable metrics
for success after implementation and identify how they will be measured.
1. Improved customer
service We will be able to comply with HIPPA security
regulations and able to give a list of all releases of information for the past
6 years from the time of the rquest.
2. Citizen impact All privacy and
security requirements will be met.
3. Cost Savings No penalties from the federal
government and no dollars paid out in law suits. Reduced staff time waiting for
data transactions due to slow speed on the network, down time due to failing PCs
and better access to medical information.
4. Project reengineering Annual review
of policies and procedures with regard to HIPAA compliance.
5. Source of funds
(Budget %) No response required.
6. Tangible/Intangible benefits First priority would be the security of our patient information for
our patients and for the citizens of Iowa. Our next prority would be employee
information and security of that information. Compliance with all federal and
state laws are as equally important and a very valuable tangible benefit.
