§495.338 Health information technology implementation advance planning document requirements (HIT IAPD).
Each State's HIT IAPD must contain the following:
(a) The results of the activities conducted as a result of the HIT planning advance planning document, including the approved state Medicaid HIT plan.
(b) A statement of needs and objectives.
(c) A statement of alternative considerations.
(d) A personnel resource statement indicating availability of qualified and adequate staff, including a project director to accomplish the project objectives.
(e) A detailed description of the nature and scope of the activities to be undertaken and the methods to be used to accomplish the project.
(f) The proposed activity schedule for the project.
(g) A proposed budget including a consideration of all HIT implementation advance planning document activity costs, including but not limited to the following:
(1) The cost to implement and administer incentive payments.
(2) Procurement or acquisition.
(3) State personnel.
(4) Contractor services.
(5) Hardware, software, and licensing.
(6) Equipment and supplies.
(7) Training and outreach.
(9) Administrative operations.
(10) Miscellaneous expenses for the project.
(h) An estimate of prospective cost distribution to the various State and Federal funding sources and the proposed procedures for distributing costs.
(i) A detailed payment listing file that--
(1) Is in an electronic format that may be a field delimited ASCII text file, a commonly used spreadsheet file, or a commonly used database file; and
(2) Shows each EP and eligible hospital for which the State will provide for the payment of incentive payments, including the--
(i) Name of the provider;
(ii) National provider identifier of the provider;
(iii) Type of provider as specified in §495.304;
(iv) Planned annual payment amounts;
(v) Total of planned payment amounts; and
(vi) Calendar year of each planned annual payment amount.
(j) A statement setting forth the security and interface requirements to be employed for all State HIT systems, and related systems, and the system failure and disaster recovery procedures available.
Make sure you are Omnibus Rule Compliant: HIPAA Privacy Checklist.