Sample RFP and Requirements for a Policy Management System within Healthcare

I am not responsible for usage and omissions for this — but here is a sample RFP and requirements document for a modern policy management system within a secure environment — such as healthcare.

I hope it helps, whether you are considering solutions like Tallyfy or otherwise.

Please note this disclaimer. I’m affiliated with Tallyfy— a workflow and BPM platform which differentiates through incredible ease-of-use, customer-facing features and flexibility to drive adoption in modern teams.

General Features/Functions

How and how much historical data could be migrated?

Interface with outlook? If so, explain.

How does someone access the tool when off premises?

How does the search functionality work?

Intuitive search with option to select document content, title, department or document owner? Explain.

Ability of an excerpt of document is shown in search results? Explain.

Ability for each facility to have their own library with ability to filter region and ministry documents to appropriate audiences? Explain.

Ability for customizable document workflow and approval process with automatic alerts? Explain.

Ability to create “group” workflows where individuals can be identified as having different responsibilities within a document? Explain.

Visual cues for monitoring workflows?

All document edits redline tracked with revision timelines? Explain.

Ability to edit document within software without needing to switch or “check out” to Microsoft Word? Explain.

Bulk overwrite feature allows reassignment of responsibilities and workflows if someone leaves department? Explain.

Customized email notifications when items are up for review or pending tasks? Explain.

Ability to share and collaborate in development to eliminate redundancy? Explain?

Teams can be assigned and are clearly identified within each document? Explain.

Comprehensive audit trail of past versions?

Visual history timeline? Explain.

Documents are automatically cataloged and available once approved? Explain.

Each document automatically updated with key document information, such as approved date, when the document expires, owner, and department? Explain.

Document is maintained in one system throughout development, review, approval and posting. The need to edit a document in one program and then upload into another system is eliminated? Explain.

Documents are posted for staff as a view only document. Documents convert to format that can be edited for the collaboration process? Explain.

Co-workers are notified of policy changes and required to document understanding? Explain.

Coworker is able to easily view updates when acknowledging new policy. Eliminates the need to prepare a separate summary of changes? Explain.

Can be assigned test or quiz to demonstrate competency on new document? Explain.

Ability to integrate with regulating bodies to receive notifications on most up to date standards? Explain.

Regulations can be tagged within each document for the ability to search for all the documents that apply to a specific standard? Explain.

Company features implementation team which will upload, format existing documents into library, and identify duplicate documents? Explain.

How user friendly is the system for front line co workers and managers? Explain.

Fields put out for co worker and manager must be customizable? Explain.

Fields put out for co worker and manager must have the ability to make required? Explain.

Ability to track follow up so that reminders can be sent if overdue? If so, explain. Can this be automated?

How many policy classification types are in your system and what are they?

How is data track and trended in general?

How system administration functions handled across and within the applications?

How is the system accessed (ie via email links)?

Does your system support single sign to all applications? If so, explain.

Ability to classify by category? If so, explain

How are alerts managed?

Mechanism for routing policies? If so, explain

Explain how the policy review process works?

Ability to flag and categorize policies? If so, is it rules based and/or manual?

Provide reminders or ticklers for followup? If so, explain.

Ability to interface (via API or web service) to other software? Explain.

How do you move the events entered in the wrong module to the appropriate module?

What does the underlying database structure look like to support the modules?

What is the workflow from start to end?

What happens if the policy is partially completed?

What education and support is provided?

How is ongoing development handled?

What does your roadmap look like?

What is the process for system enhancements?

When was the last time that you had an upgrade? What kind of upgrade?

When is the next upgrade scheduled to happen?

Ability to use electronic signatures along with a way to “replace all” if an approver/owner leaves the system? Explain.

How are policies archived?

How are documents stored?

Conditional fields in tagging/metadata form and ability to interface with tables outside the system? Explain.

Ability to index document to show what is in each folder?

Abililty to move document without giving access to delete? Explain.

Documents must be company-wide and sometimes locally approved. Explain, how this is accomplished.

How do we show users that they should use the local one instead of the company wide because it is more stringent?

How do the local policy sites work with each other?

The system provide spellchecking/grammar during documentation and review of a document?

How are reviewer comments documented?

How is the clean version of the policy created and then dispersed?

How are dates for the policy are tracked? For example: approver, reviewer, origination date, review dates, revision dates, and effective date.

How can approval verbiage be added to the document?

If there is an enterprise document, requiriing local approval, how is that handled?

What is the process to freeze editing of the document?

Do you support single sign on?

Do you support multi factor authentication?

Each user must demonstrate acknowledgement of a policy, how is that achieved?

How are year end policy/document changes archived?

Reporting Requirements

a. Ability to report by facility, location, department, and then combined

b. Ability to report by service line and in an automated and manual way?

Auto generated report through scheduling plus the ability to run manual? If so, how is the scheduling handled.

Group reporting extract at a Corporate level and across individual facility for each core measure and combined, to be available within the application — automated and ability to run manually — within the tool

Group dashboard at a Corporate level and across individual facility for each core measure and combined, to be available within the application — automated and ability to run manually — within the tool

How are custom reports handled? Can we build our own? If so, explain.

Reports show which coworkers have reviewed and documented understanding? Explain.

Reporting capability to report by category of policy, etc? If so, explain

Graphing capability within the application to enable data analytics?

The ability to pull data into reports for analysis? This also includes follow up. If, so explain.

Anything that we are capturing data on, can we manually pull into a report? If so, explain.

Establish a ministry wide report template? If so, explain.

Ability to generate and edit reports? If so, explain.

Report/Tracker which shows number of times document has been accessed by staff? Explain.

Each user must demonstrate acknowledgement of a policy, how is that achieved?

How are year end policy/document changes archived?

Security Requirements

Ability to create and maintain user profile information (e.g. name and addresses)

How are roles and privileges set up?

Ability to designate a substitute for a user? Explain.

How are users with access to multiple facilities set up?

Supports configurable user profiles in one system? Explain.

Application must offer group, role and permission based security (i.e. viewer, editor, administrator ,etc)

Ability for a superuser to make a change at a field level, when required? If so, explain.

Describe the user access set up for the applications

Technical requirements

Describe how your application supports high availability. Be detailed and provide any diagrams and process flows to help illustrate.

Describe in detail what measures and design patterns are in the solution’s architecture that provide scalability and failure resilience

Describe how the solution is capable of running multiple versions concurrently. Is this support provided during upgrades?

Describe the techniques used to scale the solution across multiple instances.

Describe how a standby server can be utilized during upgrades and maintenance of the primary system.

How is monitoring and system failure information provided for Company analysis and auditing.

Describe how your application would function at a Company off-site, disaster recovery site.

Describe what mechanisms the solution provides for or supports to assist with change control, release control.

Describe the upgrade process

Please describe available software update options.

How often are updates / upgrades provided?

Describe the requirements and process for scheduled maintenance.

Are live upgrades supported? Please describe how they are.

Is there a cost associated with updates / upgrades?

Describe what restrictions can be placed on the solution’s data and operations during an upgrade.

Briefly describe the application architecture (i.e. two-tiered client server). Please include any diagrams that illustrate the relationships.

Provide drawings or diagrams which illustrate all of the components required and optional (both vendor supplied and client supplied). Please annotate all communication paths between components indicating the protocols or methods utilized.

Describe what the process for accessing application activity from prior years?

Describe and illustrate all areas where the business logic for the solution is located. Please include detail on how this is managed at each area.

Describe in detail the web-based, client-side technologies that are utilized with the solution.

Describe the application tier. Please include the logical and structural configurations.

Describe what APIs are supported by the solution. Please included proprietary as well as industry standards. Include a description and functional of what is exposed in the solution through the APIs
Describe what solutions components and elements are accessible through Business Objects or published APIs.

Describe how the solution will allow data mapping to legacy systems and access portals.

Describe and illustrate in detail what HIS (Health Information System) interfaces (i.e. HL7), are supported by the solution.

Is there a separate report writer (i.e. Crystal Report Writer, Actuate)?

Does the application have an integrated test environment/code migration?

How many live sites are currently using this software?

How do you archive versions of your product and track changing information by version?

Describe what anti-virus and anti-spyware solutions are supported and endorsed for use with the solution

Describe what monitoring and failure analysis processes you can provide with the solution

Please describe how all the features and functionality of this solution are packaged.

A. Can the various options of the solutions be purchase individually?

B. Can the various options be added removed at a future date?”

Describe what documentation and training is included with the solution.

Describe the process for implementing source code customization of the solution.

Describe how the solution source code is obtained. Include what licensing or NDAs are required.

Briefly describe the functional capabilities of this software.

Describe what deployment and remote management options the solution supports for multiple facilities which may have unique logical implementations.

Describe the development environments and languages that are utilized in the development of the solution. Please include both client, server and middle tier components.

Please provide a list of references for live sites currently using this solution.
What is the application name and current version of this solution? Please include this information for all the components of the solution.

Please note this disclaimer. I’m affiliated with Tallyfy— a workflow and BPM platform which differentiates through incredible ease-of-use, customer-facing features and flexibility to drive adoption in modern teams.

Training Requirements

Provide a description of the training programs you offer, include objectives, duration and cost for each category, also list any training included free with the license purchase: Maintenance Support Training (Backup, Clean Up of Logs and Queues, etc.)

Do you offer on-site training classes? Can they be customized?

Does your company provide training facilities and scheduled classes throughout the calendar year?

What is the average learning time required to gain:

  1. Basic understanding to use the system
  2. Advanced understanding to use the system
  3. Expert level on all features/functions?

System Administrator:

  1. Basic understanding to use the system
  2. Advanced understanding to use the system
  3. Expert level on all features/functions?