RHSES-101: Governance, Applicability, and Core Principles

RHSES Standards Series – Version 2.1

Issuing Authority: Institute for Health, Sustainability, and Equity (IHSE)

Effective Date: December 10, 2025

DOCUMENT REF: RHSES-101

TITLE: Governance, Applicability, and Core Principles

Status: Normative

1.0 Administrative Preamble

1.1 Authority and Ownership

The Rural Health Sustainability & Equity Standard (RHSES) is the proprietary intellectual property of the Institute for Health, Sustainability, and Equity (IHSE). The IHSE Standards Board maintains sole authority over the ratification, revision, and interpretation of the controls contained herein. This standard is developed to harmonize with the requirements of the CMS Rural Health Transformation (RHT) models and utilizes the NIST Risk Management Framework as a foundational structural element.

1.2 Certification Attestation

Certification under RHSES-101 constitutes a formal, third-party attestation. It signifies that the Entity has subjected its operational, financial, and technological controls to an independent examination by an Accredited Auditor and has been found to be in material conformance with the requirements defined in the RHSES-100 series documents. Certification is point-in-time and subject to continuous monitoring requirements defined in RHSES-104.

2.0 Scope and Applicability

2.1 Target of Evaluation (TOE)

The Target of Evaluation includes the entire scope of the Entity's rural health operations that utilize, interact with, or derive funding from Rural Health Transformation (RHT) mechanisms. This specifically encompasses:

  • State Health Agencies: For the governance of statewide purchasing and equity distribution.
  • Clinically Integrated Networks (CINs): Specifically those managing aggregated risk contracts.
  • Group Purchasing Organizations (GPOs): Entities acting as agents for the aggregation of purchasing volume, subject to 42 CFR § 1001.952(j) Safe Harbor provisions.
  • Technology Service Providers: Vendors providing the "AI Compliance Layer" or interoperability hubs.

    • 2.2 Exclusions

    Entities operating solely on fee-for-service models without participation in shared savings, cooperative purchasing, or health equity reinvestment structures are excluded from the scope of this standard, as they do not meet the baseline criteria for "Sustainability Transformation."

    3.0 Normative References

    The following standards contain provisions which, through reference in this text, constitute provisions of this document:

  • ISO/IEC 27001:2022: Information security, cybersecurity and privacy protection — Information security management systems.
  • ISO/IEC 42001:2023: Information technology — Artificial intelligence — Management system.
  • NIST SP 800-53 Rev. 5: Security and Privacy Controls for Information Systems and Organizations.
  • 42 CFR Part 1001: Program Integrity — Medicare and State Health Care Programs (OIG Safe Harbors).
  • FASB ASU 2016-14: Presentation of Financial Statements of Not-for-Profit Entities (regarding Net Assets with Donor Restrictions).

    • 4.0 Core Principles of the Architecture

    4.1 The Principle of Financial Autonomy

    The Entity shall demonstrate a transition trajectory from "Grant-Dependent" to "Program-Income Sustainable." Grant funding shall be classified as "Restricted Net Assets" for capitalization only, whereas operational expenses (OpEx) must be serviced by unrestricted program income generated through the Purchasing & Revenue Backbone.

    4.2 The Principle of Algorithmic Accountability

    Operational decisions regarding supply chain substitution, revenue allocation, and clinical referral shall be governed by transparent, explainable, and auditable algorithmic logic. The system must reject "Black Box" decision-making in favor of White Box audit trails compliant with ISO 42001 controls for transparency.

    Access Full Standard