Free EMR Newsletter Want to receive the latest news on EMR, Meaningful Use, ARRA and Healthcare IT sent straight to your email? Join thousands of healthcare pros who subscribe to EMR and EHR for FREE!

Who is Adopting EHRs and Why: ONC Turns up Some Surprises

Posted on December 15, 2014 I Written By

Andy Oram is an editor at O'Reilly Media, a highly respected book publisher and technology information provider. An employee of the company since 1992, Andy currently specializes in open source, software engineering, and health IT, but his editorial output has ranged from a legal guide covering intellectual property to a graphic novel about teenage hackers. His articles have appeared often on EMR & EHR and other blogs in the health IT space. Andy also writes often for O'Reilly's Radar site (http://radar.oreilly.com/) and other publications on policy issues related to the Internet and on trends affecting technical innovation and its effects on society. Print publications where his work has appeared include The Economist, Communications of the ACM, Copyright World, the Journal of Information Technology & Politics, Vanguardia Dossier, and Internet Law and Business. Conferences where he has presented talks include O'Reilly's Open Source Convention, FISL (Brazil), FOSDEM, and DebConf.

A high-level view of the direction being taken by electronic health records in the U.S. comes from a recent data brief released by the Office of the National Coordinator. Their survey of physician motivations for adopting EHRs turns up some puzzling and unexpected findings. I’ll look at three issues in this article: the importance of Meaningful Use incentives and penalties, the role of information exchange, and who is or is not adopting EHRs.

Incentives and Penalties
The impact of the Meaningful Use bribes–sorry, I meant incentive payments–in the HITECH act are legendary: they touched off a mad rush to adopt technology that had previously aroused only tepid interest among most physicians, because they found the EHRs outrageously expensive, saw no advantage to their use, or just didn’t want to leave the comfort zone of pen and paper. The dramatic outcome of Stage 1, for instance, can be seen in the first chart of this PDF.

This month’s data brief reconfirms that incentives and penalties played a critical role during the period that Meaningful Use has been in play. In the brief’s Figure 3, incentives and penalties topped the list of reasons for adopting records, with nothing else coming even close (although the list was oddly chosen, leaving out credible reasons such as “EHRs are useful”).

The outsized role payments play is both strange and worrisome. Strange, because the typical $15,000 paid per physician doesn’t even start to cover the costs of converting from paper to an EHR, or even from one EHR to another. Worrisome, because the escalator (a favorite metaphor of former National Coordinator David Blumenthal) on which payments put physicians is leveling off. Funding in the HITECH act ends after Stage 3, and even those payments will be scrutinized by the incoming budget-conscious Congress.

In addition, Stage 2 attestations have been dismally low. Critics throughout the industry, smelling blood, have swooped in to call for scaling back, to suggest that meaningful use provisions be eased or weakened, or just to ask for a more concentrated focus on the key goal of interoperability.

The ONC knows full well that they have to cut back expectations as payments dry up, although penalties from the Center for Medicare & Medicaid Services can still provide some leverage. Already, the recent House budget has level-funded the ONC for next year. Last summer’s reorganization of the ONC was driven by the new reality. Recent initiatives at the ONC show a stronger zeal for creating and urging the adoption of standards, which would be consistent with the need to find a role appropriate to lean times.

Health Information Exchange
I am also puzzled by the emphasis this month’s data brief puts on health information exchange. Rationally speaking, it would make perfect sense for physicians to ramp up and streamline the sharing of patient data–that’s exactly what all the health care reformers are demanding that they do. Why should somebody ask a patient to expose himself to unnecessary radiation because an X-Ray hasn’t been sent over, or try to treat someone after surgery without knowing the discharge plan?

Actually, most physicians would. That’s how they have been operating for decades. Numerous articles find that most physicians don’t see the value of information exchange, and can profit from their ignorance of previous tests and treatments the patient has received.

And that’s probably why, after taking hundreds of millions of dollars from governments, the heavy-weight institutions called Health Information Exchanges have repeatedly thrown in the towel or been left gasping for breath. At least two generations of HIEs have come and gone, and the trade press is still searching for their value.

So I’m left scratching my head and asking: if doctors adopt EHRs for information exchange, are they getting what they paid for? Redemption may have arrived through the Direct project, an ONC-sponsored standard for a low-cost, relatively frictionless form of data exchange. Although the original goal was to make HIE as simple as email, the infrastructure required to protect privacy imposes more of a technical burden. So the ONC envisioned a network of Health Information Service Provider (HISP) organizations to play the role of middleman, and a number are now operating. According to Julie Maas of EMR Direct, nearly half a million people were using Direct in July 2014, and the number is expected to double the next time statistics are collected next February.

So far, although isolated studies have shown that HIEs improve outcomes and reduce costs, we haven’t seen these effects nationwide.

What Hinders Adoption
Some of the most intriguing statistics in the data brief concern who is adopting EHRs and what holds back others from doing so. The main dividing line is simply size: most big organizations have EHRs and most small ones don’t.

I have explored earlier the pressures of health care reform on small providers and the incentives to merge. Health care technology is a factor in the consolidation we’re seeing around the country. And we should probabaly look forward to more.

Americans have trouble feeling good about consolidation in any field. We’re nostalgic for small-town proprietors like the pharmacist in the movie It’s a Wonderful Life. We forget that the pharmacist in that movie nearly killed someone by filling a prescription incorrectly. In real life, large organizations can pursue quality in a host of ways unavailable to individuals.

One interesting finding in the data brief is that rural providers are adopting EHRs at the same rate as urban ones. So we can discard any stereotypes of country hick doctors letting teenagers set up the security on their PCs.

Lack of staff and lack of support are, however, major barriers to adoption. This is the last perplexing question I take from the data brief. Certainly, it can be hard to get support for choosing an EHR in the first place. (The Meaningful Use program set up Regional Extension Centers to partially fill the gap.) But after spending millions to install an EHR, aren’t clinicians getting support from the vendors?

Support apparently is not part of the package. Reports from the field tell me that vendors install the software, provide a few hours of training, and tip their hats good-bye. This is poetic justice toward physicians, who for decades have sent patients out weak and groggy with a prescription and a discharge sheet. Smart organizations set aside a major percentage of their EHR funding to training and support–but not everybody knows how to do this or has grasped the need for ongoing support.

I certainly changed some of my opinions about the adoption of EHRs after reading the ONC data brief. But the statistics don’t quite add up. We could use some more background in order to understand how to continue making progress.

Treating a Patient with Partial Information

Posted on December 4, 2014 I Written By

John Lynn is the Founder of the HealthcareScene.com blog network which currently consists of 10 blogs containing over 8000 articles with John having written over 4000 of the articles himself. These EMR and Healthcare IT related articles have been viewed over 16 million times. John also manages Healthcare IT Central and Healthcare IT Today, the leading career Health IT job board and blog. John is co-founder of InfluentialNetworks.com and Physia.com. John is highly involved in social media, and in addition to his blogs can also be found on Twitter: @techguy and @ehrandhit and LinkedIn.

In some recent discussions, I’ve heard arguments against HIEs and healthcare interoperability which say that it’s a bad thing because “What if the HIE doesn’t provide me all the patient info I need?” This is actually a really important question and one worthy of consideration. In fact, it could be extended to say, “What if the HIE provides me the wrong information?

While these are really important challenges for HIEs to address, it returns to the common fallacy that I see over and over again in healthcare. We compare the implementation of future technology against perfection as opposed to the status quo.

The reality is that doctors have been treating patients with partial and incorrect information forever. An HIE that can only provide partial or even incorrect information sometimes is similar to the situation that doctors face every day.

Think about how many patients have chosen not to tell their doctor something because they didn’t remember to tell them that info. How many patients have told their doctors the wrong information because they couldn’t remember the right information? Millions. There are even many patients who are afraid to give their doctor their health information based on privacy concerns. Once again, the doctor is treating the patient with partial information.

I imagine the reason it feels different is that we feel like their should be a different level of trust with an HIE. Maybe there is a different level of trust in data coming from an HIE versus a patient’s memory. However, that doesn’t mean that a doctor should put 100% trust in the data that an HIE provides. There’s nothing wrong with a bit of healthy skepticism with any third party data source. No doubt there are varying degrees of trust with all third party data sources that are used by a doctor. The HIE needs to be at the high end of the trust spectrum, but its inability to be perfect shouldn’t hinder its use anymore than the imperfect EHR data hinders its use.

Over time these HIE systems will do a much better job of measuring the confidence of the data their providing. Ok, that might be pretty optimistic. Instead, it’s more likely that doctors will learn how confident they should be in the data they get from an HIE.

Doctors already have created a culture of appropriate skepticism with patient provided data. I think something similar is the right approach with HIE data. Plus, doctors are smart enough to evaluate when a medical situation requires confirmation of data and when it requires further investigation. They’re making these types of decisions all of the time.

Open Source Electronic Health Records: Will They Support Clinical Data Needs of the Future? (Part 2 of 2)

Posted on November 18, 2014 I Written By

Andy Oram is an editor at O'Reilly Media, a highly respected book publisher and technology information provider. An employee of the company since 1992, Andy currently specializes in open source, software engineering, and health IT, but his editorial output has ranged from a legal guide covering intellectual property to a graphic novel about teenage hackers. His articles have appeared often on EMR & EHR and other blogs in the health IT space. Andy also writes often for O'Reilly's Radar site (http://radar.oreilly.com/) and other publications on policy issues related to the Internet and on trends affecting technical innovation and its effects on society. Print publications where his work has appeared include The Economist, Communications of the ACM, Copyright World, the Journal of Information Technology & Politics, Vanguardia Dossier, and Internet Law and Business. Conferences where he has presented talks include O'Reilly's Open Source Convention, FISL (Brazil), FOSDEM, and DebConf.

The first part of this article provided a view of the current data needs in health care and asked whether open source electronic health records could solve those needs. I’ll pick up here with a look at how some open source products deal with the two main requirements I identified: interoperability and analytics.

Interoperability, in health care as in other areas of software, is supported better by open source products than by proprietary ones. The problem with interoperability is that it takes two to tango, and as long as standards remain in a fuzzy state, no one can promise in isolation to be interoperable.

The established standard for exchanging data is the C-CDA, but a careful examination of real-life C-CDA documents showed numerous incompatibilities, some left open by the ambiguous definition of the standard and others introduced by flawed implementations. Blue Button, invented by the Department of Veterans Affairs, is a simpler standard with much promise, but is also imperfectly specified.

Deanne Clark, vxVistA Program Manager at DSS, Inc., told me that VistA supports the C-CDA. The open source Mirth HIE software, which I have covered before, is used by vxVistA, OpenVista (the MedSphere VistA offering), and Tolven. Proprietary health exchange products are also used by many VistA customers.

Things may get better if vendors adopt an emerging HL7 standard called FHIR, as I suggested in an earlier article, which may also enable the incorporation of patient-generated data into EHRs. OpenMRS is one open source EHR that has started work on FHIR support.

Tolven illustrates how open source enables interoperability. According to lead developer Tom Jones, Tolven was always designed around care coordination, which is not the focus of proprietary EHRs. He sees no distinction between electronic health records and health information exchange (HIE), which most of the health IT field views as separate functions and products.

From its very start in 2006, Tolven was designed around helping to form a caring community. This proved useful four years later with the release of Meaningful Use requirements, which featured interoperability. APIs allow the easy development of third-party applications. Tovlen was also designed with the rights of the patient to control information flow in mind, although not all implementations respect this decision by putting data directly in the hands of the patient.

In addition to formats that other EHRs can recognize, data exchange is necessary for interoperability. One solution is an API such as FHIR. Another is a protocol for sending and receiving documents. Direct is the leading standard, and has been embraced by open source projects such as OpenEMR.

The second requirement I looked at, support for analytics, is best met by opening a platform to third parties. This assumes interoperability. To combine analytics from different organizations, a program must be able to access data through application programming interfaces (APIs). The open API is the natural complement of open source, handing power over data to outsiders who write programs accessing that data. (Normal access precautions can still be preserved through security keys.)

VistA appears to be the EHR with the most support for analytics, at least in the open source space. Edmund Billings, MD, CMO of MedSphere, pointed out that VistA’s internal interfaces (known as remote procedure calls, a slightly old-fashioned but common computer term for distributed programming) are totally exposed to other developers because the code is open source. VistA’s remote procedure calls are the basis for numerous current projects to create APIs for various languages. Some are RESTful, which supports the most popular current form of distributed programming, while others support older standards widely known as service-oriented architectures (SOA).

An example of the innovation provided by this software evolution is the mobile apps being built by Agilex on VistA. Seong K. Mun, President and CEO of OSEHRA, says that it now supports hundreds of mobile apps.

MedSphere builds commercial applications that plug into its version of Vista. These include multidisciplinary treatment planning tools, flow sheets, and mobile rounding tools so doctor can access information on the floor. MedSphere is also working with analytic groups to access both structured and unstructured information from the EHR.

DSS also adds value to VistA. Clark said that VistA’s native tools are useful for basic statistics, such as how many progress notes have not been signed in a timely fashion. An SQL interface has been in VistA for a long time, DSS’s enhancements include a graphical interface, a hook for Jaspersoft, which is an open source business intelligence tool, and a real-time search tool that spiders through text data throughout all elements of a patient’s chart and brings to the surface conditions that might otherwise be overlooked.

MedSphere and DSS also joined the historical OSEHRA effort to unify the code base across all VistA offerings, from both Veterans Affairs and commercial vendors. MedSphere has added major contributions to Fileman, a central part of VistA. DSS has contributed all its VistA changes to OSEHRA, including the search tool mentioned earlier.

OpenMRS contributor Suranga Kasthurirathne told me that an OpenMRS module exposes its data to DHIS 2, an open source analytics tool supporting visualizations and other powerful features.

I would suggest to the developers of open source health tools that they increase their emphasis on the information tools that industry observers predict are going to be central to healthcare. An open architecture can make it easy to solicit community contributions, and the advances made in these areas can be selling points along with the low cost and easy customizability of the software.

A Little Digital Health Conference (#DHC14) Twitter Roundup

Posted on November 17, 2014 I Written By

John Lynn is the Founder of the HealthcareScene.com blog network which currently consists of 10 blogs containing over 8000 articles with John having written over 4000 of the articles himself. These EMR and Healthcare IT related articles have been viewed over 16 million times. John also manages Healthcare IT Central and Healthcare IT Today, the leading career Health IT job board and blog. John is co-founder of InfluentialNetworks.com and Physia.com. John is highly involved in social media, and in addition to his blogs can also be found on Twitter: @techguy and @ehrandhit and LinkedIn.

I’m at the Digital Health Conference in NYC and the Twitter stream has been going strong (search #dhc14 on Twitter to see what I mean). Sometimes I forget how much more satisfying a conference is when there’s an active Twitter stream. It enhances a conference for me in so many ways. I thought it would be fun to point out a few of the tweets that struck me today (and there were a lot to choose from).


I do think New York has made a lot of progress with their HIE. Pretty amazing that they got $30 million of state funding for it. Do you know of other states that are making good progress on their state HIE?


Topol’s comment about cigarettes is interesting. I had to throw in the CVS reference. Right now it doesn’t seem that crazy, but I wonder if 10 years from now it will be just as crazy as Cleveland Clinic giving out cigarette pack holders.


I love imagery and this is great imagery that could inspire a lot of people. What I don’t think many tech people realize is that they’re going to need to work collaboratively with scientists, chemists and doctors to do surveillance on the blood stream. Talk about an area that needs multidisciplinary efforts.


The common error that we compare the new way against perfection as opposed to comparing the new way against the alternative (or the previous model). I’ve been seeing this problem come up over and over in healthcare IT.

Which Comes First in Accountable Care: Data or Patients?

Posted on September 30, 2014 I Written By

Andy Oram is an editor at O'Reilly Media, a highly respected book publisher and technology information provider. An employee of the company since 1992, Andy currently specializes in open source, software engineering, and health IT, but his editorial output has ranged from a legal guide covering intellectual property to a graphic novel about teenage hackers. His articles have appeared often on EMR & EHR and other blogs in the health IT space. Andy also writes often for O'Reilly's Radar site (http://radar.oreilly.com/) and other publications on policy issues related to the Internet and on trends affecting technical innovation and its effects on society. Print publications where his work has appeared include The Economist, Communications of the ACM, Copyright World, the Journal of Information Technology & Politics, Vanguardia Dossier, and Internet Law and Business. Conferences where he has presented talks include O'Reilly's Open Source Convention, FISL (Brazil), FOSDEM, and DebConf.

The headlines are stark and accusatory. “ACOs’ health IT capabilities remain rudimentary.” “ACOs held back by poor interoperability.” But a recent 19-page survey released by the eHealth Initiative tells two stories about Accountable Care Organizations–and I find the story about interoperability less compelling than another one that focuses on patient empowerment.
Read more..

Risk of Interoperability is Worse Data

Posted on July 17, 2014 I Written By

John Lynn is the Founder of the HealthcareScene.com blog network which currently consists of 10 blogs containing over 8000 articles with John having written over 4000 of the articles himself. These EMR and Healthcare IT related articles have been viewed over 16 million times. John also manages Healthcare IT Central and Healthcare IT Today, the leading career Health IT job board and blog. John is co-founder of InfluentialNetworks.com and Physia.com. John is highly involved in social media, and in addition to his blogs can also be found on Twitter: @techguy and @ehrandhit and LinkedIn.

I’m a huge fan of healthcare interoperability. I think it needed to happen yesterday and that we could solve a number of our cost issues with healthcare data interoperability and we could save lives. Both of these are very worthy goals.

While I’m a huge fan of healthcare data interoperability, we also have to be careful that we do it right. While there are huge potential benefits of exchanging healthcare data, there are also huge risks involved in it as well. We have to address those risks so that interoperability doesn’t get a black eye because it was poorly implemented.

A great example of the potential risk of interoperability is making sure that we process and connect the data properly. Some might argue that this isn’t that big of an issue. Healthcare organizations have been doing this forever. They get a medical record faxed to their office and the HIM team lines up that medical record with the proper patient. I’m sure the medical records folks could tell us all sorts of stories about why matching a faxed medical record to a patient is a challenge and fraught with its own errors. However, for this discussion, let’s assume that the medical records folks are able to match the record to the patient. In reality, they’re certainly not perfect, but they do a really amazing job given the challenge.

Now let’s think about the process of matching records in an electronic world. Sure, we still have to align the incoming record with the right patient. That process is very similar to the faxed paper record world. For the most part, someone can take the record and attach it to the right patient like they did before. However, some EHR software are working to at least partially automate the process of attaching the records. In most cases this still involves some review and approval by a human and so it’s still very similar. At least it is similar until the human starts relying on the automated matching so much that they get lazy and don’t verify that it’s connecting the record to the correct patient. That’s the first challenge.

The other challenge in the electronic world is that EHR software is starting to import more than just a file attached to a patient record. With standards like CCDA, the EHR is going to import specific data elements into the patient record. There are plenty of ways these imported data elements could be screwed up. For example, what if it was a rule out diagnosis and it got imported as the actual diagnosis? What if the nurse providing care gets imported as a doctor? Considering the way these “standards” have been implemented, it’s not hard to see how an electronic exchange of health information runs the risk of bad health data in your system.

Some of you may remember my previous post highlighting how EMR perpetuates misinformation. If we import bad data into the EMR, the EMR will continue to perpetuate that misinformation for a long time. Now think about that in the context of a interoperable world. Not only will the bad data be perpetuated in one EMR system, but could be perpetuated across the healthcare system.

Posts like this remind me why we need to have the patient involved in their record. The best way to correct misinformation in your record is for the patient to be involved in their record. Although, they also need a way to update any misinformation as well.

I look forward to the day of healthcare data interoperability, but it definitely doesn’t come without its own risks.

Is Full Healthcare Data Interoperability A Pipe Dream?

Posted on July 11, 2014 I Written By

John Lynn is the Founder of the HealthcareScene.com blog network which currently consists of 10 blogs containing over 8000 articles with John having written over 4000 of the articles himself. These EMR and Healthcare IT related articles have been viewed over 16 million times. John also manages Healthcare IT Central and Healthcare IT Today, the leading career Health IT job board and blog. John is co-founder of InfluentialNetworks.com and Physia.com. John is highly involved in social media, and in addition to his blogs can also be found on Twitter: @techguy and @ehrandhit and LinkedIn.

It’s always been very clear to me that healthcare interoperability is incredibly valuable. I still wish most organizations would just bite the bullet and make it a reality. Plus, I hope meaningful use stage 3 is blown up and would just work on interoperability. I think there are just so many potential benefits to healthcare in general for us not to do it.

However, I had a really interesting discussion with an EHR vendor today (Side Note: they questioned if interoperability was that valuable) and I asked him the question of whether full healthcare interoperability is even possible.

I’d love to hear your thoughts. As we discussed it more, it was clear that we could have full interoperability if the data was just exported to files (PDFs, images, etc), but that’s really just a glorified fax machine like we do today. Although it could potentially be a lot faster and better than fax. The problem is that the data is then stuck in these files and can’t be extracted into the receiving EHR vendor.

On the other end of the spectrum is full interoperability of every piece of EHR data being transferred to the receiving EHR. Is this even possible or is the data so complex that it’s never going to happen?

The closest we’ve come to this is probably prescriptions with something like SureScripts. You can pull down a patient’s prescription history and you can upload to it as well. A deeper dive into its challenges might be a great study to help us understand if full healthcare data interoeprability is possible. I’m sure many readers can share some insights.

I’m interested to hear people’s thoughts. Should we trim down our interoperability expectations to something more reasonable and achievable? We’ve started down that path with prescriptions and labs. Should we start with other areas like allergies, family history, diagnosis, etc as opposed to trying to do everything? My fear is that if our goal is full healthcare data interoperability, then we’re going to end up with no interoperability.

Hospital CIOs Cutting Back on Non-Essential Projects

Posted on July 10, 2014 I Written By

Anne Zieger is veteran healthcare consultant and analyst with 20 years of industry experience. Zieger formerly served as editor-in-chief of FierceHealthcare.com and her commentaries have appeared in dozens of international business publications, including Forbes, Business Week and Information Week. She has also contributed content to hundreds of healthcare and health IT organizations, including several Fortune 500 companies. Contact her at @ziegerhealth on Twitter or visit her site at Zieger Healthcare.

Generally speaking, cutting back on IT projects and spending is a tricky thing. In some cases spending can be postponed, but other times, slicing a budget can have serious consequences.

One area  where cutting budgets can cause major problems is in preparing to roll out EMRs, especially cuts to training, which can lead to problems with rollouts, resentment, medical mistakes, system downtime due to mistakes and more.  Also, skimping on training can lead to a domino effect which results in the exit of CEOs and other senior leaders, which has happened several times (that we know of) over the past couple of years.

That being said, sometimes budgetary constraints force CIOs to make cuts anyway, reports FierceHealthIT Increasingly projects other than EMRs are falling in priority.

A recent survey of hospital technology leaders representing 650 hospitals nationwide published by HIMSS underscores this trend. Respondents told HIMSS said that despite increases in IT budgets, they still struggled to complete IT projects due to financial limitations. In fact, 25 percent said that financial survival was their top priority.

What that comes down to, it seems, is that promising initiatives fall by the roadside if they don’t contribute to EMR success.  For example, providers are stepping back from HIE participation because they feel they can’t afford to be involved, according to a HIMSS Analytics survey published last fall.

Instead, hospitals are taking steps to enhance and build on their EMR investment. For example, as FierceHealthIT notes, Partners HealthCare recently chose to pull together all of its EMR efforts under a single vendor.  In the past, Partners had used a combo of homegrown systems and vendor products, but IT leaders there  felt that this arrangement was too expensive to continue, according to Becker’s Hospital Review.

This laser focus on EMRs may be necessary at present, as the EMR is arguably the most mission-critical software hospitals have in place at the  moment. The question, as I see it, is whether this will cripple hospitals in the future. Eventually, I’d argue, mobile health will become a priority for hospitals and medical practices, as will some form of  HIE participation, just to name the first two technologies that come to mind. In three to five years, if they don’t fund initiatives in these areas, hospitals may look  up and find that they’re hopelessly behind .

How Trust Communities Enable Direct Networks

Posted on June 13, 2014 I Written By

Julie Maas is Founder and CEO of EMR Direct, a HISP (Health Information Service Provider) whose mission is to simplify interoperability in healthcare through the use of Direct messaging EHR integration and other applications. EMR Direct works with a large developer community to enable Direct for MU2 and other workflows using a custom, rapid-integration API that's part of the phiMail Direct Messaging platform. Julie is passionate about improving quality of care and software user experience, and manages ongoing interoperability testing within DirectTrust. Find Julie on Twitter @JulieWMaas.

Have you noticed the DTAAP-Accredited logos on your Direct provider’s web site?  These indicate the vendor has successfully completed the related audits stipulating a high bar of security and privacy practices established by DirectTrust.  DirectTrust was spawned from a Direct Project workgroup, and is a non-profit trade organization which establishes best practices and oversees accreditation programs for the businesses providing Direct-related services, in association with EHNAC.  In addition to HISPs, the DTAAP program also accredits Certification Authorities (CAs) and Registration Authorities (RAs). The HISP, CA and RA roles can be performed by the same organization. Most Direct Messaging CAs operate in only in the Direct space, but a few also issue certificates in the general public internet space, as well.

Direct Certificates are issued by CAs who follow a regular procedure to put their stamp of approval on a digital identity and its corresponding cryptographic key used for securing Direct messages.  This process is complemented by that of a Registration Authority, who performs the actual vetting of individuals and often the archival of related documentation as well.  Level of Assurance (LoA) is another term used a lot in the Direct space. Depending on the degree to which an individual’s identity has been vetted, and how certificates are managed and accessed by users, a Direct Exchange transaction can be assigned a Level of Assurance. When exchanging health information between providers, for example, you want a high Level of Assurance that the party you’re exchanging with is, in fact, the same party whose name is listed on the corresponding digital certificate.

HISPs who are either accredited or are at least part-way down that path may seek inclusion of the corresponding CA’s trust anchor in DirectTrust’s anchor bundle, a collection of trust anchors for Direct communication published and regularly updated by DirectTrust.  Since Direct messaging is based on bidirectional trust, the Participating HISPs can rely on the Transitional Trust Bundle to provide their customers with a uniform and up-to-date network of interconnected senders and receivers. The DirectTrust bundle consists of trust anchors representing a large portion of the EHR community.

These HISPs make up the DirectTrust Network, a so-called “trust community”. There are other trust communities such as those managed by the Automate the BlueButton Initiative (ABBI), with corresponding Provider- and Patient-centered bundles.  Trust communities and their corresponding trust bundles serve an important purpose, because Direct messages are only exchanged successfully between trusted Direct Exchange partners. Remember that if one party does not trust the other, the messages are dropped silently, and automating loading and maintenance of trust anchors for a community using a trust bundle sure beats manual loading and unloading of each of these anchors by each of the members, or other old-style one-off interfaces between systems.

So, to get the most out of Direct, climb out of your silo and go join a trust community today!

 

Direct Messaging: The Logistics of Exchange

Posted on June 12, 2014 I Written By

Julie Maas is Founder and CEO of EMR Direct, a HISP (Health Information Service Provider) whose mission is to simplify interoperability in healthcare through the use of Direct messaging EHR integration and other applications. EMR Direct works with a large developer community to enable Direct for MU2 and other workflows using a custom, rapid-integration API that's part of the phiMail Direct Messaging platform. Julie is passionate about improving quality of care and software user experience, and manages ongoing interoperability testing within DirectTrust. Find Julie on Twitter @JulieWMaas.

Once you enable digital health data exchange via Direct instead of by fax, you’ll want to share your address with other providers, so you no longer have to deal with all those pesky scanned attachments, subtly linked to electronic patient records.

Direct directories are enabling address lookup to meet this need, and you can also let your most common business partners know your address by including it on document templates you already exchange today, so they can begin to exchange with you via Direct when they’re ready.  You can also contact your referring docs using another method you trust (such as the fax where you usually send them medical records, or their business phone number) to ask for their Direct address.

It’s wise to confirm expectations with exchange partners about the use cases/data payloads for which you intend to exchange via Direct, as Direct isn’t used just like email by everyone.  Some will use Direct solely for Transitions of Care and patient Transmit, others may use it for Secure Messaging with patients, and still other providers will be happy to conduct general professional correspondence with patients and other providers over Direct.  This service information may or may not be reflected in the first provider directories.  And even within the Transitions of Care use case, if standards aren’t implemented for optimal receiving, a sending system may generate a CCDA (Continuity of Care Document) with a subtly different structure than a receiving system is able to completely digest.  So, just a heads up as you receive your first message or two from a system with whom you haven’t exchanged before: you’ll want to carefully monitor what data is incorporated by the receiving system and what is not, and you may need to iterate slightly between sender and receiver to get the data consumption right.  You’ll still be miles ahead of the custom interfaces model.

All in all, Direct is easy to use and is working much better than the naysayers would have you believe.  Direct software follows the specification outlined in the document lovingly known in the industry as the “Applicability Statement”, crafted by consensus through a public/private collaborative effort known as the “Direct Project” and led by the Office of the National Coordinator of Health Information Technology (ONC).   Direct Project volunteers have also written reference implementations following this specification which have been used by many HISPs and EHRs as the basis for their own Direct offerings.  Other private entities have developed their own APIs and implementations of the protocol from scratch.  These different systems and varying configurations regularly test and collaborate with each other, to make Direct work as seamlessly as possible for the end users.  Because the whole system only works as well as our joint efforts, HISPs (Health Information Service Providers who provide Direct services) within the DirectTrust Network take interoperability seriously and work together to iron out any kinks.

A tremendous amount of collaboration is taking place to bring interoperability to fruition for Direct’s well-established standards and policies, and this work is producing a larger and more robust network each day.