Free EMR Newsletter Want to receive the latest news on EMR, Meaningful Use, ARRA and Healthcare IT sent straight to your email? Join thousands of healthcare pros who subscribe to EMR and EHR for FREE!

How Trust Communities Enable Direct Networks

Posted on June 13, 2014 I Written By

Julie Maas is Founder and CEO of EMR Direct, a HISP (Health Information Service Provider) whose mission is to simplify interoperability in healthcare through the use of Direct messaging EHR integration and other applications. EMR Direct works with a large developer community to enable Direct for MU2 and other workflows using a custom, rapid-integration API that's part of the phiMail Direct Messaging platform. Julie is passionate about improving quality of care and software user experience, and manages ongoing interoperability testing within DirectTrust. Find Julie on Twitter @JulieWMaas.

Have you noticed the DTAAP-Accredited logos on your Direct provider’s web site?  These indicate the vendor has successfully completed the related audits stipulating a high bar of security and privacy practices established by DirectTrust.  DirectTrust was spawned from a Direct Project workgroup, and is a non-profit trade organization which establishes best practices and oversees accreditation programs for the businesses providing Direct-related services, in association with EHNAC.  In addition to HISPs, the DTAAP program also accredits Certification Authorities (CAs) and Registration Authorities (RAs). The HISP, CA and RA roles can be performed by the same organization. Most Direct Messaging CAs operate in only in the Direct space, but a few also issue certificates in the general public internet space, as well.

Direct Certificates are issued by CAs who follow a regular procedure to put their stamp of approval on a digital identity and its corresponding cryptographic key used for securing Direct messages.  This process is complemented by that of a Registration Authority, who performs the actual vetting of individuals and often the archival of related documentation as well.  Level of Assurance (LoA) is another term used a lot in the Direct space. Depending on the degree to which an individual’s identity has been vetted, and how certificates are managed and accessed by users, a Direct Exchange transaction can be assigned a Level of Assurance. When exchanging health information between providers, for example, you want a high Level of Assurance that the party you’re exchanging with is, in fact, the same party whose name is listed on the corresponding digital certificate.

HISPs who are either accredited or are at least part-way down that path may seek inclusion of the corresponding CA’s trust anchor in DirectTrust’s anchor bundle, a collection of trust anchors for Direct communication published and regularly updated by DirectTrust.  Since Direct messaging is based on bidirectional trust, the Participating HISPs can rely on the Transitional Trust Bundle to provide their customers with a uniform and up-to-date network of interconnected senders and receivers. The DirectTrust bundle consists of trust anchors representing a large portion of the EHR community.

These HISPs make up the DirectTrust Network, a so-called “trust community”. There are other trust communities such as those managed by the Automate the BlueButton Initiative (ABBI), with corresponding Provider- and Patient-centered bundles.  Trust communities and their corresponding trust bundles serve an important purpose, because Direct messages are only exchanged successfully between trusted Direct Exchange partners. Remember that if one party does not trust the other, the messages are dropped silently, and automating loading and maintenance of trust anchors for a community using a trust bundle sure beats manual loading and unloading of each of these anchors by each of the members, or other old-style one-off interfaces between systems.

So, to get the most out of Direct, climb out of your silo and go join a trust community today!

 

What is Direct?

Posted on June 10, 2014 I Written By

Julie Maas is Founder and CEO of EMR Direct, a HISP (Health Information Service Provider) whose mission is to simplify interoperability in healthcare through the use of Direct messaging EHR integration and other applications. EMR Direct works with a large developer community to enable Direct for MU2 and other workflows using a custom, rapid-integration API that's part of the phiMail Direct Messaging platform. Julie is passionate about improving quality of care and software user experience, and manages ongoing interoperability testing within DirectTrust. Find Julie on Twitter @JulieWMaas.

John’s Update: Check out the full series of Direct Project blog posts by Julie Maas:

The specialist down the street insists he wants to receive your primary care doctor’s referrals, but only if it’s digital: “Sure, I’ll take your paper file referral sent via fax. But the service will cost an extra $20, to pay the scribe to digitize the record so I can properly incorporate the medical history.”

Does it really sound that far off? Search your feelings, Luke…

Will getting medical treatment using paper records soon be like trying to find somewhere to play that old mix tape you only have on cassette?  Sound crazy?  Try taking an x-ray film to a modern radiology department, and see if they still have a functioning light box anywhere to look at it.  It’s all digital now.

There are, of course, other factors.

Because MU2.

Because nobody, and I mean no small company and no large company, wants to be referred to as a data silo anymore.

Direct Exchange is a way of sending and receiving encrypted healthcare data, and certified EHRs must be able to speak it, beginning this year.  Adoption of Direct is increasing rapidly, and its secure transfer enables patient engagement as well as interoperability between systems that were previously dubbed silos.  Here is a brief overview of where Direct is currently required in the context of MU2 (please refer to certification and attestation requirements directly, for full details):

Certified ambulatory and acute EHRs need to use Direct for Transitions of Care (170.314(b)(1) and (b)(2)). They have to be able to Create a valid CCDA and Transmit it using Direct, and they have to be able to use Direct to Receive, Display, and Incorporate a CCDA. In the proposed MU 2015, the Direct piece may be de-coupled from the CCDA piece and modularized for certification purposes, but the end to end requirement would remain the same.

EHRs or their patient portal partner additionally need to demonstrate during certification that patients can View, Download, and Transmit via Direct their CCDA or a human readable version of it.  Yes, you heard correctly, I said patients.  As in patient engagement.

So, how does a healthcare provider get Direct?

1. Get a Direct account through your Direct-enabled EHR vendor

One way HIT vendors offer Direct is through a partnership with one or more HISPs (OpenEMR, QRS, Greenway, and others).  Others run their own HISPs (Cerner, athenahealth, and others).

2. Get a Direct account through an XD* HISP that’s connected to your EHR

HIT vendors alternatively enable access to Direct through an XD* plug-and-play (mostly) connector.  These “HISP-agnostic” EHRs allow healthcare organizations a choice between multiple XD*-capable HISPs when meeting MU2 measures (MEDITECH, Epic, Quadramed, and other EHRs have implemented Direct this way).  EMR Direct, MaxMD, Inpriva, and a few other HISPs offer XD* HISP services; not every HISP offers XD* service at this time.  Of course, there is a trade-off between this flexibility and the extra legwork required of the practice or hospital in setting up Direct.

3. Get a web-based or email client-based Direct account not tethered to an EHR or Personal Health Record (PHR)

 

Direct doesn’t have to be integrated into an EHR to transfer information digitally. Non-tethered accounts cannot attest to the sending side of (b)(2) nor the receiving side of (b)(1) on their own, but they can be Direct senders and receivers nonetheless, participating in Transitions of Care or data transfer for other purposes.  They may also be used to exchange health data with patients, billing companies, pharmacies, or other healthcare entities who are Direct-enabled. In fact, some very compelling use cases involve systems who may not have their own EHR, but want to receive digital transitions of care—one such example is skilled nursing facilities.

By the way, patients are also an integral part of the Direct ecosystem.  Several PHRs are already Direct-enabled, and more are on the way.

So, go digital and get your Direct address, and begin interoperating in the modern age!