Free EMR Newsletter Want to receive the latest news on EMR, Meaningful Use, ARRA and Healthcare IT sent straight to your email? Join thousands of healthcare pros who subscribe to EMR and EHR for FREE!

How Trust Communities Enable Direct Networks

Posted on June 13, 2014 I Written By

Julie Maas is Founder and CEO of EMR Direct, a HISP (Health Information Service Provider) whose mission is to simplify interoperability in healthcare through the use of Direct messaging EHR integration and other applications. EMR Direct works with a large developer community to enable Direct for MU2 and other workflows using a custom, rapid-integration API that's part of the phiMail Direct Messaging platform. Julie is passionate about improving quality of care and software user experience, and manages ongoing interoperability testing within DirectTrust. Find Julie on Twitter @JulieWMaas.

Have you noticed the DTAAP-Accredited logos on your Direct provider’s web site?  These indicate the vendor has successfully completed the related audits stipulating a high bar of security and privacy practices established by DirectTrust.  DirectTrust was spawned from a Direct Project workgroup, and is a non-profit trade organization which establishes best practices and oversees accreditation programs for the businesses providing Direct-related services, in association with EHNAC.  In addition to HISPs, the DTAAP program also accredits Certification Authorities (CAs) and Registration Authorities (RAs). The HISP, CA and RA roles can be performed by the same organization. Most Direct Messaging CAs operate in only in the Direct space, but a few also issue certificates in the general public internet space, as well.

Direct Certificates are issued by CAs who follow a regular procedure to put their stamp of approval on a digital identity and its corresponding cryptographic key used for securing Direct messages.  This process is complemented by that of a Registration Authority, who performs the actual vetting of individuals and often the archival of related documentation as well.  Level of Assurance (LoA) is another term used a lot in the Direct space. Depending on the degree to which an individual’s identity has been vetted, and how certificates are managed and accessed by users, a Direct Exchange transaction can be assigned a Level of Assurance. When exchanging health information between providers, for example, you want a high Level of Assurance that the party you’re exchanging with is, in fact, the same party whose name is listed on the corresponding digital certificate.

HISPs who are either accredited or are at least part-way down that path may seek inclusion of the corresponding CA’s trust anchor in DirectTrust’s anchor bundle, a collection of trust anchors for Direct communication published and regularly updated by DirectTrust.  Since Direct messaging is based on bidirectional trust, the Participating HISPs can rely on the Transitional Trust Bundle to provide their customers with a uniform and up-to-date network of interconnected senders and receivers. The DirectTrust bundle consists of trust anchors representing a large portion of the EHR community.

These HISPs make up the DirectTrust Network, a so-called “trust community”. There are other trust communities such as those managed by the Automate the BlueButton Initiative (ABBI), with corresponding Provider- and Patient-centered bundles.  Trust communities and their corresponding trust bundles serve an important purpose, because Direct messages are only exchanged successfully between trusted Direct Exchange partners. Remember that if one party does not trust the other, the messages are dropped silently, and automating loading and maintenance of trust anchors for a community using a trust bundle sure beats manual loading and unloading of each of these anchors by each of the members, or other old-style one-off interfaces between systems.

So, to get the most out of Direct, climb out of your silo and go join a trust community today!

 

Direct Messaging: The Logistics of Exchange

Posted on June 12, 2014 I Written By

Julie Maas is Founder and CEO of EMR Direct, a HISP (Health Information Service Provider) whose mission is to simplify interoperability in healthcare through the use of Direct messaging EHR integration and other applications. EMR Direct works with a large developer community to enable Direct for MU2 and other workflows using a custom, rapid-integration API that's part of the phiMail Direct Messaging platform. Julie is passionate about improving quality of care and software user experience, and manages ongoing interoperability testing within DirectTrust. Find Julie on Twitter @JulieWMaas.

Once you enable digital health data exchange via Direct instead of by fax, you’ll want to share your address with other providers, so you no longer have to deal with all those pesky scanned attachments, subtly linked to electronic patient records.

Direct directories are enabling address lookup to meet this need, and you can also let your most common business partners know your address by including it on document templates you already exchange today, so they can begin to exchange with you via Direct when they’re ready.  You can also contact your referring docs using another method you trust (such as the fax where you usually send them medical records, or their business phone number) to ask for their Direct address.

It’s wise to confirm expectations with exchange partners about the use cases/data payloads for which you intend to exchange via Direct, as Direct isn’t used just like email by everyone.  Some will use Direct solely for Transitions of Care and patient Transmit, others may use it for Secure Messaging with patients, and still other providers will be happy to conduct general professional correspondence with patients and other providers over Direct.  This service information may or may not be reflected in the first provider directories.  And even within the Transitions of Care use case, if standards aren’t implemented for optimal receiving, a sending system may generate a CCDA (Continuity of Care Document) with a subtly different structure than a receiving system is able to completely digest.  So, just a heads up as you receive your first message or two from a system with whom you haven’t exchanged before: you’ll want to carefully monitor what data is incorporated by the receiving system and what is not, and you may need to iterate slightly between sender and receiver to get the data consumption right.  You’ll still be miles ahead of the custom interfaces model.

All in all, Direct is easy to use and is working much better than the naysayers would have you believe.  Direct software follows the specification outlined in the document lovingly known in the industry as the “Applicability Statement”, crafted by consensus through a public/private collaborative effort known as the “Direct Project” and led by the Office of the National Coordinator of Health Information Technology (ONC).   Direct Project volunteers have also written reference implementations following this specification which have been used by many HISPs and EHRs as the basis for their own Direct offerings.  Other private entities have developed their own APIs and implementations of the protocol from scratch.  These different systems and varying configurations regularly test and collaborate with each other, to make Direct work as seamlessly as possible for the end users.  Because the whole system only works as well as our joint efforts, HISPs (Health Information Service Providers who provide Direct services) within the DirectTrust Network take interoperability seriously and work together to iron out any kinks.

A tremendous amount of collaboration is taking place to bring interoperability to fruition for Direct’s well-established standards and policies, and this work is producing a larger and more robust network each day.

What is Direct?

Posted on June 10, 2014 I Written By

Julie Maas is Founder and CEO of EMR Direct, a HISP (Health Information Service Provider) whose mission is to simplify interoperability in healthcare through the use of Direct messaging EHR integration and other applications. EMR Direct works with a large developer community to enable Direct for MU2 and other workflows using a custom, rapid-integration API that's part of the phiMail Direct Messaging platform. Julie is passionate about improving quality of care and software user experience, and manages ongoing interoperability testing within DirectTrust. Find Julie on Twitter @JulieWMaas.

John’s Update: Check out the full series of Direct Project blog posts by Julie Maas:

The specialist down the street insists he wants to receive your primary care doctor’s referrals, but only if it’s digital: “Sure, I’ll take your paper file referral sent via fax. But the service will cost an extra $20, to pay the scribe to digitize the record so I can properly incorporate the medical history.”

Does it really sound that far off? Search your feelings, Luke…

Will getting medical treatment using paper records soon be like trying to find somewhere to play that old mix tape you only have on cassette?  Sound crazy?  Try taking an x-ray film to a modern radiology department, and see if they still have a functioning light box anywhere to look at it.  It’s all digital now.

There are, of course, other factors.

Because MU2.

Because nobody, and I mean no small company and no large company, wants to be referred to as a data silo anymore.

Direct Exchange is a way of sending and receiving encrypted healthcare data, and certified EHRs must be able to speak it, beginning this year.  Adoption of Direct is increasing rapidly, and its secure transfer enables patient engagement as well as interoperability between systems that were previously dubbed silos.  Here is a brief overview of where Direct is currently required in the context of MU2 (please refer to certification and attestation requirements directly, for full details):

Certified ambulatory and acute EHRs need to use Direct for Transitions of Care (170.314(b)(1) and (b)(2)). They have to be able to Create a valid CCDA and Transmit it using Direct, and they have to be able to use Direct to Receive, Display, and Incorporate a CCDA. In the proposed MU 2015, the Direct piece may be de-coupled from the CCDA piece and modularized for certification purposes, but the end to end requirement would remain the same.

EHRs or their patient portal partner additionally need to demonstrate during certification that patients can View, Download, and Transmit via Direct their CCDA or a human readable version of it.  Yes, you heard correctly, I said patients.  As in patient engagement.

So, how does a healthcare provider get Direct?

1. Get a Direct account through your Direct-enabled EHR vendor

One way HIT vendors offer Direct is through a partnership with one or more HISPs (OpenEMR, QRS, Greenway, and others).  Others run their own HISPs (Cerner, athenahealth, and others).

2. Get a Direct account through an XD* HISP that’s connected to your EHR

HIT vendors alternatively enable access to Direct through an XD* plug-and-play (mostly) connector.  These “HISP-agnostic” EHRs allow healthcare organizations a choice between multiple XD*-capable HISPs when meeting MU2 measures (MEDITECH, Epic, Quadramed, and other EHRs have implemented Direct this way).  EMR Direct, MaxMD, Inpriva, and a few other HISPs offer XD* HISP services; not every HISP offers XD* service at this time.  Of course, there is a trade-off between this flexibility and the extra legwork required of the practice or hospital in setting up Direct.

3. Get a web-based or email client-based Direct account not tethered to an EHR or Personal Health Record (PHR)

 

Direct doesn’t have to be integrated into an EHR to transfer information digitally. Non-tethered accounts cannot attest to the sending side of (b)(2) nor the receiving side of (b)(1) on their own, but they can be Direct senders and receivers nonetheless, participating in Transitions of Care or data transfer for other purposes.  They may also be used to exchange health data with patients, billing companies, pharmacies, or other healthcare entities who are Direct-enabled. In fact, some very compelling use cases involve systems who may not have their own EHR, but want to receive digital transitions of care—one such example is skilled nursing facilities.

By the way, patients are also an integral part of the Direct ecosystem.  Several PHRs are already Direct-enabled, and more are on the way.

So, go digital and get your Direct address, and begin interoperating in the modern age!