120 likes | 279 Views
Nationwide Health Information Network Overview for SAMHSA Conference. July 21, 2011. Agenda. What is the Nationwide Health Information Network? How does the Nationwide Health Information Network enable secure health information exchange? What is CONNECT? What is the Direct Project?
E N D
Nationwide Health Information NetworkOverview for SAMHSA Conference July 21, 2011
Agenda • What is the Nationwide Health Information Network? • How does the Nationwide Health Information Network enable secure health information exchange? • What is CONNECT? • What is the Direct Project? • What problems does it solve? • What do I need to exchange clinical data through Direct?
What is the Nationwide Health Information Network? • A set of policies, standards and servicesthat enable the Internet to be used for secure and meaningful exchange of health information to improve health and health care • Enables a variety of health information exchange scenarios – from less complex to very robust
The Nationwide Health Information Network helps address a number of HIE scenarios Very Robust Scenarios • Each health information exchange scenario requires a different “tool” from the Nationwide Health Information Network “toolkit” • Each tool must be used in conjunction with a coherent set of: • Standards • Services • Policies • Trust Fabric Cross-Community Access Longitudinal data access across settings of care within a community Directed Exchange with Value-Added Intermediaries Directed Exchange Less Complex
Tools in the Nationwide Health Information Network “toolkit”
CONNECT implements a subset of the Nationwide Health Information Network • CONNECT is software • Open source implementation of standards currently specified by the Nationwide Health Information Network • Currently managed by the Federal Health Architecture division within ONC's Office of Interoperability & Standards • Multiple contractor teams involved • Flexible enough to specify policy constraints, but requires some effort • CONNECT gateway is separated into adapters plus a core gateway • To add additional constraints, an implementer must plug in its own policy adapter (i.e., a “policy engine”) • Once a message has been processed by the adapter, it can then be exchanged through the gateway • Conceptually straightforward, but requires: • Additional software implementation, i.e., not just a configuration • Definition of appropriate policies
Direct was conceived to provide an alternative to legacy mechanisms Communication of health information among providers and patients still mainly relies on mail or fax • Slow, inconvenient, expensive • Health information and history is lost or hard to find in paper charts Current forms of electronic communication may not be secure • Encryption features of off-the-shelf e-mail clients not often used in healthcare communications today On the other hand, policies are already in place for these types of exchange; i.e., between known participants • Secure, electronic directed exchange can occur under the same (or similar) set of widely used policies
Direct specifies standards to enable directed exchange via the internet The Direct Project specifies a simple, secure, scalable, standards-based transportation mechanism that enables participants to send encrypted health information directly to known, trusted recipients over the Internet. • Simple.Connects healthcare stakeholders through universal addressing using simple push of information. • Secure. Users can easily verify messages are complete and not tampered with en route. • Scalable. Enables Internet scale with no need for central network authority that must provide sophisticated services such as EMPI, distributed query/retrieve, or data storage. • Standards-based. Built on well-established Internet standards, commonly used for secure e-mail communication; i.e.,. SMTP (or XDR) for transport, S/MIME for encryption, X.509 certificates for identity assurance. h.elthie@direct.ahospital.org b.wells@direct.aclinic.org
Direct open source standards and software enable broad availability Implications • Any legitimate healthcare participant with a need to push health information should be able to obtain the right products or services to send Direct messages • Direct available to participants by a variety of vendors and through a variety of mechanisms: • Direct-enabled EHRs, LISs, HISs, PHRs • Downloadable reference library • Web-based services • Email client plug-in • Shared experience, knowledge, and code among communities solving similar problems through Direct Direct Project Principles • Universal addressing and transport • Identity assurance and encryption from sender to receiver • Permissive licensing to drive standardization • Open source to ease implementation • Low barrier to entry for scalable, market-based solutions • Rapid and easy availability to a wide variety of participants. Direct Project’s BSD-licensed software stack enables: • Client-side connectivity, for EHRs, EHR Modules, PHRs, etc. • Server-side connectivity for “out of the box” HIOs, HISPs, and other intermediaries • Easily accessible high-quality code and documentation available to developers
Security & Trust: Certificates • Each Direct Address must have at least one digital certificate associated with it in order to securely transmit and receive health information • Certificate may be tied to either the specific Direct Address or the Domain that is part of that address • X.509v3 digital certificate standards • By using certificates to securely transmit and receive information… • The Sender has a strong mathematical certainty that only the Receiver or explicitly authorized delegates can view the message • The Receiver has a strong mathematical certainty that only the Sender sent the message • Both Sender and Receiver have confidence that nothing happened to the message in transit (e.g., tampering, disclosure, etc.) • These assurances are critical for information exchange for behavioral health and substance abuse
Brief overview of requirements for Direct participants • An account with a Health Information Services Provider (HISP): • Provides a Direct Address, which looks like an email address: b.wells@direct.aclinic.org • Obtains and often manages a digital security certificate (may be provided by an independent “Certificate Authority”) • Manages HIPAA-level security by, for example: • Providing pass-through routing of encrypted documents, or • Encrypting documents on participant’s behalf, through a Business Associate Agreement (BAA) • Access to a Direct-enabled client for sending and receiving Direct messages: • Direct-enabled email client, EHR, or Web portal • Adapter to convert Direct messages for existing infrastructure • Direct Address for counterparty with which to exchange clinical data: • Participants usually known: providers, labs, PHRs, state agencies, etc. • Addresses obtained via phone, email, business card, directory, etc. • Messages between participants must be sent to/from Direct addresses Directed Exchange Participants, e.g., Physicians, Labs, Agencies, Immunization Registries, etc. 11
Thank You! Arien Malec Coordinator, Direct Project and Standards & Interoperability Framework Office of the National Coordinator for Health IT Email: arien.malec@directproject.org ONC Website: http://healthit.hhs.gov/ 12