1 / 22

Robb Chapman Presentation to PHIN Partner Call April 20, 2011

Electronic Health Records/Meaningful Use and Public Health Message Transport The “PHINMS vs Direct problem”. Robb Chapman Presentation to PHIN Partner Call April 20, 2011. Centers for Disease Control and Prevention. Office of the Associate Director for Communication. Background - Summary.

kellie-gross
Download Presentation

Robb Chapman Presentation to PHIN Partner Call April 20, 2011

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript

  1. Electronic Health Records/Meaningful Useand Public Health Message TransportThe “PHINMS vs Direct problem” Robb Chapman Presentation to PHIN Partner Call April 20, 2011 Centers for Disease Control and Prevention Office of the Associate Director for Communication

  2. Background - Summary • Public health needs to change how it transmits and receives electronic messages • EHR/Meaningful Use changes the picture • Office of National Coordinator (ONC) is emphasizing “Direct” • Direct targeted primarily at clinicians, poses some challenges for adoption across public health Agenda • Tell you what we know • Find out what you know • Propose some next actions

  3. Electronic Health Records/Meaningful Use (EHR/MU) • Primary incentive: individual health records  drives integration of clinical systems  drives technical standards for data interchange • 3 public health use cases in Stage 1

  4. Electronic Health Records/Meaningful Use (EHR/MU) • Assumption: EHR/MU data will be important to future public health surveillance, situational awareness • Monetary incentives to clinical organizations for using accredited systems • Must demonstrate at least 1 of 3 public health use cases • If public health agency not ready, clinical org gets “free pass” to claim success Public health has a window of opportunity to leverage EHR/MU

  5. EHR/MU and Message Transport • Message Transport = the technology and method used to transmit a message between partners • EHR/MU regulation contains no requirement as to message transport • “Trading partners” must use same message transport • Much of public health is invested in PHIN Messaging Service (PHIN MS) • Office of National Coordinator (ONC) is pushing Direct

  6. What is required to deliver a message securely and reliably from point A to point B • Trust in the identity of the trading partners • Authentication of sender and recipient • Assurance that sending message to recipient is appropriate • Correct address of recipient system is known • Message encryption • Assurance that • Only the sender can have sent/encrypted message • Only the receiver can receive/decrypt message • Delivery of message from A to B • Assurance of delivery • Acknowledgement • Retry

  7. What is required to deliver a message securely and reliably from point A to point B Policy and process • Certificate Authority (“Trust Anchor”) • trusted entity • vouches for identity of organizations • provides digital certificate, encryption keys • Trust in the identity of the trading partners • Authentication of sender and recipient • Assurance that sending message to recipient is appropriate • Correct address of recipient system is known • Message encryption • Assurance that • Only the sender can have sent/encrypted message • Only the receiver can receive/decrypt message • Delivery of message from A to B • Assurance of delivery • Acknowledgement • Retry • Directory • registry of trading partners • address of their systems • location of their public keys Agreed-upon transport protocol • Software • look up partners’ addresses & keys • encrypt and send • receive and decrypt • ack, retry

  8. Current “PHIN” world<1000 systems - PHIN MS

  9. Coming “Meaningful Use” world10,000s of systems

  10. Can we use PHIN MS for EHR/MU? • Yes – where we already have PHIN MS interchanges with labs, hospitals… • But generally, No • PHIN MS requires software installation at every sender and receiver site • CDC cannot scale PHIN MS tech support to 10,000s of hospitals, physicians offices • Small clinical organizations need something lightweight

  11. Direct • Office of National Coordinator (ONC) initiative for EHR/MU Phase 1 • Lightweight • Supports small physician practices • Supports interaction of physicians and patients • SMTP with S/MIME • i.e. “secure email” • ONC and CDC have established a target of 30 state health departments receiving clinical data for EHR/MU Stage 1 use cases via Direct by October

  12. Direct • Secure email is a built-in capability of most email systems but: • Is not usually enabled • Is non-trivial to configure, operate, manage • Direct points to use of existing standards and recommendations for securing interchanges • Direct is a set of specifications - not a solution • ONC’s model: • Communities of interest will form and work things out • The market will deliver solutions

  13. Is PHIN MS compatible with Direct? No • Different transport protocols • Apples and oranges: • PHIN MS = comprehensive transport solution • Direct = technical specifications, policy and practice recommendations • If secure email is non-trivial, how are 1000’s of physician’s offices going to implement it? • EHR systems with secure email capability • HISPs

  14. Health Information Service Providers (HISPs) • HISP = a function role • HISP = An entity that handles technical parts of secure message transport • HISPs are standing up to provide Direct services • Allows subscriber to obtain and publish a Direct address • Provides credentials • Provides secure messaging capabilities • May hide transport complexity – e.g. by providing friendly web interface • Subscriber still responsible for policy and process • Trust in the identity of the trading partners • Authentication of sender and recipient • Assurance that sending message to recipient i • Correct address of recipient system is known • Message encryption • Assurance that • Only the sender can have sent/encrypte • Only the receiver can receive/decrypt m • Delivery of message from A to B • Assurance of delivery • Acknowledgement • Retry

  15. How HISPs and EHR systems may provide DIRECT connectivity

  16. Is Direct the final solution for transport of health messages? Probably not… • Direct’s primary target = small physician practices • Direct not well suited to query and response • Likely to occur in Stage 2 and 3 use cases • CDC Immunization Program expert panel • State IIS systems, vendors, physicians • Reviewed immunization use cases • Selected SOAP web services instead of Direct • Evidence that commercial software vendors generally prefer web services • ONC acknowledges that a mix of transports is likely in the future

  17. So what should we do? • Public Health must endeavor to employ Direct near term • Most software and service providers for clinical health will be implementing Direct • CDC/ONC target for October • Establish the long term message transport strategy that best meets our needs • Support both EHR/MU and “internal” public health needs • Approach: Standards and Interoperability (S&I) framework • Endorsed by ONC • Articulate business level needs  analysis  tech requirements  solutions

  18. How can public health employ Direct? We need to know from you: • Have you had requests from clinical organizations to receive data using Direct? • Are you working toward employing Direct? • Working with a HISP or HIE that will provide Direct capability? • Standing up your own Direct capability? Are there resources? • In some states, HIE planning to function as HISP • ARRA funded 10 states to connect public health labs • ARRA funded 20 states to connect IIS • Match program that state Medicaid office can use • ELC Cooperative Agreement for states to build capacity

  19. Does CDC need to help?How? Some ideas: • Provide a comprehensive “PHIN MS-like” solution that utilizes Direct Can’t do this • Act as a HISP, provide Direct capability Can’t do this • Establish a competitively-priced contract vehicle for HISP services May be able to do this

  20. Does CDC need to help?How? Some assertions: Regardless of the message transport: • We need one CA solution for public health • One trustworthy entity for clinical world to interact with • Vouch for identity and credentials of public health organizations • Endorsed/certified by HHS • Every public health agency needs a directory • Registry of trading partners • Reference to their public keys • An evolution of PHINDIR CDC can spearhead these

  21. To do: • Help CDC determine level of need across states/locals • Determine how many clinical organizations are planning to send you data this year • Determine your capability to support Direct this year • Determine whether a contract vehicle for HISP services would be useful • Participate in collaboration on long term message transport strategy • Tell us what you think or know: meaningfuluse@cdc.gov

  22. Questions meaningfuluse@cdc.gov

More Related