Sometimes an idea seems too simple to work in order to solve a complex problem. That was my reaction when I first read about the Direct Project. I am one of those people that really hates filling out the clipboard in the doctor’s office because I can’t remember when I had my gall bladder out. I’m just glad that it’s long gone. Any idea that will reasonably replace paper handling, mail or fax machines for managing patient data is a step in the right direction in my book.
The secret of using secure email for transmitting highly confidential healthcare documents from hospital to doctor, or doctor to doctor is following key internet standards. The simple part comes from all of the types of secure emails that can be generated: manual, created by your EMR, created from a laboratory system, etc. Technically, a product or service that supports the Direct Project is responsible for packaging the content of messages, securing it, and transporting it from a sender to a recipient. The key standards are:
- Message content is packaged using Multipurpose Internet Mail Extensions (MIME), with optional use of integrating the Healthcare Enterprise’s Cross-Enterprise Document Media Interchange integration profile.
- Confidentiality and integrity of the content of messages is handled through S/MIME encryption and signatures.
- Authenticity of the message’s sender and receiver is established with X.509 digital signatures.
- Routing of messages is handled through SMTP.
This is one of those examples where standards help keep it simple.
There are about 12 ways that the Direct Project can support Stage 1 Meaningful Use in the initial implementation phase where we are now:
- Primary care provider refers patient to specialist including summary care record
- Primary care provider refers patient to hospital including summary care record
- Specialist sends summary care information back to referring provider
- Hospital sends discharge information to referring provider
- Laboratory sends lab results to ordering provider
- Transaction sender receives delivery receipt
- Provider sends patient health information to the patient
- Hospital sends patient health information to the patient
- Provider sends a clinical summary of an office visit to the patient
- Hospital sends a clinical summary at discharge to the patient
- Provider sends reminder for preventive or follow-up care to the patient
- Primary care provider sends patient immunization data to public health
In order for the Direct Project to support secure email between clinical parties that may not be part of the same financial organization or hospital system, the Direct Project introduces the concept of a HISP, or Health Information Service Provider. A HISP is not necessarily a separate business or technical entity; instead, it is a logical concept that encompasses certain services that are required for Direct Project exchange but may be performed or handled by a party other than the sender or receiver, depending on the deployment option chosen by the implementation. The HISP would be responsible for the secure store and forward needs for transmitting healthcare documents.
Microsoft has developed a Word document that describes how to implement a complete Direct solution using the free open source Direct Reference Implementation Gateway and Microsoft Exchange Online, which is a part of Microsoft’s cloud-based productivity suite, Office 365. The Direct Project specifies a set of protocols and standards that enable secure messaging between organizations within the healthcare ecosystem. As part of the Direct Project, there’s a .NET reference implementation and a Java reference implementation that implement the protocols.
Once deployed, the Direct Gateway allows your organization to send and receive Direct messages. Recipient organizations with which you have a trust relationship will be able to receive Direct messages from your organization. Similarly, your organization will be capable of receiving Direct messages from other organizations with which you have established trust.
Once configured, incoming messages always pass through the Direct Gateway before they’re handed to Exchange Online. The Gateway enforces the Direct security model and forwards messages that pass the security and trust agent validation. Messages that fail validation are rejected by the Gateway and are not forwarded to Exchange Online. Similarly, when messages are sent out of your organization to other organizations using Exchange Online, they always pass through the Direct Gateway. This ensures the messages are signed and encrypted using the Direct protocols before they leave your organization’s boundary, thus promoting the Direct Project and meeting key Meaningful Use guidelines.
If your organization is interested in learning more about implementing The Direct Project to ease the exchange of secure healthcare documents, reduce or eliminate fax machines, or snail mail, please contact us at www.perficient.com. I strongly believe this simple solution will be gaining traction across the U.S, with healthcare organizations of all types looking to securely exchange health information – don’t miss out. Your patients and physicians only have lots of paperwork to eliminate!