what is direct webinar
DESCRIPTION
This webinar covers the nuts and bolts of Direct Secure Messaging and addresses the question – is it really the core to a truly interoperable future for healthcare information exchange? Topics covered include: What is Direct Where is it today How is it deployed Future of Direct Presented by Andy Nieto, Health IT Strategist at DataMotion, and sponsored by The Workgroup for Electronic Data Interchange (WEDI), the leading authority on the use of Health IT.TRANSCRIPT
Direct Secure Messaging
Communicating in the Healthcare WorldAndy Nieto, Health IT Strategist, DataMotion
Agenda
• Email and Direct in healthcare, a little history
• So what is Direct, really
– Certificates
– PKI
• Two forms of Direct
– Provider to provider
– Provider to patient
• Controls in place
• Direct ecosystem
• Integrating with Direct
• A look forward
2
Evolution of healthcare IT
3
1972 First EHR Introduced
1996 HIPAA
2001 EHR system usage at 18%
2003 HIPAA Security Rule
Feb 2009 HITECH - ARRA
2013 Meaningful Use 2 Rules included Direct
2011 Meaningful Use Stage 1 attestation begins
Jan 2013 Final HIPAA Omnibus ruling
2014 attestation for Meaningful Use 2 begins
1971 first email sent
Email in healthcare - 2008
“The Privacy Rule allows covered health care providers to communicate electronically, such as through e-mail, with their patients, provided they
apply reasonable safeguards when doing so”(http://www.hhs.gov/ocr/privacy/hipaa/faq/health_information_technology)
2013 refinement of HIPAA
• Privacy concerns
• Security concerns
• BAA – who is liable
5
Looks like email, acts like email –but ONLY for healthcare
6
You may end up with multiple Direct addresses.
So what’s the difference: Standard Email versus Direct
7
Standard Email
Standard message protocol
Internet delivery
Direct
Standard message protocol
Internet delivery
Identity validation
Secure encryption
End-to-end trust & liability
What is Direct Secure Messaging
8
Sender
Direct (SMTP/SMIME)
Identity Validation
Secure Messages & Files
RecipientReceiving HISPSending HISPMobile Device
EHR System
The KEY - X.509 Digital Certificate
• Registration Authority (RA) confirms identity
• Certificate Authority (CA) issues certificate
• Healthcare Information Service Provider (HISP) manages certificate
9
What is PKI or public key infrastructure
Let’s say your safe deposit box is the information to be encrypted.
• Public key (bank’s key to safe deposit box)
• Private key (your key to safe deposit box)
Both are required to open and close the box, allowing you to see what is inside.
PKI with Direct
• Sender and receiver trust validated (identity confirmed with certificate)
• Message encrypted with receiver's public key
• Encrypted message sent via Internet to recipient
• Receiver’s private key used to decrypt
2 types of Direct
• Provider to Provider
• Provider to Patient
12
Between providers
13
[email protected](Has been identity vetted, has X.509Digital certificate bound to address.)
[email protected](Has been identity vetted, has X.509Digital certificate bound to address.)
EHR EHR
encryption
identity validation
Between provider and patient via PHR or portal
14
[email protected](Has been identity vetted, has X.509Digital certificate bound to address.)
[email protected](Has been identity vetted, has X.509Digital certificate bound to address.)
encryption
identity validation
EHR PHR
Blue Button®
health record retrieval system
15
‘Blue Button’, the slogan, ‘Download My Data’ the Blue Button Logo, and the Blue Button Combined Logo” are registered Service Marks of the U.S. Department of Health and Human Services
Who is in charge
16
ONC’s view of Direct
17
Focus view
18
HISP
Integration
Integration pathways for Direct
XD* interface
Email client
Web portal
Web service
19
POP & SMTP
APIs
HTTPS://
Typically to an EHR or HIE
Not directly to a user
Typically to an EHR or HIE
Not directly to a user
Is there a Provider Directory
• Multiple addresses per provider
– EHR
– HIE
– Hospital
– Association
• XD connections don’t require mailboxes
• No universal directory format
• Cellphone directory? Email directory?
How do I know it was delivered
• Message Disposition Notification (MDN)
– Dispatched
– Processed
The success view
22
Certification
Direct today
• 44 States have adopted Direct
• Major Growth*
*as reported by the Direct Trust May, 2014
Who is Using Direct
What does the future hold
• Standard for healthcare communication and dialog
– EHR, HIE and Public Health Integration
• Patient engagement
– Self-reporting
– Syndromic surveillance support
• Product integration
• Electronic Submission of Medical Documentation System (esMD)
• eSigning – Digital Certificate as Identity
25
Thanks
Andy Nieto
Healthcare IT Strategist
973-455-1245 x240
26