Secure Info Exchange Tests Begin

'Direct Project' Focus: Simple Health Information Exchange
Secure Info Exchange Tests Begin
Two pilot projects to test The Direct Project, which enables simple, secure exchanges of information between two healthcare organizations, have been formally launched, with six more to come, federal officials confirmed this week.

If the tests are successful, the open source specifications for the project could be made available for use by electronic health records vendors, organizations facilitating health information exchange and others by spring, Arien Malec said in an earlier interview with HealthcareInfoSecurity.com (See: Tests of 'NHIN Light' Standards Begin). Malec is coordinator of the project, which was formerly known as NHIN Direct.

The first pilots are in Minnesota and Rhode Island, the Department of Health and Human Services' Office of the National Coordinator for Health Information Technology announced this week. Others will be launched soon in New York, Connecticut, Tennessee, Texas, Oklahoma and California.

Secure E-mail

The Direct Project is designed to offer an alternative to using fax machines, snail mail or a courier to complete simple information exchanges. The project's specifications, which are available for both Java and .Net formats, enable what amounts to healthcare-specific secure e-mail. Organizations will be able to use the Direct Project to help meet information exchange requirements for stage 1 of the HITECH Act electronic health record incentive program.

The Office of the National Coordinator is overseeing The Direct Project, which is primarily a volunteer-supported effort. The HIT Standards Committee will review results of the pilots this spring and recommend whether HHS should release the specifications for anyone to use, Malec said.

Since mid-January, Hennepin County Medical Center has been using the secure e-mail specifications to send immunization records to the Minnesota Department of Health. Meanwhile, the Rhode Island Quality Institute is leveraging secure messaging to feed clinical information, with patient consent, from the electronic health records of clinics to a statewide health information exchange.

Encryption Plays a Role

The Direct Project specifications include encryption and digital certificates to support simple one-to-one "push" exchanges. The project is as a "light" version of the Nationwide Health Information Network standards, which accommodate more complex transactions.

The government defines NHIN as "a set of policies, standards and services that enable the Internet to be used for secure and meaningful exchange of health information to improve health and healthcare." NHIN Connect provides details on implementing the evolving NHIN standards. Federal regulators are preparing to craft a rule for how to govern organizations that use the NHIN standards. Meanwhile, the NHIN Exchange is supporting some health information exchange between federal agencies and the private sector.

Extensive details on the Direct Project are available on a new website, which describes the project as "a simple, secure scalable standards-based way for participants to send authenticated, encrypted health information directly to known, trusted recipients over the Internet."

A Simplified Approach

When the original NHIN Direct concept was unveiled last February, one federal official likened it to "an online version of the intercom," while another called it "a light-weight on-ramp" for health information exchange.

The renamed Direct Project's specs could be used, for example, to support a primary care physician making a referral to a specialist, requesting test results from a lab, or sending information to a patient's personal health record.

In contrast, the NHIN standards would come into play, for example, when a hospital placed a query to retrieve, or pull, records on patients from several other organizations where they've been treated, Malec explained.

Organizations offering health information exchange services might eventually use both the Direct Project and NHIN standards.

HITECH Act Mandate

The HITECH Act, which provided funding for the start-up of statewide health information exchanges, mandated the creation of the NHIN and Direct Project standards as ways to improve care quality by easing access to patient information while maintaining security.

Although dozens of health information organizations are rolling out health information exchange services across the country, many use proprietary models, Malec noted. Plus, it can prove difficult for a hospital or physician to navigate data exchange by using multiple networks in a region, he added.

The Direct Project, along with NHIN, could help ease information exchange no matter what networks are available in a region and pave the way for national data exchange, he said.

Secure E-Mail

To ensure the confidentiality and integrity of the content of messages, the specifications use S/MIME encryption and signatures. Authenticity of the message's sender and receiver is established with X.509 digital signatures. Routing of messages is handled through SMTP.

Under the HITECH Act electronic health record incentive program, participating hospitals and doctors must be able to accommodate several basic secure information exchanges, such as for patient referrals, to qualify for payments in stage one. As a result, many EHR vendors are attempting to accommodate connectivity in their software. Malec hopes The Direct Project specs will help EHR vendors add those connectivity functions.


About the Author

Howard Anderson

Howard Anderson

News Editor, ISMG

Anderson is news editor of Information Security Media Group and was founding editor of HealthcareInfoSecurity and DataBreachToday. He has more than 40 years of journalism experience, with a focus on healthcare information technology issues. Before launching HealthcareInfoSecurity, he served as founding editor of Health Data Management magazine, where he worked for 17 years, and he served in leadership roles at several other healthcare magazines and newspapers.




Around the Network

Our website uses cookies. Cookies enable us to provide the best experience possible and help us understand how visitors use our website. By browsing inforisktoday.co.uk, you agree to our use of cookies.