The Office of the National Coordinator of Health IT has issued (pdf) guidelines for statewide health information exchanges that have launched or are starting services that use the Direct Project secure messaging protocol.
Direct Project was launced in March 2010 as part of the Nationwide Health Information Network. It was created to specify a simple, secure, scalable, standards-based way for participants to send authenticated, encrypted health information over the Internet.
According to ONC, many health information service providers — private companies that route Direct Project messages between providers or between providers and patients — are deploying Direct Project in a way that enables exchange within a given HISP's boundaries but not with other HISPs. "Such limitations effectively block providers using different HISPs from exchanging patient information," ONC wrote in the document.
Some HISPs have begun making one-to-one agreements with other HISPS to exchange information. However, ONC states that such agreements are expensive and time-consuming to implement as well as cumbersome to monitor and enforce. The governance for NwHIN — which Direct Project is compatible with — is designed to provide rules of the road and a voluntary validation process to alleviate the need for legal agreements among and between HISPs.
Until NwHIN governance may take over, ONC recommends the following policies and practices for HISPs:
• Conform to all of the requirements specified in the Applicability Statement for Secure Health Transport.
• Have contractually binding legal agreements with their provider clients as business associates.
• Comply with all HIPAA security requirements for business associates of providers.
• Demonstrate conformance with industry standard practices for security and privacy of personal health information.
• Minimize collection and use of personal health information.
• Facilitate only Direct messages that use approved digital certificates.
• Encrypt all communications between end user systems and HISP systems.
• Enable specifications that support Direct-ready implementations by electronic health record vendors.
5 Tips to Improve Hospital HIEs for Value-Based Purchasing
Kaiser Permanente, Social Security Administration Launch HIE Pilot
Direct Project was launced in March 2010 as part of the Nationwide Health Information Network. It was created to specify a simple, secure, scalable, standards-based way for participants to send authenticated, encrypted health information over the Internet.
According to ONC, many health information service providers — private companies that route Direct Project messages between providers or between providers and patients — are deploying Direct Project in a way that enables exchange within a given HISP's boundaries but not with other HISPs. "Such limitations effectively block providers using different HISPs from exchanging patient information," ONC wrote in the document.
Some HISPs have begun making one-to-one agreements with other HISPS to exchange information. However, ONC states that such agreements are expensive and time-consuming to implement as well as cumbersome to monitor and enforce. The governance for NwHIN — which Direct Project is compatible with — is designed to provide rules of the road and a voluntary validation process to alleviate the need for legal agreements among and between HISPs.
Until NwHIN governance may take over, ONC recommends the following policies and practices for HISPs:
• Conform to all of the requirements specified in the Applicability Statement for Secure Health Transport.
• Have contractually binding legal agreements with their provider clients as business associates.
• Comply with all HIPAA security requirements for business associates of providers.
• Demonstrate conformance with industry standard practices for security and privacy of personal health information.
• Minimize collection and use of personal health information.
• Facilitate only Direct messages that use approved digital certificates.
• Encrypt all communications between end user systems and HISP systems.
• Enable specifications that support Direct-ready implementations by electronic health record vendors.
More Articles on Health Information Exchange:
CHIME Voices Concern Over ONC's "Rush" to Create Nationwide HIE5 Tips to Improve Hospital HIEs for Value-Based Purchasing
Kaiser Permanente, Social Security Administration Launch HIE Pilot