Session 4_Direct Boot Camp_User Interfaces and
advertisement
User Interfaces & Deployment Models Session 4 April 12, 2011 Agenda • User Interfaces: how do participants interact using Direct? – What are the options for Direct clients? – What are the pros and cons of each option? • Deployment Models: how can we securely enable Direct? – What are the options for security and routing? – What are the benefits and risks for each? • Panelists – live demos/real-world examples from: – Greg Chittim, Rhode Island Quality Institute Consultant; Director of Provider Services, Arcadia Solutions – Vincent P. Lewis, Principal Architect, MedAllies, Inc. – Holly Miller, MD, MBA, FHIMSS, Chief Medical Officer, MedAllies Inc. – Kim Long, Program Manager, MedPlus, a Quest Diagnostics Company • Q&A • Poll 2 User Interfaces – Overview of Options • Email Client – S/MIME Encryption is popularly supported – Downloadable Plug-in for Direct @ • Web Portal (or Webmail) – Web Portal can be set up by HISP or HIE – Webmail with plugin for Direct • EHR – Module that enables Direct messaging – Message generated and sent by EHR without intermediate steps Individual communities are likely to include instances of all user interfaces, depending on provider preferences and choices in the local market 3 User Interfaces – Pros and Cons @ Email Client Web Portal EHR Can enable requirements of MU Stage 1? Yes Yes Yes Accessible to physicians without upgraded EHRs? Yes Yes No Familiar User Interface? Yes Possible Yes Uniform interface for clinical data entry, storage, and exchange? No No Yes Seamless integration with clinical data record? No No Possible Possible Yes Yes Controlled Security Environment 4 Deployment Models – Overview of Options Dest HISP Src Src HISP Src Src HISP Dest HISP • Encryption at Client – Client does encryption/decryption locally – Capabilities built into the EHR – Relies on HISP for routing • Encryption at HISPs – HISP provides encryption/decryption – HISP provides routing – Client interacts through EHR, Email, or Portal • Direct and XDR (optional) – Some HIEs use the IHE XDR profile for push workflows – This deployment model enables compatibility with the Direct Project Dest Dest Dest Individual communities likely to employ all deployment models, depending on provider preferences and local EHR choices. States need to enable HISPs regardless. 5 Deployment Models – Pros and Cons Encryption at Client Pros Cons • Can utilize 100% off-the-shelf e-mail clients available today (20+ email clients support S/MIME today) • Offers TLS as a point-to-point additional protection - also commonly available today • No PHI is exposed to any HISP • ’Sent' mail folder can be examined for inappropriate exposure of PHI • Configuration requires that the client can handle S/MIME and address book to store certificates; e.g., EHR or Email client with S/MIME/certificates enabled • Harder to automate inside an EHR/PHR workflow, though can be mitigated Encryption at HISPs • Client does not need to perform S/MIME functions, so any e-mail client can be used • The HISP has access to all the content so could provide value added services, such as informing of Account Disclosures • The management of certificates and private keys is offloaded to the HISP, minimizing the burden on the client's implementation • TLS is mandated between Client and HISP to assure confidentiality of information transmitted • HISP has full access to PHI – requires policy consideration; e.g., BAA with provider or HIE • HISP has full access to Private key, thus can 6 impersonate the user Threat Models for these deployments (including “Direct to/from XDR”) available at: http://wiki.directproject.org/Threat+Models User Interfaces & Deployment Models Demos • Example 1: Rhode Island Quality Institute (RIQI) – User Interface(s): EHR, Web Portal, Email Client (optional) – Deployment Model(s): Encryption at HISPs – Actors: Provider (PCP and Specialist), State HIE (currentcare) • Example 2: MedAllies – User Interface: EHR – Deployment Model: Encryption at HISPs, Direct and XDR – Actors: Hospitals/IDNs, Primary Care Physicians, and Specialty Physicians • Example 3: MedPlus, a Quest Diagnostics Company – User Interface(s): REST Client, Email Client, Web Portal – Deployment Model(s): Encryption at HISPs – Actors: Provider, Patient 7 RIQI Direct Demo What problems do the RIQI deployment models solve? The RIQI pilot enables an innovative solution to two difficult problems that will face healthcare providers and health information exchanges in the coming years: How do providers demonstrate Meaningful Use of health information exchange (hie)? How do you feasibly feed data from hundreds of heterogeneous practices into state Health Information Exchanges (HIE)? Direct Project The RIQI pilot is proving out solutions to both of these use cases 9 Using Direct to feed a Health Information Exchange The “Aha!” Moment: If it is inexpensive and easy to share data between two individual doctors using Direct, then why not use it to solve the bigger challenge by swapping out one of the doctors for the state’s HIE? How it works • • • Why it’s such an elegant solution • • • • • Use Direct Project messages to securely transport health information from EHRs to the HIE Package information in standard Continuity of Care Documents (CCDs) that capture all aspects of a patient’s health record Work with EHR platform vendors to implement very simple updates that work in the background so that doctors can focus on patient care Agnostic of what EHR a provider has, or what customizations exist Standard data format – no matter what the workflow, the CCD will be the same Providers will already have Direct accounts for doctor to doctor communication No special or custom connections required – just the internet Utilizes the emerging national standards – nothing “special” for Rhode Island 10 Clinical Process Demo http://www.youtube.com/watch?v=LSTkr 45qefQ 11 Two Deployment Models Two distinct deployment models are being implemented: (A) direct provider-to-provider communication that meets Stage 1 Meaningful Use for health information exchange, and (B) transparent clinical updates from the EHR to the state HIE currentcare, both via Direct Model A: Manual, direct provider-to-provider message Sending Provider Model B: Transparent updates of currentcare by provider EHRs Sending Provider Mail application (web, outlook, etc…) Receiving Provider Message with patient data attached (optional) EHR clinical update made Properly routed message with patient data attached (optional) Health Information Service Provider (HISP) EHR Mail application (web, outlook, etc…) Hosted Participation Gateway Automatic Actions Automatic Actions Generate CCD (C32 v2.5) Open message Parse CCD Call Direct Web Service Address message to currentcare Attach CCD Send message via Web Service execution Message with CCD attached Match Patient De-duplicate Data Load Data currentcare 12 Detailed Solution Architecture 13 MedAllies Direct Pilot Technical Track MedAllies use of the Reference Implementation • Currently MedAllies uses an unmodified implementation of the Java Reference Implementation. There is a C# version as well. http://wiki.directproject.org/Reference+Implementation+Workgroup • SMTP and XD* are both implemented and work in synergy (all three deployment models) • MedAllies has performed testing with several EHR and Hospital system vendors across three primary Meaningful Use use cases. • Modifications may be needed for Configuration Services only • Java Reference Implementation available in binary and in source code open source distributions. – Web services implemented in Tomcat, Mail service adapters implemented in Apache James. 15 Java Reference Implementation Architecture External Direct SMTP SERVICES SMIME “Real” SMTP Server TLS Secure (TLS) Email Client Gateway (Apache James) Configuration Web Service Apache Mailet API SQL Security Agent Configuration Web UI Apache Mailet API XD* Agent External XD* SERVICES TLS XD* SOAP SERVICE TLS External XD* SERVICES 16 MedAllies Direct Pilot Clinical Track Process: Use cases and Story Boards Hospital Discharge Message (from the Hospital to the PCP ) 1.3 1.1 Setting: Hospital Activity: - Create Message with both minimal standard data set and Discharge context relevant data set (including discharge note and instructions) Scope – Current Hospitalization - Select Intended Recipient (PCP) and Send CCD via XDR to MedAllies HISP Content Creator: Discharge MD 1.2 (HISP transaction) Hospital EHR sends discharge CCD package via XDR to MedAllies HISP MedAllies HISP routes CCD Package to Ambulatory EHR Setting: PCP Activity: - Receive CCD - Match/reconcile patient with existing patient, or create/register new patient Schedule appointment as needed - Store CCD in patient record - Message to PCP re: New Patient Document Content Consumer: PCP, Scheduler, Nurse Care Manager (if applicable to the practice, e.g. PCMH) 18 Closed Loop Referral (Referral from PCP to Specialist & Back to PCP) 1.1 Setting: PCP Activity: - Create CCD with: both minimal standard data set and referral context relevant data set (including reason for referral) - Select Intended Recipient - Send CCD via XDR to MedAllies HISP Content Creator: PCP 1.3 1.2 (HISP transaction) PCP EHR sends referral CCD via XDR to MedAllies HISP Setting: Specialist Activity: - Receive CCD and match/register new patient & schedule appointment as needed - Store CCD in patient record - Message to Specialist re: New Patient/Docum ents Content Consumer: Specialist & Scheduler 1.4 1.5 Setting: Specialist (HISP transaction) Activity: Specialist EHR sends consult note CCD via XDR to MedAllies HISP - After patient visit, construct patient consult note CCD for PCP with: both minimal standard data set and consultation context relevant data set (including consultation note) Content Creator: PCP or tasked staff 1.6 Setting: PCP Activity: - Receive CCD from specialist and match with patient record. - Store CCD in patient record - Notify PCP Specialist CCD consult note received Content Consumer: Front Desk Staff, PCP, Nurse Care Manager (if applicable to the practice, e.g. PCMH) 19 MedAllies Direct Pilot Hospital Discharge Building the Story Board Creating the Message • Actor (Determined by the provider organization) • Functionality (Determined by the EHR System) – What is in the message • (Determined by: vendor e.g. free text in the Message; provider organization e.g. version and functionality implemented (CPOE), and ancillary systems integrated) • Screen shot(s) • Dependencies – Practice • e.g. CPOE implementation , ancillary integration – EHR Vendor • E.g. Upgrade with the desired functionality 21 Finalizing and Launching the Message • Actor (Determined by the provider organization) • Functionality (Determined by the EHR System) – e.g. EHR prompts with system events (such as d/c order) • Screen shot(s) • Dependencies – Practice – EHR Vendor 22 Finalizing/Signing the Message • Actor (Determined by the provider organization) • Functionality (Determined by the EHR System) – e.g. Automated inclusion of a standard data set (patient demographics, reconciled active medications, allergies, active problem list, etc.); Clinician selection of a pertinent variable data set (pertinent test and study results, procedures, etc.) • Screen shot(s) • Timeline for dependencies – Practice – EHR Vendor 23 Selecting the Intended Recipient • Actor (Determined by the provider organization) • Functionality (Determined by the EHR System) – e.g. Automated entry of PCP of record by EHR system • Screen shot(s) • Timeline for dependencies – Practice – EHR Vendor 24 MedAllies HISP Message Delivery • Automated secure routing of documents and authentication of users • MedAllies functionality 25 MedAllies Direct Demo Vignette 1: Hospital Discharge Vignette 2: Closed Loop Consultation MedPlus Direct Demo Architecture Overview 28 Demonstration Overview 29 Q&A Poll 31
