Anatomy of Direct Session 3 April 12, 2011 Agenda • Overview of Direct • How does Direct work? • Direct in the Real World • Panelists: – David C. Kibbe, MD MBA, Senior Advisor, American Academy of Family Physicians; Chair, ASTM International E31Technical Committee on Healthcare Informatics; Principal, The Kibbe Group LLC – Cris Ross, Executive Vice President and General Manager, Clinical Interoperability, Surescripts – Mark Bamberg, VP Research & Development, MEDfx • Q&A • Poll 2 What is Direct? A project to create the set of standards and services that, with a policy framework, enable simple, directed, routed, scalable transport over the Internet to be used for secure and meaningful exchange between known participants in support of meaningful use 3 Secure Internet-based Direct Communications Direct Project specifies a simple, secure, scalable, standards-based way for participants to send encrypted health information directly to known, trusted recipients over the Internet. b.wells@direct.aclinic.org • • • • h.elthie@direct.ahospital.org Simple. Connects healthcare stakeholders through universal addressing using simple push of information. Secure. Users can easily verify messages are complete and not tampered with in travel. Scalable. Enables Internet scale with no need for central network authority. Standards-based. Built on common Internet standards for secure e-mail communication. 4 Why Direct? When current methods of health information exchange are inadequate: Communication of health information among providers and patients still mainly relies on mail or fax – Slow, inconvenient, expensive – Health information and history is lost or hard to find in paper charts Current forms of electronic communication may not be secure – Encryption features of off-the-shelf e-mail clients not often used in healthcare communications today Physicians need to transport and share clinical content electronically in order to satisfy Stage 1 Meaningful Use requirements. – Need to meet physicians where they are now – Direct will be one of the communication methods in the Nationwide Health Information Network 5 Who is Direct? (as of November 2010) The Direct Project represents over 50 organizations and over 200 participants. – Members participate in the Implementation Group and one or more of 6 workgroups. Implementation Group (50+ organizations, 200+ participants) Security and Trust Best Practices Implementation Geographies Communications Documentation and Testing Reference Implementation 6 What do you need to enable Direct? • Direct Addresses • Security & Trust Services • Direct Messages • Message Transport & Delivery 7 Direct Addresses • Direct Addresses are used to route information – Look like email addresses – Used only for health information exchange b.wells@direct.aclinic.org Endpoint Domain Direct Address • An individual may have multiple Direct addresses 8 Security & Trust: Certificates • Each Direct Address must have at least one digital certificate associated with it in order to securely transmit and receive health information – – Certificate may be tied to either the specific Direct Address or the Domain that is part of that address X.509v3 digital certificate standards • By using certificates to securely transmit and receive information… – The Sender has a strong mathematical certainty that only the Receiver or explicitly authorized delegates can view the message – The Receiver has a strong mathematical certainty that only the Sender sent the message – Both Sender and Receiver have confidence that nothing happened to the message in transit (e.g., tampering, disclosure, etc.) 9 Security & Trust: Certificate Discovery • Certificate discovery must occur prior to a Direct message being sent in order to fulfill the encryption functions of the S/MIME format • Discovery based on existing Internet protocols – Existing specifications exist for discovery via DNS • Address-bound certificates must be associated with a Directformatted address • Organization-bound certificates are stored under the Health Domain Name – If DNS is not supported, an alternate method must be offered 10 Security & Trust: Trust Anchors • Certificates are issued by Trust Anchors • Trust Anchors are Certificate Authorities (CAs) • Certificates are issued to parties that agree to abide by policies set and/or enforced by the Trust Anchor 11 Direct Messages • Direct Messages are essentially email messages (RFC 5322) – Headers – Contents – text plus attachments – Security information – signatures, certificate information as applicable • Contents can be (and often are) structured, but can be unstructured – – – – – HL7 lab results CCD, CCR PDF, TIFF Text and other human-readable representations IHE XDM specifications 12 Message Transport & Delivery • Direct specifies Simple Mail Transport Protocol (SMTP) as its primary mechanism for delivering healthcare content from a sender to a receiver – This choice supports environments that have minimal capabilities in terms of using Web Services and generating detailed metadata and allows for more advanced interoperability 13 Direct Project Compliance • Compliance is defined in the Applicability Statement for Secure Health Transport – Core set of requirements for using SMTP, S/MIME, and X509 certificates in an interoperable way • However, it’s recognized that communities may use other standards or proprietary mechanisms internally – Will generally have Direct-compliant gateways that implement the Applicability specification while harmonizing local standards/mechanisms to Direct-equivalents – XDR and XDM for Direct Messaging specifies such a solution when using IHE XDR for local transport 14 SOAP, IHE and XD* Conversions • While SMTP is the primary delivery method for Direct, some healthcare environments have existing SOAPbased Web Services that provide detailed metadata and have adopted a family of IHE profiles – SOAP – format for exchanging structured information, based on XML for message format • XDR and XDM for Direct Messaging – XDR – supports a direct push model using Web Services transport – XDM – supports a direct push model with SMTP as a transport option, among several • XD* Conversion – Enables interoperability between Direct participants who may be using SOAP+XDR, SMTP+XDM, or SMTP+MIME 15 XD* Conversion Processes XD* Conversion involves both transport and metadata • Always occurs when moving between transport mechanisms • Metadata may be created or transformed Three cases each for Senders and Receivers: • SMTP+nonXDM (RFC5322+MIME) • SMTP+XDM (RFC5322+XDM) • SOAP+XDR 16 Direct in the Real World AAFP Physicians Direct – David C. Kibbe, MD MBA, Senior Advisor, American Academy of Family Physicians; Chair, ASTM International E31Technical Committee on Healthcare Informatics; Principal, The Kibbe Group LLC – Cris Ross, Executive Vice President and General Manager, Clinical Interoperability, Surescripts MEDfx – Mark Bamberg, VP Research & Development, MEDfx 17 AAFP Physicians Direct “Direct Plus” secure online messaging for physicians in partnership with Surescripts Doctor-to-Doctor Information Sharing How do doctors predominantly share patient records with other medical professionals? 17% Electronic means 83% Non-electronic means 25% Non-electronic means 74% Electronic means Electronic = Computer storage devices + electronic networks + email or secure messaging Non-electronic = Fax + mail or courier + give records to patients Source: Markle Foundation 19 Patient-Doctor Information Sharing How do doctors predominantly share patient records with patients? 5% Electronic means 95% Non-electronic means, or do not share records 52% Non-electronic means, or do not share records 47% Electronic means Electronic = computer storage devices + website + email or secure messaging Non-electronic = fax/mail or courier + paper copies + don't share records Source: Markle Foundation 20 Agenda • A brief overview of Direct-compliant implementations – What does having a Direct address mean? What can you do with it? What basic service or infrastructure must a Direct addressee have available to her to do Direct-compliant clinical messaging? – What is a HISP? What does the Direct Project specify that a HISP must do in order to offer Direct-compliant clinical messaging functionality to its users, members, or subscribers? • AAFP Physicians Direct via the Surescripts CI Network – Why did the AAFP choose to partner with Surescripts to bring its members a national, secure, and affordable clinical messaging service? – What are the differences between Direct-compliance and what we are calling a “Direct-plus” clinical messaging solution 21 What will having a Direct address mean for me? Therefore, one answer to this question is that having a Direct address means you can can send authenticated and encrypted health information directly to a known and trusted recipient over the Internet. 22 What’s a HISP? In brief, the essence of a HISP’s duties are to: •Package message content using MIME and, optionally, XDM. •Secure the confidentiality and integrity of the content by handling it through S/MIME encryption and signatures. •Ensure the authenticity of the sender and receiver via X.509 certificates. •Route messages through at minimum SMTP (other protocols allowed by • mutual consent between HISPs) 23 More detail on HISP functionality • A HISP must be able to assign unique Direct addresses to individuals or organizations, e.g. johndoe@direct.sunnyfamilypractice.com. • A HISP must be able to associate X.509 certificates with full Direct address (e.g., johndoe@direct.sunnyfamilypractice.com) or Health Domain Names (e.g., direct.sunnyfamilypractice.com). The HISP may issue the certificates itself as a Certificate Authority (CA) or obtain the certificates from a trusted third-party CA. • A HISP must provide an “edge” or “on-ramp” protocol or application/protocol combination to the user, for sending and receiving messages and attachments. The protocol must comply with a minimum set of privacy and security requirements for protection of PHI. (What are these?) • A HISP must be able to format the “payload” as an RFC5322-compliant email message with a valid MIME body (RFC2045, RFC2046). 24 More detail on HISPs, continued • A HISP must be able to sign, encrypt, decrypt, and verify the payload using S/MIME. • A HISP must have a method for discovering the certificates of message recipients prior to sending a message, in order to fulfill the encryption functions of S/MIME. (TBD) • A HISP must be able to judge the trustworthiness of certificates issued by Certificate Authorities that are presented to it in the course of sending and receiving messages. ((TBD) • A HISP must be able to judge the trustworthiness of leaf certificates used as trust anchors. (TBD) 25 More detail on HISPs, continued In addition to these requirements, it is optional that a HISP •Support certificate publication in a directory that is available to other HISPs. (TBD) •Utilize DNS servers to store both the users’ Direct addresses and the certificates associated with them (public key only). (TBD) 26 Context - governance Direct standards and specifications are developed by a group of public-private stakeholders, using an open and transparent collaborative process. • • • • Direct Project Output: Standards and Service Definitions Implementation Guides Reference Implementation Pilot project testing and real-world implementation Vendors incorporate reference implementation into HIT products Wide-scale adoption of Direct standards by late 2012 27 Opportunity for States and HIEs to build on and drive adoption ONC Materials, presented to HITSC March 29 Incorporation of HITPC, HITSC, and ONC policy guidance 27 First phase grounded in real-world pilot projects implemented by early 2011 Context - NwHIN • Nationwide Health Information Network Exchange (NwHIN) – 10 Current Exchange Participants DoD Kaiser Permanente VA Regenstrief Institute SSA HealthBridge CDC Inland Northwest Health Services MedVA NCHICA – Active Onboarding applicants • Qualification -- 9 (Beacon Community, State HIEs and CMS and their partners) • Validation -- 13 (7 SSA Awardees, 3 Beacon Community and 3 State HIEs) • Activation -- 5 (5 SSA Awardees) – Inquiries received: 14 (combination of State HIEs, Beacon Community awardees and others) – HITECH obligates ONC to establish a governance mechanism for the nationwide health information network. ONC is initiating rulemaking process, with notice of proposed rulemaking expected in fourth quarter of 2011. 28 ONC Materials, presented to HITSC March 29 Context - Connect • Ongoing Release cycles and development – CONNECT 2.5 released February 2011 – CONNECT 3.2 to be released in June 2011 • Additional Updates • Building an automated test environment for organizations to better test their CONNECT installations to be able to share data securely with other organizations using Nationwide Health Information Network standards • Expecting to award new development contract within next month • ONC remains committed to establishing modular implementation specifications and robust testing to assure interoperability 29 ONC Materials, presented to HITSC March 29 Context – look ahead to Stage 2/3 MU • Need to explore “low regret” standards for future information exchange needs to support innovation and a learning healthcare system • Candidates include: – Synchronous secure transport (e.g., SOAP + TLS + WS-Security and HTTP + TLS + OAuth2) – Subset of current NWHIN specifications for exchange – Metadata for a universal exchange language derived from existing exchange standards – Distributed queries to support risk adjustment, quality reporting, public health 30 ONC Materials, presented to HITSC March 29 Implementation example: Surescripts • Surescripts extending network beyond e-prescribing to doctor-to-doctor exchange of messages • Will connect to EHR vendors using interfaces similar to e-prescribing – Directories, certification, security and privacy, vendor and user support • Internet portal and “send to anyone”, including HISPs • Will leverage Direct protocols (e.g. hospital lab to public health connection, connect to HISPs) • Will leverage Exchange, Connect and standards as developed • Provide interoperability regardless of technology platform or protocol • “Direct Plus” – Direct and connection to other protocols – Direct augmented with additional services (directory, certification, support) 31 Physicians Direct Description AAFP Physicians Direct is an information service, offered in partnership with Surescripts, which will provide users and their colleagues secure, affordable, and easy-to-use electronic clinical messaging. Use of the service to exchange health data among physicians will improve continuity of care, support achievement of Meaningful Use, and advance the patient-centered medical home. AAFP Physicians Direct will provide a web-based portal for subscribers to securely send and receive messages and attachments, and the portal will be branded as an AAFP service. Colleagues (consultants) will be urged to subscribe to the portal, and to use AAFP Physicians Direct to send and receive messages from users. Integration with EHRs will also be part of the offering in time, and the plan is to have at least 6 EHR vendors onboard at the launch of the project. A key attribute of AAFP Physicians Direct is that users will be able to securely message to any provider, including non-subscribers. However, for ease of use it is likely that these one-time sessions will induce the receiving consultants to subscribe and become part of the network. 32 MEDfx Presentation Using Direct to Enable Patient Centered Medical Home Background • • • Dominion Medical Associates – Is an independent, minority physician practice located in Richmond, Virginia. – Has traditionally been a paper-based practice – Is in the process of moving toward use of an EMR MedVirginia – CenVaNet and MedVirginia are working with the practice to help in its achievement of recognition as a Level 3 NCQA Patient Centered Medical Home Objectives – Utilize the Direct Project standards and transactions to facilitate the referral process – Improving care management and coordination services for identified high risk chronic disease populations, including diabetes. 34 Patient Centered Medical Home • Is a model of care that puts the needs of the patient first. • Is the base from which health care services are coordinated to provide the most effective and efficient care to the patient. • This includes – Use of health information technology – Coordination of specialty and inpatient care – Providing preventive services through • through health promotion • disease management and prevention • health maintenance • behavioral health services • patient education • diagnosis and treatment of acute and chronic illnesses. 35 Dominion Medical Associates Goal • Achieve Level 3 PCMH status as defined by NCQA. – Care coordination and chronic disease management are integral to meeting the requirements – CenVaNet is providing Dominion Medical Associates with RN care managers to support the needs of the high-risk patients with chronic diseases – Care managers provide • Direct services to targeted patients • Coordinate additional support (community resources, referral coordination, etc.) 36 Quality of Care • Today Physicians at Dominion Medical Associates – Attend to the needs of approximately 6000 patients – Have two office locations in Richmond, Virginia – Employ certified medical assistants – Care is episodic and acute – Usually provided in response to an event as opposed to being proactive in nature. – Patients are seen when they are sick, with instructions for follow-up or on-going personal management. 37 Quality of Care • CenVaNet – Identified high risk patients who could benefit from ongoing care management support. – Information about these patients is documented on the referral form and uploaded into Lifescape by a Dominion staff member at the practice. – This is transmitted to the CenVaNet care manager who retrieves the document and begins the assessment process. – Using MedVirginia Solution the care management nurse has access to any CCD information on these patients to aid in their assessment and intervention. 38 With Direct • A referral letter is generated electronically – Replaces manual process of • Printing • Creating fax coversheet • Faxing to MedVirginia • Transmitted to MedVirginia using Lifescape Portal via Direct • Stored in Clinical Data Repository • Used by CenVaNet nurse to create an Initial Assessment 39 What makes it work? • What are the components? • How do the component interact? – When Dominion submits a referral request – When MedVirginia sends an Initial Assessment • What were the challenges? 40 Direct Pilot Components MedVirginia HISP SMTPS SSL SMTP Dominion HISP SMTPS SSL DOD NwHIN Solution 1 Interchang e CONNECTfx Lifescape Solution 1 Interchange VA Lifescape SSA HTTPS MedVirginia Portal HTTPS Dominion Portal 41 Data Flow – Dominion submits Referral Request MedVirginia HISP SMTPS SSL SMTP Dominion HISP SMTPS SSL DOD NwHIN Solution 1 Interchang e CONNECTfx Lifescape Solution 1 Interchange VA Lifescape SSA HTTPS MedVirginia Portal HTTPS Dominion Portal 42 Data Flow – MedVirginia sends back initial Assessment MedVirginia HISP SMTPS SSL SMTP Dominion HISP SMTPS SSL DOD NwHIN Solution 1 Interchang e CONNECTfx Lifescape Solution 1 Interchange VA Lifescape SSA HTTPS MedVirginia Portal HTTPS Dominion Portal 43 Demo – Let’s see it work 44 What were the challenges? • Certificate Generation • SMTPS configuration • Identifying and locking down the HISP • Permission to open port 25 on the public internet • Configuring the HISP through an SSL tunnel • Managing external communications 45 Direct Project Reference Implementation 46 Direct Project Reference Materials • Direct Project Overview http://wiki.directproject.org/The+Direct+Project+Overview • Applicability Statement for Secure Health Transport http://wiki.directproject.org/Applicability+Statement+for+Secure+Health +Transport • Direct Project Security Overview http://wiki.directproject.org/Direct+Project+Security+Overview • XDR and XDM for Direct Messaging http://wiki.directproject.org/XDR+and+XDM+for+Direct+Messaging 47 Q&A Poll 49