Presentation is loading. Please wait.

Presentation is loading. Please wait.

Www.DirectTrust.org 1101 Connecticut Ave NW, Washington, DC 20036 David C. Kibbe, MD MBA President and CEO, DirectTrust Senior Advisor, AAFP AMDIS, Boston,

Published byChloe Elliott Modified over 8 years ago

Similar presentations

Presentation on theme: "Www.DirectTrust.org 1101 Connecticut Ave NW, Washington, DC 20036 David C. Kibbe, MD MBA President and CEO, DirectTrust Senior Advisor, AAFP AMDIS, Boston,"— Presentation transcript:

1 www.DirectTrust.org 1101 Connecticut Ave NW, Washington, DC 20036 David C. Kibbe, MD MBA President and CEO, DirectTrust Senior Advisor, AAFP AMDIS, Boston, September 30, 2013

2 www.DirectTrust.org 1101 Connecticut Ave NW, Washington, DC 20036 About DirectTrust The ONC is establishing governance mechanisms for health information exchanges over the nationwide health information network, Nwin, in part through a Cooperative Agreement with DirectTrust. The Stage 2 MU objectives require eligible providers engage in health information exchange via standards, used in a manner consistent with these governance mechanisms. DirectTrust is a non-profit national industry alliance of 90+ organizations that is supporting Direct exchange adoption and use through policy setting, accreditation, trust anchor distribution, and outreach activities. The AAFP is one of the founding members of DirectTrust. See:http://www.healthit.gov/buzz-blog/health-information-exchange-2/onc-partners-health- information-exchange-governance-entities and also http://www.healthit.gov/buzz-blog/electronic-health-and-medical-records/directtrust-builds- transparency-confidence-direct-exchange). http://www.healthit.gov/buzz-blog/health-information-exchange-2/onc-partners-health- information-exchange-governance-entities http://www.healthit.gov/buzz-blog/electronic-health-and-medical-records/directtrust-builds- transparency-confidence-direct-exchange). 2

3 www.DirectTrust.org 1101 Connecticut Ave NW, Washington, DC 20036 Overview and goals of this talk If you, your organization, or your health system plan to participate in Stage 2 Meaningful Use, you’ll need to: know how Direct exchange relates to Stage 2 MU certified EHRs, and to Stage 2 MU objectives and measures for meaningful use of EHRs. understand how Direct exchange works, and what it can do for your organization, providers, and patients. become familiar with the security and identity assurance roles of your HISP, CA, and RA, and know how to use Direct to connect with providers and patients who subscribe to other HISPs. prepare a set of questions to ask your EHR vendor and HISP about how they will enable Direct for your organization, and at what additional liability and cost.

4 www.DirectTrust.org 1101 Connecticut Ave NW, Washington, DC 20036 Stage 2 MU focus is on exchange

5 www.DirectTrust.org 1101 Connecticut Ave NW, Washington, DC 20036 The requirements for Stage 2 1.CPOE 2.E-Prescribing 3.Record demographics 4.Record vitals 5.Record smoking status 6.Use clinical decision support 7.Patients view, download, transmit 8.Clinical summaries to patients 9.Protect electronic health information 10.Incorporate lab results 11.Generate patient lists 12.Reminders for follow-up care 13.Patient educational resources 14.Medication reconciliation 15.Transmit care summaries for transitions of care 16.Report immunizations 17.Secure messaging with patients plus menu items…… 18.Report syndromic data 19.Record electronic notes 20.Imaging results 21.Record family history 22.Report cancer cases 23.Report other registry cases

6 www.DirectTrust.org 1101 Connecticut Ave NW, Washington, DC 20036 The HIE requirements for Stage 2 1.CPOE 2.E-Prescribing 3.Record demographics 4.Record vitals 5.Record smoking status 6.Use clinical decision support 7.Patients view, download, transmit 8.Clinical summaries to patients 9.Protect electronic health information 10.Incorporate lab results 11.Generate patient lists 12.Reminders for follow-up care 13.Patient educational resources 14.Medication reconciliation 15.Transmit care summaries for transitions of care 16.Report immunizations 17.Secure messaging with patients plus menu items…… 18.Report syndromic data 19.Record electronic notes 20.Imaging results 21.Record family history 22.Report cancer cases 23.Report other registry cases

7 www.DirectTrust.org 1101 Connecticut Ave NW, Washington, DC 20036 The Direct HIE requirements for Stage 2 1.CPOE 2.E-Prescribing 3.Record demographics 4.Record vitals 5.Record smoking status 6.Use clinical decision support 7.Patients view, download, transmit 8.Clinical summaries to patients 9.Protect electronic health information 10.Incorporate lab results 11.Generate patient lists 12.Reminders for follow-up care 13.Patient educational resources 14.Medication reconciliation 15.Transmit care summaries for transitions of care 16.Report immunizations 17.Secure messaging with patients plus menu items…… 18.Report syndromic data 19.Record electronic notes 20.Imaging results 21.Record family history 22.Report cancer cases 23.Report other registry cases

8 www.DirectTrust.org 1101 Connecticut Ave NW, Washington, DC 20036 Direct is all about interoperability of health information exchange 1) For the 2014 Edition Certification Criteria and for Stage 2 MU, EHRs must be tested and certified as compliant with the Direct standard, the purpose of which is to permit EHR users using EHRs from different vendors to send and receive secure messages and attachments across organizational and IT system boundaries, as well as to patients using web based Direct-compliant systems. 2) For Stage 2 MU’s transitions of care and referrals objective, an EP, eligible hospital, or CAH must meet the requirement that more than 10% of the summary care records provided for transitions of care and referrals be electronically transmitte d. 3) For Stage 2 MU’s patient engagement objective, patients must be able to “view, download, and transmit to a third-party of their choice” a summary of care record provided by the EHR technology, and 5% must actually do so. Direct Enablement Direct Enablement Direct Use Cases Direct Use Cases Three Main Points to Remember

9 www.DirectTrust.org 1101 Connecticut Ave NW, Washington, DC 20036 From the ONC rule… http://www.healthit.gov/sites/default/files/meaningfulusetablesseries2_110112.pdf the Direct standard

10 www.DirectTrust.org 1101 Connecticut Ave NW, Washington, DC 20036 From the CMS rule… 10 http://www.healthit.gov/sites/default/files/meaningfulusetablesse ries2_110112.pdf Transitions of care Patient engagement

11 www.DirectTrust.org 1101 Connecticut Ave NW, Washington, DC 20036 Direct exchange capability is going to be ubiquitous Direct exchange is not the only way that providers can meet the health information exchange requirements of Stage 2 MU. However, since all certified EHR technology must enable use of Direct exchange, Direct may be the easiest solution to deploy. And, there are benefits of using Direct exchange beyond Stage 2 MU, e.g. for secure exchanges of information with payers; with Medicare, Medicaid, and the VA; within the context of an ACO using multiple EHRs; for patient engagement generally.

12 www.DirectTrust.org 1101 Connecticut Ave NW, Washington, DC 20036 How Direct exchange works Direct addresses are used to route information – Look like email addresses – Used only for health information exchange An individual may have multiple Direct addresses

13 www.DirectTrust.org 1101 Connecticut Ave NW, Washington, DC 20036 13 Health Information Service Provider (HISP) Healthcare Organization (HCO) Identity vetting at a specific level of Assurance, LoA. Certificate Authority (CA) Certificate Validation Service X.509 Certificate Issuance Service Revocation Services Certificate Signing Services Registration Authority (RA) Compile/Validate Identity and Trust Documentation The CA and RA enforce the policies specified in the DirectTrust and FBCA Certificate Policy (CP). Crediential issued on the basis of RA’s Identity vetting at specific LoA.. HCO Direct Addressees Basic services for user: DNS discovery; encryption; certificate signing and validation; send/receive MDNs; provide HISP-side of edge protocol connection compliance with Direct standard, The HISP enforces the policies specified in the DirectTrust HISP Policy (HP), and MUST use accredited RA and CA. The HCO relies on HISP, CA, and RA as accredited trusted agents, and bears ultimate responsibility for HIPAA privacy and security. NOTE: Three separate roles and responsibilities from “trusted agents” combine to enable Direct exchange 1. 2. 3.

14 www.DirectTrust.org 1101 Connecticut Ave NW, Washington, DC 20036 14 HISP A SMTP Server Sending System Receiving System Receiving System Sending System Endpoint Communication ( XDR, SMTP, others) SSL/TLS NOTE: Single HISP exchange is Email via an encrypted session HISP A subscribers Central hub for all HISP’s subscribers. Direct Securty and Trust Agency not invoked. No use of Direct certificates. At this point, exchange is limited to subscribers of this HISP. MacMail Web portal EHR Outlook

15 www.DirectTrust.org 1101 Connecticut Ave NW, Washington, DC 20036 DrBob@direct.familypractice.com (has been identity vetted, has X.509 Digital certificate bound to address.) DrSusan@direct.cardiology.com (has been identity vetted, has X.509 Digital certificate bound to address.) Exchange between HISPs requires active use of the Direct protocols for secure Internet email exchange 15 EHR encryption identity validation

16 www.DirectTrust.org 1101 Connecticut Ave NW, Washington, DC 20036 HISP-HISP exchange between EHR and PHR DrBob@direct.familypractice.com (has been identity vetted, has X.509 Digital certificate bound to address.) Pt.Dave@direct.MyPHR.com (has been identity vetted, has X.509 Digital certificate bound to address.) encryption identity validation 16 EHRPHR

17 www.DirectTrust.org 1101 Connecticut Ave NW, Washington, DC 20036 Incoming message protocol EHR SMIME/SMTP

18 www.DirectTrust.org 1101 Connecticut Ave NW, Washington, DC 20036 Outgoing message protocol EHR SMIME/SMTP

19 www.DirectTrust.org 1101 Connecticut Ave NW, Washington, DC 20036 To review… Privacy, security, and trust-in-identity controls of Direct exchange are VERY important! Consider HIPAA and the new penalties for breach of privacy. HISPs are Business Associates and “trusted agents” of Direct users. CAs/RAs are subcontractors. EHRs have 3 options for enabling Direct exchange: 1. EHR can be a HISP for its customers (and patients?) 2. EHR can partner with a single full service HISP. 3. EHR can configure connections (SOAP XDR) to allow customers to choose a HISP, in which case an EHR vendor might have relationships with multiple HISPs. In all three options, it is ultimately the provider’s responsibility that privacy is protected and identity is assured!

20 www.DirectTrust.org 1101 Connecticut Ave NW, Washington, DC 20036 The Big Question in Direct exchange: – How does HISP A know it is safe and secure to exchange PHI with HISP B..X,Y,Z? – Contracts to agree one-to- one on levels of assurance and degrees of security controls are costly and will not scale.

21 www.DirectTrust.org 1101 Connecticut Ave NW, Washington, DC 20036 21 If HISPs have to forge one- off contracts with each other, the cost of Direct exchange goes UP with each new user group, each new contract, and thus the value decreases. Complex. Rate limiting step. 21 Building a Network via Bi-directional Contracts is Unworkable

22 www.DirectTrust.org 1101 Connecticut Ave NW, Washington, DC 20036 A deeper dive into Direct Before Direct users can exchange messages and attachments, they must interact with three entities that serve as “trusted agents,” each of which has separate roles and responsibilities. o A Health Information Service Provider, HISP, handles the encryption and identity validation on behalf of the Direct addressee, assigns accounts and addresses, and arranges for the addressees to be issued an X.509 digital certificate; o A Certificate Authority, CA, issues the X.509 digital certificate to the addressee, along with the public key, relying on the information supplied to it by the; o A Registration Authority, RA, which verifies and proofs the identity of the addressee applying for an X.509 digital certificate.

23 www.DirectTrust.org 1101 Connecticut Ave NW, Washington, DC 20036 23 Health Information Service Provider (HISP) Healthcare Organization (HCO) Identity vetting at a specific level of Assurance, LoA. Certificate Authority (CA) Certificate Validation Service X.509 Certificate Issuance Service Revocation Services Certificate Signing Services Registration Authority (RA) Compile/Validate Identity and Trust Documentation The CA and RA enforce the policies specified in the DirectTrust and FBCA Certificate Policy (CP). Crediential issued on the basis of RA’s Identity vetting at specific LoA.. HCO Direct Addressees Basic services for user: DNS discovery; encryption; certificate signing and validation; send/receive MDNs; provide HISP-side of edge protocol connection compliance with Direct standard, The HISP enforces the policies specified in the DirectTrust HISP Policy (HP), and MUST use accredited RA and CA. The HCO relies on HISP, CA, and RA as accredited trusted agents, and bears ultimate responsibility for HIPAA privacy and security. How Direct works: Three separate roles and responsibilities from “trusted agents” combine to enable Direct exchange 1. 2. 3.

24 www.DirectTrust.org 1101 Connecticut Ave NW, Washington, DC 20036 Accreditation & Audit 24 DirectTrust is accrediting HISPs, CAs, and RAs In partnership with EHNAC. Look for the EHNAC- DirectTrust seal of accreditation for assurances of best practices for privacy, security, and trust-in- identity. Accreditation status of HISPs, CAs, RAs is always available at www.DirectTrust.org

25 www.DirectTrust.org 1101 Connecticut Ave NW, Washington, DC 20036 DirectTrust Anchor Bundle for “scaling” of trust relationships Trust Community Anchor Distribution Site Bu Trust Bundle (PKCS7) HISP B Trust Store HISP C Trust Store HISP D Trust Store HISP A Trust Store HTTP(S) As of September, 2013, there are 10 accredited HISPs’ trust anchors in the Trust Anchor Bundle, leveraging 90 separate connections between the HISPs, and linking over 1,000 health care organizations to the DirectTrust network. https://bundles.directtrust.org

26 www.DirectTrust.org 1101 Connecticut Ave NW, Washington, DC 20036 Accredited Organizations 26 Full Accreditation Cerner Corporation* Informatics Corporation of America* MaxMD* Surescripts * Inpriva, Inc.* DigiCert* Candidate Accreditation CareAccord Covisint Data Motion Inc.* EMR Direct* iMedicor Informedtrix* MRO Corporation MedAllies Secure Exchange Solutions Simplicity Health Systems Updox Utah Health Information Network *Organizations anchor certificate is in the trust bundle

27 www.DirectTrust.org 1101 Connecticut Ave NW, Washington, DC 20036 DirectTrust members have established a standards-based approach to trusted Direct exchange over the Internet 27 The goal is to make it easy and inexpensive for trusted agents, e.g. HISPs, CAs, and RAs to voluntarily follow the “ rules of the road ” for privacy, security, and trust-in-identity controls, while also easily and inexpensively knowing who else is following them. Security & Trust Framework EHNAC- DirectTrust Accreditation Program Trust Anchor Bundle Distribution

28 www.DirectTrust.org 1101 Connecticut Ave NW, Washington, DC 20036 Questions for EHR vendors Has the software version of the EHR in use been fully certified for Stage 2 MU, including for compliance with Direct exchange? Are the HISP, CA, and RA all accredited by EHNAC-DirectTrust? How will the Direct exchange “module” in the new EHR version fit into current workflows? What will Direct integration for both transitions of care and for patient “view, download, and transmit” measures cost? Is the EHR vendor going to offer HISP, CA, and RA services, or work with third parties? Will we have a choice as to what companies fill these roles? How can we find the Direct addresses of parties with whom we wish to exchange via Direct?

29 www.DirectTrust.org 1101 Connecticut Ave NW, Washington, DC 20036 Specific business issues for HISPs, CAs, and RAs Pricing Support practices Insurance and liability BA and BAA Notice when HISP communicates with non- accredited party Support for custom domains User documentation Uniform agreement, ie. Federation Agreement with DirectTrust

30 www.DirectTrust.org 1101 Connecticut Ave NW, Washington, DC 20036 Contact Information David C. Kibbe MD, President and CEO DirectTrust.org David.Kibbe@DirectTrust.org kibbedavid@mac.com 913.205.7968

31 www.DirectTrust.org 1101 Connecticut Ave NW, Washington, DC 20036 Short lexicon of terms Health Information Service Provider, HISP An entity or service providing its subscribers Direct accounts, addresses and secure, encrypted exchange of messages between users within the same domain, and also with users in different domains, that is, who are subscribers of different HISPs. It is typically also the responsibility for a HISP to arrange for its subscribers’ identity proofing and verification (the Registration Authority function) and for its subscribers’ digital certificate issuance and management (the Certificate Authority function). HISPs may be organized along several different business models. For example, an EHR technology vendor may operate a HISP internally for its customers. A so-called “full service” HISP may operate a stand alone business, and partner with several EHRs as well as offer its Direct services through a web portal or other set of tools and devices.

32 www.DirectTrust.org 1101 Connecticut Ave NW, Washington, DC 20036 Short lexicon of terms Direct Project A public-private sector initiative sponsored and run by ONC whose aim was to create a simple, secure, and open standard for transport of messages and attachments between health care participants over the Internet, regardless of end-user technology. Direct Standard The outcome of the Direct Project. A set of protocols and specifications, along with a security and trust architecture, for simple, secure, inter-vendor communications over the Internet for use by health care professionals and patients. Direct Message Exchange Use or deployment by individuals or entities of health information exchange utilizing the Direct standard. Also sometimes referred to as Directed “push” exchange, Direct exchange. Direct User or Subscriber An organization or an individual that participates in sending and receiving messages and attachments using technology equipped to do so, e.g an EHR or a web portal, via the Direct standard, and who has the authority to do so.

Download ppt "Www.DirectTrust.org 1101 Connecticut Ave NW, Washington, DC 20036 David C. Kibbe, MD MBA President and CEO, DirectTrust Senior Advisor, AAFP AMDIS, Boston,"

Similar presentations

How To Get To The Winners Circle with Your Patient Portal; Our Challenges To Get To The Finish Line. Julie Patterson, Baptist Health Carey Ronan, MHA,

How To Get To The Winners Circle with Your Patient Portal; Our Challenges To Get To The Finish Line. Julie Patterson, Baptist Health Carey Ronan, MHA,
#CONNECT2013 Connecting for Good Loews Coronado Bay Resort, San Diego, California David C. Kibbe, MD MBA President and CEO, DirectTrust David C. Kibbe,

#CONNECT2013 Connecting for Good Loews Coronado Bay Resort, San Diego, California David C. Kibbe, MD MBA President and CEO, DirectTrust David C. Kibbe,
Www.DirectTrust.org 1101 Connecticut Ave NW, Washington, DC 20036 Understanding Patient Engagement in Stage 2 MU: Direct, HIPAA, VDT, and Patient Engagement.

Connecticut Ave NW, Washington, DC Understanding Patient Engagement in Stage 2 MU: Direct, HIPAA, VDT, and Patient Engagement.
Understanding Meaningful Use Presented by: Allison Bryan MS, CHES December 7, 2012 Purdue Research Foundation 2012 Review of Stage 1 and Stage 2.

Understanding Meaningful Use Presented by: Allison Bryan MS, CHES December 7, 2012 Purdue Research Foundation 2012 Review of Stage 1 and Stage 2.
2014 Certification Criteria associated with MU Menu Stage 2: 2014 Certification Criteria associated with MU Core Stage 2: 2014 Certification Criteria associated.

2014 Certification Criteria associated with MU Menu Stage 2: 2014 Certification Criteria associated with MU Core Stage 2: 2014 Certification Criteria associated.
1101 Connecticut Ave NW, Washington, DC 20036 1:00 pm EST, January 9, 2015 https://global.gotomeeting.com/meeting/join/930802605 (626)

1101 Connecticut Ave NW, Washington, DC :00 pm EST, January 9, (626)
Interoperability 1-21-2013 Kevin Schmidt Director, Clinical Network.

Interoperability Kevin Schmidt Director, Clinical Network.
Www.DirectTrust.org 1101 Connecticut Ave NW, Washington, DC 20036 Direct Exchange from Provider to Patient/Consumer ….and Back! David C. Kibbe, MD MBA.

Connecticut Ave NW, Washington, DC Direct Exchange from Provider to Patient/Consumer ….and Back! David C. Kibbe, MD MBA.
Direct Implementation Perspective 0 Mark Bamberg, Vice President Research & Development MEDfx.

Direct Implementation Perspective 0 Mark Bamberg, Vice President Research & Development MEDfx.
1101 Connecticut Ave NW, Washington, DC 20036 2:00 pm EDT, July 11, 2014 https://global.gotomeeting.com/meeting/join/930802605 (773)

1101 Connecticut Ave NW, Washington, DC :00 pm EDT, July 11, (773)
Www.DirectTrust.org 1101 Connecticut Ave NW, Washington, DC 20036 September 30, 2014 David C. Kibbe, MD MBA President and CEO, DirectTrust Luis Maas, MD.

Connecticut Ave NW, Washington, DC September 30, 2014 David C. Kibbe, MD MBA President and CEO, DirectTrust Luis Maas, MD.
Direct Project Scalable Trust and Trust Bundles. 12/06/10 Overview What is Scalable Trust State of Trust Trust Issues Trust Solutions Trust Bundle Demo.

Direct Project Scalable Trust and Trust Bundles. 12/06/10 Overview What is Scalable Trust State of Trust Trust Issues Trust Solutions Trust Bundle Demo.
GOVERNMENT EHR FUNDING: MEANINGFUL USE STAGE 2 UPDATE October 25, 2012 Jonathan Krasner Healthcare IT Consultant BEI 571-612-3344.

GOVERNMENT EHR FUNDING: MEANINGFUL USE STAGE 2 UPDATE October 25, 2012 Jonathan Krasner Healthcare IT Consultant BEI
Massachusetts: Transforming the Healthcare Economy John D. Halamka MD CIO, Harvard Medical School and Beth Israel Deaconess Medical Center.

Massachusetts: Transforming the Healthcare Economy John D. Halamka MD CIO, Harvard Medical School and Beth Israel Deaconess Medical Center.
Texas Approach to Supporting Statewide Health Information Exchange January 2013.

Texas Approach to Supporting Statewide Health Information Exchange January 2013.
Supporting Meaningful Use Stage 2 Transition of Care Requirements

Supporting Meaningful Use Stage 2 Transition of Care Requirements
Understanding and Leveraging MU Stage 2 Optional Transports (SOAP)

Understanding and Leveraging MU Stage 2 Optional Transports (SOAP)
Centers for Disease Control and Prevention Office of the Associate Director for Communication Electronic Health Records/Meaningful Use and Public Health.

Centers for Disease Control and Prevention Office of the Associate Director for Communication Electronic Health Records/Meaningful Use and Public Health.
Privacy and Security in the Direct Context Session 6 April 12, 2010.

Privacy and Security in the Direct Context Session 6 April 12, 2010.
A Primer on Healthcare Information Exchange John D. Halamka MD CIO, Harvard Medical School and Beth Israel Deaconess Medical Center.

A Primer on Healthcare Information Exchange John D. Halamka MD CIO, Harvard Medical School and Beth Israel Deaconess Medical Center.

Similar presentations

Ads by Google