How To Communicate In Healthcare With Direct Secure Messaging

Transcription

1 Direct Secure Messaging Communicating in the Healthcare World Andy Nieto, Health IT Strategist, DataMotion

2 Agenda and Direct in healthcare, a little history So what is Direct, really Certificates PKI Two forms of Direct Provider to provider Provider to patient Controls in place Direct ecosystem Integrating with Direct A look forward 2

3 Evolution of healthcare IT 2001 EHR system usage at 18% 1996 HIPAA 2003 HIPAA Security Rule Feb 2009 HITECH - ARRA 2011 Meaningful Use Stage 1 attestation begins Jan 2013 Final HIPAA Omnibus ruling 1972 First EHR Introduced 2013 Meaningful Use 2 Rules included Direct 1971 first sent 2014 attestation for Meaningful Use 2 begins 3

4 in healthcare The Privacy Rule allows covered health care providers to communicate electronically, such as through , with their patients, provided they apply reasonable safeguards when doing so (

5 2013 refinement of HIPAA Privacy concerns Security concerns BAA who is liable 5

6 Looks like , acts like but ONLY for healthcare You may end up with multiple Direct addresses. 6

7 So what s the difference: Standard versus Direct Standard Direct Standard message protocol Standard message protocol Internet delivery Internet delivery Identity validation Secure encryption End-to-end trust & liability 7

8 What is Direct Secure Messaging EHR System Identity Validation Sender Mobile Device Secure Messages & Files Sending HISP Direct (SMTP/SMIME) Receiving HISP Recipient 8

9 The KEY - X.509 Digital Certificate Registration Authority (RA) confirms identity Certificate Authority (CA) issues certificate Healthcare Information Service Provider (HISP) manages certificate 9

10 What is PKI or public key infrastructure Let s say your safe deposit box is the information to be encrypted. Public key (bank s key to safe deposit box) Private key (your key to safe deposit box) Both are required to open and close the box, allowing you to see what is inside.

11 PKI with Direct Sender and receiver trust validated (identity confirmed with certificate) Message encrypted with receiver's public key Encrypted message sent via Internet to recipient Receiver s private key used to decrypt

12 2 types of Direct Provider to Provider Provider to Patient 12

13 Between providers identity validation encryption EHR EHR (Has been identity vetted, has X.509 Digital certificate bound to address.) (Has been identity vetted, has X.509 Digital certificate bound to address.) 13

14 Between provider and patient via PHR or portal identity validation encryption EHR PHR (Has been identity vetted, has X.509 Digital certificate bound to address.) (Has been identity vetted, has X.509 Digital certificate bound to address.) 14

15 Blue Button health record retrieval system Blue Button, the slogan, Download My Data the Blue Button Logo, and the Blue Button Combined Logo are registered Service Marks of the U.S. Department of Health and Human Services 15

16 Who is in charge 16

17 ONC s view of Direct 17

18 Focus view Integration HISP 18

19 Integration pathways for Direct XD* interface Typically to an EHR or HIE Not directly to a user client POP & SMTP Web portal Web service Typically APIs to an EHR or HIE Not directly to a user 19

20 Is there a Provider Directory Multiple addresses per provider EHR HIE Hospital Association XD connections don t require mailboxes No universal directory format Cellphone directory? directory?

21 How do I know it was delivered Message Disposition Notification (MDN) Dispatched Processed

22 The success view Direct Messaging Certification 22

23 Direct today 44 States have adopted Direct Major Growth* *as reported by the Direct Trust May, 2014

24 Who is Using Direct

25 What does the future hold Standard for healthcare communication and dialog EHR, HIE and Public Health Integration Patient engagement Self-reporting Syndromic surveillance support Product integration esigning Digital Certificate as Identity 25

26 Thanks Andy Nieto Healthcare IT Strategist x240 26