Practical Guidance to Implement Meaningful Use Stage 2. Secure Health Transport for Certification and Meaningful Use



Similar documents
Practical Guidance to Implement Meaningful Use Stage 2 Secure Health Transport for Certification and Meaningful Use

TABLE OF CONTENTS INTRODUCTION USE CASES FOR CONVERSION BETWEEN DIRECT AND XDR DATAMOTION XDR IMPLEMENTATION GLOSSARY OF TERMS

ehealth Vendor Workgroup: Transitions of Care March 20, :00 PM ET

Stage 2 Eligible Professional Meaningful Use Core Measures Measure 15 of 17 Last Updated: August, 2015

The Direct Project Overview

EHR Vendor Support for Meaningful Use Stage 2 Certification and Implementation Direct Basics & Transitions of Care. February 19, :00 PM EST

Navigating the Trends in Health Care Today. MEDITECH Solutions for Meaningful Use and Interoperability

The Direct Project Reference Implementation Architecture

How To Use Direct Messaging

ConnectVirginia EXCHANGE Onboarding and Certification Guide. Version 1.4

Presented by: IHE USA in collaboration with Greenway Medical Technologies and Epic March, 2013

TEST INSTRUCTIONS FOR CROSS VENDOR EXCHANGE TABLE OF CONTENTS

Expanded Support for Medicaid Health Information Exchanges

ConCert by HIMSS Certification: An Overview

Data Provenance. Functional Requirements Document: Developed in Response to the Data Provenance Task Force Recommendations. Version 1.

WISHIN Comments Regarding CMS EHR Incentives Proposed Stage 2 Meaningful Use Objectives

Prepared by Noam H. Arzt, PhD HLN Consulting, LLC

Request for Public Comment on Voluntary 2015 Edition Electronic Health Record (EHR) Certification

End-to-End Security for Personal Telehealth

New York ehealth Collaborative. Health Information Exchange and Interoperability April 2012

Eligible Professionals please see the document: MEDITECH Prepares You for Stage 2 of Meaningful Use: Eligible Professionals.

uently Asked NextGen Questions Share Frequently Asked uently Asked Questions Frequently Asked FAQ Pre-General Release (April-June 2014)

IHE IT Infrastructure Technical Framework Supplement. Document Encryption (DEN) Trial Implementation

Transitions of Care & Mass HIway

Request for Proposal (RFP) Supporting Efficient Care Coordination for New Yorkers: Bulk Purchase of EHR Interfaces for Health Information

Meaningful Use the Role of Health Information Exchange (HIE)

How To Communicate In Healthcare With Direct Secure Messaging

Eligible Professionals

Arizona Health Information Exchange Marketplace. Requirements and Specifications Health Information Service Provider (HISP)

Health Information Exchange (HIE) in Minnesota

May 7, Re: RIN 0991-AB82. Dear Secretary Sebelius:

Exchanging Medical Records Online with Direct

HIE s and Patient Portals

Consent Management Ad-Hoc Workgroup Deliverable

Direct Secure Messaging: Improving the Secure and Interoperable Exchange of Health Information

Developers Integration Lab (DIL) System Architecture, Version 1.0

PrivaSphere Gateway Certificate Authority (GW CA)

Supplement 113 Transport

Keeping Pace with Meaningful Use and EHR Technology

develop privacy policies, and implement them with role-based or other access control mechanisms supported by EHR systems.

Stage 2 Medical Billing and reconciliation of Patients

Building Regional and National Health Information Systems. Mike LaRocca

AIRA DRAFT COMMENTS TO THE HITPC MEANINGFUL USE STAGE 3 RECOMMENDATIONS

Commonwealth of Massachusetts Executive Office of Health and Human Services. The Golden Spike Integration Options 8/20/2012

How To Connect Patient Summary Content To A Patient Summary On An Ehr System

Enabling Patients Decision Making Power: A Meaningful Use Outcome. Lindsey Mongold, MHA HIT Practice Advisor Oklahoma Foundation for Medical Quality

Participating in a Health Information Exchange (HIE) Many Faces of Community Health /27/11 Greg Linden

Who are we? *Founded in 2005 by Purdue University, the Regenstrief Center for Healthcare Engineering, and the Indiana Hospital Association.

EHR Incentive Program Stage 3 Objectives & Measures Crosswalk of Stage 3 Proposed Objectives, Measures & Corresponding Stage 2 Measures

A. Provisions of the Proposed Rule affecting Standards, Implementation Specifications, Certification Criteria, and Definitions

Meaningful Use Stage 2. Meeting Meaningful Use Stage 2 with InstantPHR TM.

RPMS DIRECT Secure Messaging

Meaningful Use and Release of Information

Frequently Asked Questions

Meaningful Use Stage 2 Transport Option User Stories. Transitions of Care & View, Download, and Transmit. Version 2.2

SCHIEx: The South Carolina Health Information Exchange Update

HIE Services & Pricing

HIMSS Interoperability Showcase 2011

Quality Manual ISO/IEC Mandatory Disclosure Attestation

Michigan Medicaid EHR Incentive Program Update November 28, Jason Werner, MDCH

Response to Revisions to the Permanent Certification Program for Health Information Technology NPRM (RIN 0991-AB82)

STATEMENT OF KAREN UTTERBACK, MSN, RN VICE PRESIDENT, MARKETING AND PRODUCT STRATEGY MCKESSON TECHNOLOGY SOLUTIONS

HIE Services & Pricing

LIS Vendor Landscape and Options for Meeting ELR Meaningful Use

Streamlining Medical Image Access and Sharing: Integrating Image Workflow and Patient Referrals

Burning Issues Health Information Exchange Webinar Series Session 2: HIE for Meaningful Use Stage 2 Summary of Care Record for Transitions of Care

Core services and the path to the future of the ILHIE

Santa Cruz HIE Proposal for Demonstrating at California Connects 2014

An Oracle Technical White Paper September Health Information Exchange: From Meaningful Use to Personalized Health

(DS4P) Update. Joy Pritts Chief Privacy Officer. NCVHS Committee Meeting June 11, 2014

LANES. A key component of the LANES Initiative is to develop a Health Information Exchange.

The basic groups of components are described below. Fig X- 1 shows the relationship between components on a network.

Alabama s One Health Record

IHE IT Infrastructure White Paper. Health Information Exchange: Enabling Document Sharing Using IHE Profiles

Welcome to the AHRQ Medicaid and CHIP TA Webinar Tuesday, May 15, 2012, 3:00 4:30 p.m. Eastern

Meaningful Use Stage 2. Creating the Foundation for Population Health

Meaningful Use Stage 1 and Public Health: Lesson Learned

Stage 2 Meaningful Use - Public Health

Office of Medical Assistance Programs. Health Information Technology Initiative. Health Information Exchange Support

Federal and State Update. John D. Halamka MD

Meaningful Use Updates Stage 2 and 3. Julia Moore, Business Analyst SMC Partners, LLC July 8, 2015

Illinois Health Information Exchange Client Readiness Technical Assessment Checklist

2. When will CPS 12 with reporting for Meaningful Use (MU) be generally available (GA)?

Electronic Health Record (EHR) Incentive Program. Health Information Technology (HIT) Executive Update

Digital Certificate Discovery for Health Care Providers

Guide to Meaningful Use Stage 2

SGRP 113 Objective: Use clinical decision support to improve performance on high priority health conditions

DIRECT Messaging: The Future of Communication Between Healthcare Providers. Presented by: Greg Anderson, CEO

Munson Medical Center Exchange Clinical Information Objective General Instructions

EHR Standards Landscape

Charting the Future of Healthcare Interoperability. Presenters. Michael Stearns, MD, CPC, CFCP

HL7 and Meaningful Use

Meaningful Use. Medicare and Medicaid EHR Incentive Programs

The Massachusetts ehealth Institute

IMAGE SHARING. Review and Update - A Fond Farewell to CDs 2012

CS 356 Lecture 27 Internet Security Protocols. Spring 2013

PHS-Connect Users Group Forum. November 7, 2013

nehta Commissioning Requirements for Secure Message Delivery Secure Messaging 19 December 2012 National E-Health Transition Authority

Customer Success Story. Health Unity. Health Unity and ClearDATA partner to help a large IDN achieve Meaningful Use

Transcription:

Practical Guidance to Implement Meaningful Use Stage 2 1. Introduction Association Standards and Interoperability Workgroup Meaningful Use (MU) Stage 2 introduces three transport standards for use in healthcare information transport. The purpose of this paper is to: Summarize the transport standards and their purpose Provide practical guidance to apply one or more of these standards in a MU Stage 2 implementation from a software developer perspective seeking to meet certification Highlight the flexibility allowed by MU Stage 2 in the ways providers may qualify in deploying health information exchange with a certified 2. Summary of Certification Requirements Section 170.202 of the final rules for Stage 2 certification identifies three transport standards adopted for healthcare messaging. They are: 1. ONC Applicability Statement for Secure Health Transport (incorporated by reference in 170.299) This specification discusses the Direct protocol for provider-to- provider messaging. The core component in the technology stack is standard, secure email (SMTP/SMIME). 2. ONC XDR and XDM for Direct Messaging Specification (incorporated by reference in 170.299) This specification discusses the application of XDR and XDM to the direct messaging environment and the interaction between the primary Direct Project environment, which uses SMTP and RFC 5322 to transport and encode healthcare content, and the XDR (Web Services push) and XDM (Email with metadata) specifications. ONC Transport and Security Specification (incorporated by reference in 170.299). 3. Standard. ONC Transport and Security Specification (incorporated by reference in 170.299) 1 Practical Guidance to Implement Meaningful Use Stage 2 February 5, 2013

This document defines the primary set of Web Services-based () security and transport protocols needed to establish a messaging, security, and privacy foundation for health information exchange. The above three standards are related and may be combined in three ways, as defined in 45CFR 170.314 (b) (1) (i) A, B, C and 170.314 (b) (2) (ii) A, B, C. These three combinations are labeled: (a), (a + b), and (b + c). The following diagrams describe the main steps to produce, transmit, and receive a document for each of these combinations. 2.1 Send Supporting Direct-only SMTP (a) Locate Destination and Associated Certificate Sign and Encrypt S-MIME attachment Type of receiving system may be : e-mail service HIE or HISP or other Send e-mail (SMTP) SMTP E-mail Supporting Direct with XDM (a+b) CCDA (s) XDM wrapper (ZIP with metadata and 1-n docs) Locate Destination and Associated Certificate Sign and Encrypt S-MIME attachment Type of receiver may be: : e-mail service HIEor orhisp HISP or orother other Send e-mail (SMTP) SMTP E-mail 2 Practical Guidance to Implement Meaningful Use Stage 2 February 5, 2013

Supporting with XDR (b+c) (s) XDR Encoding (Metadata and 1-n s) services+saml) Type of receiver may be: HIE or HISP or other Node Certificate + TLS encryption Web Services on TLS 2.2 Receive Supporting Direct-only SMTP (a) Type of sending system may be: e-mail service HIE or HISP or other Validate signature and sender identity Decrypt S-MIME attachment E-mail Receive e-mail (SMTP or POP or IMAP) 3 Practical Guidance to Implement Meaningful Use Stage 2 February 5, 2013

Supporting Direct with XDM (a+b) Type of sending system may be: e-mail service HIE or HISP or other XDM wrapper (ZIP with metadata and 1-n docs) Validate signature and sender identity Decrypt S-MIME attachment E-mail Receive e-mail (SMTP or POP or IMAP) Supporting with XDR (b+c) (s) Type of sender may be: HIE or HISP or other XDR Encoding (Metadata and 1-n s services+saml) Web Services on TLS Node Certificate + TLS encryption 4 Practical Guidance to Implement Meaningful Use Stage 2 February 5, 2013

3. Certification Requirements 3.1 Send 1. Required Certification: (a) Direct SMTP Only vendors have a variety of implementation strategies, as long as an S-MIME encrypted E-mail is received by the test tool. This can be realized for example by: 1. Bundling by the vendor of the capability to locate a destination direct E-mail address and association of the signing/encryption certificate (often incorrectly called HISP-like functionality) with the module supporting the criterion requiring transport. This capability may reside within the (see Case A in figure below) or be externally operated by the vendor (see Case B in figure below). 2. Partnering by the vendor with a 3 rd party operating as relied upon software for the capability to locate a destination direct E-mail address and association of the signing/encryption certificate. When this specific combination of the two is certified for (a) then the alone or in conjunction with a different 3 rd party HISP is not a considered a certified solution (see Case B in figure below). Implementation Strategies for Direct (a) and (a+b) Case A: generates locates destination gets certificate and encrypts Certified Direct (SMTP+S-Mime) Direct (SMTP+S-Mime) Case B: generates HIE/HISP locates destination HIE/HISP gets certificate and encrypts Certified with relied upon software HIE or HISP Direct (SMTP+S-Mime) Note: There is no requirement for a sender to use E-mail delivery notification. Only receivers are required and tested to respond to E-mail delivery notifications requests. CMS stated that the sender must know that the transition of care document was received, but no technical requirements are specified. 5 Practical Guidance to Implement Meaningful Use Stage 2 February 5, 2013

2. Optional Certification: (a+b) Direct with XDM This certification is optional in addition to (a), not instead of (a), as (a) is minimally required. This certification is identical to (a) and only involves the addition of the ability wrap the document(s) with associated metadata and place it in the S-MIME attachment. The same variants in implementation (Cases A & B in figure) may be used as described under (a). The benefits of this approach over the (a) result from the inclusion of metadata (for either non-cda and CDA documents, as well as multiple documents) that the receiver can use to: 1. Better manage/route the document without having to open it 2. Improved privacy and security management without having to open the document Note: In order to enhance interoperability between (a) sources and (a+b) receivers, we suggest that any implementation of (a) may be designed to receive (a+b) by ignoring the XDM wrapper and the metadata, if not used. This provides compatibility between (a) and (a+b) considering that the certification of (a+b) without also being certified for (a) is not permissible. 3. Optional Certification: (b+c) XDR (with ) This certification is optional in addition to (a), not instead of (a), as (a) is minimally required. In this scenario, XDR relies on (web services) and not E-mail as transport. However, it offers the same ability to wrap the document(s) with associated metadata and place it in the message. Note that this is not an S-MIME attachment but the attachment method supported by all stacks. The benefits of this approach over the (a) are: Gives independence from HIE/HISP/Receivers (if they are capable of XDR receive) in that an need not be certified with the relied upon HIE/HISP chosen by the provider Provides metadata for receiver(especially with non-cda documents and multiple documents) to improve their ability to manage/route the document(s) Provides compatibility with an IHE XDS Provide and Register transaction (share documents in an HIE) 6 Practical Guidance to Implement Meaningful Use Stage 2 February 5, 2013

3.2 Receive 1. Required Certification: (a) Direct SMTP Only vendors have a variety of implementation strategies, as long as an S-MIME encrypted E-mail is received. This can be realized for example by: Bundling by the vendor of the capability to receive an SMTP (as E-mail server or STA) and to decipher the S-MIME attachment (often incorrectly called a HISP-like functionality) and enabling a POP or IMAP service to pull E-mail from a specific E-mail service mailbox and to check the signature and decipher the S- MIME attachment. These receive capabilities may be offered within the or operated independently by the vendor. Have the vendor partner with a 3 rd party operating as relied upon software the capability to receive an SMTP E-mail and decipher the S-MIME attachment. The specific combination of the two is certified for (a). The alone or in conjunction with a different 3 rd party HISP is not a certified solution. Note that when acquiring the alone, using it in conjunction with a different E-mail service than the one it has been certified with is not considered a certified solution. 2. Optional Certification: (a+b) Direct with XDM This certification is optional in addition to (a), not instead of (a), as (a) is minimally required. This certification for receive is identical to (a) and only involves the addition of the ability to unwrap the document (one or more) and associated metadata and extract it in the S-MIME attachment. The same variants in implementation may be used as for (a). The benefits of this approach over the (a) result from the inclusion of metadata (for either non-cda and CDA documents, as well as multiple documents) that the receiver can use to: Better manage/route the document without having to open it Improved privacy & security management without having to open the document Note: In order to enhance interoperability between (a) sources and (a+b) receivers, we suggest that any implementation of (a) may be designed to receive (a+b) by ignoring the XDM wrapper and the metadata, if not used. This provides compatibility between (a) and (a+b) considering that the certification of (a+b) without also being certified for (a) is not permissible. 7 Practical Guidance to Implement Meaningful Use Stage 2 February 5, 2013

3. Optional Certification: (b+c) XDR (with ) This certification is optional in addition to (a), not instead of (a), as (a) is minimally required. XDR relies on Web services and not on E-mail as transport. However, it offers the same ability to extract from the message. This is not an S-MIME attachment but the attachment method of. The wrapped content that includes documents (one or more) and associated metadata to facilitate the routing of the documents without any need to parse their content. The benefits of this approach over the (a) are: Gives independence from HIE/HISP/Receivers (if they are capable of XDR receive) in that an need not be certified with the relied upon HIE/HISP chosen by the provider Provides metadata for receiver(especially with non-cda documents and multiple documents) Provides compatibility with an IHE XDS Provide and Register transaction (share documents in an HIE) 4. Provider Requirements for Deploying an to Qualify for MU Stage 2 The Incentive Program for MU Stage 2 Final Rule describes in 495.6(j)(14) for eligible providers (EP) and 495.6(l)(11) for eligible hospitals (including critical access hospitals, EHs and CAHs) the measurements: (A) Subject to paragraph (c) [of/in] this section, the [EP/EH or CAH] that transitions or refers their patient to another setting of care or provider of care provides a summary of care record for more than 50 percent of transitions of care and referrals, (B) Subject to paragraph (c) in this section, the [EP/EH or CAH] that transitions their patient to another setting of care or provider of care provides a summary of care record for more than 10 percent of such transitions and referrals either: (1) Electronically transmitted using Certified Technology to a recipient; or (2) Where the recipient receives the summary of care record via exchange facilitated by an organization that is a NwHIN Exchange participant or in a manner that is consistent with the governance mechanism ONC establishes for the nationwide health information network; (C) Subject to paragraph (c) of this section an [EP/EH or CAH] must satisfy one of the following: (1) Conducts one or more successful electronic exchanges of a summary of care record meeting the measure specified in paragraph [(l)(11)(ii)(b)/(j)(14)(ii)(b)] of this section with a recipient using technology to receive the summary of care record that was designed by a different developer than the sender's technology certified at 45 CFR 107.314(b)(2); or 8 Practical Guidance to Implement Meaningful Use Stage 2 February 5, 2013

(2) Conducts one or more successful tests with the CMS designated test during the reporting period. This allows for transport mechanisms described in this document, based on ONC's 2014 Edition Final Rule, to meet the target measurements, as well as those used by intermediaries who are approved by NwHIN / ehealth Exchange, e.g., XCA/XDS queries, as referenced from the NwHIN / ehealth Exchange WIKI pages (http://exchangespecifications.wikispaces.com/home) and the Message Platform page in particular (http://exchange-specifications.wikispaces.com/messaging+platform+home). Therefore, the provider must interface its with other providers with which it is performing transfer of care. Two cases are worth considering: 1. If the provider uses a service offered by the vendor (as relied upon software), no further analysis is needed. This relied upon software/service, along with the, must have been certified to (a), and optionally to (a+b) or (b+c). No other choices are acceptable. 2. If the provider wishes to use another HIE/HISP service than the one chosen by the vendor when it certified to (a) Direct, either: a. the provider needs to certify with the selected HIE/HISP on their own, or with assistance from the vendor. b. The provider needs to connect its using (b+c) to the HIE/HISP (no need for self-certification, but this implies that the was certified to (b+c) and that the HIE/HISP supports (b+c) which is likely. No other choices are acceptable. ONC in its communication has been recommending that s implement the optional (b+c) to provide more flexibility to providers. See ONC Dec 19, 2012 Presentation to NeHC at: http://www.nationalehealth.org/ckfinder/userfiles/files/helping%20providers%20meet%20direct%20r equirements%20for%20meaningful%20use%20stage%202.pdf For receipt, the requirements for the providers in the CMS regulations are quite flexible. Only the ability to consume s (as well as CCD and CCR for backward compatibility) is required. A provider is explicitly qualified to receive with other solutions than (a), (a+b) or (b+c) on its, such as using the ehealth (previously called NwHIN) Exchange which relies on a query for documents on (IHE XCA Query Retrieve which is the same as XDS Query Retrieve, plus SAML). No measure is defined on receipt of transfer of care. If an is certified with (a), the must be delivered with this (a) capability as used for certification even though the provider may be only using (b+c). 9 Practical Guidance to Implement Meaningful Use Stage 2 February 5, 2013

5. Analysis of Some Infrastructure Deployment Models in the Context of MU Stage 2 It is not the purpose of this document to fully analyze the large variety of health information exchange infrastructures that may be deployed to support qualified physicians and hospitals. A few typical cases are highlighted in this section. 5.1 Typical IHE XDS or XCA based communication infrastructure (per -HIE Interoperability WG and ehealth-nwhin Exchange) Typical IHE XDS or XCA based communication infrastructure (per -HIE Interoperability WG and ehealth-nwhin Exchange) (s) (s) XDR Encoding (Metadata and 1-n s) services + SAML) NwHIN Exchange (IHE XCA Query/retrieve + SAML) or -HIE Interop WG (IHE XDS Registry/Repository) XCA Query/Retrieve (Same as XDS Query/Retrieve) (1-n s) services + SAML) Node Certificate + TLS encryption with XDR with XCA/XDS Node Certificate + TLS encryption certified for (a) and (b+c) Provider qualifies by using (b+c) Certification not required certified for (a) Provider qualifies by using NwHIN Exchange Query 10 Practical Guidance to Implement Meaningful Use Stage 2 February 5, 2013

5.2 XDR Gateway to (a+b) DIRECT with XDM (b+c) (s) XDR Encoding (Metadata and 1-n s) services + SAML) Node Certificate + TLS encryption with XDR XDR Encoding (Metadata and 1-n documents) services + SAML) Node Certificate + TLS encryption XDM wrapper (ZIP with metadata and 1-n docs) Locate Destination and Associated Certificate Sign and Encrypt S-MIME attachment Send E-mail (SMTP) SMTP E-mail with XDM Type of receiver may be : E-mail service HIE or HISP or other certified for (a) and (b+c) Provider qualifies by using (b+c) Certification not required 5.3 Vendor Provided Communication Infrastructure in an MU Stage 2 Context (s) Vendor Specific Vendor Specific Vendor Specific XDM wrapper (ZIP with metadata and 1-n docs) Locate Destination and Associated Certificate Sign and Encrypt S-MIME attachment Send E-mail (SMTP) vendor provided communication infrastructure SMTP E-mail SMTP E-mail with XDM Type of receiver may be: E-mail service HIE or HISP or other and supporting communication infrastructure certified together for (a) and (a+b) Provider qualifies for using either (a+b) or (a) 11 Practical Guidance to Implement Meaningful Use Stage 2 February 5, 2013

2024 © DocPlayer.net Privacy Policy | Terms of Service | Feedback  | Do Not Sell My Personal Information