How To Communicate In Healthcare With Direct Secure Messaging



Similar documents
Direct Secure Messaging: Improving the Secure and Interoperable Exchange of Health Information

Exchanging Medical Records Online with Direct

Electronic Communication In Your Practice. How To Use & Mobile Devices While Maintaining Compliance & Security

TABLE OF CONTENTS INTRODUCTION USE CASES FOR CONVERSION BETWEEN DIRECT AND XDR DATAMOTION XDR IMPLEMENTATION GLOSSARY OF TERMS

Secure & File Transfer Practices in Healthcare 2014 / Sponsored by DataMotion

Sunday March 30, 2014, 9am noon HCCA Conference, San Diego

The Direct Project Reference Implementation Architecture

Healthcare Compliance Solutions

I. Purpose. Applicability of Policies. NATE-Policy #3.c.1

Practical Guidance to Implement Meaningful Use Stage 2. Secure Health Transport for Certification and Meaningful Use

EHR Incentive Program Stage 3 Objectives & Measures Crosswalk of Stage 3 Proposed Objectives, Measures & Corresponding Stage 2 Measures

Arizona Health Information Exchange Marketplace. Requirements and Specifications Health Information Service Provider (HISP)

Business and Technical Description of Commercial Systems The scope of the technical solution is further described below.

Eligible Professionals

DIRECT Messaging: The Future of Communication Between Healthcare Providers. Presented by: Greg Anderson, CEO

Expanded Support for Medicaid Health Information Exchanges

The Must Have Tools To Address Your Compliance Challenge

HIPAA for HIT and EHRs. Latest on Meaningful Use and EHR Certification: For Privacy and Security Professionals

ehealth Vendor Workgroup: Transitions of Care March 20, :00 PM ET

9/25/2012. Agenda. Defining the interrelation of MU, HIM and Release of Information IOD s partnership approach to MU

Business Associate Considerations for the HIE Under the Omnibus Final Rule

Secure transmission of Protected Health Information (PHI)

ITUS Med Solutions. HITECH & HIPAA Compliance Guide

Navigating the Trends in Health Care Today. MEDITECH Solutions for Meaningful Use and Interoperability

Ensuring Privacy & Security of Patient Information

AHLA. B. HIPAA Compliance Audits. Marti Arvin Chief Compliance Officer UCLA Health System and David Geffen School of Medicine Los Angeles, CA

Decrypting the Security Risk Assessment (SRA) Requirement for Meaningful Use

PrivaSphere Gateway Certificate Authority (GW CA)

Slide 1. Slide 2. Agenda

Leveraging the Provider Incentive Program for Increased Functionality Beyond Meaningful Use

Reading an sent with Voltage Secur . Using the Voltage Secur Zero Download Messenger (ZDM)

Guide to Using Mass HIway Webmail

The Stage 2 Summary of Care objective (Core 15) involves 3 measures. The 3rd of these measures is that the provider satisfy one of the following:!

EJGH Encryption User Tip Sheet of 8

How to use Certificate in Microsoft Outlook

Privacy and Security: Meaningful Use in Healthcare Organizations

Using etoken for Securing s Using Outlook and Outlook Express

Version 4 Revised 5/2015

Provider Help Guide for NIST EHR Randomizer Tool

A PRACTICAL GUIDE TO USING ENCRYPTION FOR REDUCING HIPAA DATA BREACH RISK

Welcome to the Privacy and Security PowerPoint presentation in the Data Analytics Toolkit. This presentation will provide introductory information

Meaningful Use Crosswalk to the Security Rule

Meaningful Use. 101 for Physician Offices January 2012

How To Use Direct Messaging

FDIC Secure Procedures for External Users April 23, 2010

- Procedures for Administrative Access

Cloud Web Portal User Guide Version 2.0

Joe Dylewski President, ATMP Solutions

Texas Medicaid & Healthcare Partnership (TMHP)

Customer Success Story. Health Unity. Health Unity and ClearDATA partner to help a large IDN achieve Meaningful Use

Ethics, Privilege, and Practical Issues in Cloud Computing, Privacy, and Data Protection: HIPAA February 13, 2015

Industry leading Education

Gerry Hinkley Co-Chair, Health Care Industry Team Pillsbury Winthrop Shaw Pittman LLP

Participating in a Health Information Exchange (HIE) Many Faces of Community Health /27/11 Greg Linden

Brocade Engineering. PKI Tutorial. Jim Kleinsteiber. February 6, Page 1

CMS AND ONC FINAL REGULATIONS DEFINE MEANINGFUL USE AND SET STANDARDS FOR ELECTRONIC HEALTH RECORD INCENTIVE PROGRAM

HIPAA/HITECH Act Implementation Guidance for Microsoft Office 365 and Microsoft Dynamics CRM Online

PHS-Connect Users Group Forum. November 7, 2013

The Patient Portal Ecosystem: Engaging Patients while Protecting Privacy and Security

HIPAA COMPLIANCE AND DATA PROTECTION Page 1

ILHIE Direct Secure Messaging Solution

Instructions for Secure Cisco Registered Envelope Service (CRES)

Healthcare Compliance Solutions

HIPAA Compliance Guide

Clearswift Information Governance

The basics of Health Information Technology

Steps to Opening Your First Password-Protected Envelope

Health Information Technology (IT) Simplified

Meaningful Use Gap Analysis and Planning Engineering a Hit!

D . A reliable and secure online communication platform. Armin Wappenschmidt (secunet) More information:

StreamServe Encryption and Authentication

Account Restrictions Agreement [ARA] - Required by LuxSci HIPAA Accounts

Internet Fax Buyer s Guide

EHR Incentive Program Updates. Jason Felts, MS HIT Practice Advisor

2/9/ HIPAA Privacy and Security Audit Readiness. Table of contents

Health Information Exchange in NYS

uently Asked NextGen Questions Share Frequently Asked uently Asked Questions Frequently Asked FAQ Pre-General Release (April-June 2014)

Direct Messaging and Individual s Right of Access through Their Personal Health Record

Enhancing the State s Healthcare Landscape through Trusted Information Exchange. Category: Digital Government: Government to Business

The basic groups of components are described below. Fig X- 1 shows the relationship between components on a network.

Business Associate Liability Under HIPAA/HITECH

Privacy and Security Meaningful Use Requirement HIPAA Readiness Review

Practical Guidance to Implement Meaningful Use Stage 2 Secure Health Transport for Certification and Meaningful Use

MEDICFUSION / HERFERT. MEANINGFUL USE STAGE 1 and 2 ATTESTATION GUIDE 2015

Anti-Spam Configuration in Outlook 2003 INDEX. Webmail settings Page 2. Client settings Page 6. Creation date Version 1.2

HIE Services & Pricing

Meaningful Use Stage 2 & HIPAA: The Relationship between HIPAA and Meaningful Use Privacy & Security Regulations View the Replay on YouTube

Digital Certificate Discovery for Health Care Providers

TARGETPROCESS HELP DESK PORTAL

SSL Intercept Mode. Certificate Installation Guide. Revision Warning and Disclaimer

Commonwealth of Massachusetts Executive Office of Health and Human Services. The Golden Spike Integration Options 8/20/2012

UC Irvine Health Secure Mail Message Center

AT&T Healthcare Community Online - Enabling Greater Access with Stronger Security

Health Information Exchange First Considerations

Meaningful Use Stage 3 Proposed Rule: What it Means for Hospitals, Physicians & Health IT Developers

Digital Healthcare: Author. A HIPAA compliant cloud strategy. Choosing a Cloud Service Provider. Alex Ginzburg

Health Information Exchange (HIE) in Minnesota

HIE Services & Pricing

The Direct Project Overview

Transcription:

Direct Secure Messaging Communicating in the Healthcare World Andy Nieto, Health IT Strategist, DataMotion

Agenda Email and Direct in healthcare, a little history So what is Direct, really Certificates PKI Two forms of Direct Provider to provider Provider to patient Controls in place Direct ecosystem Integrating with Direct A look forward 2

Evolution of healthcare IT 2001 EHR system usage at 18% 1996 HIPAA 2003 HIPAA Security Rule Feb 2009 HITECH - ARRA 2011 Meaningful Use Stage 1 attestation begins Jan 2013 Final HIPAA Omnibus ruling 1972 First EHR Introduced 2013 Meaningful Use 2 Rules included Direct 1971 first email sent 2014 attestation for Meaningful Use 2 begins 3

Email in healthcare - 2008 The Privacy Rule allows covered health care providers to communicate electronically, such as through e-mail, with their patients, provided they apply reasonable safeguards when doing so (http://www.hhs.gov/ocr/privacy/hipaa/faq/health_information_technology)

2013 refinement of HIPAA Privacy concerns Security concerns BAA who is liable 5

Looks like email, acts like email but ONLY for healthcare You may end up with multiple Direct addresses. 6

So what s the difference: Standard Email versus Direct Standard Email Direct Standard message protocol Standard message protocol Internet delivery Internet delivery Identity validation Secure encryption End-to-end trust & liability 7

What is Direct Secure Messaging EHR System Identity Validation Sender Mobile Device Secure Messages & Files Sending HISP Direct (SMTP/SMIME) Receiving HISP Recipient 8

The KEY - X.509 Digital Certificate Registration Authority (RA) confirms identity Certificate Authority (CA) issues certificate Healthcare Information Service Provider (HISP) manages certificate 9

What is PKI or public key infrastructure Let s say your safe deposit box is the information to be encrypted. Public key (bank s key to safe deposit box) Private key (your key to safe deposit box) Both are required to open and close the box, allowing you to see what is inside.

PKI with Direct Sender and receiver trust validated (identity confirmed with certificate) Message encrypted with receiver's public key Encrypted message sent via Internet to recipient Receiver s private key used to decrypt

2 types of Direct Provider to Provider Provider to Patient 12

Between providers identity validation encryption EHR EHR DrBob@direct.hospital.net (Has been identity vetted, has X.509 Digital certificate bound to address.) DrSusan@direct.cardiology.com (Has been identity vetted, has X.509 Digital certificate bound to address.) 13

Between provider and patient via PHR or portal identity validation encryption EHR PHR DrBob@direct.hospital.net (Has been identity vetted, has X.509 Digital certificate bound to address.) Pt.Dave@direct.MyPHR.com (Has been identity vetted, has X.509 Digital certificate bound to address.) 14

Blue Button health record retrieval system Blue Button, the slogan, Download My Data the Blue Button Logo, and the Blue Button Combined Logo are registered Service Marks of the U.S. Department of Health and Human Services 15

Who is in charge 16

ONC s view of Direct 17

Focus view Integration HISP 18

Integration pathways for Direct XD* interface Typically to an EHR or HIE Not directly to a user Email client POP & SMTP Web portal HTTPS:// Web service Typically APIs to an EHR or HIE Not directly to a user 19

Is there a Provider Directory Multiple addresses per provider EHR HIE Hospital Association XD connections don t require mailboxes No universal directory format Cellphone directory? Email directory?

How do I know it was delivered Message Disposition Notification (MDN) Dispatched Processed

The success view Direct Messaging Certification 22

Direct today 44 States have adopted Direct Major Growth* *as reported by the Direct Trust May, 2014

Who is Using Direct

What does the future hold Standard for healthcare communication and dialog EHR, HIE and Public Health Integration Patient engagement Self-reporting Syndromic surveillance support Product integration esigning Digital Certificate as Identity 25

Thanks Andy Nieto Healthcare IT Strategist andyn@datamotion.com 973-455-1245 x240 26

2024 © DocPlayer.net Privacy Policy | Terms of Service | Feedback  | Do Not Sell My Personal Information