#connect2013 connecting for good loews coronado bay resort, san diego, california david c. kibbe, md...
TRANSCRIPT
#CONNECT2013
Connecting for GoodLoews Coronado Bay Resort, San Diego, California
David C. Kibbe, MD MBAPresident and CEO, DirectTrust
#CONNECT2013
Expect Direct!Secure Health Information Exchange at the Dawn of the Health Internet
© 2013 Qualcomm Life. All rights reserved.3
Mission and GoalsDirectTrust.org, Inc. (DirectTrust) is a voluntary, self-governing, non-profit alliance dedicated to the support of Direct exchange of health information at national scale, through the establishment of policies, interoperability requirements, and business practice requirements. Taken together, these create a Security and Trust Framework for the purpose of uniting multiple Direct implementations and their communities, enhancing public confidence in privacy, security, and trust in identity when using Direct.
DirectTrust is the recipient of an ONC Cooperative Agreement award in the amount of $280,205 as part of the Exemplar HIE Governance Program. Within this Program, DirectTrust is charged by ONC with further development of the Direct Trusted Agent Accreditation Program, and the establishment of a national trust anchor bundle distribution service for Direct exchange implementers.
© 2013 Qualcomm Life. All rights reserved.
The problem behind the lack of data liquidity in healthcare -- fragmentation
© 2013 Qualcomm Life. All rights reserved.
60-70% of physicians and hospitals now use EHRs…yet• Not a single EHR is interoperable with
another vendor’s product…EPIC literally can’t move data to NextGen except by fax.
• Nearly 100% of referrals and transitions of care require paper, fax, or mail transmittal of important health information.
• Specialists report that over 50% of the time they never get information from referring PCPs, and PCPs report that over 50% of the time they never hear anything back from the specialists.
I’m sending you Mrs. Smith!
La, la, la...I can’t hear you, can’t hear you!
© 2013 Qualcomm Life. All rights reserved.
And that’s just the tip of the iceberg…• PHRs have languished because
patients can’t easily get their data from providers.
• Payers, e.g. Medicare, spend $$ on mail and fax trying to communicate with providers and beneficiaries.
• State and federal agencies depend on fax, phone, and mail for most communications.
© 2013 Qualcomm Life. All rights reserved.
Stage 2 MU focus is on exchange
© 2013 Qualcomm Life. All rights reserved.
Health Information Exchange 101What’s the status in late 2013?
HIE is electronic sharing of health information among varied health care providers and their organizations, while maintaining meaning. HIE types
• Direct “push” / email / point-to-point• Exchange / XD* protocols /Enterprise-to-enterprise • Data collection, aggregation / central hub & query
Data frequently exchanged• Any file type, but structured data as HL7
CCD, cCDA• Stage 2 MU sets common data set, requires EHRs
to certify Direct exchange capability, cCDA capablity.
© 2013 Qualcomm Life. All rights reserved.
Only Direct exchange…
• Is easy, familiar, email-based (SMIME/SMTP+PKI).
• Required by Stage 2 MU of all EHRs by 2014 for both provider-provider and provide-patient data exchange.
• Uses the Internet natively for point-point exchange between any two addresses.
© 2013 Qualcomm Life. All rights reserved.10
A deeper dive into Direct: identity assurance is key feature• Before Direct users can exchange messages and attachments, they
must interact with three entities that serve as “trusted agents,” each of which has separate roles and responsibilities.
o A Health Information Service Provider, HISP, handles the encryption and identity validation on behalf of the Direct addressee, assigns accounts and addresses, and arranges for the addressees to be issued an X.509 digital certificate;
o A Certificate Authority, CA, issues the X.509 digital certificate to the addressee, along with the public key, relying on the information supplied to it by the;
o A Registration Authority, RA, which verifies and proofs the identity of the addressee applying for an X.509 digital certificate.
© 2013 Qualcomm Life. All rights reserved.11
HISP-HISP between EHRs
[email protected](has been identity vetted, has X.509Digital certificate bound to address.)
[email protected](has been identity vetted, has X.509Digital certificate bound to address.)
ARC OF LIABILITY
EHR EHR
encryption
identity validation
© 2013 Qualcomm Life. All rights reserved.
HISP-HISP exchange between EHR and PHR
[email protected](has been identity vetted, has X.509Digital certificate bound to address.)
[email protected](has been identity vetted, has X.509Digital certificate bound to address.)
encryption
identity validation
ARC OF LIABILITY
EHR PHR
© 2013 Qualcomm Life. All rights reserved.13
Consider the near future!• Any Direct addressee can send/receive data in any format
to/from any Direct addressee, securely, over the Internet.• Any information available to the patient, e.g. vitals, device
results, images, etc., can be made available to providers in near real time.
• Next generation “medical information homes” have the source of data, and the means of sourcing data, available for the first time.
© 2013 Qualcomm Life. All rights reserved.14
DirectTrust ApproachSecurity &
Trust Framework
EHNAC-DirectTrust Accreditation Program
Trusted Anchor Bundle
Distribution
The goal is to make it easy and inexpensive fortrusted agents, e.g. HISPs, to voluntarily know of andfollow the “rules of the road“ for security andIdentity, while also easyand inexpensive to know who elseis following them.
© 2013 Qualcomm Life. All rights reserved.
Accreditation and Audit
DirectTrust is accrediting HISPs, CAs, and RAs In partnership with EHNAC.
Look for the EHNAC-DirectTrust seal of accreditation for assurances of best practices for privacy, security, and trust-in-identity.
Accreditation status of HISPs, CAs, RAs is always available at www.DirectTrust.org
© 2013 Qualcomm Life. All rights reserved.
About DirectTrust• The ONC is establishing governance mechanisms for nationwide health
information exchange, in part through a cooperative agreement with DirectTrust.
• The Stage 2 MU regulations require eligible providers to engage in health information exchange via standards and in a manner consistent with these governance mechanisms.
• DirectTrust is a non-profit industry alliance that is supporting Direct exchange adoption and use through policy setting, accreditation, trust anchor distribution, and outreach activities. The AAFP is one of the founding members of DirectTrust.
See:http://www.healthit.gov/buzz-blog/health-information-exchange-2/onc-partners-health-information-exchange-governance-entities and also
http://www.healthit.gov/buzz-blog/electronic-health-and-medical-records/directtrust-builds-transparency-confidence-direct-exchange).
© 2013 Qualcomm Life. All rights reserved.
Short lexicon of termsDirect ProjectA public-private sector initiative sponsored and run by ONC whose aim was to create a simple, secure, and open standard for transport of messages and attachments between health care participants over the Internet, regardless of end-user technology. Direct StandardThe outcome of the Direct Project. A set of protocols and specifications, along with a security and trust architecture, for simple, secure, inter-vendor communications over the Internet for use by health care professionals and patients. Direct Message ExchangeUse or deployment by individuals or entities of health information exchange utilizing the Direct standard. Also sometimes referred to as Directed “push” exchange, Direct exchange.
Direct User or SubscriberAn organization or an individual that participates in sending and receiving messages and attachments using technology equipped to do so, e.g an EHR or a web portal, via the Direct standard, and who has the authority to do so.
© 2013 Qualcomm Life. All rights reserved.
Resources and additional information• DirectTrust website www.DirectTrust.org
Information on MembershipInformation on Workgroups and Active ProjectsDirectTrust Membership ListAccreditation Status ListCode of EthicsDirectTrust Community X.509 Digital Certificate PolicyFederation AgreementDirect Trusted Agent Accreditation Program (DTAAP)Trust Anchor Bundle Website
© 2013 Qualcomm Life. All rights reserved.
#CONNECT2013
Thank you