Post on 01-Jul-2015
description
transcript
Direct Secure Messaging
A form of secure email for exchanging Protected Health Information
Jeff Livesay, Associate Director
Michigan Health Information Network
November 12, 2014
Agenda• What is Direct Secure Messaging?
• How is Direct Secure Messaging used?
• Using Direct for Public Health Reporting – two use cases:
• Immunization reporting
• Clinical Quality Measures
• Using Direct for Care Coordination – three use cases:
• Statewide Admission/Discharge/Transfer Notification Service
• Statewide Medical Reconciliation Service
• Trust Organizations and Trust Bundles:
• DirectTrust.org, HISP accreditation, and vendor trust bundles
• National Association for Trusted Exchange – consumer trust bundles
• Security and Privacy Issues – what if…?
• Contractual considerations with HISPs, RHIOs, HIEs and HINs
• Introducing MiDiGate™ - Medical Information Direct Gateway
• Direct and MiDiGate™ for Public Health Reporting
• Direct and MiDiGate™ for Health Information Exchanges
• Direct and MiDiGate™ for Health Plans
Copyright 2014 - Michigan Health Information Network Shared Services 2
Direct = secure SMTP
Simple Mail Transfer Protocol
3
What is a Direct Secure Message?
Direct = secure email
Copyright 2014 - Michigan Health Information Network Shared Services
Direct is required under MU 2 Final Rule
• “These transport standards include the two transport specifications
developed under the Direct Project6: (1) Applicability Statement for Secure
Health Transport7 and (2) External Data Representation (XDR) and Cross-
Enterprise Document Media Interchange (XDM) for Direct Messaging8. The
Applicability Statement for Secure Health Transport specification describes
how electronic health information can be securely transported using simple
mail transport protocol (SMTP), Secure/ Multipurpose Internet Mail
Extensions (S/MIME), and X.509 certificates. The XDR and XDM for Direct
Messaging specification describes the use of XDR”
• See:
• 6 http://wiki.directproject.org/Documentation+Library
• 7http://wiki.directproject.org/Applicability+Statement+for+Secure+Health+
Transport
• 8http://wiki.directproject.org/XDR+and+XDM+for+Direct+Messaging
4Copyright 2014 - Michigan Health Information Network Shared Services
The Direct Project
5
• Simple, secure, scalable, standards-based
way to send encrypted information “directly” to
known, authenticated, trusted recipients
• Messages sent securely between end-points:
• person to person
• person to system
• system to system
• system to person
Copyright 2014 - Michigan Health Information Network Shared Services
http://wiki.directproject.org/Documentation+Library
6
A National View of Direct Adoption
Copyright 2014 - Michigan Health Information Network Shared Services
CO
NM
TX
OK
CA
NV
OR
WA
ID
AZ
UT
MT
WY
ND
SD
NE
KS
MN
IA
WIMI
MO
AR
LA
IL IN
MS AL
FL
GA
SC
NCTN
KY
OH
WV VA
PA
NY
VTNH
ME
AK
AS
DC
GU
HI
PR
USVI
CNMI
Other States and
Territories
RICT
DE
NJ
MA
MD
Map Legend
Marketplace
Contractual
Hybrid
Live
Pilot
Not implementing Direct
Not Live
•Marketplace: A state approves Health Information Service Providers (HISPs) based on a set of criteria that allows
providers to determine the services and vendors that are right for them.
•Contractual: A state has contracted directly with a vendor or vendors to provide HISP services.
•Hybrid: A state has contracted directly with a vendor or vendors to provide HISP services and has also set up a
marketplace for other HISPs to participate in.
The Role of DIRECT & EHRs
7Copyright 2014 - Michigan Health Information Network Shared Services
8
Dr. Jones
Dr. Smith
First way to use Direct:
Provider-to-Provider messaging
Definition
HISP – Health Information Service Provider
HISP
HISP
Federally-bridged digital
security certificate as
trust anchor
Copyright 2014 - Michigan Health Information Network Shared Services
9
From:
results@direct.lab.com
To:
someClinic_lab_results@direct.mihin.org
Second way to use Direct:
System-to-system messaging
Definition
HISP – Health Information Service Provider
HISP
HISP
Federally-bridged digital
security certificate as
trust anchor
Copyright 2014 - Michigan Health Information Network Shared Services
mcir@direct.mihin.org
Public Health Reporting Use Case:
Submitting Immunizations Using Direct
10
State of Michigan
(SOM Data Hub)
VACCINATIONS
Standards
Gateway
Public Health
Reporting
Copyright 2014 - Michigan Health Information Network Shared Services
mcir@direct.mihin.org
11
State of Michigan
Data Hub
Immunization
Registry
VPN into State
Public Health Use Case: Immunizations via Direct
• d o c t o r @ d i r e c t . f l o r i d a . o r g
• d o c t o r @ d i r e c t . o h i o . o r g
• d o c t o r @ d i r e c t . w i s h s i n . o r g
• n u r s e @ c o r r e c t i o n s . m i h i n . o r g
Copyright 2014 - Michigan Health Information Network Shared Services
Public Health Reporting Use Case:
Submitting Immunizations without Direct
12
MDCH Data Hub
Data Sharing
Organizations
Public Health
Reporting
State-wide
Shared Services
No Change
Required!
Copyright 2014 - Michigan Health Information Network Shared Services
Clinical Quality Measures: The Problem
• Meaningful Use (MU) Stage 2 requires Clinical Quality Measurement
(CQM) reporting to State Medicaid
• Status quo: no standard way to submit CQMs to state agencies
• Providers must manually request MU credit
• Limited ability to compare quality data within single clinics, within
hospitals, across clinics
• Solution: Clinical Quality Measure Recovery and Repository (CQMRR)
13Copyright 2014 - Michigan Health Information Network Shared Services
14
Eligible
Providers
Eligible
Hospitals
CA
Hospitals
Data Peeler
Cypress/DQA
SOM Data Warehouse
CQM
Data Mart
(Final)
MDSS MCIR MSSS
VX
U’s
CQMS@direct.mihin.org
Valid QRDA
VPN to SOM
valid
QRDA
(CAT I & III)
Health
Provider
Directory
Meaningful Use Database
Reports,
Dashboards,
Comparisons,
Mining,
NPI lookup
State of Michigan
Data Hub
QRDA
QRDA
QRDA
Valid QRDA
QRDA
QRDA
QRDA
Clinical Quality Measure
Recovery and Repository
QRDA
(CAT I & III)
QRDA
(CAT I & III)
Copyright 2014 - Michigan Health Information Network Shared Services
TM
CATIII@direct.mihin.org
Data Sharing
Organization
Data Sharing
Organization
ADTs / Medication Reconciliation: Care
Coordination Use Cases
Active Care
Relationships
Delivery
Preference
Lookup
1) Hospital sends Medication Reconciliation message
2) Check Active Care Relationships and identify three providers
3) Using the HPD, identify delivery preference for each provider
4) Medication reconciliation is routed to providers based on preferences
MNO
OSP
15
AnimationGMPHO
MEDs
Summary
of Care
MEDs
Summary
of Care
Copyright 2014 - Michigan Health Information Network Shared Services
DirectTrust.org: Mission and Goals
11/12/2014 16
• A voluntary, self-governing, non-profit trade alliance
• Dedicated to the growth of Direct exchange at national scale
• Operates under a Cooperative Agreement
with ONC to support its work of creating a
national network of interoperable Direct
exchange services providers.
• Establishes policies, interoperability
requirements, and business practice
requirements
Security & Trust Framework
EHNAC-DirectTrust Accreditation Program
Trust Anchor Bundle Distribution
Copyright 2014 - Michigan Health Information Network Shared Services
DirectTrust Members
171711/12/2014
18Copyright 2014 - Michigan Health Information Network Shared Services
Current DTAAP Accreditation Roster
November 10, 2014
• Athenahealth Inc.
• Axesson
• CareAccord
• Cerner Corporation
• Covisint
• DataMotion Inc.
• DigiCert Inc.
• EMR Direct
• Health Companion Inc.
• Hixny Inc.
• Infomedtrix LLC
• ICC
• ICA
• Inpriva
• IOD Incorporated
• Alere Accountable Care Solutions
• Applied Research Works, Inc.
• Corepoint Health LLC
• eClinical Works
• Glenwood Systems
• Healthunity Corporation
• Indiana Health Service
• Nitor Group
• Orion Health
• Pulse Systems Inc.
• Qsource
• Quest Diagnostics
• Shifox LLC
• Siemens Medical Solutions USA Inc.
• Simplicity Health Systems
19
Fully Accredited and Audited Candidate Status
11/12/2014
• Maxims
• Medicity
• MedAllies
• MHIN
• MRO Corporation
• NextGen/Mirth
• NYeC
• Optum
• Relay Health
• Rochester RHIO
• Secure Exchange
Solutions Inc.
• Surescripts
• Truven Health Analytics
• Updoxy
Copyright 2014 - Michigan Health Information Network Shared Services
DataMotion™ Direct
• Direct Secure Messaging subscription service
• Group and individual address provisioning
• EHR integration and/or email client integration
• Easy Direct access via web portal login
DataMotion is an accredited Health Information Service Provider (HISP) of Direct Secure Messaging*
Secure, Integrated Messaging for Electronic Health Records
Who is NATE?
21
http://nate-trust.org/wp-content/uploads/2014/10/20141105-NBB4C-2014-slides-FINAL.pdf
Copyright 2014 - Michigan Health Information Network Shared Services
NATE PHR Initiative Phase 1
participating actors
22
http://nate-trust.org/wp-content/uploads/2014/10/20141105-NBB4C-2014-slides-FINAL.pdf
Copyright 2014 - Michigan Health Information Network Shared Services
NATE: PHR Incentive Phase 1: examining desired
capabilities to inform Phase 2 recommendations
23
http://nate-trust.org/wp-content/uploads/2014/10/20141105-NBB4C-2014-slides-FINAL.pdf
Copyright 2014 - Michigan Health Information Network Shared Services
NATE: Message and Certificate Flow
• Some quick definitions:
• Digital Certificate: Electronic document used to prove ownership of a public key; includes information about owner's identity and digital signature of entity (“Certificate Authority”) that has verified contents are correct
• Public Key: Used to encrypt a message or to verify a digital signature
• Private Key: Used to decrypt an encrypted message or create a digital signature
• Trust Anchor: An authoritative entity for which trust is assumed and from which a chain of trust is derived
• Trust Store: A collection of digital certificates of trust anchors you have chosen to trust
NATE: Message and Certificate Flow
NATE: Sender and Recipient Identity
• “Level of Assurance” – How well the addressee’s identity is proofed.
• NIST LOA level 2 – “in-person” government picture ID
• FBCA medium – “in-person” government picture ID and signature attesting to identity
• NIST LOA level 3 – “in-person” government picture ID verified independently
• Answers the question “How do I know the address really belongs to who claims to own it?”
• Traditional LOA mechanisms may be impossible or inappropriate for consumers
• Assurance of the owner of a Direct address may be achieved through personal relationships
NATE: Trust Bundles
• “Trust Bundles” are a collectionof trust anchor certificates usedto populate a trust store
• Reduces the need for point-to-pointtrust relationships:
• A use case and set of policies define a Trust Profile
• A Trust Bundle identifies the members of a Trust Community that have agreed to voluntarily adopt the Trust Profile
• Trust Bundles are published via Direct Project standard
NATE: Trust Bundles
• Since Trust Bundles populate trust stores:
• HISPs can load morethan one trust bundle;they are not exclusive
• Organizations can bepart of more than oneTrust Community
• Organizations can loadanchors of individualtrusted partners
• Both sender and receivermust have Trust Bundlein store (i.e. both be members of at least one common Trust Community or agree to be trusted partners)
NATE to Administer Blue Button Plus Trust Bundles
Security and Privacy – what if…
• Can a hacker intercepts a Direct Secure Message?
• Very difficult but even if this happened, the payload is encrypted so this
would not be considered a breach under HIPAA/HITECH
• Additionally, a single Direct message likely only has information on one
patient – a full breach involves at least 500 patient records – the exposure
is minimal
• How could someone break into Direct?
• Breaking into the data center is almost the only way, but the accreditation
process inspects the physical security of the data center
• What if a Direct Secure Message is sent to the wrong recipient?
• This happens all the time today with faxes – it is no different
• If the “wrong recipient” is another health provider, they are a covered
entity
• If the wrong recipient is not a provider, this is an “accidental disclosure”
Corporate Confidential -All Rights Reserved 2014 - Michigan Health
Information Network Shared Services30
Contractual Considerations
• Is the HISP vendor already accredited by EHNAC-DTAAP or in the process and if the latter, by what date certain do they expect to be accredited?
• Does the HISP support all forms of Direct, not just person-to-person?
• Does the vendor also provide RA and CA or partner?
• Does the vendor provide a good End-User License Agreement
• Is the HISP client a full-featured browser/PDA-based client?
• Does the HISP support Single Sign-On and Identity Federation?
• What are *all* of the costs (yes, there can be hidden costs)?
• Cost to stand up your instance of the HISP? Annual maintenance?
• Cost per account per year, in both low and high volumes?
• Can you provision your own accounts or does HISP vendor have fee?
• Are there Application Programming Interfaces (APIs) for integration with your existing ecosystem? Can you use these or only the vendor?
• What kind of provider directory is included/supported?
• How much storage is included per account?
• How much does additional storage cost?
• What is the maximum file size for attachments?
Corporate Confidential -All Rights Reserved 2014 - Michigan Health
Information Network Shared Services31
Medical Information Direct Gateway:
MiDiGate™ for Public Health Reporting
32
ccdas@direct.mihin.org
MiDiGate
ADT-Subscribers
adts@direct.mihin.org
Medical Information Direct GatewayTM MiDiGateTM for Public Health &
Meaningful Use Reporting
labs@direct.mihin.org
immunizations@direct.mihin.org
CQM Data Mart
Medicaid ADT Repository
MCIRMDSS MSSS
SOM Data Warehouse
VPN to SOM
Outbound
M
I
DG
IA
T
EM
I
DG
IA
T
E
Inbound
cqms@direct.mihin.org
QRDA Cat III
QRDA CAT III
QRDA
MU Credit
MeaningfulUse
Database
deaths@direct.mihin.org
QRDA
Copyright 2013 – MiHIN – Corporate Confidential – ProprietaryPatent Pending
Any provider organization
Physicians
Labs
Hospitals
Other States
HIEs
CorrectionalFacility
Patients
EDRS
MDCHData Hub
MCDR
Direct Email Convention Examples Using MiDiGate& Health Provider Directory
Inboxlabs@direct.mihin.org
immunizations@direct.mihin.orgdeaths@direct.mihin.org
birthdefects@direct.mihin.orgcqms@direct.mihin.org adts@direct.mihin.org
fostercarehealth@direct.mihin.orgccdas@direct.mihin.org
Destination(s) .Reportable Labs to MDSSMichigan Care Improvement RegistryElectronic Death Registry System Chronic Disease RegistrySOM Data WarehouseVital statisticsFoster Kids RegistryChronic Condition Registry
DescriptionLab Results
ImmunizationsDeath notices
Birth defect noticesClinical Quality Measures
Admit, Discharge, TransferFoster kids care summaries
Consolidated Clinical Document Architecture
Copyright 2014 - Michigan Health Information Network Shared Services
TM
MidiGate™ for HIEs
33
MDCHData Hub
HIE QO/VQO
ccdas@direct.hieqo.org
MiDiGate
adts@direct.hieqo.org
Michigan Direct GatewayTM MiDiGateTM
for HIE QOs and VQOs
labs@direct.hieqo.org
immunizations@direct.hieqo.org
CQM Data Mart
Medicaid ADT Repository
MCIR
MDSS
MSSS
SOM Data Warehouse
VPN to
SOM
Outbound
M
I
DG
IA
T
EM
I
DG
IA
T
E
Inbound
cqms@direct.hieqo.org
QRDA Cat III
QRDA CAT III
MU Credit
MeaningfulUse
Database
deaths@direct.hieqo.org
QRDA
Copyright 2013 – MiHIN – Corporate Confidential – ProprietaryPatent Pending
Any provider organization
Physicians
Labs
Hospitals
HIEs
CorrectionalFacility
Patients
EDRS
MCDR
VPN to HIE/QO/VQO
MiHINVPN to
MiHIN
Repository
HIE
Other StatesDirect Email Convention Examples Using MiDiGate
& Health Provider Directory Inbox
labs@direct.hieqo.orgdeaths@direct.hieqo.org
immunizations@direct.hieqo.orgusecasename@direct.hieqo.org
birthdefects@direct.hieqo.orgcqms@direct.hieqo.org adts@direct.hieqo.org
fostercarehealth@direct.hieqo.orgccdas@direct.hieqo.org
Destination(s) .Reportable Labs to MDSSElectronic Death Registry System Michigan Care Improvement RegistryRegistry for that use caseChronic Condition RegistrySOM Data WarehouseVital StatisticsFoster Kids RegistryChronic Disease Registry
DescriptionLab Results
Death NoticesImmunizations
Use Case SpecificBirth Defect Notices
Clinical Quality Measures Admit, Discharge, Transfer
Foster Kids Care SummariesConsolidated Clinical Document Architecture
Copyright 2014 - Michigan Health Information Network Shared Services
TM
MiDiGate™ for Health Plans
34
ccdas@direct.[healthplan].org
MiDiGate
adts@direct.[healthplan].org
Medical Information Direct GatewayTM MiDiGateTM for Health Plans
labs@direct.[healthplan].org
Quality
Outbound
M
I
DG
IA
T
EM
I
DG
IA
T
E
Inbound
cqms@direct.[healthplan].org
Quality & PQRS ReportingQRDA
authorizations@direct.[healthplan].org
Any provider organization
Physicians
Labs
Hospitals
Other States
HIEs
QRDA VPN
Revenue Management
Incentive
HospitalContract
Provider Relations
Pharmacy
UtilizationManagement
Care Management
Analytics Fraud
Health Plan Data Warehouse
MyEmail@direct.[healthplan].org
Copyright 2013 – MiHIN – Corporate Confidential – ProprietaryPatent Pending
CorrectionalFacility
Patients
Direct Email Convention Examples Using MiDiGate & Health Provider Directory
Destination ExamplesCare Manager, IncentiveUtilization ManagementPharmacy, Care Manager, IncentiveHospital Contracts, Provider RelationsQuality, Revenue ManagementCare Manager, Utilization ManagerOther Qualified Organization
Inboxlabs@direct.[healthplan].org
authorizations@direct.[healthplan].orgmeds@direct.[healthplan].org
custom@direct.[healthplan].orgcqms@direct.[healthplan].orgadts@direct.[healthplan].org
ccdas@direct.[healthplan].org
DescriptionLab Results
AuthorizationsMedication Notices
Any PHI type messageClinical Quality Measures
Admit, Discharge, TransferConsolidated Clinical Document Architecture
Copyright 2014 - Michigan Health Information Network Shared Services
TM
Questions?
Jeff Livesay
Associate Director
livesay@mihin.org
35Copyright 2014 - Michigan Health Information Network Shared Services
References
36Copyright 2014 - Michigan Health Information Network Shared Services
• http://wiki.directproject.org/Documentation+Library
• http://wiki.directproject.org/Applicability+Statement+for+Secure+Health+Tran
sport
• http://wiki.directproject.org/XDR+and+XDM+for+Direct+Messaging
• www.directtrust.org
• www.nate-trust.org