DIRECT HIE Technology
DIRECT technology is a transport solution for HIE and does not focus on the content being exchanged. Therefore, anything from simple text narratives to structured documents, such as CCDs, lab results, or images can be exchanged using DIRECT. DIRECT exchange describes the push of health information from a sender to a known receiver; similar to a how an email is pushed from one endpoint to another.
- DIRECT operates similarly to electronic email so the technology is easy to adopt into a clinical practice workflow.
- DIRECT messages can include attachments, such as clinical summaries, that providers need to exchange.
Direct uses a HISP (health information service provider) just as other email services use an ISP (internet service provider) to manage the flow of email transmissions.
- To transmit DIRECT messages, providers must use what are known as health information service providers (HISPs). These are similar to internet service providers (ISPs), except that HISPs must follow the DIRECT protocol, and requires that holders of DIRECT addresses be registered with a registration authority, and hold digital certificates from a certificate authority.
- Secure, DIRECT messaging can only occur between participants of DIRECT technology. In short, a DIRECT message can only be sent by and/or received by those who have adopted DIRECT accounts. You cannot exchange DIRECT messages with Yahoo or Gmail accounts as any accounts other than DIRECT would not be 'recognized' by the HISP as acceptable recipients. This protects your PHI information!
DIRECT messages are secure by employing a Public Key Infrastructure (PKI) technology that encrypts the messages.
- DIRECT is secure in that each message is encrypted as soon as the sender hits 'send' and remains encrypted during transport until the intended recipient opens the message. This protects your PHI information!
- DIRECT messages are accessed through a web portal or directly from an electronic health record (EHR) system, providing information transfer via special accounts dedicated solely to DIRECT communications.
- DIRECT addresses are issued to those who should be sharing PHI (personal health information) and follow established security policies, including HIPPA.
- HISPs only issue DIRECT addresses to those whose identity has been verified, a process called authentication.
For Stage 2 of Meaningful Use, all certified EHR systems must include DIRECT capability (i.e. upgraded to EHR versions that incorporate Direct into the EHR functionality).
- DIRECT will enable eligible professionals and hospitals to meet the MU requirements when used to send clinical summaries to other providers at transitions of care, including referrals.
Common Scenarios of using DIRECT messaging to support the transport of clinical information: DIRECT messaging supports common scenarios where one person or organization needs to send clinical information to another person or organization securely.
This simple push of information covers clinical scenarios like:
- A primary care doctor refers her patient to a specialist. She sends the specialist a copy of the patient's clinical snapshot.
- When the specialist completes his consult, he sends information about his findings back to patient's primary care provider.
- A primary care doctor refers her patient to the hospital for observation or a scheduled surgery. She sends the hospital a copy of the patient's pertinent clinical information.
- The patient is discharged from the hospital, which sends the patient's discharge information back to the referring provider.
- A provider, clinic, or hospital sends follow-up reminders to the patient.
- A patient receives an immunization.
- The physician sends a record of the immunization to the Tennessee Immunization Registry.
Many scenarios, each with a point who has the data, sending it to another point that needs the data. The Direct Project doesn't focus on what the data is, only the way it's transported.
Establishing Trust between HISPs: A trade organization called Direct Trust (DTO) launched a national accreditation program for HISPs, certificate authorities, and registration authorities in collaboration with the Electronic Health Network Accreditation Commission (EHNAC). The goal of this program is to create a foundation of trusted data exchange and performance guarantees by operating under the same fundamental transport guidelines and security procedures. This thereby, eliminates the need for each HISP to contract with other HISPs by completing BAs (Business Agreements) or TPAs (Trading partner Agreements) currently required by point-to-point exchange entities that operate data transport with differing guidelines.
Tennessee will be encouraging use of those HISPs listed in Accredited status for the DTAAP-HISP program on the EHNAC website, under the Accreditation Status Link. (https://www.ehnac.org/accredited-organizations/). This helps to enable interoperability for providers and other stakeholders using DIRECT for health information exchange.