MiHIN Direct Webinar for EHR Intelligence v10 11 12-14

Direct Secure Messaging

A form of secure email for exchanging Protected Health Information

Jeff Livesay, Associate Director

Michigan Health Information Network

November 12, 2014

Agenda• What is Direct Secure Messaging?

• How is Direct Secure Messaging used?

• Using Direct for Public Health Reporting – two use cases:

• Immunization reporting

• Clinical Quality Measures

• Using Direct for Care Coordination – three use cases:

• Statewide Admission/Discharge/Transfer Notification Service

• Statewide Medical Reconciliation Service

• Trust Organizations and Trust Bundles:

• DirectTrust.org, HISP accreditation, and vendor trust bundles

• National Association for Trusted Exchange – consumer trust bundles

• Security and Privacy Issues – what if…?

• Contractual considerations with HISPs, RHIOs, HIEs and HINs

• Introducing MiDiGate™ - Medical Information Direct Gateway

• Direct and MiDiGate™ for Public Health Reporting

• Direct and MiDiGate™ for Health Information Exchanges

• Direct and MiDiGate™ for Health Plans

Copyright 2014 - Michigan Health Information Network Shared Services 2

Direct = secure SMTP

Simple Mail Transfer Protocol

3

What is a Direct Secure Message?

Direct = secure email

Copyright 2014 - Michigan Health Information Network Shared Services

Direct is required under MU 2 Final Rule

• “These transport standards include the two transport specifications

developed under the Direct Project6: (1) Applicability Statement for Secure

Health Transport7 and (2) External Data Representation (XDR) and Cross-

Enterprise Document Media Interchange (XDM) for Direct Messaging8. The

Applicability Statement for Secure Health Transport specification describes

how electronic health information can be securely transported using simple

mail transport protocol (SMTP), Secure/ Multipurpose Internet Mail

Extensions (S/MIME), and X.509 certificates. The XDR and XDM for Direct

Messaging specification describes the use of XDR”

• See:

• 6 http://wiki.directproject.org/Documentation+Library

• 7http://wiki.directproject.org/Applicability+Statement+for+Secure+Health+

Transport

• 8http://wiki.directproject.org/XDR+and+XDM+for+Direct+Messaging

4Copyright 2014 - Michigan Health Information Network Shared Services

http://wiki.directproject.org/Documentation+Library

http://wiki.directproject.org/Applicability+Statement+for+Secure+Health+Transport

http://wiki.directproject.org/XDR+and+XDM+for+Direct+Messaging

The Direct Project

5

• Simple, secure, scalable, standards-based

way to send encrypted information “directly” to

known, authenticated, trusted recipients

• Messages sent securely between end-points:

• person to person

• person to system

• system to system

• system to person




6

A National View of Direct Adoption


CO

NM

TX

OK

CA

NV

OR

WA

ID

AZ

UT

MT

WY

ND

SD

NE

KS

MN

IA

WIMI

MO

AR

LA

IL IN

MS AL

FL

GA

SC

NCTN

KY

OH

WV VA

PA

NY

VTNH

ME

AK

AS

DC

GU

HI

PR

USVI

CNMI

Other States and

Territories

RICT

DE

NJ

MA

MD

Map Legend

Marketplace

Contractual

Hybrid

Live

Pilot

Not implementing Direct

Not Live

•Marketplace: A state approves Health Information Service Providers (HISPs) based on a set of criteria that allows

providers to determine the services and vendors that are right for them.

•Contractual: A state has contracted directly with a vendor or vendors to provide HISP services.

•Hybrid: A state has contracted directly with a vendor or vendors to provide HISP services and has also set up a

marketplace for other HISPs to participate in.

The Role of DIRECT & EHRs


8

Dr. Jones

Dr. Smith

First way to use Direct:

Provider-to-Provider messaging

Definition

HISP – Health Information Service Provider

HISP

HISP

Federally-bridged digital

security certificate as

trust anchor


9

From:

[email protected]

To:

[email protected]

Second way to use Direct:

System-to-system messaging

Definition

HISP – Health Information Service Provider

HISP

HISP

Federally-bridged digital

security certificate as

trust anchor


[email protected]

Public Health Reporting Use Case:

Submitting Immunizations Using Direct

10

State of Michigan

(SOM Data Hub)

VACCINATIONS

Standards

Gateway

Public Health

Reporting


[email protected]

11

State of Michigan

Data Hub

Immunization

Registry

VPN into State

Public Health Use Case: Immunizations via Direct

• d o c t o r @ d i r e c t . f l o r i d a . o r g

• d o c t o r @ d i r e c t . o h i o . o r g

• d o c t o r @ d i r e c t . w i s h s i n . o r g

• n u r s e @ c o r r e c t i o n s . m i h i n . o r g


mailto:[email protected]

Public Health Reporting Use Case:

Submitting Immunizations without Direct

12

MDCH Data Hub

Data Sharing

Organizations

Public Health

Reporting

State-wide

Shared Services

No Change

Required!


Clinical Quality Measures: The Problem

• Meaningful Use (MU) Stage 2 requires Clinical Quality Measurement

(CQM) reporting to State Medicaid

• Status quo: no standard way to submit CQMs to state agencies

• Providers must manually request MU credit

• Limited ability to compare quality data within single clinics, within

hospitals, across clinics

• Solution: Clinical Quality Measure Recovery and Repository (CQMRR)


14

Eligible

Providers

Eligible

Hospitals

CA

Hospitals

Data Peeler

Cypress/DQA

SOM Data Warehouse

CQM

Data Mart

(Final)

MDSS MCIR MSSS

VX

U’s

[email protected]

Valid QRDA

VPN to SOM

valid

QRDA

(CAT I & III)

Health

Provider

Directory

Meaningful Use Database

Reports,

Dashboards,

Comparisons,

Mining,

NPI lookup

State of Michigan

Data Hub

QRDA

QRDA

QRDA

Valid QRDA

QRDA

QRDA

QRDA

Clinical Quality Measure

Recovery and Repository

QRDA

(CAT I & III)

QRDA

(CAT I & III)


TM

[email protected]

Data Sharing

Organization

Data Sharing

Organization

ADTs / Medication Reconciliation: Care

Coordination Use Cases

Active Care

Relationships

Delivery

Preference

Lookup

1) Hospital sends Medication Reconciliation message

2) Check Active Care Relationships and identify three providers

3) Using the HPD, identify delivery preference for each provider

4) Medication reconciliation is routed to providers based on preferences

MNO

OSP

15

AnimationGMPHO

MEDs

Summary

of Care

MEDs

Summary

of Care


DirectTrust.org: Mission and Goals

11/12/2014 16

• A voluntary, self-governing, non-profit trade alliance

• Dedicated to the growth of Direct exchange at national scale

• Operates under a Cooperative Agreement

with ONC to support its work of creating a

national network of interoperable Direct

exchange services providers.

• Establishes policies, interoperability

requirements, and business practice

requirements

Security & Trust Framework

EHNAC-DirectTrust Accreditation Program

Trust Anchor Bundle Distribution


DirectTrust Members

171711/12/2014


Current DTAAP Accreditation Roster

November 10, 2014

• Athenahealth Inc.

• Axesson

• CareAccord

• Cerner Corporation

• Covisint

• DataMotion Inc.

• DigiCert Inc.

• EMR Direct

• Health Companion Inc.

• Hixny Inc.

• Infomedtrix LLC

• ICC

• ICA

• Inpriva

• IOD Incorporated

• Alere Accountable Care Solutions

• Applied Research Works, Inc.

• Corepoint Health LLC

• eClinical Works

• Glenwood Systems

• Healthunity Corporation

• Indiana Health Service

• Nitor Group

• Orion Health

• Pulse Systems Inc.

• Qsource

• Quest Diagnostics

• Shifox LLC

• Siemens Medical Solutions USA Inc.

• Simplicity Health Systems

19

Fully Accredited and Audited Candidate Status

11/12/2014

• Maxims

• Medicity

• MedAllies

• MHIN

• MRO Corporation

• NextGen/Mirth

• NYeC

• Optum

• Relay Health

• Rochester RHIO

• Secure Exchange

Solutions Inc.

• Surescripts

• Truven Health Analytics

• Updoxy


DataMotion™ Direct

• Direct Secure Messaging subscription service

• Group and individual address provisioning

• EHR integration and/or email client integration

• Easy Direct access via web portal login

DataMotion is an accredited Health Information Service Provider (HISP) of Direct Secure Messaging*

Secure, Integrated Messaging for Electronic Health Records

Who is NATE?

21

http://nate-trust.org/wp-content/uploads/2014/10/20141105-NBB4C-2014-slides-FINAL.pdf



NATE PHR Initiative Phase 1

participating actors

22




NATE: PHR Incentive Phase 1: examining desired

capabilities to inform Phase 2 recommendations

23




NATE: Message and Certificate Flow

• Some quick definitions:

• Digital Certificate: Electronic document used to prove ownership of a public key; includes information about owner's identity and digital signature of entity (“Certificate Authority”) that has verified contents are correct

• Public Key: Used to encrypt a message or to verify a digital signature

• Private Key: Used to decrypt an encrypted message or create a digital signature

• Trust Anchor: An authoritative entity for which trust is assumed and from which a chain of trust is derived

• Trust Store: A collection of digital certificates of trust anchors you have chosen to trust

NATE: Message and Certificate Flow

NATE: Sender and Recipient Identity

• “Level of Assurance” – How well the addressee’s identity is proofed.

• NIST LOA level 2 – “in-person” government picture ID

• FBCA medium – “in-person” government picture ID and signature attesting to identity

• NIST LOA level 3 – “in-person” government picture ID verified independently

• Answers the question “How do I know the address really belongs to who claims to own it?”

• Traditional LOA mechanisms may be impossible or inappropriate for consumers

• Assurance of the owner of a Direct address may be achieved through personal relationships

NATE: Trust Bundles

• “Trust Bundles” are a collectionof trust anchor certificates usedto populate a trust store

• Reduces the need for point-to-pointtrust relationships:

• A use case and set of policies define a Trust Profile

• A Trust Bundle identifies the members of a Trust Community that have agreed to voluntarily adopt the Trust Profile

• Trust Bundles are published via Direct Project standard

NATE: Trust Bundles

• Since Trust Bundles populate trust stores:

• HISPs can load morethan one trust bundle;they are not exclusive

• Organizations can bepart of more than oneTrust Community

• Organizations can loadanchors of individualtrusted partners

• Both sender and receivermust have Trust Bundlein store (i.e. both be members of at least one common Trust Community or agree to be trusted partners)

NATE to Administer Blue Button Plus Trust Bundles

Security and Privacy – what if…

• Can a hacker intercepts a Direct Secure Message?

• Very difficult but even if this happened, the payload is encrypted so this

would not be considered a breach under HIPAA/HITECH

• Additionally, a single Direct message likely only has information on one

patient – a full breach involves at least 500 patient records – the exposure

is minimal

• How could someone break into Direct?

• Breaking into the data center is almost the only way, but the accreditation

process inspects the physical security of the data center

• What if a Direct Secure Message is sent to the wrong recipient?

• This happens all the time today with faxes – it is no different

• If the “wrong recipient” is another health provider, they are a covered

entity

• If the wrong recipient is not a provider, this is an “accidental disclosure”

Corporate Confidential -All Rights Reserved 2014 - Michigan Health

Information Network Shared Services30

Contractual Considerations

• Is the HISP vendor already accredited by EHNAC-DTAAP or in the process and if the latter, by what date certain do they expect to be accredited?

• Does the HISP support all forms of Direct, not just person-to-person?

• Does the vendor also provide RA and CA or partner?

• Does the vendor provide a good End-User License Agreement

• Is the HISP client a full-featured browser/PDA-based client?

• Does the HISP support Single Sign-On and Identity Federation?

• What are *all* of the costs (yes, there can be hidden costs)?

• Cost to stand up your instance of the HISP? Annual maintenance?

• Cost per account per year, in both low and high volumes?

• Can you provision your own accounts or does HISP vendor have fee?

• Are there Application Programming Interfaces (APIs) for integration with your existing ecosystem? Can you use these or only the vendor?

• What kind of provider directory is included/supported?

• How much storage is included per account?

• How much does additional storage cost?

• What is the maximum file size for attachments?

Corporate Confidential -All Rights Reserved 2014 - Michigan Health

Information Network Shared Services31

Medical Information Direct Gateway:

MiDiGate™ for Public Health Reporting

32

[email protected]

MiDiGate

ADT-Subscribers

[email protected]

Medical Information Direct GatewayTM MiDiGateTM for Public Health &

Meaningful Use Reporting

[email protected]

[email protected]

CQM Data Mart

Medicaid ADT Repository

MCIRMDSS MSSS

SOM Data Warehouse

VPN to SOM

Outbound

M

I

DG

IA

T

EM

I

DG

IA

T

E

Inbound

[email protected]

QRDA Cat III

QRDA CAT III

QRDA

MU Credit

MeaningfulUse

Database

[email protected]

QRDA

Copyright 2013 – MiHIN – Corporate Confidential – ProprietaryPatent Pending

Any provider organization

Physicians

Labs

Hospitals

Other States

HIEs

CorrectionalFacility

Patients

EDRS

MDCHData Hub

MCDR

Direct Email Convention Examples Using MiDiGate& Health Provider Directory

[email protected]

[email protected]@direct.mihin.org

[email protected]@direct.mihin.org [email protected]

[email protected]@direct.mihin.org

Destination(s) .Reportable Labs to MDSSMichigan Care Improvement RegistryElectronic Death Registry System Chronic Disease RegistrySOM Data WarehouseVital statisticsFoster Kids RegistryChronic Condition Registry

DescriptionLab Results

ImmunizationsDeath notices

Birth defect noticesClinical Quality Measures

Admit, Discharge, TransferFoster kids care summaries

Consolidated Clinical Document Architecture


TM

MidiGate™ for HIEs

33

MDCHData Hub

HIE QO/VQO

[email protected]

MiDiGate

[email protected]

Michigan Direct GatewayTM MiDiGateTM

for HIE QOs and VQOs

[email protected]

[email protected]

CQM Data Mart

Medicaid ADT Repository

MCIR

MDSS

MSSS

SOM Data Warehouse

VPN to

SOM

Outbound

M

I

DG

IA

T

EM

I

DG

IA

T

E

Inbound

[email protected]

QRDA Cat III

QRDA CAT III

MU Credit

MeaningfulUse

Database

[email protected]

QRDA



Physicians

Labs

Hospitals

HIEs


Patients

EDRS

MCDR

VPN to HIE/QO/VQO

MiHINVPN to

MiHIN

Repository

HIE

Other StatesDirect Email Convention Examples Using MiDiGate

& Health Provider Directory Inbox

[email protected]@direct.hieqo.org


[email protected]@direct.hieqo.org [email protected]


Destination(s) .Reportable Labs to MDSSElectronic Death Registry System Michigan Care Improvement RegistryRegistry for that use caseChronic Condition RegistrySOM Data WarehouseVital StatisticsFoster Kids RegistryChronic Disease Registry


Death NoticesImmunizations

Use Case SpecificBirth Defect Notices

Clinical Quality Measures Admit, Discharge, Transfer

Foster Kids Care SummariesConsolidated Clinical Document Architecture


TM

MiDiGate™ for Health Plans

34

ccdas@direct.[healthplan].org

MiDiGate

adts@direct.[healthplan].org

Medical Information Direct GatewayTM MiDiGateTM for Health Plans

labs@direct.[healthplan].org

Quality

Outbound

M

I

DG

IA

T

EM

I

DG

IA

T

E

Inbound

cqms@direct.[healthplan].org

Quality & PQRS ReportingQRDA

authorizations@direct.[healthplan].org


Physicians

Labs

Hospitals

Other States

HIEs

QRDA VPN

Revenue Management

Incentive

HospitalContract

Provider Relations

Pharmacy

UtilizationManagement

Care Management

Analytics Fraud

Health Plan Data Warehouse

MyEmail@direct.[healthplan].org



Patients

Direct Email Convention Examples Using MiDiGate & Health Provider Directory

Destination ExamplesCare Manager, IncentiveUtilization ManagementPharmacy, Care Manager, IncentiveHospital Contracts, Provider RelationsQuality, Revenue ManagementCare Manager, Utilization ManagerOther Qualified Organization

Inboxlabs@direct.[healthplan].org

authorizations@direct.[healthplan].orgmeds@direct.[healthplan].org

custom@direct.[healthplan].orgcqms@direct.[healthplan].orgadts@direct.[healthplan].org

ccdas@direct.[healthplan].org


AuthorizationsMedication Notices

Any PHI type messageClinical Quality Measures

Admit, Discharge, TransferConsolidated Clinical Document Architecture


TM

Questions?

Jeff Livesay

Associate Director

[email protected]


mailto:[email protected]

References


• http://wiki.directproject.org/Documentation+Library

• http://wiki.directproject.org/Applicability+Statement+for+Secure+Health+Tran

sport

• http://wiki.directproject.org/XDR+and+XDM+for+Direct+Messaging

• www.directtrust.org

• www.nate-trust.org


http://wiki.directproject.org/Applicability+Statement+for+Secure+Health+Transport

http://wiki.directproject.org/XDR+and+XDM+for+Direct+Messaging

http://www.directtrust.org/

http://www.nate-trust.org/

Healthcare

MiHIN Direct Webinar for EHR Intelligence v10 11 12-14