The Direct Project, the secure clinical messaging protocol introduced earlier this year, has advanced to the next level with the announcement that a workgroup of the Direct Project consortium has reached agreement on a key component of the "trust framework" that will be required for Direct messaging.
The Direct Project Rules of the Road workgroup has formulated a certificate policy that will govern the use of digital certificates when providers exchange messages. These will be used to authenticate the identities of senders and receivers.
Networks known as Health Internet Service Providers, or HISPs, are responsible for the routing and security of the messages between providers. Among other things, a HISP must confirm the identity of the sender's HISP, if it is different from that of the receiver, and encrypt the messages of its subscribers. The new security rules are expected to strengthen trust between HISPs.
In a Government Health IT article, David Kibbe, a senior adviser to the American Academy of Family Physicians, explains that participants in Direct pilots requested security rules more specific than those that the Direct Project consortium had published. As a result, the consortium formed the Rules of the Road workgroup last April, and its work led to the agreement on the certificate policy.
The Office of the National Coordinator for Health IT (ONC) spurred the development of the Direct Project protocol in collaboration with health IT vendors and other private-sector partners. According to Kibbe, "Direct exchange is intended to replace fax, courier, and mail transmission of clinical messages for referral and other purposes between providers, to permit secure email-like communications between providers and their patients, and to support other simple exchange scenarios envisioned as part of Meaningful Use."
Some state-sponsored health information exchanges have announced their intention to use Direct messaging as a first step toward two-way data interchanges. In addition, a number of electronic health record vendors are incorporating the Direct protocols into the latest versions of their products.
To learn more:
- read the Government Health IT article