Uncle Sam wants you to trust Direct messaging.
The Office of the National Coordinator for Health IT, concerned that providers are deploying the secure messaging standard within their own organization's networks, but are not exchanging patient information with other providers, has released new guidelines to correct the course.
ONC recently announced that nearly 30 state HIEs are using Direct--with more slated to begin using it this summer.
But providers are creating "islands of automation using a common standard," ONC said in the document.
Some organizations have penned agreements to exchange Direct messages, but "such peer-to-peer legal agreements are expensive and time-consuming to implement and are cumbersome to monitor and enforce," ONC said. "They are not a realistic long-term basis for scalable trust."
Nationwide Health Information Network (NwHIN) governance can provide common rules and a voluntary validation process, alleviating the perceived need for such agreements, ONC added.
In the meantime, common policies and consistent standards of practice could help instill confidence in Direct--that it is being implemented according to specifications and will support widespread information exchange and interoperability, for example. ONC put a big focus on building trust (a word used 13 times in the five-page document) among providers and between communities.
A sampling of the guidelines for providers:
- Determine whether they are business associates (BAs) and hold themselves to the provisions of the HITECH Act amendment to the HIPAA rule.
- Have contractually binding legal agreements with clients who send and receive Individually Identifiable Health Information using Direct.
- Demonstrate conformance with industry standard practices related to meeting privacy and security regulations in terms of both technical performance and business processes.
- Minimize data collection, use, retention and disclosure to the minimum necessary to meet the level of service required.
To learn more:
- read the complete ONC guidelines