Upload
datamotion-inc
View
117
Download
1
Tags:
Embed Size (px)
DESCRIPTION
Direct is a national encryption standard for securely exchanging clinical healthcare data via the Internet. It is also known as the Direct Project, Direct Exchange and Direct Secure Messaging. It specifies the secure, scalable and standards-based method for the exchange of Protected Health Information (PHI). It was developed in 2010 under a part of a federal project for standards-based healthcare communications. As a part of qualifying for incentive payments under the Meaningful Use Stage 2 criteria issued by the Office of the National Coordinator for Health IT (ONC), healthcare organizations and providers must meet data transfer requirements using Direct Messaging. These requirements can be demonstrated with Electronic Health Records that comply with the ONC’s 2014 Edition EHR Certification Criteria which specifies electronic exchange of transition of care records with Direct Messaging.
Citation preview
How to use “Direct” leverage for MU2 SuccessAndy Nieto, Health IT Strategist
2
Agenda
■Email and Direct in healthcare, a little history■So what is Direct, really
» Certificates» PKI
■Two forms of Direct■Controls in place■Direct ecosystem■ Integrating with Direct■Challenges and successes■Best practices■A look forward
3
Evolution of healthcare IT
1972 First EHR Introduced
1996 HIPAA
2001 EHR system usage at 18%
2003 HIPAA Security Rule
Feb 2009 HITECH - ARRA
2013 Meaningful Use 2 Rules included Direct
2011 Meaningful Use Stage 1 attestation begins
Jan 2013 Final HIPAA Omnibus ruling
2014 attestation for Meaningful Use 2 begins
1971 first email sent
4
Eligible Hospitals - 16 Core Measures
1. Use computerized provider order entry (CPOE) for medication, laboratory and radiology orders directly entered by any licensed healthcare professional who can enter orders into the medical record per state, local and professional guidelines.
2. Record all of the following demographics: preferred language, sex, race, ethnicity, date of birth, date and preliminary cause of death in the event of mortality in the eligible hospital or CAH. Record and chart changes in vital signs.
3. Record and chart changes in the following vital signs: height/length and weight (no age limit); blood pressure (ages 3 and over); calculate and display body mass index (BMI); and plot and display growth charts for patients 0-20 years, including BMI.
4. Record smoking status for patients 13 years old or older.
5. Use clinical decision support to improve performance on high-priority health conditions.
6. Provide patients the ability to view online, download and transmit information about a hospital admission.
7. Protect electronic health information created or maintained by Certified EHR Technology through the implementation of appropriate technical capabilities.
8. Incorporate clinical lab-test results into Certified EHR Technology as structured data.
9. Generate lists of patients by specific conditions to use for quality improvement, reduction of disparities, research, or outreach.
10. Use clinically relevant information from Certified EHR Technology to identify patient-specific education resources and provide those resources to the patient.
11. The eligible hospital or CAH who receives a patient from another setting of care or provider of care or believes an encounter is relevant should perform medication reconciliation.
12. The eligible hospital or CAH who transitions their patient to another setting of care or provider of care or refers their patient to another provider of care provides a summary care record for each transition of care or referral.
13. Capability to submit electronic data to immunization registries or immunization information systems except where prohibited, and in accordance with applicable law and practice.
14. Capability to submit electronic reportable laboratory results to public health except where prohibited, and in accordance with applicable law and practice.
15. Capability to submit electronic syndromic surveillance data to public health except where prohibited, and in accordance with applicable law and practice.
16. Automatically track medications from order to administration using assistive technologies in conjunction with an electronic medication administrative record (eMAR).
5
Eligible Hospitals - 16 Core Measures
1. Use computerized provider order entry (CPOE) for medication, laboratory and radiology orders directly entered by any licensed healthcare professional who can enter orders into the medical record per state, local and professional guidelines.
2. Record all of the following demographics: preferred language, sex, race, ethnicity, date of birth, date and preliminary cause of death in the event of mortality in the eligible hospital or CAH. Record and chart changes in vital signs.
3. Record and chart changes in the following vital signs: height/length and weight (no age limit); blood pressure (ages 3 and over); calculate and display body mass index (BMI); and plot and display growth charts for patients 0-20 years, including BMI.
4. Record smoking status for patients 13 years old or older.
5. Use clinical decision support to improve performance on high-priority health conditions.
6. Provide patients the ability to view online, download and transmit information about a hospital admission.
7. Protect electronic health information created or maintained by Certified EHR Technology through the implementation of appropriate technical capabilities.
8. Incorporate clinical lab-test results into Certified EHR Technology as structured data.
9. Generate lists of patients by specific conditions to use for quality improvement, reduction of disparities, research, or outreach.
10. Use clinically relevant information from Certified EHR Technology to identify patient-specific education resources and provide those resources to the patient.
11. The eligible hospital or CAH who receives a patient from another setting of care or provider of care or believes an encounter is relevant should perform medication reconciliation.
12. The eligible hospital or CAH who transitions their patient to another setting of care or provider of care or refers their patient to another provider of care provides a summary care record for each transition of care or referral.
13. Capability to submit electronic data to immunization registries or immunization information systems except where prohibited, and in accordance with applicable law and practice.
14. Capability to submit electronic reportable laboratory results to public health except where prohibited, and in accordance with applicable law and practice.
15. Capability to submit electronic syndromic surveillance data to public health except where prohibited, and in accordance with applicable law and practice.
16. Automatically track medications from order to administration using assistive technologies in conjunction with an electronic medication administrative record (eMAR).
6
Eligible Hospitals - 6 Menu Objectives
1. Record whether a patient 65 years old or older has an advance directive.
2. Record electronic notes in patient records.
3. Imaging results consisting of the image itself and any explanation or other accompanying information are accessible through CEHRT.
4. Record patient family health history as structured data.
5. Generate and transmit permissible discharge prescriptions electronically (eRx).
6. Provide structured electronic lab results to ambulatory providers.
Important Note: While there are exclusions provided for some of these menu objectives, you cannot select a menu objective and claim the exclusion if there are other menu objectives that you could report on instead.
7
Eligible Hospitals - 6 Menu Objectives
1. Record whether a patient 65 years old or older has an advance directive.
2. Record electronic notes in patient records.
3. Imaging results consisting of the image itself and any explanation or other accompanying information are accessible through CEHRT.
4. Record patient family health history as structured data.
5. Generate and transmit permissible discharge prescriptions electronically (eRx).
6. Provide structured electronic lab results to ambulatory providers.
Important Note: While there are exclusions provided for some of these menu objectives, you cannot select a menu objective and claim the exclusion if there are other menu objectives that you could report on instead.
8
Eligible Providers - 17 Core Measures
1. Use computerized provider order entry (CPOE) for medication, laboratory and radiology orders
2. Generate and transmit permissible prescriptions electronically (eRx)
3. Record demographic information
4. Record and chart changes in vital signs
5. Record smoking status for patients 13 years old or older
6. Use clinical decision support to improve performance on high-priority health conditions
7. Provide patients the ability to view online, download and transmit their health information
8. Provide clinical summaries for patients for each office visit
9. Protect electronic health information created or maintained by Certified EHR Technology
10. Incorporate clinical lab-test results into Certified EHR Technology
11. Generate lists of patients by specific conditions to use for quality improvement, reduction of disparities, research, or outreach
12. Use clinically relevant information to identify patients who should receive reminders for preventive/follow-up care
13. Use Certified EHR Technology to identify patient-specific education resources
14. Perform medication reconciliation
15. Provide summary of care record for each transition of care or referral
16. Submit electronic data to immunization registries
17. Use secure electronic messaging to communicate with patients on relevant health information
9
Eligible Providers - 17 Core Measures
1. Use computerized provider order entry (CPOE) for medication, laboratory and radiology orders
2. Generate and transmit permissible prescriptions electronically (eRx)
3. Record demographic information
4. Record and chart changes in vital signs
5. Record smoking status for patients 13 years old or older
6. Use clinical decision support to improve performance on high-priority health conditions
7. Provide patients the ability to view online, download and transmit their health information
8. Provide clinical summaries for patients for each office visit
9. Protect electronic health information created or maintained by Certified EHR Technology
10. Incorporate clinical lab-test results into Certified EHR Technology
11. Generate lists of patients by specific conditions to use for quality improvement, reduction of disparities, research, or outreach
12. Use clinically relevant information to identify patients who should receive reminders for preventive/follow-up care
13. Use Certified EHR Technology to identify patient-specific education resources
14. Perform medication reconciliation
15. Provide summary of care record for each transition of care or referral
16. Submit electronic data to immunization registries
17. Use secure electronic messaging to communicate with patients on relevant health information
10
Looks like email, acts like email – but ONLY for healthcare
You may end up with multiple Direct addresses.
11
So what’s the difference?
EmailEncrypted
Direct secure
messaging
Standard message format
Internet delivery
Standard message format
Internet delivery
Proprietary encryption
Standard message format
Internet delivery
Standardized encryption
Identity validation
End-to-end trust & liability
12
What is Direct Secure Messaging
SenderDirect
(SMTP/SMIME)
Identity Validation
Secure Messages & Files
RecipientReceiving
HISPSending HISPMobile
Device
EHR System
13
The KEY - X.509 Digital Certificate
■Registration Authority (RA) confirms identity
■Certificate Authority (CA) issues certificate
■Healthcare Information Service Provider (HISP) manages certificate
What is PKI or public key infrastructure
Let’s say your safe deposit box is the information to be encrypted.
■Public key (bank’s key to safe deposit box)
■Private key (your key to safe deposit box)
Both are required to open and close the box, allowing you to see what is inside.
PKI with Direct
■Sender and receiver trust validated (identity confirmed with certificate)
■Message encrypted with receiver's public key
■Encrypted message sent via Internet to recipient
■Receiver’s private key used to decrypt
16
2 types of Direct
■Provider to Provider■Provider to Patient
17
The Direct message flow
[email protected](Has been identity vetted, has X.509Digital certificate bound to address.)
[email protected](Has been identity vetted, has X.509Digital certificate bound to address.)
ARC OF LIABILITY
EHR EHR
encryption
identity validation
18
Who is in charge
19
ONC’s view of Direct
20
Focus view
HISP
Integration
21
Integration pathways for Direct
XD* interface
Email client
Web portal
Web service
POP & SMTP
APIs
HTTPS://
Typically to an EHR or HIENot directly to a user
Typically to an EHR or HIENot directly to a user
Is there a Provider Directory
■Multiple addresses per provider» EHR» HIE» Hospital» Association
■XD connections don’t require mailboxes
■No universal directory format
■Cellphone directory? Email directory?
How do I know it was delivered
■Message Disposition Notification (MDN)» Dispatched» Processed
The success view
24
Direct Messaging
Certification
Attestation
Utiliza
tion
Direct today
■44 States have adopted Direct■Major growth*
*as reported by the Direct Trust May, 2014
Who is Using Direct
27
Challenges
■Who has an address i.e. the fax machine■Rural versus urban rates of adoption■Provider level awareness; CFOs are more aware
than providers■Getting field deployment of certified version of
EHR■Ambulatory providers less likely to have Direct
capability or correct EHR version
28
Successes
■44 states now adopted■Large states like Ohio fully implemented■Nebraska/Kansas pilot program■*2014 Attestations for MU2 as of August 1:
» 1898 eligible professionals» 78 eligible hospitals
*CMS HIT Policy Committee report, August 6, 2014
29
Use Case: MiHIN and DataMotion Direct
Large State Health Information Network
■ Requirements» Full accreditation by the Direct Trusted Agent Accreditation Program
(DTAAP) for HISPs from DirectTrust.org and the Electronic Healthcare Network Accreditation Commission (EHNAC)
» Status as a Trusted Participant in the DirectTrust Accredited Trust Bundle» Capability to integrate with MiHIN’s statewide Health Provider Directory
(HPD), MiHIN’s Record Locator Service (RLS), and MiHIN's Federated Identity Management (FIdM)/Identity Exchange Hub
■ Goals» Implement Direct as a core functionality for deploying other HIE services» Provide trusted single sign-on between multiple healthcare-related systems» Reduce redundancies resulting in cost savings
30
Use Case: Cumberland and DataMotion Direct
Large Hospital
■ Business Challenges» Short time frame to meet MU2 attestation reporting period» Manual process for creating Patient Health Summary» Many affiliate providers not ‘Direct’ enabled» Electronic accessibility to Patient Health Summary for providers
and patients» Inconsistent transitions of care follow up by patients
■ Results» Attestation started as planned» Patient summaries now sent using Direct. MEDITECH reporting
tools used for data collection» Easy access to Patient Summary documents for both patients and
referral providers
31
Best Practices
■Have a plan/vision for communication to your community
■Review transition of care events and aim to exceed attestation goals
■Leverage technology to make partner relationships more ‘sticky’
■Use a HISP experienced in integration and healthcare workflows
■Focus on the $$ value to the hospital■Look for opportunities to integrate at the community
level, not just the EHR, such as long term care, home health agencies
32
Where do you get Direct
■HISPs provide Direct Secure Messaging» Are they accredited» Do they have proven interoperability» Do they integrate with your EHR» What services do they offer that help you achieve
your community connectivity goals
33
What does the future hold
■Standard for healthcare communication and dialog» EHR, HIE and Public Health Integration
■Patient engagement» Self-reporting» Syndromic surveillance support
■Product integration■Electronic Submission of Medical Documentation
System (esMD)■eSigning – Digital Certificate as Identity
34
Thanks
Andy Nieto
Healthcare IT Strategist
973-455-1245 x240