Tuesday, May 28, 2013

HISP to HISP communications


As Massachusetts works through the details of building a trust fabric for health information exchange, we have been working through another set of challenges in HISP to HISP communication.

Meaningful use Stage 2 requires EHRs to support the Direct Project implementation guide, which uses SMTP/SMIME as a transport protocol.   Optionally, Stage 2 also supports XDR/SOAP.

In the world of standards, "OR" always means  "AND" for implementers.   Massachusetts needs to support HISPs that allow XDR as well as those which only allow with SMTP/SMIME.   This gets confusing when there is a mismatch between the sender's protocol and the receiver's protocol, requiring a HISP to convert XDR to SMTP/SMIME or SMTP/SMIME to XDR.

There are 4 basic scenarios to think through
1. An SMTP/SMIME sender to an SMTP/SMIME receiver
2. An SMTP/SMIME sender to an XDR receiver
3. An XDR sender to an SMTP/SMIME receiver
4. An XDR sender to an XDR receiver

Scenarios 1 and 4 could be done without a HISP at all if the EHR fully implements the Direct Standard including certificate discovery.

Cases 2 and 3 require thoughtful security planning to support end to end encryption between two HISPs.

These slides provide the detail of what must be done for Cases 2 and 3.  

The challenge of supporting XDR is that the HISP must act as the agent of senders and receivers, holding their private key for use in the conversion from/to SMTP/SMIME.

As Massachusetts continues to enhance its state HIE capabilities and connect many other HISPs (eClinicalWorks, Cerner, Surescripts, AthenaHealth etc) to state government users and those using the Massachusetts HISP as part of their EHR (Partners, BIDMC, Atrius, Tufts Medical Center, Meditech users, NextGen users etc.) we now know what must be done to provide end to end encryption among different HISPs and users connected via 2 protocol choices.

We're learning once again that optionality in standards seems like a good idea, but ultimately adds expense and complexity.
.
Everyone on the HIT Standards Committee knows my bias - offer no optionality and replace the existing SMTP/SMIME and XDR approaches with RESTful APIs such as the Mitre hdata initiative.

Maybe for Stage 3!

Related Posts:

  • Our Cancer Journey Week 13It's week 13 since diagnosis and Kathy's will receive the 7th cycle of chemotherapy tomorrow. (3rd cycle of Taxol)Kathy's hematocrit continues to trend downward (from 42 at diagnosis to 29 last week), her nails have turned bl… Read More
  • Will Payers be the Business Intelligence Services of the Future?What is a payer/insurer?Typically, payer organizations collect premiums from employers and individuals, process claims, and engage in a variety of case management/disease management activities to encourage the appropriate use… Read More
  • The Chicago Healthcare Information ExchangeOn Thursday, I met with the Chief Medical Officers working group of the Metro Chicago Healthcare Council to discuss Healthcare Information Exchange strategy in a world rapidly moving toward accountable care organizations, pat… Read More
  • Surescripts Clinical Data ExchangeYesterday, Surescripts announced a national approach to sharing clinical summaries and public health data via its Clinical Interoperability Network:"WALGREENS AND SURESCRIPTS IMPROVE COORDINATION OF CARE BY ELECTRONICALLY DEL… Read More
  • Leadership lessons learned from James T. KirkRecently, Alex Knapp wrote a brilliant article entitled "Five Leadership Lessons From James T. Kirk" in Forbes.  For those of us who have watched every episode and can recite every line of dialog from memory, these 5 les… Read More

0 comments:

Post a Comment

Subscribe to: Post Comments (Atom)
Powered by Blogger.

Popular Posts

Blog Archive

Copyright © 2025 themakingofanursemidwife | Powered by Blogger
Design and developed by Bhavya Soft :
Blogger Templates