Direct Secure Messaging is a secure email system for exchanging protected health information. It uses encryption and digital certificates to securely transmit messages between known parties like providers, hospitals, and public health agencies. The document discusses how Direct is used for care coordination and public health reporting such as submitting immunization or quality data. It also reviews governance organizations like DirectTrust and NATE that work to expand Direct use and interoperability.
1. Direct Secure Messaging
A form of secure email for exchanging Protected Health Information
Jeff Livesay, Associate Director
Michigan Health Information Network
November 12, 2014
2. Agenda
• What is Direct Secure Messaging?
• How is Direct Secure Messaging used?
• Using Direct for Public Health Reporting – two use cases:
• Immunization reporting
• Clinical Quality Measures
• Using Direct for Care Coordination – three use cases:
• Statewide Admission/Discharge/Transfer Notification Service
• Statewide Medical Reconciliation Service
• Trust Organizations and Trust Bundles:
• DirectTrust.org, HISP accreditation, and vendor trust bundles
• National Association for Trusted Exchange – consumer trust bundles
• Security and Privacy Issues – what if…?
• Contractual considerations with HISPs, RHIOs, HIEs and HINs
• Introducing MiDiGate™ - Medical Information Direct Gateway
• Direct and MiDiGate™ for Public Health Reporting
• Direct and MiDiGate™ for Health Information Exchanges
• Direct and MiDiGate™ for Health Plans
Copyright 2014 - Michigan Health Information Network Shared Services 2
3. SMTP
Simple Mail Transfer Protocol
3
What is a Direct Secure Message?
Direct = secure email
Copyright 2014 - Michigan Health Information Network Shared Services
4. Direct is required under MU 2 Final Rule
• “These transport standards include the two transport specifications
developed under the Direct Project6: (1) Applicability Statement for Secure
Health Transport7 and (2) External Data Representation (XDR) and Cross-
Enterprise Document Media Interchange (XDM) for Direct Messaging8. The
Applicability Statement for Secure Health Transport specification describes
how electronic health information can be securely transported using simple
mail transport protocol (SMTP), Secure/ Multipurpose Internet Mail
Extensions (S/MIME), and X.509 certificates. The XDR and XDM for Direct
Messaging specification describes the use of XDR”
• See:
• 6 http://wiki.directproject.org/Documentation+Library
• 7http://wiki.directproject.org/Applicability+Statement+for+Secure+Health+
Transport
• 8http://wiki.directproject.org/XDR+and+XDM+for+Direct+Messaging
Copyright 2014 - Michigan Health Information Network Shared Services 4
5. The Direct Project
5
• Simple, secure, scalable, standards-based
way to send encrypted information “directly” to
known, authenticated, trusted recipients
• Messages sent securely between end-points:
• person to person
• person to system
• system to system
• system to person
http://wiki.directproject.org/Documentation+Library
Copyright 2014 - Michigan Health Information Network Shared Services
6. Live
Not Live
Pilot
Not implementing Direct
Other States and
Territories
CNMI
6
A National View of Direct Adoption
CO
NM
TX
OK
UT
VT
NY
PA
NC
KY
MA
Copyright 2014 - Michigan Health Information Network Shared Services
CA
WA
NV
OR
ID
AZ
MT
WY
ND
SD
NE
KS
MN
IA
WI
MI
MO
AR
LA
IL IN
MS AL
FL
GA
SC
TN
OH
WV VA
NH
ME
AK
AS
DC
GU
HI
PR
USVI
RI
CT
DE
NJ
MD
Map Legend
Marketplace
Contractual
Hybrid
•Marketplace: A state approves Health Information Service Providers (HISPs) based on a set of criteria that allows
providers to determine the services and vendors that are right for them.
•Contractual: A state has contracted directly with a vendor or vendors to provide HISP services.
•Hybrid: A state has contracted directly with a vendor or vendors to provide HISP services and has also set up a
marketplace for other HISPs to participate in.
7. The Role of DIRECT & EHRs
Copyright 2014 - Michigan Health Information Network Shared Services 7
8. 8
Dr. Jones
Dr. Smith
First way to use Direct:
Provider-to-Provider messaging
Definition
HISP
Federally-bridged digital
security certificate as
HISP – Health Information Service Provider
trust anchor
HISP
Copyright 2014 - Michigan Health Information Network Shared Services
9. 9
Second way to use Direct:
System-to-system messaging
From:
results@direct.lab.com
HISP
To:
someClinic_lab_results@direct.mihin.org
Definition
Federally-bridged digital
security certificate as
HISP – Health Information Service Provider
trust anchor
HISP
Copyright 2014 - Michigan Health Information Network Shared Services
10. Public Health Reporting Use Case:
Submitting Immunizations Using Direct
mcir@direct.mihin.org
10
VACCINATIONS
State of Michigan
(SOM Data Hub)
Standards
Gateway
Public Health
Reporting
Copyright 2014 - Michigan Health Information Network Shared Services
11. Public Health Use Case: Immunizations via Direct
• d o c t o r@d i r e c t . f l o r i d a . o r g
• d o c t o r@d i r e c t . o h i o . o r g
• d o c t o r@d i r e c t .wi s h s i n . o r g
• n u r s e@c o r r e c t i o n s .mi h i n . o r g
mcir@direct.mihin.org
State of Michigan
Data Hub
11
Immunization
Registry
VPN into State
Copyright 2014 - Michigan Health Information Network Shared Services
12. Public Health Reporting Use Case:
Submitting Immunizations without Direct
12
MDCH Data Hub
Data Sharing
Organizations
Public Health
Reporting
State-wide
Shared Services
No Change
Required!
Copyright 2014 - Michigan Health Information Network Shared Services
13. Clinical Quality Measures: The Problem
• Meaningful Use (MU) Stage 2 requires Clinical Quality Measurement
(CQM) reporting to State Medicaid
• Status quo: no standard way to submit CQMs to state agencies
• Providers must manually request MU credit
• Limited ability to compare quality data within single clinics, within
hospitals, across clinics
• Solution: Clinical Quality Measure Recovery and Repository (CQMRR)
Copyright 2014 - Michigan Health Information Network Shared Services 13
14. 14
Eligible
Providers
Eligible
Hospitals
CA
Hospitals
Data Peeler
Cypress/DQA
SOM Data Warehouse
CQM
Data Mart
(Final)
VXU’s
Reports,
Dashboards,
Comparisons,
QRD
A
MDSS MCIR MSSS
CQMS@direct.mihin.org
Valid QRDA
VPN to SOM
valid
QRDA
(CAT I & III)
Health
Provider
Directory
Meaningful Use Database
Mining,
NPI lookup
State of Michigan
Data Hub
QRD
A
QRD
A
QRD
A
Valid QRDA
QRD
A
QRD
A
Clinical Quality Measure
Recovery and Repository
QRDA
(CAT I & III)
QRDA
(CAT I & III)
TM
CATIII@direct.mihin.org
Copyright 2014 - Michigan Health Information Network Shared Services
15. ADTs / Medication Reconciliation: Care
Coordination Use Cases
Data Sharing
Organization
Data Sharing
Organization
Summary
of Care
Active Care
Relationships
Delivery
Preference
Lookup
1) Hospital sends Medication Reconciliation message
2) Check Active Care Relationships and identify three providers
3) Using the HPD, identify delivery preference for each provider
4) Medication reconciliation is routed to providers based on preferences
MNO
OSP
15
Animation
GMPHO
MEDs
Copyright 2014 - Michigan Health Information Network Shared Services
16. DirectTrust.org: Mission and Goals
• A voluntary, self-governing, non-profit trade alliance
• Dedicated to the growth of Direct exchange at national scale
• Operates under a Cooperative Agreement
with ONC to support its work of creating a
national network of interoperable Direct
exchange services providers.
• Establishes policies, interoperability
requirements, and business practice
requirements
Security & Trust
Framework
EHNAC-DirectTrust
Accreditation
Program
Trust Anchor
Bundle
Distribution
Copyright 2014 - Michigan Health Information Network Shared Services
11/12/2014 16
18. Copyright 2014 - Michigan Health Information Network Shared Services 18
19. Current DTAAP Accreditation Roster
November 10, 2014
• Athenahealth Inc.
• Axesson
• CareAccord
• Cerner Corporation
• Covisint
• DataMotion Inc.
• DigiCert Inc.
• EMR Direct
• Health Companion Inc.
• Hixny Inc.
• Infomedtrix LLC
• ICC
• ICA
• Inpriva
• IOD Incorporated
• Alere Accountable Care Solutions
• Applied Research Works, Inc.
• Corepoint Health LLC
• eClinical Works
• Glenwood Systems
• Healthunity Corporation
• Indiana Health Service
• Nitor Group
• Orion Health
• Pulse Systems Inc.
• Qsource
• Quest Diagnostics
• Shifox LLC
• Siemens Medical Solutions USA Inc.
• Simplicity Health Systems
19
Fully Accredited and Audited Candidate Status
11/12/2014
• Maxims
• Medicity
• MedAllies
• MHIN
• MRO Corporation
• NextGen/Mirth
• NYeC
• Optum
• Relay Health
• Rochester RHIO
• Secure Exchange
Solutions Inc.
• Surescripts
• Truven Health Analytics
• Updoxy
Copyright 2014 - Michigan Health Information Network Shared Services
20. DataMotion™ Direct
Secure, Integrated Messaging for Electronic Health Records
• Direct Secure Messaging subscription service
• Group and individual address provisioning
• EHR integration and/or email client integration
• Easy Direct access via web portal login
DataMotion is an accredited Health Information Service Provider (HISP) of Direct Secure Messaging*
21. Who is NATE?
21
http://nate-trust.org/wp-content/uploads/2014/10/20141105-NBB4C-2014-slides-FINAL.pdf
Copyright 2014 - Michigan Health Information Network Shared Services
22. NATE PHR Initiative Phase 1
participating actors
22
http://nate-trust.org/wp-content/uploads/2014/10/20141105-NBB4C-2014-slides-FINAL.pdf
Copyright 2014 - Michigan Health Information Network Shared Services
23. NATE: PHR Incentive Phase 1: examining desired
capabilities to inform Phase 2 recommendations
23
http://nate-trust.org/wp-content/uploads/2014/10/20141105-NBB4C-2014-slides-FINAL.pdf
Copyright 2014 - Michigan Health Information Network Shared Services
24. NATE: Message and Certificate Flow
• Some quick definitions:
• Digital Certificate: Electronic document used to prove
ownership of a public key; includes information about
owner's identity and digital signature of entity (“Certificate
Authority”) that has verified contents are correct
• Public Key: Used to encrypt a message or to verify a digital
signature
• Private Key: Used to decrypt an encrypted message or
create a digital signature
• Trust Anchor: An authoritative entity for which trust is
assumed and from which a chain of trust is derived
• Trust Store: A collection of digital certificates of trust
anchors you have chosen to trust
26. NATE: Sender and Recipient Identity
• “Level of Assurance” – How well the addressee’s
identity is proofed.
• NIST LOA level 2 – “in-person” government picture ID
• FBCA medium – “in-person” government picture ID and
signature attesting to identity
• NIST LOA level 3 – “in-person” government picture ID
verified independently
• Answers the question “How do I know the address
really belongs to who claims to own it?”
• Traditional LOA mechanisms may be impossible
or inappropriate for consumers
• Assurance of the owner of a Direct address may be
achieved through personal relationships
27. NATE: Trust Bundles
• “Trust Bundles” are a collection
of trust anchor certificates used
to populate a trust store
• Reduces the need for point-to-point
trust relationships:
• A use case and set of policies define a Trust Profile
• A Trust Bundle identifies the members of a Trust
Community that have agreed to voluntarily adopt the
Trust Profile
• Trust Bundles are published via Direct Project standard
28. NATE: Trust Bundles
• Since Trust Bundles populate trust stores:
• HISPs can load more
than one trust bundle;
they are not exclusive
• Organizations can be
part of more than one
Trust Community
• Organizations can load
anchors of individual
trusted partners
• Both sender and receiver
must have Trust Bundle
in store (i.e. both be members of at least one common
Trust Community or agree to be trusted partners)
30. Security and Privacy – what if…
• Can a hacker intercepts a Direct Secure Message?
• Very difficult but even if this happened, the payload is encrypted so this
would not be considered a breach under HIPAA/HITECH
• Additionally, a single Direct message likely only has information on one
patient – a full breach involves at least 500 patient records – the exposure
is minimal
• How could someone break into Direct?
• Breaking into the data center is almost the only way, but the accreditation
process inspects the physical security of the data center
• What if a Direct Secure Message is sent to the wrong recipient?
• This happens all the time today with faxes – it is no different
• If the “wrong recipient” is another health provider, they are a covered
entity
• If the wrong recipient is not a provider, this is an “accidental disclosure”
Corporate Confidential -All Rights Reserved 2014 - Michigan Health
Information Network Shared Services 30
31. Contractual Considerations
• Is the HISP vendor already accredited by EHNAC-DTAAP or in the process and if
the latter, by what date certain do they expect to be accredited?
• Does the HISP support all forms of Direct, not just person-to-person?
• Does the vendor also provide RA and CA or partner?
• Does the vendor provide a good End-User License Agreement
• Is the HISP client a full-featured browser/PDA-based client?
• Does the HISP support Single Sign-On and Identity Federation?
• What are *all* of the costs (yes, there can be hidden costs)?
• Cost to stand up your instance of the HISP? Annual maintenance?
• Cost per account per year, in both low and high volumes?
• Can you provision your own accounts or does HISP vendor have fee?
• Are there Application Programming Interfaces (APIs) for integration with your
existing ecosystem? Can you use these or only the vendor?
• What kind of provider directory is included/supported?
• How much storage is included per account?
• How much does additional storage cost?
• What is the maximum file size for attachments?
Corporate Confidential -All Rights Reserved 2014 - Michigan Health
Information Network Shared Services 31
32. Medical Information Direct Gateway:
MiDiGate™ for Public Health Reporting
32
Medical Information Direct GatewayTM
MiDiGateTM for Public Health &
QRDA Cat III
ccdas@direct.mihin.org
TM
MiDiGate
SOM Data Warehouse
VPN to
SOM
ADT-Subscribers
adts@direct.mihin.org
Meaningful Use Reporting
labs@direct.mihin.org
immunizations@direct.mihin.org
CQM Data
Mart
Medicaid ADT
Repository
MCDR
MDSS MCIR MSSS
A T E
Outbound
G
I
M I D
M I D
I
G
Inbound
A T E
cqms@direct.mihin.org
QRDA
CAT III
QRDA
Meaningful
Use
Database
MU Credit
deaths@direct.mihin.org
QRDA
Copyright 2013 – MiHIN – Corporate Confidential – Proprietary
Patent Pending
Labs
Patients
Hospitals
Physicians
HIEs
Other States
Correctional
Facility
Any provider
organization
EDRS
MDCH
Data Hub
Direct Email Convention Examples Using MiDiGate
& Health Provider Directory
Inbox
labs@direct.mihin.org
immunizations@direct.mihin.org
deaths@direct.mihin.org
birthdefects@direct.mihin.org
cqms@direct.mihin.org
adts@direct.mihin.org
fostercarehealth@direct.mihin.org
ccdas@direct.mihin.org
Destination(s) .
Reportable Labs to MDSS
Michigan Care Improvement Registry
Electronic Death Registry System
Chronic Disease Registry
SOM Data Warehouse
Vital statistics
Foster Kids Registry
Chronic Condition Registry
Description
Lab Results
Immunizations
Death notices
Birth defect notices
Clinical Quality Measures
Admit, Discharge, Transfer
Foster kids care summaries
Consolidated Clinical Document Architecture
Copyright 2014 - Michigan Health Information Network Shared Services
33. MidiGate™ for HIEs
33
MDCH
Data Hub
HIE
QO/VQO
Michigan Direct GatewayTM
QRDA Cat III
ccdas@direct.hieqo.org
TM
MiDiGate
adts@direct.hieqo.org
MiDiGateTM
for HIE QOs and VQOs
labs@direct.hieqo.org
immunizations@direct.hieqo.org
CQM Data
Mart
Medicaid ADT
Repository
MSSS
MCIR
MDSS
SOM Data Warehouse
VPN to
SOM
A T E
Outbound
G
I
M I D
M I D
I
G
Inbound
A T E
cqms@direct.hieqo.org
QRDA
CAT III
MU Credit
Meaningful
Use
Database
deaths@direct.hieqo.org
QRDA
MiHIN VPN to
MiHIN
Copyright 2013 – MiHIN – Corporate Confidential – Proprietary
Patent Pending
Labs
Patients
Hospitals
Physicians
HIEs
Correctional
Facility
Any provider
organization
EDRS
MCDR
VPN to
HIE/QO/VQO
HIE
Repository
Other States
Direct Email Convention Examples Using MiDiGate
& Health Provider Directory
Inbox
labs@direct.hieqo.org
deaths@direct.hieqo.org
immunizations@direct.hieqo.org
usecasename@direct.hieqo.org
birthdefects@direct.hieqo.org
cqms@direct.hieqo.org
adts@direct.hieqo.org
fostercarehealth@direct.hieqo.org
ccdas@direct.hieqo.org
Destination(s) .
Reportable Labs to MDSS
Electronic Death Registry System
Michigan Care Improvement Registry
Registry for that use case
Chronic Condition Registry
SOM Data Warehouse
Vital Statistics
Foster Kids Registry
Chronic Disease Registry
Description
Lab Results
Death Notices
Immunizations
Use Case Specific
Birth Defect Notices
Clinical Quality Measures
Admit, Discharge, Transfer
Foster Kids Care Summaries
Consolidated Clinical Document Architecture
Copyright 2014 - Michigan Health Information Network Shared Services
34. MiDiGate™ for Health Plans
34
Medical Information Direct GatewayTM
Quality & PQRS Reporting
ccdas@direct.[healthplan].org
TM
MiDiGate
adts@direct.[healthplan].org
MiDiGateTM for Health Plans
labs@direct.[healthplan].org
Quality
A T E
Outbound
G
I
M I D
M I D
I
G
Inbound
A T E
cqms@direct.[healthplan].org
QRDA
authorizations@direct.[healthplan].org
Labs
Patients
Hospitals
Physicians
HIEs
Other States
Any provider
organization
QRDA VPN
Revenue
Management
Incentive
Hospital
Contract
Health Plan Data
Warehouse
Provider
Relations
MyEmail@direct.[healthplan].org
Pharmacy
Utilization
Management
Care
Management
Analytics Fraud
Copyright 2013 – MiHIN – Corporate Confidential – Proprietary
Patent Pending
Correctional
Facility
Direct Email Convention Examples Using MiDiGate
& Health Provider Directory
Destination Examples
Care Manager, Incentive
Utilization Management
Pharmacy, Care Manager, Incentive
Hospital Contracts, Provider Relations
Quality, Revenue Management
Care Manager, Utilization Manager
Other Qualified Organization
Inbox
labs@direct.[healthplan].org
authorizations@direct.[healthplan].org
meds@direct.[healthplan].org
custom@direct.[healthplan].org
cqms@direct.[healthplan].org
adts@direct.[healthplan].org
ccdas@direct.[healthplan].org
Description
Lab Results
Authorizations
Medication Notices
Any PHI type message
Clinical Quality Measures
Admit, Discharge, Transfer
Consolidated Clinical Document Architecture
Copyright 2014 - Michigan Health Information Network Shared Services
35. Questions?
Jeff Livesay
Associate Director
livesay@mihin.org
Copyright 2014 - Michigan Health Information Network Shared Services 35
36. References
• http://wiki.directproject.org/Documentation+Library
• http://wiki.directproject.org/Applicability+Statement+for+Secure+Health+Tran
Copyright 2014 - Michigan Health Information Network Shared Services 36
sport
• http://wiki.directproject.org/XDR+and+XDM+for+Direct+Messaging
• www.directtrust.org
• www.nate-trust.org
Notas do Editor
DT addressing many issues and growing strong
Membership expanding rapidly
Accreditation has industry acceptance
DataMotion™ SecureMail is a powerful, yet simple desktop solution that secures sensitive email and file attachments from accidental exposure and data theft, while ensuring regulation compliance.
DataMotion™ SecureMail Gateway safeguards sensitive email messages by automatically scanning all of your company’s email for compliance, and applying policy-based secure mail encryption.
DataMotion™ SecureMail Automation automatically encrypts high volume email communications to keep workflows compliant with industry regulations so your reputation and customers’ privacy are protected.
DataMotion™ SecureMail for Salesforce enables any user of Salesforce.com Enterprise Edition to send and track secure emails and file attachments from inside the Salesforce application.
DataMotion™ Direct enables healthcare providers, patients, business associates and clinical systems to securely send and receive protected health information (PHI) in conformance with EHR MU2 guidelines.
DataMotion™ SecureContact enables customers to initiate a secure email with file transfer from your website through a “Contact Us” button, by simply typing a message, attaching files and clicking ‘Submit’.
DataMotion™ SecureContact.me allows your email recipients to initiate a secure message and file transfer to you using an embedded link that is easily embedded in your email signature profile.
DataMotion™ Secure eForms provides a powerful tool for your customers and partners to securely submit information for automatic integration into back end systems to web-enable offline workflows.
DataMotion™ Secure File Transfer enables employees to easily send files up to 2GB securely, to anyone, anywhere, anytime, with full visibility into all files sent – keeping your organization in compliance.
Sender creates a Message to be transmitted via Direct
Sending HISP verifies it can send message to the Receiving HISP (Trust Anchors check)
Sending HISP will sign the message with its private key
Sending HISP will encrypt the message with the Receiver’s public key
Sending HISP sends the message
Receiving HISP verifies it can receive the message from the Sending HISP (Trust Anchors check)
Receiving HISP receives the message.
Receiving HISP decrypts the message using the Receiver’s private key
Receiving HISP verifies the signature of the message using the Senders public key.
Receiving HISP provides an MDN to the Sending HISP
Receiving HISP delivers the message to the receiver
Receiver reads the message.