The proposed Stage 2 Meaningful Use Recommendations include numerous patient engagement features: patient communication preference, electronic self management tools, EHR interfaces to PHRs, patient reporting of care experiences online, and patient generated data incorporation into EHRs.
I've long felt that a barrier to patient engagement is the lack of common approach to transfer data between EHRs and PHRs as well as to send reminders/alerts/communications to patients.
Patients lack a Health URL or Health Email Address which would enable any EHR or HIE to route data securely among providers and patients.
There's a solution in sight, enabled by the Direct project.
Last week, Microsoft announced that it will provide a health email addresses (your_name@direct.healthvault.com) to every user of Healthvault. Also, they've provided an innovative way to sign up users who do not yet have a Healthvault account - just send an email to newuser@direct.healthvault.com with a subject line containing the patient's existing email account. The patient will be sent instructions to set up an account and receive their secure health message.
All of this uses the Direct S/MIME secure email approach for transport.
If Google, Dossia, and other PHR vendors support a similar Direct approach, then all we need to do to support the patient engagement aspects of Meaningful Use Stage 2 is capture each patient's secure health email address at registration or capture their regular email address and send an enrollment message to the PHR of their choice.
Instead of proprietary software development for every PHR, the Direct approach creates a single one time implementation for hospitals and EHR vendors.
Sean Nolan at Microsoft and have been exchanging email about the implementation details. Below, he outlines the details and the options
"1. For sending the message:
a. If you have an existing product that supports S/MIME, feel free to use it as long as it can encrypt AND sign outbound messages. (BIDMC uses a Proofpoint appliance for email security management and it may support Direct S/MIME requirements out of the box.)
b. You can also generate the S/MIME message outside of the email system and then submit it as any other message to your existing Exchange server for delivery. You could use something like the smime utility that comes with openssl, or there are commercial components such as IP*Works S/MIME. This avoids any changes to your infrastructure and concentrates the work in the code that generates the outbound message.
c. You can install an instance of the C# or Java gateways that have been created as part of the Direct project. For outbound messaging, your message generating code could send plain-vanilla SMTP to the gateway, and it could do the sign/encrypt and forward it through your existing email system.
2. For managing certificates:
Two sides to this … your certificate (for signing the message) and ours (for encrypting it).
For encryption --- we can simply give you the HealthVault organizational public certificate to use. If you go with 1C, you can install this in the gateway software. For 1A or 1B you’ll use different approaches to storing it.
For signatures --- we’ll need a copy of your organizational public certificate, and then you’ll need to sign outbound messages with the private key. Again, for 1C above you can just add your private and public keys to the gateway; for 1A and 1B you’ll manage differently.
3. Testing:
You can self-provision HealthVault test accounts and Direct addresses here, which connects to our “pre-production environment” where all of our developers build and test code. The Healthvault staging certificates can be downloaded from here."
If Direct truly creates a single mechanism for healthcare stakeholders to exchange content - summaries, reminders, homecare device data etc, then we'll finally get enough endpoints connected to demonstrate the value of HIE. With Meaningful Use Stage 2 as a motivator and HIE funding as a catalyst, let's hope the country can converge on a common transport approach.
No comments:
Post a Comment