by John Halamka, Life as a Healthcare CIO
The November HIT Standards Committee meeting focused on existing implementations of point to point transport standards as a foundation for its evaluation of the Direct project.
We began the meeting with a report from the Implementation Workgroup, which will gather testimony on January 10-11, 2011 about the experience of implementing standards in certified systems and achieving meaningful use goals.
We discussed the work of the other HIT Standards Committee workgroups including the upcoming effort by the Vocabulary Task Force to take testimony on device content and vocabulary standards. Given the evolving importance of home care devices, implantable devices, and mHealth, ensuring robust standards in this area is important.
We started the day's testimony noting that we will be discussing just point to point "push" use cases this month. Typical components of such an approach are a routing method, a provider directory, certificate management, auditing, and acknowledgement of delivery. Use cases covered by the "push" approach include PCP to specialist referrals, routing to registries, e-prescribing data exchanges between providers/pharmacies, and sending summaries to patients.
Here are links to the testimony:
Peter Tippett, Verizon
John Feikema, Visionshare
Joseph Carlson, Covisint
Anand Shroff, Axolotl
Cris Ross, Surescripts
Eric Dishman & Gary Binder, Intel
After the testimony we summarized the major themes.
Directories - Proposed directory options ranged from a nationally centralized yellow pages of organizations to a federated white pages of persons/departments/machines to undiscoverable local directories. Email is an example of a directory which is generally undiscoverable outside an organization. Once you know the email address of a person, email gateways route from organization to organization. Once email arrives at the organization, it is routed to the recipient using a local directory. Whatever directory and addressing scheme is chosen, it is very important that all vendors support it to achieve a network of networks that enables any provider to connect to any other provider.
Identity/Trust - Each of the vendors is using X.509 certificate-based approaches to secure organization to organization transport plus a formal certificate management approach (based on policy) to verifying identity and achieving a trust fabric. Creating a chain of trust among vendors is very important to supporting network to network transport.
Transport - SMTP/SMIME, REST, and SOAP have all been used successfully in the real world as transport standards for health information exchange. Achieving common directories and a trust fabric are more important than settling on a single transport protocol. However, in the interest of keeping the architecture simple, there should be few, not many standards options for transport. Having at least one common transport approach to enable universal addressing is desirable.
The internet itself is based on a small number of standards specifying directories such as the Domain Naming System (DNS) system, which is implemented in a federated architecture. The internet has a small set of standards enabling certificate authorities to act as "electronic notaries", establishing identity and trust. On top of this foundation of directories and trust, there are multiple transport protocols that used to support specific use cases such as HTTPS, FTP, SMTP, etc. Push-based healthcare information exchange should use an analogous approach - get the directory/addressing and identify/trust right, then use the transport standards that best support workflow and are easy to implement.
Our next steps are to get policy guidance from the HIT Policy Committee Provider Directory Workgroup, review the Implementation guides from the testifying vendors who have successfully implemented a trust fabric, and assemble a multi-stakeholder team of interested participants from the HIT Standards Committee to evaluate NHIN Direct. We'll use objective criteria, informed by today's testimony to consider NHIN Direct on its own merits, evaluating its implementation specifications against the project goals to be simple, direct, scalable, and secure transport for the little guy.