Anatomy of Direct Session 3 April 12, 2011

Agenda Overview of Direct How does Direct work? Direct in the Real World Panelists: David C. Kibbe, MD MBA, Senior Advisor, American Academy of Family Physicians; Chair, ASTM International  E31Technical Committee on Healthcare Informatics; Principal, The Kibbe Group LLC  Cris Ross, Executive Vice President and General Manager, Clinical Interoperability, Surescripts Mark Bamberg, VP Research & Development, MEDfx Q&A Poll

What is Direct? A project to create the set of standards and services that, with a policy framework, enable simple, directed, routed, scalable transport over the Internet to be used for secure and meaningful exchange between known participants in support of meaningful use

Secure Internet-based Direct Communications Direct Project specifies a simple, secure, scalable, standards-based way for participants to send encrypted health information directly to known, trusted recipients over the Internet. b.wells@direct.aclinic.org h.elthie@direct.ahospital.org Simple. Connects healthcare stakeholders through universal addressing using simple push of information. Secure. Users can easily verify messages are complete and not tampered with in travel. Scalable. Enables Internet scale with no need for central network authority. Standards-based. Built on common Internet standards for secure e-mail communication.

When current methods of health information exchange are inadequate: Why Direct? When current methods of health information exchange are inadequate: Communication of health information among providers and patients still mainly relies on mail or fax Slow, inconvenient, expensive Health information and history is lost or hard to find in paper charts Current forms of electronic communication may not be secure Encryption features of off-the-shelf e-mail clients not often used in healthcare communications today Physicians need to transport and share clinical content electronically in order to satisfy Stage 1 Meaningful Use requirements. Need to meet physicians where they are now Direct will be one of the communication methods in the Nationwide Health Information Network http://www.flickr.com/photos/dougww/922328173/

Who is Direct? (as of November 2010) The Direct Project represents over 50 organizations and over 200 participants. Members participate in the Implementation Group and one or more of 6 workgroups. Implementation Group (50+ organizations, 200+ participants) Security and Trust Best Practices Implementation Geographies Communications Documentation and Testing Reference Implementation

What do you need to enable Direct? Direct Addresses Security & Trust Services Direct Messages Message Transport & Delivery Need a way to route information to the right party. That’s where Direct addresses come in. Need a way to protect that information when you send it – Security & Trust Services. Need to be able to build a Direct Message that contains the health information you want to send. Finally, need a way to move that message.

Direct Addresses Direct Addresses are used to route information Look like email addresses Used only for health information exchange b.wells@direct.aclinic.org An individual may have multiple Direct addresses Endpoint Domain Direct Address

Security & Trust: Certificates Each Direct Address must have at least one digital certificate associated with it in order to securely transmit and receive health information Certificate may be tied to either the specific Direct Address or the Domain that is part of that address X.509v3 digital certificate standards By using certificates to securely transmit and receive information… The Sender has a strong mathematical certainty that only the Receiver or explicitly authorized delegates can view the message The Receiver has a strong mathematical certainty that only the Sender sent the message Both Sender and Receiver have confidence that nothing happened to the message in transit (e.g., tampering, disclosure, etc.)

Security & Trust: Certificate Discovery Certificate discovery must occur prior to a Direct message being sent in order to fulfill the encryption functions of the S/MIME format Discovery based on existing Internet protocols Existing specifications exist for discovery via DNS Address-bound certificates must be associated with a Direct-formatted address Organization-bound certificates are stored under the Health Domain Name If DNS is not supported, an alternate method must be offered

Security & Trust: Trust Anchors Certificates are issued by Trust Anchors Trust Anchors are Certificate Authorities (CAs) Certificates are issued to parties that agree to abide by policies set and/or enforced by the Trust Anchor

Direct Messages Direct Messages are essentially email messages (RFC 5322) Headers Contents – text plus attachments Security information – signatures, certificate information as applicable Contents can be (and often are) structured, but can be unstructured HL7 lab results CCD, CCR PDF, TIFF Text and other human-readable representations IHE XDM specifications

Message Transport & Delivery Direct specifies Simple Mail Transport Protocol (SMTP) as its primary mechanism for delivering healthcare content from a sender to a receiver This choice supports environments that have minimal capabilities in terms of using Web Services and generating detailed metadata and allows for more advanced interoperability

Direct Project Compliance Compliance is defined in the Applicability Statement for Secure Health Transport Core set of requirements for using SMTP, S/MIME, and X509 certificates in an interoperable way However, it’s recognized that communities may use other standards or proprietary mechanisms internally Will generally have Direct-compliant gateways that implement the Applicability specification while harmonizing local standards/mechanisms to Direct-equivalents XDR and XDM for Direct Messaging specifies such a solution when using IHE XDR for local transport

SOAP, IHE and XD* Conversions While SMTP is the primary delivery method for Direct, some healthcare environments have existing SOAP-based Web Services that provide detailed metadata and have adopted a family of IHE profiles SOAP – format for exchanging structured information, based on XML for message format XDR and XDM for Direct Messaging XDR – supports a direct push model using Web Services transport XDM – supports a direct push model with SMTP as a transport option, among several XD* Conversion Enables interoperability between Direct participants who may be using SOAP+XDR, SMTP+XDM, or SMTP+MIME

XD* Conversion Processes XD* Conversion involves both transport and metadata Always occurs when moving between transport mechanisms Metadata may be created or transformed Three cases each for Senders and Receivers: SMTP+nonXDM (RFC5322+MIME) SMTP+XDM (RFC5322+XDM) SOAP+XDR

Direct in the Real World AAFP Physicians Direct David C. Kibbe, MD MBA, Senior Advisor, American Academy of Family Physicians; Chair, ASTM International E31Technical Committee on Healthcare Informatics; Principal, The Kibbe Group LLC Cris Ross, Executive Vice President and General Manager, Clinical Interoperability, Surescripts MEDfx Mark Bamberg, VP Research & Development, MEDfx

AAFP Physicians Direct “Direct Plus” secure online messaging for physicians in partnership with Surescripts

Doctor-to-Doctor Information Sharing How do doctors predominantly share patient records with other medical professionals? 17% Electronic means 25% Non-electronic means Q1a. How do you predominantly share patient records with other medical professionals who provide care for your patients outside your office/hospital? Currently Use electronic means 17% Use non-electronic means 83% Electronic = Computer storage devices + electronic networks + email or secure messaging Non-electronic = Fax + U.S. mail or courier + give records to patients (4%) Q1b. How would you prefer to share patient medical records with other medical professionals who provide care for your patients outside your office/hospital? Prefer Use electronic means 74% Use non-electronic means 25% Non-electronic = Fax + U.S. mail or courier + give records to patients (2%) 74% Electronic means 83% Non-electronic means Electronic = Computer storage devices + electronic networks + email or secure messaging Non-electronic = Fax + mail or courier + give records to patients Source: Markle Foundation

Patient-Doctor Information Sharing How do doctors predominantly share patient records with patients? 5% Electronic means 52% Non-electronic means, or do not share records 47% Electronic means 95% Non-electronic means, or do not share records Q1c. How do you predominantly share patient records with patients? Currently Use electronic means 5% Use non-electronic means 95% Electronic = Computer storage devices + website + Email or secure messaging Non-electronic = Fax/U.S. mail or courier + paper copies + don't share records (8%) Q1d. How would you prefer to predominantly share patient records with patients? Prefer Use electronic means 47% Use non-electronic means 52% Electronic = Computer storage devices + website + email or secure messaging Non-electronic = Fax/U.S. mail or courier + paper copies + don't share records (7%) Electronic = computer storage devices + website + email or secure messaging Non-electronic = fax/mail or courier + paper copies + don't share records Source: Markle Foundation

Agenda A brief overview of Direct-compliant implementations What does having a Direct address mean? What can you do with it? What basic service or infrastructure must a Direct addressee have available to her to do Direct-compliant clinical messaging? What is a HISP? What does the Direct Project specify that a HISP must do in order to offer Direct-compliant clinical messaging functionality to its users, members, or subscribers? AAFP Physicians Direct via the Surescripts CI Network Why did the AAFP choose to partner with Surescripts to bring its members a national, secure, and affordable clinical messaging service? What are the differences between Direct-compliance and what we are calling a “Direct-plus” clinical messaging solution

means you can can send authenticated and encrypted health information What will having a Direct address mean for me? Therefore, one answer to this question is that having a Direct address means you can can send authenticated and encrypted health information directly to a known and trusted recipient over the Internet.

What’s a HISP? In brief, the essence of a HISP’s duties are to: Package message content using MIME and, optionally, XDM. Secure the confidentiality and integrity of the content by handling it through S/MIME encryption and signatures. Ensure the authenticity of the sender and receiver via X.509 certificates. Route messages through at minimum SMTP (other protocols allowed by mutual consent between HISPs)

More detail on HISP functionality A HISP must be able to assign unique Direct addresses to individuals or organizations, e.g. johndoe@direct.sunnyfamilypractice.com. A HISP must be able to associate X.509 certificates with full Direct address (e.g., johndoe@direct.sunnyfamilypractice.com) or Health Domain Names (e.g., direct.sunnyfamilypractice.com). The HISP may issue the certificates itself as a Certificate Authority (CA) or obtain the certificates from a trusted third-party CA. A HISP must provide an “edge” or “on-ramp” protocol or application/protocol combination to the user, for sending and receiving messages and attachments. The protocol must comply with a minimum set of privacy and security requirements for protection of PHI. (What are these?) A HISP must be able to format the “payload” as an RFC5322-compliant email message with a valid MIME body (RFC2045, RFC2046).

More detail on HISPs, continued A HISP must be able to sign, encrypt, decrypt, and verify the payload using S/MIME. A HISP must have a method for discovering the certificates of message recipients prior to sending a message, in order to fulfill the encryption functions of S/MIME. (TBD) A HISP must be able to judge the trustworthiness of certificates issued by Certificate Authorities that are presented to it in the course of sending and receiving messages. ((TBD) A HISP must be able to judge the trustworthiness of leaf certificates used as trust anchors. (TBD)

More detail on HISPs, continued In addition to these requirements, it is optional that a HISP Support certificate publication in a directory that is available to other HISPs. (TBD) Utilize DNS servers to store both the users’ Direct addresses and the certificates associated with them (public key only). (TBD)

Context - governance Direct standards and specifications are developed by a group of public-private stakeholders, using an open and transparent collaborative process. Direct Project Output: Standards and Service Definitions Implementation Guides Reference Implementation Pilot project testing and real-world implementation Vendors incorporate reference implementation into HIT products Wide-scale adoption of Direct standards by late 2012 Opportunity for States and HIEs to build on and drive adoption First phase grounded in real-world pilot projects implemented by early 2011 Incorporation of HITPC, HITSC, and ONC policy guidance ONC Materials, presented to HITSC March 29 27

Context - NwHIN Nationwide Health Information Network Exchange (NwHIN) 10 Current Exchange Participants DoD Kaiser Permanente VA Regenstrief Institute SSA HealthBridge CDC Inland Northwest Health Services MedVA NCHICA Active Onboarding applicants Qualification -- 9 (Beacon Community, State HIEs and CMS and their partners) Validation -- 13 (7 SSA Awardees, 3 Beacon Community and 3 State HIEs) Activation -- 5 (5 SSA Awardees) Inquiries received: 14 (combination of State HIEs, Beacon Community awardees and others) HITECH obligates ONC to establish a governance mechanism for the nationwide health information network. ONC is initiating rulemaking process, with notice of proposed rulemaking expected in fourth quarter of 2011. ONC Materials, presented to HITSC March 29

Context - Connect Ongoing Release cycles and development CONNECT 2.5 released February 2011 CONNECT 3.2 to be released in June 2011 Additional Updates Building an automated test environment for organizations to better test their CONNECT installations to be able to share data securely with other organizations using Nationwide Health Information Network standards Expecting to award new development contract within next month ONC remains committed to establishing modular implementation specifications and robust testing to assure interoperability ONC Materials, presented to HITSC March 29

Context – look ahead to Stage 2/3 MU Need to explore “low regret” standards for future information exchange needs to support innovation and a learning healthcare system Candidates include: Synchronous secure transport (e.g., SOAP + TLS + WS-Security and HTTP + TLS + OAuth2) Subset of current NWHIN specifications for exchange Metadata for a universal exchange language derived from existing exchange standards Distributed queries to support risk adjustment, quality reporting, public health ONC Materials, presented to HITSC March 29

Implementation example: Surescripts Surescripts extending network beyond e-prescribing to doctor-to-doctor exchange of messages Will connect to EHR vendors using interfaces similar to e-prescribing Directories, certification, security and privacy, vendor and user support Internet portal and “send to anyone”, including HISPs Will leverage Direct protocols (e.g. hospital lab to public health connection, connect to HISPs) Will leverage Exchange, Connect and standards as developed Provide interoperability regardless of technology platform or protocol “Direct Plus” Direct and connection to other protocols Direct augmented with additional services (directory, certification, support)

Physicians Direct Description AAFP Physicians Direct is an information service, offered in partnership with Surescripts, which will provide users and their colleagues secure, affordable, and easy-to-use electronic clinical messaging. Use of the service to exchange health data among physicians will improve continuity of care, support achievement of Meaningful Use, and advance the patient-centered medical home. AAFP Physicians Direct will provide a web-based portal for subscribers to securely send and receive messages and attachments, and the portal will be branded as an AAFP service. Colleagues (consultants) will be urged to subscribe to the portal, and to use AAFP Physicians Direct to send and receive messages from users. Integration with EHRs will also be part of the offering in time, and the plan is to have at least 6 EHR vendors onboard at the launch of the project. A key attribute of AAFP Physicians Direct is that users will be able to securely message to any provider, including non-subscribers. However, for ease of use it is likely that these one-time sessions will induce the receiving consultants to subscribe and become part of the network.

Patient Centered Medical Home MEDfx Presentation Using Direct to Enable Patient Centered Medical Home

Background Dominion Medical Associates Is an independent, minority physician practice located in Richmond, Virginia. Has traditionally been a paper-based practice Is in the process of moving toward use of an EMR MedVirginia CenVaNet and MedVirginia are working with the practice to help in its achievement of recognition as a Level 3 NCQA Patient Centered Medical Home Objectives Utilize the Direct Project standards and transactions to facilitate the referral process Improving care management and coordination services for identified high risk chronic disease populations, including diabetes.

Patient Centered Medical Home Is a model of care that puts the needs of the patient first. Is the base from which health care services are coordinated to provide the most effective and efficient care to the patient. This includes Use of health information technology Coordination of specialty and inpatient care Providing preventive services through through health promotion disease management and prevention health maintenance behavioral health services patient education diagnosis and treatment of acute and chronic illnesses.

Dominion Medical Associates Goal Achieve Level 3 PCMH status as defined by NCQA. Care coordination and chronic disease management are integral to meeting the requirements CenVaNet is providing Dominion Medical Associates with RN care managers to support the needs of the high-risk patients with chronic diseases Care managers provide Direct services to targeted patients Coordinate additional support (community resources, referral coordination, etc.) Dominion Medical Associates’ goal is to achieve Level 3 PCMH status as defined by NCQA. Care coordination and chronic disease management are integral to meeting the requirements CenVaNet is providing Dominion Medical Associates with RN care managers to support the needs of the high-risk patients with chronic diseases Care managers provide Direct services to targeted patients Coordinate additional support (community resources, referral coordination, etc.)

Quality of Care Today Physicians at Dominion Medical Associates Attend to the needs of approximately 6000 patients Have two office locations in Richmond, Virginia Employ certified medical assistants Care is episodic and acute Usually provided in response to an event as opposed to being proactive in nature. Patients are seen when they are sick, with instructions for follow-up or on-going personal management.

Quality of Care CenVaNet Identified high risk patients who could benefit from on-going care management support. Information about these patients is documented on the referral form and uploaded into Lifescape by a Dominion staff member at the practice. This is transmitted to the CenVaNet care manager who retrieves the document and begins the assessment process. Using MedVirginia Solution the care management nurse has access to any CCD information on these patients to aid in their assessment and intervention.

With Direct A referral letter is generated electronically Replaces manual process of Printing Creating fax coversheet Faxing to MedVirginia Transmitted to MedVirginia using Lifescape Portal via Direct Stored in Clinical Data Repository Used by CenVaNet nurse to create an Initial Assessment

What makes it work? What are the components? How do the component interact? When Dominion submits a referral request When MedVirginia sends an Initial Assessment What were the challenges?

Direct Pilot Components MedVirginia HISP SMTP Dominion HISP SMTPS SSL SMTPS SSL DOD Solution 1 Interchange Solution 1 Interchange VA NwHIN CONNECTfx Lifescape Lifescape SSA HTTPS HTTPS MedVirginia Portal Dominion Portal

Data Flow – Dominion submits Referral Request MedVirginia HISP SMTP Dominion HISP SMTPS SSL SMTPS SSL DOD Solution 1 Interchange Solution 1 Interchange VA NwHIN CONNECTfx Lifescape Lifescape SSA HTTPS HTTPS MedVirginia Portal Dominion Portal

Data Flow – MedVirginia sends back initial Assessment HISP SMTP Dominion HISP SMTPS SSL SMTPS SSL DOD Solution 1 Interchange Solution 1 Interchange VA NwHIN CONNECTfx Lifescape Lifescape SSA HTTPS HTTPS MedVirginia Portal Dominion Portal

Demo – Let’s see it work

What were the challenges? Certificate Generation SMTPS configuration Identifying and locking down the HISP Permission to open port 25 on the public internet Configuring the HISP through an SSL tunnel Managing external communications

Direct Project Reference Implementation

Direct Project Reference Materials Direct Project Overview http://wiki.directproject.org/The+Direct+Project+Overview Applicability Statement for Secure Health Transport http://wiki.directproject.org/Applicability+Statement+for+Secure+Health+Transport Direct Project Security Overview http://wiki.directproject.org/Direct+Project+Security+Overview XDR and XDM for Direct Messaging http://wiki.directproject.org/XDR+and+XDM+for+Direct+Messaging

Q&A

Poll http://www.polleverywhere.com/multiple_choice_polls/ODk3NTYzNzEx