Anatomy of Direct Session 3

Slides:



Advertisements
Similar presentations
Georgia Department of Community Health
Advertisements

A Plan for a Sustainable Community Behavioral Health Information Network Western States Health-e Connection Summit & Trade Show September 10, 2013.
There is public interest! David S. Mendelson, M.D. Professor of Radiology Senior Associate - Clinical Informatics The Mount Sinai Medical Center Co-chair.
ELTSS Alignment to Nationwide Interoperability Roadmap DRAFT: For Stakeholder Consideration in response to public comment.
Electronic Submission of Medical Documentation (esMD) Face to Face Informational Session esMD Requirements, Priorities and Potential Workgroups – 2:00pm.
Connecticut Ave NW, Washington, DC Understanding Patient Engagement in Stage 2 MU: Direct, HIPAA, VDT, and Patient Engagement.
Interoperability Kevin Schmidt Director, Clinical Network.
S&I Framework Provider Directories Initiative esMD Work Group October 19, 2011.
Connecticut Ave NW, Washington, DC Direct Exchange from Provider to Patient/Consumer ….and Back! David C. Kibbe, MD MBA.
Direct Implementation Perspective 0 Mark Bamberg, Vice President Research & Development MEDfx.
Direct and the Nationwide Health Information Network Session 11 April 13, 2011.
NHIN Direct Project Communications Work Group Message for State HIE/RECs August 30, 2010.
Massachusetts: Transforming the Healthcare Economy John D. Halamka MD CIO, Harvard Medical School and Beth Israel Deaconess Medical Center.
Texas Approach to Supporting Statewide Health Information Exchange January 2013.
Supporting Meaningful Use Stage 2 Transition of Care Requirements
Understanding and Leveraging MU Stage 2 Optional Transports (SOAP)
NHIN Specifications Richard Kernan, NHIN Specification Lead (Contractor), Office of the National Coordinator for Health IT Karen Witting, Contractor to.
Centers for Disease Control and Prevention Office of the Associate Director for Communication Electronic Health Records/Meaningful Use and Public Health.
A Primer on Healthcare Information Exchange John D. Halamka MD CIO, Harvard Medical School and Beth Israel Deaconess Medical Center.
NextGen Interoperability – Leading the Charge Presenter – David Venier DISCLAIMER: The views and opinions expressed in this presentation are those of the.
Understanding and Leveraging MU2 Optional Transports Paul M. Tuten, PhD Senior Consultant, ONC Leader, Implementation Geographies Workgroup, Direct Project.
August 12, Meaningful Use *** UDOH Informatics Brown Bag Robert T Rolfs, MD, MPH.
EsMD Background Phase I of esMD was implemented in September of It enabled Providers to send Medical Documentation electronically Review Contractor.
Meaningful Use Personal Pace Education Module: Transitions of Care.
Electronic Submission of Medical Documentation (esMD) Face to Face Informational Session Charter Discussion – 9:30am – 10:00am October 18, 2011.
Connecticut Ave NW, Washington, DC Direct Exchange An Introduction for Providers Engaged in Stage 2 Meaningful Use David.
New Opportunity for Network Value: Using Health IT to Improve Transitions of Care 600 East Superior Street, Suite 404 I Duluth, MN I Ph
NHIN Direct Project Communications Work Group Messages for Physicians August 24, 2010.
Georgia Health Information Exchange Georgia Rural Health IT Forum January 26, 2012.
Exchange: The Central Feature of Meaningful Use Stage Meaningful Use and Health Care Innovation Conference Craig Brammer Office of the National.
An XMPP (Extensible Message and Presence Protocol) based implementation for NHIN Direct 1.
0 Presentation to: Health IT HIPPA Workshop Presented by: Stacey Harris, Director of Health IT Innovation September 26, 2014 Division of Health Information.
Clinical Document Exchange. We Simplify Healthcare By creating common sense solutions that take common, often overlooked problems across all of healthcare.
Affordable Healthcare IT Solutions. MU RX Compliance with Meaningful Use Stage 2.
Market Reform Group Electronic processing The role of standards and how it all fits together Beginners session - 23 rd January 2008 Rob Campbell, MRO.
SIM- Data Infrastructure Subcommittee November 14, 2013.
Chapter 6 – Data Handling and EPR. Electronic Health Record Systems: Government Initiatives and Public/Private Partnerships EHR is systematic collection.
Planning the Future of CDC Secure Public Health Transactions and Public Health Information Network Messaging System (PHINMS) Jennifer McGehee, Tim Morris,
Interoperability Framework Overview Health Information Technology (HIT) Standards Committee June 24, 2010 Presented by: Douglas Fridsma, MD, PhD Acting.
XMPP Concrete Implementation Updates: 1. Why XMPP 2 »XMPP protocol provides capabilities that allows realization of the NHIN Direct. Simple – Built on.
HIT Policy Committee NHIN Workgroup Recommendations Phase 2 David Lansky, Chair Pacific Business Group on Health Danny Weitzner, Co-Chair Department of.
1 Meaningful Use Stage 2 The Value of Performance Benchmarking.
February 8, 2005IHE Europe Educational Event 1 Integrating the Healthcare Enterprise Basic Security Robert Horn Agfa Healthcare.
Hurdles and Solutions for the Interoperable EHR John W, Loonsk, MD FACMI Chief Medical Officer CGI.
1. 2 Overview In Exchange security is managed by assigning permissions in Active Directory Exchange objects are secured with DACL and ACEs Permissions.
Christopher H. Tashjian, MD, FAAFP July 23, 2013, Washington D.C.
Identity Proofing, Signatures, & Encryption in Direct esMD Author of Record Workgroup John Hall Coordinator, Direct Project June 13, 2012.
HIT Standards Committee Overview and Progress Report March 17, 2010.
West Virginia Information Technology Summit November 4, 2009.
Adoption and Use of Electronic Medical Records (in Federally Qualified Health Centers) and Supporting an ASP Community Care Network of Virginia, Inc.
Mariann Yeager, NHIN Policy and Governance Lead (Contractor) Office of the National Coordinator for Health IT David Riley, CONNECT Lead (Contractor) Federal.
Kno2 1 October 22, Agenda Introduction Goal of Pilot Tier Piloting Activity to Pilot Role of Kno2 in the pilot Standards and Technologies Under.
Draft Provider Directory Recommendations Begin Deliberations re Query for Patient Record NwHIN Power Team July 10, 2014.
HIT Policy Committee NHIN Workgroup HIE Trust Framework: HIE Trust Framework: Essential Components for Trust April 21, 2010 David Lansky, Chair Farzad.
Electronic Submission of Medical Documentation (esMD)
HIT Policy Committee Meeting Nationwide Health Information Network Governance June 25, 2010 Mary Jo Deering, PhD ONC, Office of Policy and Planning NHIN.
The State of Florida’s Advances in Supporting the Use of Health IT 2015 HIT Days State Capitol January 26, 2015 Agency for Health Care Administration Secretary.
Office of the National Coordinator for Health Information Technology ONC Update for HITSP Board U.S. Department of Health and Human Services John W. Loonsk,
360Exchange (360X) Project 12/06/12. Reminders / announcements 360X Update CEHRT 2014 / MU2 Transition of Care Requirements 1 Agenda.
 All lines are muted during presentation.  Lines are un-muted during Q&A ◦ If not asking question, please mute your line  *6 to mute your phone  *7.
Who’s in Your Neighborhood? The Patient-Centered Medical Community David C. Willis, MD Medical Director Greater Ocala Health Information Trust, Inc.
1 David C. Kibbe, MD MBA DirectTrust Collaborating to Build the Security and Trust Framework for Direct Exchange June 20, 2013.
HIT Standards Committee NwHIN Power Team Dixie Baker, Chair July 20,
Pennsylvania Health Information Exchange NJHIMSS - DVHIMSS Enabling Healthcare Transformation Through Information Technology September, 2010.
Connecticut Ave NW, Washington, DC DirectTrust Collaborating to Build the Security and Trust Framework for Direct Exchange.
California Successes Engagement & Collaboration –Regional HIEs functioning and expanding for 25 years –25 organizations using Epic’s HIE solutions, many.
The Value of Performance Benchmarking
Secure Patient Communications Get Connected Knowledge Forum
Electronic Health Information Systems
ONC Update for HITSP Board
Presentation transcript:

Anatomy of Direct Session 3 April 12, 2011

Agenda Overview of Direct How does Direct work? Direct in the Real World Panelists: David C. Kibbe, MD MBA, Senior Advisor, American Academy of Family Physicians; Chair, ASTM International  E31Technical Committee on Healthcare Informatics; Principal, The Kibbe Group LLC  Cris Ross, Executive Vice President and General Manager, Clinical Interoperability, Surescripts Mark Bamberg, VP Research & Development, MEDfx Q&A Poll

What is Direct? A project to create the set of standards and services that, with a policy framework, enable simple, directed, routed, scalable transport over the Internet to be used for secure and meaningful exchange between known participants in support of meaningful use

Secure Internet-based Direct Communications Direct Project specifies a simple, secure, scalable, standards-based way for participants to send encrypted health information directly to known, trusted recipients over the Internet. b.wells@direct.aclinic.org h.elthie@direct.ahospital.org Simple. Connects healthcare stakeholders through universal addressing using simple push of information. Secure. Users can easily verify messages are complete and not tampered with in travel. Scalable. Enables Internet scale with no need for central network authority. Standards-based. Built on common Internet standards for secure e-mail communication.

When current methods of health information exchange are inadequate: Why Direct? When current methods of health information exchange are inadequate: Communication of health information among providers and patients still mainly relies on mail or fax Slow, inconvenient, expensive Health information and history is lost or hard to find in paper charts Current forms of electronic communication may not be secure Encryption features of off-the-shelf e-mail clients not often used in healthcare communications today Physicians need to transport and share clinical content electronically in order to satisfy Stage 1 Meaningful Use requirements. Need to meet physicians where they are now Direct will be one of the communication methods in the Nationwide Health Information Network http://www.flickr.com/photos/dougww/922328173/

Who is Direct? (as of November 2010) The Direct Project represents over 50 organizations and over 200 participants. Members participate in the Implementation Group and one or more of 6 workgroups. Implementation Group (50+ organizations, 200+ participants) Security and Trust Best Practices Implementation Geographies Communications Documentation and Testing Reference Implementation

What do you need to enable Direct? Direct Addresses Security & Trust Services Direct Messages Message Transport & Delivery Need a way to route information to the right party. That’s where Direct addresses come in. Need a way to protect that information when you send it – Security & Trust Services. Need to be able to build a Direct Message that contains the health information you want to send. Finally, need a way to move that message.

Direct Addresses Direct Addresses are used to route information Look like email addresses Used only for health information exchange b.wells@direct.aclinic.org An individual may have multiple Direct addresses Endpoint Domain Direct Address

Security & Trust: Certificates Each Direct Address must have at least one digital certificate associated with it in order to securely transmit and receive health information Certificate may be tied to either the specific Direct Address or the Domain that is part of that address X.509v3 digital certificate standards By using certificates to securely transmit and receive information… The Sender has a strong mathematical certainty that only the Receiver or explicitly authorized delegates can view the message The Receiver has a strong mathematical certainty that only the Sender sent the message Both Sender and Receiver have confidence that nothing happened to the message in transit (e.g., tampering, disclosure, etc.)

Security & Trust: Certificate Discovery Certificate discovery must occur prior to a Direct message being sent in order to fulfill the encryption functions of the S/MIME format Discovery based on existing Internet protocols Existing specifications exist for discovery via DNS Address-bound certificates must be associated with a Direct-formatted address Organization-bound certificates are stored under the Health Domain Name If DNS is not supported, an alternate method must be offered

Security & Trust: Trust Anchors Certificates are issued by Trust Anchors Trust Anchors are Certificate Authorities (CAs) Certificates are issued to parties that agree to abide by policies set and/or enforced by the Trust Anchor

Direct Messages Direct Messages are essentially email messages (RFC 5322) Headers Contents – text plus attachments Security information – signatures, certificate information as applicable Contents can be (and often are) structured, but can be unstructured HL7 lab results CCD, CCR PDF, TIFF Text and other human-readable representations IHE XDM specifications

Message Transport & Delivery Direct specifies Simple Mail Transport Protocol (SMTP) as its primary mechanism for delivering healthcare content from a sender to a receiver This choice supports environments that have minimal capabilities in terms of using Web Services and generating detailed metadata and allows for more advanced interoperability

Direct Project Compliance Compliance is defined in the Applicability Statement for Secure Health Transport Core set of requirements for using SMTP, S/MIME, and X509 certificates in an interoperable way However, it’s recognized that communities may use other standards or proprietary mechanisms internally Will generally have Direct-compliant gateways that implement the Applicability specification while harmonizing local standards/mechanisms to Direct-equivalents XDR and XDM for Direct Messaging specifies such a solution when using IHE XDR for local transport

SOAP, IHE and XD* Conversions While SMTP is the primary delivery method for Direct, some healthcare environments have existing SOAP-based Web Services that provide detailed metadata and have adopted a family of IHE profiles SOAP – format for exchanging structured information, based on XML for message format XDR and XDM for Direct Messaging XDR – supports a direct push model using Web Services transport XDM – supports a direct push model with SMTP as a transport option, among several XD* Conversion Enables interoperability between Direct participants who may be using SOAP+XDR, SMTP+XDM, or SMTP+MIME

XD* Conversion Processes XD* Conversion involves both transport and metadata Always occurs when moving between transport mechanisms Metadata may be created or transformed Three cases each for Senders and Receivers: SMTP+nonXDM (RFC5322+MIME) SMTP+XDM (RFC5322+XDM) SOAP+XDR

Direct in the Real World AAFP Physicians Direct David C. Kibbe, MD MBA, Senior Advisor, American Academy of Family Physicians; Chair, ASTM International E31Technical Committee on Healthcare Informatics; Principal, The Kibbe Group LLC Cris Ross, Executive Vice President and General Manager, Clinical Interoperability, Surescripts MEDfx Mark Bamberg, VP Research & Development, MEDfx

AAFP Physicians Direct “Direct Plus” secure online messaging for physicians in partnership with Surescripts

Doctor-to-Doctor Information Sharing How do doctors predominantly share patient records with other medical professionals? 17% Electronic means 25% Non-electronic means Q1a. How do you predominantly share patient records with other medical professionals who provide care for your patients outside your office/hospital? Currently Use electronic means 17% Use non-electronic means 83% Electronic = Computer storage devices + electronic networks + email or secure messaging Non-electronic = Fax + U.S. mail or courier + give records to patients (4%) Q1b. How would you prefer to share patient medical records with other medical professionals who provide care for your patients outside your office/hospital? Prefer Use electronic means 74% Use non-electronic means 25% Non-electronic = Fax + U.S. mail or courier + give records to patients (2%) 74% Electronic means 83% Non-electronic means Electronic = Computer storage devices + electronic networks + email or secure messaging Non-electronic = Fax + mail or courier + give records to patients Source: Markle Foundation

Patient-Doctor Information Sharing How do doctors predominantly share patient records with patients? 5% Electronic means 52% Non-electronic means, or do not share records 47% Electronic means 95% Non-electronic means, or do not share records Q1c. How do you predominantly share patient records with patients? Currently Use electronic means 5% Use non-electronic means 95% Electronic = Computer storage devices + website + Email or secure messaging Non-electronic = Fax/U.S. mail or courier + paper copies + don't share records (8%) Q1d. How would you prefer to predominantly share patient records with patients? Prefer Use electronic means 47% Use non-electronic means 52% Electronic = Computer storage devices + website + email or secure messaging Non-electronic = Fax/U.S. mail or courier + paper copies + don't share records (7%) Electronic = computer storage devices + website + email or secure messaging Non-electronic = fax/mail or courier + paper copies + don't share records Source: Markle Foundation

Agenda A brief overview of Direct-compliant implementations What does having a Direct address mean? What can you do with it? What basic service or infrastructure must a Direct addressee have available to her to do Direct-compliant clinical messaging? What is a HISP? What does the Direct Project specify that a HISP must do in order to offer Direct-compliant clinical messaging functionality to its users, members, or subscribers? AAFP Physicians Direct via the Surescripts CI Network Why did the AAFP choose to partner with Surescripts to bring its members a national, secure, and affordable clinical messaging service? What are the differences between Direct-compliance and what we are calling a “Direct-plus” clinical messaging solution

means you can can send authenticated and encrypted health information What will having a Direct address mean for me? Therefore, one answer to this question is that having a Direct address means you can can send authenticated and encrypted health information directly to a known and trusted recipient over the Internet.

What’s a HISP? In brief, the essence of a HISP’s duties are to: Package message content using MIME and, optionally, XDM. Secure the confidentiality and integrity of the content by handling it through S/MIME encryption and signatures. Ensure the authenticity of the sender and receiver via X.509 certificates. Route messages through at minimum SMTP (other protocols allowed by mutual consent between HISPs)

More detail on HISP functionality A HISP must be able to assign unique Direct addresses to individuals or organizations, e.g. johndoe@direct.sunnyfamilypractice.com. A HISP must be able to associate X.509 certificates with full Direct address (e.g., johndoe@direct.sunnyfamilypractice.com) or Health Domain Names (e.g., direct.sunnyfamilypractice.com). The HISP may issue the certificates itself as a Certificate Authority (CA) or obtain the certificates from a trusted third-party CA. A HISP must provide an “edge” or “on-ramp” protocol or application/protocol combination to the user, for sending and receiving messages and attachments. The protocol must comply with a minimum set of privacy and security requirements for protection of PHI. (What are these?) A HISP must be able to format the “payload” as an RFC5322-compliant email message with a valid MIME body (RFC2045, RFC2046).

More detail on HISPs, continued A HISP must be able to sign, encrypt, decrypt, and verify the payload using S/MIME. A HISP must have a method for discovering the certificates of message recipients prior to sending a message, in order to fulfill the encryption functions of S/MIME. (TBD) A HISP must be able to judge the trustworthiness of certificates issued by Certificate Authorities that are presented to it in the course of sending and receiving messages. ((TBD) A HISP must be able to judge the trustworthiness of leaf certificates used as trust anchors. (TBD)

More detail on HISPs, continued In addition to these requirements, it is optional that a HISP Support certificate publication in a directory that is available to other HISPs. (TBD) Utilize DNS servers to store both the users’ Direct addresses and the certificates associated with them (public key only). (TBD)

Context - governance Direct standards and specifications are developed by a group of public-private stakeholders, using an open and transparent collaborative process. Direct Project Output: Standards and Service Definitions Implementation Guides Reference Implementation Pilot project testing and real-world implementation Vendors incorporate reference implementation into HIT products Wide-scale adoption of Direct standards by late 2012 Opportunity for States and HIEs to build on and drive adoption First phase grounded in real-world pilot projects implemented by early 2011 Incorporation of HITPC, HITSC, and ONC policy guidance ONC Materials, presented to HITSC March 29 27

Context - NwHIN Nationwide Health Information Network Exchange (NwHIN) 10 Current Exchange Participants DoD Kaiser Permanente VA Regenstrief Institute SSA HealthBridge CDC Inland Northwest Health Services MedVA NCHICA Active Onboarding applicants Qualification -- 9 (Beacon Community, State HIEs and CMS and their partners) Validation -- 13 (7 SSA Awardees, 3 Beacon Community and 3 State HIEs) Activation -- 5 (5 SSA Awardees) Inquiries received: 14 (combination of State HIEs, Beacon Community awardees and others) HITECH obligates ONC to establish a governance mechanism for the nationwide health information network. ONC is initiating rulemaking process, with notice of proposed rulemaking expected in fourth quarter of 2011. ONC Materials, presented to HITSC March 29

Context - Connect Ongoing Release cycles and development CONNECT 2.5 released February 2011 CONNECT 3.2 to be released in June 2011 Additional Updates Building an automated test environment for organizations to better test their CONNECT installations to be able to share data securely with other organizations using Nationwide Health Information Network standards Expecting to award new development contract within next month ONC remains committed to establishing modular implementation specifications and robust testing to assure interoperability ONC Materials, presented to HITSC March 29

Context – look ahead to Stage 2/3 MU Need to explore “low regret” standards for future information exchange needs to support innovation and a learning healthcare system Candidates include: Synchronous secure transport (e.g., SOAP + TLS + WS-Security and HTTP + TLS + OAuth2) Subset of current NWHIN specifications for exchange Metadata for a universal exchange language derived from existing exchange standards Distributed queries to support risk adjustment, quality reporting, public health ONC Materials, presented to HITSC March 29

Implementation example: Surescripts Surescripts extending network beyond e-prescribing to doctor-to-doctor exchange of messages Will connect to EHR vendors using interfaces similar to e-prescribing Directories, certification, security and privacy, vendor and user support Internet portal and “send to anyone”, including HISPs Will leverage Direct protocols (e.g. hospital lab to public health connection, connect to HISPs) Will leverage Exchange, Connect and standards as developed Provide interoperability regardless of technology platform or protocol “Direct Plus” Direct and connection to other protocols Direct augmented with additional services (directory, certification, support)

Physicians Direct Description AAFP Physicians Direct is an information service, offered in partnership with Surescripts, which will provide users and their colleagues secure, affordable, and easy-to-use electronic clinical messaging. Use of the service to exchange health data among physicians will improve continuity of care, support achievement of Meaningful Use, and advance the patient-centered medical home. AAFP Physicians Direct will provide a web-based portal for subscribers to securely send and receive messages and attachments, and the portal will be branded as an AAFP service. Colleagues (consultants) will be urged to subscribe to the portal, and to use AAFP Physicians Direct to send and receive messages from users. Integration with EHRs will also be part of the offering in time, and the plan is to have at least 6 EHR vendors onboard at the launch of the project. A key attribute of AAFP Physicians Direct is that users will be able to securely message to any provider, including non-subscribers. However, for ease of use it is likely that these one-time sessions will induce the receiving consultants to subscribe and become part of the network.

Patient Centered Medical Home MEDfx Presentation Using Direct to Enable Patient Centered Medical Home

Background Dominion Medical Associates Is an independent, minority physician practice located in Richmond, Virginia. Has traditionally been a paper-based practice Is in the process of moving toward use of an EMR MedVirginia CenVaNet and MedVirginia are working with the practice to help in its achievement of recognition as a Level 3 NCQA Patient Centered Medical Home Objectives Utilize the Direct Project standards and transactions to facilitate the referral process Improving care management and coordination services for identified high risk chronic disease populations, including diabetes.

Patient Centered Medical Home Is a model of care that puts the needs of the patient first. Is the base from which health care services are coordinated to provide the most effective and efficient care to the patient. This includes Use of health information technology Coordination of specialty and inpatient care Providing preventive services through through health promotion disease management and prevention health maintenance behavioral health services patient education diagnosis and treatment of acute and chronic illnesses.

Dominion Medical Associates Goal Achieve Level 3 PCMH status as defined by NCQA. Care coordination and chronic disease management are integral to meeting the requirements CenVaNet is providing Dominion Medical Associates with RN care managers to support the needs of the high-risk patients with chronic diseases Care managers provide Direct services to targeted patients Coordinate additional support (community resources, referral coordination, etc.) Dominion Medical Associates’ goal is to achieve Level 3 PCMH status as defined by NCQA. Care coordination and chronic disease management are integral to meeting the requirements CenVaNet is providing Dominion Medical Associates with RN care managers to support the needs of the high-risk patients with chronic diseases Care managers provide Direct services to targeted patients Coordinate additional support (community resources, referral coordination, etc.)

Quality of Care Today Physicians at Dominion Medical Associates Attend to the needs of approximately 6000 patients Have two office locations in Richmond, Virginia Employ certified medical assistants Care is episodic and acute Usually provided in response to an event as opposed to being proactive in nature. Patients are seen when they are sick, with instructions for follow-up or on-going personal management.

Quality of Care CenVaNet Identified high risk patients who could benefit from on-going care management support. Information about these patients is documented on the referral form and uploaded into Lifescape by a Dominion staff member at the practice. This is transmitted to the CenVaNet care manager who retrieves the document and begins the assessment process. Using MedVirginia Solution the care management nurse has access to any CCD information on these patients to aid in their assessment and intervention.

With Direct A referral letter is generated electronically Replaces manual process of Printing Creating fax coversheet Faxing to MedVirginia Transmitted to MedVirginia using Lifescape Portal via Direct Stored in Clinical Data Repository Used by CenVaNet nurse to create an Initial Assessment

What makes it work? What are the components? How do the component interact? When Dominion submits a referral request When MedVirginia sends an Initial Assessment What were the challenges?

Direct Pilot Components MedVirginia HISP SMTP Dominion HISP SMTPS SSL SMTPS SSL DOD Solution 1 Interchange Solution 1 Interchange VA NwHIN CONNECTfx Lifescape Lifescape SSA HTTPS HTTPS MedVirginia Portal Dominion Portal

Data Flow – Dominion submits Referral Request MedVirginia HISP SMTP Dominion HISP SMTPS SSL SMTPS SSL DOD Solution 1 Interchange Solution 1 Interchange VA NwHIN CONNECTfx Lifescape Lifescape SSA HTTPS HTTPS MedVirginia Portal Dominion Portal

Data Flow – MedVirginia sends back initial Assessment HISP SMTP Dominion HISP SMTPS SSL SMTPS SSL DOD Solution 1 Interchange Solution 1 Interchange VA NwHIN CONNECTfx Lifescape Lifescape SSA HTTPS HTTPS MedVirginia Portal Dominion Portal

Demo – Let’s see it work

What were the challenges? Certificate Generation SMTPS configuration Identifying and locking down the HISP Permission to open port 25 on the public internet Configuring the HISP through an SSL tunnel Managing external communications

Direct Project Reference Implementation

Direct Project Reference Materials Direct Project Overview http://wiki.directproject.org/The+Direct+Project+Overview Applicability Statement for Secure Health Transport http://wiki.directproject.org/Applicability+Statement+for+Secure+Health+Transport Direct Project Security Overview http://wiki.directproject.org/Direct+Project+Security+Overview XDR and XDM for Direct Messaging http://wiki.directproject.org/XDR+and+XDM+for+Direct+Messaging

Q&A

Poll http://www.polleverywhere.com/multiple_choice_polls/ODk3NTYzNzEx