Download presentation
Presentation is loading. Please wait.
Published byJase Ellers Modified over 9 years ago
1
Provider Directories Deliberations NwHIN Power Team May 29, 2014
2
Provider Directory Deliberation Points Limit certification requirement to focus on Direct messages to enable the exchange of patient information What to Certify – At a minimum, EHR technology would need to be able to query external provider directories for the following information and electronically process the response returned in accordance with the Modular Specification Provider Directories Implementation Guide: Query for an individual provider’s Direct address; Query for an organizational provider’s Direct address; Query for relationships between individual providers and organizational providers Authentication required for certification – Authentication of the directory service – Basic TLS handshake does this – Does query of a directory service include any data elements that would necessitate authentication of the client (queryer) as well? Nothing sensitive in the data model beyond name and routing information ( address, email, fax, where to send patient record information) Standards to recommend – TLS – basic server-only authentication or mutual authentication? – HPD+ 1
3
Mod Spec of HPD+ (ISO 21091, IHE HPD Base + CP 601) Endpoint addresses – include individual and organizational addresses – memberships between individuals and organizations – electronic service addresses, certificates associated with electronic services Query – Based onDSML v2 – Supports “AND”, “OR”, “NOT”; “String” and “RegEX” match type Transport and Application Protocols – SOAP 1.2 over HTTP based on the Web Services for IHE Transactions Appendix V in ITI-TF Vol2. – Synchronous Web Services – DSMLv2 with SOAP bindings over HTTP – Does not support REST at this time (on the current roadmap) Security – Mutual TLS to protect message – No additional security controls specified for query Limitations – No Discovery – No Incremental fetch 2
4
Blank
5
HITSC Tasking Original Order TaskBrief Description 2Provider Directories Search for provider Respond to search 1Query for a Patient Record Search for patient information Respond to searches for patient information 3Provider Data Migration and Patient Portability To enable patients who switch providers to have their care continue seamlessly (no repeat tests, missing key clinical information etc.). To enable providers switching EHR systems to continue providing seamless care to patients (coded data in old system is consumable by the new system so clinical decision support still works) 4
6
Functionality Recommended by HITPC IE WG Functionality Recommended by HITPC IE WG Search for provider: EHR systems have the ability to query external provider directories to discover and consume addressing and security credential information to support directed and query exchange Respond to search: EHR systems have the ability to expose a provider directory containing EPs and EH addressing and security credential information 5
7
HITPC IE WG Recommendations Guidelines 1.Scope: Standards must address PD transactions (query and response) as well as minimum acceptable PD content to enable directed and query exchange 2.Continuity: Build on Stage 1 and 2 approaches and infrastructure for directed exchange where possible and allow use of organized HIE or cross-entity PD infrastructures where applicable and available (ie, remain agnostic to architecture and implementation approaches) 3.Simplification: Set goal of having PD query and response happen in a single (or minimal) set of transactions 4.External EHR system: An EHR system of another distinct legal entity, regardless of vendor 5.Transactions: a.Querying systems must have ability to: i.Present authenticating credentials of requesting entity ii.Validate authenticating credentials of provider directory holding entity iii.Present provider-identifying information iv.Securely transmit query message b.Provider directory must have ability to: i.Validate authenticating credentials of requesting entity ii.Present authenticating credentials to requesting entity iii.Match provider iv.Respond with unambiguous information necessary for message addressing and encryption or acknowledgement of non-fulfillment of request c.Provider directories must have administrative capabilities to: I. Submit updated provider directory information (additions, changes, deletions) to external provider directories II.Receive and process provider directory updates from external provider directories 6.Transaction details: a.Provider directories should contain minimum amount of information necessary on EPs and EHs to address and encrypt directed exchange and/or query for a patient record messages HITPC IE WG Recommendations Guidelines 6
8
Previous HITSC Recommendations Re Standards for Provider Directories 7
9
May 12, 2011: Privacy & Security WG Recommendation for S&I Framework PD Activity RequirementStandardImplementation Specification Certification Criteria SchemaDSMLIHE HPD subsetCapability to securely send to an ELPD service a DSML query for entities, and entities’ exchange services, and to receive a response, as specified in the IHE HPD profile. Capability to enable a user or software to list and select from ELPD responses. Capability to retrieve the digital certificate for a selected entity. VocabularyLDAP + ISOIHE HPD subset TransportREST or SOAP 1 IHE HPD Query LanguageLDAPIHE HPD + HPD Federation Profile 2 1 The Standards and Interoperability Framework team should select either REST or SOAP, as most appropriate within the context of the NwHIN standards currently being defined. 2 To support LDAP federation, a profile specifying a standardized way to federate LDAP directories is needed. 8
10
P&S WG Response to Provider Directory Tasking 9 June 22, 2011: Privacy & Security WG Response to Provider Directory Tasking Organizations create public web pages containing directory information they wish to expose for search Provider directory information is structured and encoded into the web page, using standard schema and vocabulary –Improves search engine indexing –Enables extraction of information into local systems (EHR, Exchange gateway, Direct HISP, etc.) Organizations can obtain Extended Validation certificates to provide assurance of the authenticity of its web pages Standard search engines provide a flexible and free Query Service DNS is used to retrieve digital certificates for the published service address names which have been embedded in the web pages DNS + Structured & Encoded Web Content: Concept
11
10 June 22, 2011: Privacy & Security WG Response to Provider Directory Tasking (cont.) Benefits –Simple, widely available, and highly scalable web technology Three leading search engines (Google, Bing, Yahoo!) have launched Schema.org metadata project to provide tools for building common vocabulary for structuring web page data –Organization maintains control over what information is exposed Can start simple and build over time –Allows discovery of services and certificates using familiar names, without requiring advance knowledge of formal identifier (e.g., OID used in NwHIN Exchange, Direct Address) Recommend that S&I Framework team consider this approach for meeting need for nationwide access to directory information without requiring “national provider directory” DNS + Structured + Encoded Web Content: Recommendation
12
January, 2013: Response to Stage 3 RFC (PSWG + NwHIN PT) Improving quality, safety, and reducing health disparities IEWG 102 NewCertification criteria: The EHR must be able to query a Provider Directory external to the EHR to obtain entity- level addressing information (e.g. push or pull addresses). Are there sufficiently mature standards in place to support this criteria? What implementation of these standards are in place and what has the experience been? Primary- Privacy and Security WG Secondary- NwHIN PT COMMENTS: Directories typically are integrated into other services, such as secure communications and enterprise security services, and not an independent capability. Indeed, the two existing EHR standards for secure communications (Direct and Exchange) each has its own integrated directory technology – each of which is supported by a very mature directory standard (DNS and UDDI respectively). Also, services sometimes change their directory solutions (for example, Exchange is considering changing from UDDI), and users of these services usually are unaware of what directory service is being used. We think it would be inappropriate to externalize directory services by creating a separate certification criterion. We therefore recommend that the proposed certification criterion be omitted from the final regulation. 11
Similar presentations
© 2024 SlidePlayer.com. Inc.
All rights reserved.