Using Direct for secure communications

As part of the HITECH incentives to accelerate the adoption of electronic health records (EHRs), eligible physicians' EHR systems must meet the meaningful use Stage 2 (MU2) final rule. This includes supporting the interfaces needed to transmit 10 percent of their “transitions of care” documents electronically. Yet, most small practitioners don’t have an IT staff.

For many independent general practitioners (GPs) and clinicians, doing this on their own is not a choice. There are many technical obstacles and the costs can be high. The challenges are compounded since most GPs and clinicians must share patient records with multiple hospitals and specialists, all of which may use different EHR systems that do not work together seamlessly. Addressing the issue once is costly and hard enough, but working with multiple specialists and organizations would require repeating the process and dealing with the interoperability issues of each EHR solution. This is time-consuming and costly, and none of these efforts help with securely sharing information with patients.

Running a practice should not require having an IT staff (and budget) comparable to a hospital’s just to consult with specialists and advise patients. What is needed is a way to ensure secure exchange of patient data, regardless of the EHR system being used. And enabling this level of communications should not require a large investment or special technology skills.

This is an area where those in healthcare should look for help from their EHR providers. Specifically, they should be sure an EHR provider supports an industry effort called the Direct Project.

The Direct Project is an open government initiative started by the Department of Health and Human Services’ Office of the National Coordinator for Health Information Technology (ONC). The ONC describes Direct as a set of standards, policies and services that define how protected health information (PHI) can be securely exchanged or transported via the Internet. Its goal is to facilitate secure communication across practices and health networks. Direct is part of the MU2 requirements.

For a small practice, Direct offers easy and affordable secure clinical messaging -- for example, sensitive messages a GP might want to send to colleagues or to patients. Healthcare providers should ask their EHR vendors about Direct; after all, one of the MU2 certification requirements for an EHR is to provide and support Direct Project communications.

To get started, each user will need a Direct Address that can be used to send and receive messages, much like email.

The user can open the messaging tool, and type a message, just like email. The difference is that these messages are secure, and the sender and recipient do not need to take any special steps or use additional software for encryption. Healthcare providers can use a Direct Project approach with existing email client software, such as Outlook, with a connection to a regional or state health information service provider (HISP). 

Without a doubt, Direct can greatly simplify communications and the sharing of patient information. Interoperability is automatically built in. A physician can compose an email message as he/she would normally. The message and attachments can include detailed patient information. That message can be sent to a specialist using a different Direct-enabled EHR, or, to a colleague or patient who is not using an EHR but email that is capable of handling encrypted messages.

An EHR solution or service that supports Direct handles the many background tasks that are needed for secure communications. The product or service would package the content of a message, secure that content, and transport it from a sender to a recipient. To accomplish these tasks, Direct uses an architecture that leverages common Internet standards, policies and protocols. It also supports options based on accepted Integrating the Healthcare Enterprise integration profiles.

The future of healthcare is focused on outcomes-based medicine. Positive outcomes are the natural progression of the best minds sharing and interacting to find the best path. Providers who incorporate the Direct Project into their workflow offer a secure and efficient communication tool to support improved dialog between patients and their care teams. This ultimately will provide a higher level of care and better outcomes -- a scenario that all involved clearly want and are trying to achieve.

Andy Nieto is the health IT strategist for DataMotion, an established cloud-based secure data delivery provider. The company’s core DataMotion Platform provides Direct Project HISP services as specified in meaningful use Stage 2.

Photo attributed to Steve Jurvetson via Creative Commons license.