Using the Direct Protocol to Create Lightweight, Scalable and Secure Healthcare Information Exchange
Posted by: TaylaHolman
Exchanging protected health information (PHI) securely among patients, providers, and insurance companies can be challenging. For healthcare organizations, managing and exchanging heavy volumes of unstructured data and sensitive information is a slow, inefficient, and costly process. In order to properly coordinate patient care and reduce costs, healthcare organizations must be able to share information easily and securely across disparate systems and different legal entities.
Despite the adoption of electronic medical records and the digitization of patient data, new applications and legacy systems are often still operating as standalone silos. Historically, exchanging PHI across these systems and with other health information technology (HIT) applications has largely been achieved through single use, one-to-one interfaces. Unfortunately, these interfaces are expensive to deploy and maintain. They also do not scale particularly well.
Given the variety and complexity of systems supporting the healthcare ecosystem, interoperability is critical to not only exchange information securely, but also to accelerate care coordination, lower costs and improve health outcomes.
The Versatility of Direct Protocol
The Direct Protocol paves the way for scalable and secure Healthcare Information Exchange (HIE). It allows users to send and receive authenticated, encrypted health information between known and trusted recipients, regardless of the originating application, system or platform. More than “secure email,” the Direct Protocol ensures privacy, security, and compliance through a robust policy infrastructure while maintaining versatility and cost-efficiency.
Leveraging the foundation of “trust-in-identity,” the interoperability features of the Direct Protocol allow disparate systems to exchange structured and unstructured data through bidirectional, non-persistent connections. The robust policy infrastructure creates a trusted network that is spam-proof and spoof-proof, ensuring the identity of those coordinating care, and thus, mitigating the risk of security breaches by leveraging a secure “push” approach to data exchange. This federated standard removes the costly need to negotiate, write and execute Data Use and Reciprocal Support Agreements (DURSA). It also eliminates the need for single-use interfaces that are costly to develop and maintain.
Security within the Healthcare Ecosystem
In 2016, the International Data Corporation predicted that one in three Americans’ health information would be compromised. With data breaches on the rise and the substantial risk of patient records and billing information being exposed, healthcare organizations need a trusted exchange system to securely share and manage sensitive information.
Leveraging the Direct Protocol, healthcare organizations and operators can safely and seamlessly communicate and exchange information between every member of the Direct Trust community from a single access point. The Direct Protocol verifies the identity of all endpoints and users to prevent cyber impersonation and to create a trusted community of healthcare and healthcare related counterparties. This “one-to-many” capability facilitated through the Direct Protocol makes it easy to connect with trusted users such as patients, providers, insurance and billing operators as well as disparate systems and applications including registries, consolidated data repositories and lab systems.
With the Direct Protocol, data is secured using public key infrastructure (PKI) for encryption and decryption. It does not require invitations behind firewalls, nor does it require the creation of additional repositories of aggregated healthcare information that may be easily targeted.
Over 34 million transition of care (TOC) documents were exchanged via the Direct Protocol in Q4 2016 alone. The exchange of these TOCs can be leveraged as trigger events that generate other notifications to various interested parties. This manner of care coordination is the result of innovative use of the Direct Protocol in concert with other technical tools like Integration Engines, Natural Language Processing and a sophisticated rules engine normally associated with expensive and costly HIE structures. When combined, these services are designed to deliver a lightweight, scalable and sustainable solution for data exchange via non-persistent connections, innovating and expanding the role of a HISP.
What is important to note is that Direct Protocol does not require more coding and database changes to the hospitals EMRs or any further collaboration by the respective software vendor.
Data Continuously in Motion
The clinical document architecture (CDA) is a standardized Structured Data Payload. The amount of data contained in a continuity of care document (CCD) has been a problem, often overwhelming the receiver of that document and rendering it useless. This again can be solved to make the data more accessible and actionable by customizing a payload to the needs of the receiving party.
These actions to transform data are taken on while data is in motion to deliver a customized summary via non-persistent connections alongside the complete CCD. This approach directly addresses the costs and concerns of HIE models which are still struggling to find sustainability. Most importantly, it demonstrates that healthcare providers can free the data without having to wait on EHR vendors – simply by expanding the functions of a HISP.
Improving Public Health and Care Coordination
In Carlton County Minnesota, 35,000 citizens will be covered in an Event Notification System powered by an innovative Direct Protocol solution. Funded by the State Innovation Model demonstration, Direct Protocol will be used to identify high risk patients and whenever a CCD with one of those patients is exchanged the processing HISP automatically generates additional notifications to all community partners involved with managing that patient’s care. In this scenario, a TOC that was originally sent to a primary care physician will trigger customized notices to a long-term care facility, a specialist or multiple specialists, and even the patient.
Win-Win for Patients and Providers
The Direct Protocol today is being utilized to support many diverse use cases, from public health and mobile applications to HIE data expansion. It is a lightweight and scalable standard to facilitate the seamless exchange of both structured and unstructured data to and from EMRs and other legacy or emerging Health Information Technology applications.
In addition to ensuring privacy, security, and compliance, the Direct Protocol offers healthcare organizations, pharmacies, billing operators, and insurance companies with sustainable interoperability. This makes it easy to add new applications, legacy systems, and providers.
The Direct Protocol is a powerful, scalable and sustainable technology that will continue to evolve as the ecosystem further realizes its versatility for secure healthcare information exchange. As it continues to evolve, the Direct Protocol will streamline care coordination, deliver patient information faster, and lower operating costs, all while serving as a secure healthcare information exchange.
About the author:
Scott Finlay is co-founder, president and CEO of MaxMD, a leader in secure healthcare information technology and interoperability solutions.