Tests of 'NHIN Light' Standards Begin

Specs for Secure Info Exchange Could Be Available by Spring
Tests of 'NHIN Light' Standards Begin
Seven pilot projects are beginning tests of The Direct Project, which enables simple, secure exchanges of information between two healthcare organizations.

If the tests are successful, the open source specifications for the project could be made available for use by electronic health records vendors, organizations facilitating health information exchange and others by next spring, says Arien Malec. He's coordinator of the project, which was formerly known as NHIN Direct.

The Direct Project fundamentally is designed to offer an alternative to using fax machines, snail mail or a courier to complete simple information exchanges. The project's specs, which are available for both Java and .Net formats, enable what amounts to healthcare-specific secure e-mail.

The Department of Health and Human Services' Office of the National Coordinator for Health IT is overseeing the project, which is primarily a volunteer-supported effort. The HIT Standards Committee will review results of the pilots in late March and recommend whether HHS should release the specifications for anyone to use.

Encryption Plays a Role

The Direct Project specifications include encryption and digital certificates to support simple one-to-one "push" exchanges. The project is a "light" version of the Nationwide Health Information Network standards, which accommodate more complex transactions.

The government defines NHIN as "a set of policies, standards and services that enable the Internet to be used for secure and meaningful exchange of health information to improve health and healthcare." NHIN Connect provides details on implementing the evolving NHIN standards. Federal regulators are preparing to craft a rule for how to govern organizations that use the NHIN standards.

A recently unveiled website offers extensive details on the Direct Project, which it describes as "a simple, secure scalable standards-based way for participants to send authenticated, encrypted health information directly to known, trusted recipients over the Internet."

A Simplified Approach

When the original NHIN Direct concept was unveiled last February, one federal official likened it to "an online version of the intercom," while another called it "a light-weight on-ramp" for health information exchange.

The renamed Direct Project's specs could be used, for example, to support a primary care physician making a referral to a specialist, requesting test results from a lab, or sending information to a patient's personal health record.

In contrast, the NHIN standards would come into play, for example, when a hospital placed a query to retrieve, or pull, records on patients from several other organizations where they've been treated, Malec explains.

Organizations offering health information exchange services might eventually use both the Direct Project and NHIN standards.

HITECH Act Mandate

The HITECH Act, which provided funding for the start-up of statewide health information exchanges, mandated the creation of the NHIN and Direct Project standards as ways to improve care quality by easing access to patient information while maintaining security.

Although dozens of health information organizations are rolling out health information exchange services across the country, many use proprietary models, Malec notes. Plus, it can prove difficult for a hospital or physician to navigate data exchange by using multiple networks in a region, he notes.

The Direct Project, along with NHIN, could help ease information exchange no matter what networks are available in a region and pave the way for national data exchange, he says.

Secure E-Mail

Using existing secure e-mail options has proven difficult for many healthcare organizations, Malec contends, because of the challenges involved in using digital certificates and other technologies. "The Direct Project is an easy way to bring digital signatures and encryption to healthcare providers," he says. "Providers are focused on care delivery, and they're not experts on security."

To ensure the confidentiality and integrity of the content of messages, the specifications use S/MIME encryption and signatures. Authenticity of the message's sender and receiver is established with X.509 digital signatures. Routing of messages is handled through SMTP.

Under the HITECH Act electronic health record incentive program, participating hospitals and doctors must be able to accommodate several basic secure information exchanges, such as for patient referrals, to qualify for payments in stage one. As a result, many EHR vendors are attempting to accommodate connectivity in their software. Malec hopes The Direct Project specs will help EHR vendors add those connectivity functions.

So far, about two dozen health information technology vendors already have expressed interest in using the new specs, Malec says.


About the Author

Howard Anderson

Howard Anderson

News Editor, ISMG

Howard J. Anderson is news editor of Information Security Media Group and was founding editor of HealthcareInfoSecurity and DataBreachToday. He has more than 34 years of journalism experience, with a focus on healthcare information technology issues. Before launching HealthcareInfoSecurity, he served as founding editor of Health Data Management magazine, where he worked for 17 years, and he served in leadership roles at several other healthcare magazines and newspapers.




Around the Network