Guest post by Bob Janacek, CTO and co-founder of DataMotion.
Duplicate tests and sky high costs. Healthcare records stored in filing cabinets and warehouses. Millions of documents lost in floods and fires. For the past few decades, these woeful stories have been typical of healthcare. Ask a seasoned administrator about those times and you’ll likely hear stories of heroic hospital staff wading waist deep in a flooded archive basement salvaging whatever floated by.
Fortunately, there’s been a significant push toward the use of electronic health records (EHR) and the days of managing tons of physical documents are gradually becoming a distant memory. Every new innovation, however, brings new challenges. This is especially true when it comes to recent federal mandates requiring the electronic exchange of healthcare records among providers and clinical systems.
As we all know, healthcare records contain very sensitive data about patients, known as protected health information or PHI. The push to transmit this information over the Internet brings along the need for special security safeguards and procedures. To accomplish this, vendors of clinical systems must add messaging encryption, a rather highly specialized skill set not likely to be part of their expertise.
In fact, early attempts at providing secure, clinical-grade messaging were mixed at best, and truly could be compared to the Wild West. Here are just a few glaring examples:
- Unencrypted PHI stored on the hard drives of webmail servers.
- A single server crash taking down an entire State’s healthcare messaging system for almost a week.
- A healthcare messaging vendor running their operations out of their apartment, with their IP addresses changing every time their cable modem rebooted.
Yet, the times they are a-changin’. The Wild West is rapidly being tamed by a well-coordinated partnership between public and private sector organizations. One of the key initiatives providing this change is the Direct Project, which brings along a comprehensive set of standards describing the protocols and procedures designed to securely transmit sensitive healthcare data.
Contributing significantly to the Direct Project, from a standards and accreditation perspective, are the Office of National Coordinator for Healthcare Information Technology (ONC), DirectTrust, and the Electronic Healthcare Network Accreditation Commission (EHNAC). From the vendor side, top tier EHR, health information exchange (HIE) and clinical vendors have come on board to provide an important industry perspective. So how are things changing?
- EHNAC now provides standardized accreditation processes for healthcare IT vendors. With accreditation, customers can now expect a high and consistent level of service and security from vendors.
- The recent partnership between EHNAC and DirectTrust specifically addresses the need for accrediting Healthcare Information Service Providers (HISPs). The partnership’s Direct Trusted Agent Accreditation Program (DTAAP) sets technical and legal standards for HISP trust, security and privacy, as well as such things as high availability and reliable operations.
- The establishment of best practices for HISPs promoted by the ONC helps ensure that “individuals, providers and provider organizations can participate in directed information exchange with confidence.”
- In May 2013 the ONC released guidelines for Direct Project implementations to “assure security and interoperability” among vendors.
When the time is right, transformation can happen rather quickly, and for the Direct Project, it seems as if that time is now. Healthcare’s Wild West is indeed being tamed and the community is rallying around this greater connectivity to bring about some much needed order. The result is healthcare data that can be rapidly transmitted to where it needs to go, elimination of costly paper-based processes, and the promise of measurably better outcomes for patients.
Bob Janacek is the CTO and co-founder of DataMotion, an established cloud-based secure data delivery provider and HISP. Millions of users worldwide rely on DataMotion to transparently improve business processes and reduce costs, while mitigating security and compliance risk. The company’s core DataMotion Platform provides Direct Project HISP services as specified in meaningful use Stage 2.