Wednesday, November 19, 2014
The electronic exchange of personal health information (PHI) is governed by regulations such as HIPAA and the HITECH act, which require adequate security to protect information in personal health records from accidental or malicious public disclosure. In addition, regulations seek to encourage electronic health information exchange to both improve the quality of patient care and reduce costs.
For dentistry, basic email encryption is a viable, frequently used technology to meet HIPAA security requirements for data in motion. It’s also possible to use proprietary email encryption services to exchange PHI. Unfortunately, basic email encryption has multiple shortcomings that limit its value, particularly when sharing clinical information, a focus of the HITECH act. This includes a lack of vendor interoperability and identity validation.
These shortcomings were recognized by the US Department of Health and Human Services. The result was a new approach, defined as the Direct Project, which developed a standardized method for health information exchange known as Direct Secure Messaging.
The “Direct” Solution
Direct Secure Messaging is a national encryption standard for securely exchanging clinical healthcare data via the Internet. Direct is designed to go beyond HIPAA security and compliance, and do much more than proprietary email encryption services to cut costs and improve quality of care.
On the clinical side, Direct can address gaps in transitions of care; a point of vulnerability that can compromise quality of care. On the business side, Direct matches the efficiency of generic email encryption by reducing or eliminating costs and effort associated with unwieldy fax-based workflows. It provides benefits including:
- One unified standard that all systems and service providers can leverage
- HIPAA compliant security and privacy protection of PHI
- Improved communications between providers
- Easily sent and received referral information
- Efficient report exchange
- Ease of sharing patient information
- Improved practice workflow and related cost reduction
How does Direct Secure Messaging work?
In many ways, Direct is implemented and used just like email. It can be incorporated into user interfaces such as an email client, mobile device, healthcare IT system portal, or as an automated data delivery feed. Healthcare IT systems, such as electronic health records (EHRs), also can integrate Direct in multiple ways, depending on the desired workflow.
To use Direct, both senders and recipients need Direct Secure Messaging email addresses, provided by a Health Information Service Provider (HISP). This term has been used by the Direct Project both to describe a function (management of security and transport for directed exchange) and an organizational model (one that performs HISP functions on behalf of the sending or receiving organization or individual).
HISPs issue Direct Secure Messaging addresses and attach certificates that validate sender and recipient identities. They also provide the back-end power to make sure messages are delivered securely to a Direct-enabled recipient. Responsibilities include:
- Providing Direct email addresses
- Enabling backbone transport for HISP to HISP communications
- Issuing and managing digital certificates to establish trust
- Packaging message contents using Direct standards and specifications
- Encrypting content and attachments to secure confidentiality and integrity
- Ensuring authenticity of sender and recipient
Every HISP is required to interoperate in order to efficiently exchange secure messages. A HISP accreditation process established by the Direct Trust and the Electronic Healthcare Network Accreditation Commission (EHNAC) helps ensure individual HISPs are in compliance with messaging specification and service delivery.
Practical Uses for Direct Secure Messaging in Dentistry
The American Dental Association Standards Committee on Dental Informatics has evaluated Direct Secure Messaging for use in the industry. The following are examples where Direct could be used to meet both HIPAA security regulations, and HITECH efficiency for PHI exchange.
Use Case #1:
A general dentist has taken several radiographic exams of a patient and some preliminary dental examination data. The general dentist wishes to refer the patient to an endodontist for final diagnosis and treatment of an acute pain problem.
Use Case #2:
A general dentist has found a suspicious lesion on the ventral surface of a patient’s tongue. The general dentist has taken several intraoral photographs and saved them to the office digital imaging system. The general dentist also has performed an excisional biopsy of the area and submitted the specimen to an oral and maxillofacial pathology service.
Use Case #3:
A general dentist has taken a FMX and panoramic radiographic exam. Upon interpretation, the general dentist identifies a suspicious radiolucency in the patient’s mandible. The general dentist would like to send the images to a maxillofacial radiologist for interpretation along with a request that the radiologist conduct any indicated additional imaging studies.
Use Case #4:
A general dentist has been requested to send all radiographic images for a specific patient to a forensic odontologist to facilitate a post-mortem identification.
Use Case #5:
A periodontist has been referred a patient for surgical placement of an implant. The periodontist has taken a radiographic exam including a panoramic x-ray and individual periapical x-rays of the intended site. The periodontist would like to send these radiographic images to a maxillofacial radiologist for an interpretative report and a CBCT for routine implant planning and surgical guide design.
Summary
Positive outcomes are the progression of the best minds sharing and interacting to find the best course of treatment. Healthcare providers who incorporate Direct Secure Messaging into workflows gain a secure, interoperable and efficient communication tool to improve dialog between patients and care teams, while meeting regulatory requirements, government mandates and in some cases the benefits of financial incentives.
For dentistry, the adoption of Direct Secure Messaging can ultimately provide a higher level of care and better outcomes; a scenario all involved clearly want and are trying to achieve.