June 10, 2011
Choosing a Direct HISP
As the Cerner Direct team has been working with our pilots, continuing to tweak our Web Inbox and HISP (Health Information Service Provider) services, and responding to RFPs, our whiteboard has been filling up with thoughts about what we’d look for when choosing a Direct HISP. It’s time to put those thoughts in a blog post.
To be clear, our notes aren’t about choosing HISP software/services from a third party in order to become a HISP. Rather, they’re for organizations that intend to sign up with a service provider and begin securely exchanging health information, leaving the infrastructure build-out and maintenance to an organization that’s making a business of offering the services. In that sense, we’ve been thinking along the lines of choosing a cable provider or telecommunications carrier.
So, if you’re still reading this, you’re probably considering using Direct to start exchanging information across organizations and with your patients. And maybe you’ve even researched the development of the Direct Project communication standards. Now what?
The Obvious Questions
Like any other decision to subscribe to a utility, we think it’s prudent to go through your standard evaluation questions:
What is the financial viability of the company offering the HISP services?
Are customer references available?
How are the services priced?
How long has the company running the HISP been in (the health care) business?
How long has the company been in the secure communications line of business?
Where you weight these evaluations is dependent upon your organization’s appetite for risk and valuation of communicating via Direct.
This is a tricky one for us. As software architects and engineers, we’re very curious about how things are accomplished technically. So we have to remind ourselves that this blog post is not about buying/acquiring software to start a HISP business, it’s about gaining access to a set of HISP services. With that in mind, asking whether the HISP uses LDAP or Java seems similar to asking your telecom provider whether they use short-mast cell sites or camouflaged monopoles. It’s probably better to stick to the “what” than to dive into the “how." (Even though we really are curious…)
What’s in a name? In our minds, your organization’s “brand” is vitally important for all sorts of reasons, so we’d definitely want to know the answer to:
Does the HISP enable you to define your own Direct email domain that is yours to keep?
We believe a HISP should offer you the choice of defining and using your own domain name to use in providing a universal, Direct email address to your users.
You will count on your HISP to deliver your secure messages, and to let you know when it can’t. With the nature of email, guaranteed delivery of messages can be complicated, especially with the unique security constraints the Direct Project introduces.
Does the HISP guarantee delivery of messages?
Without storing or analyzing the message content, a HISP should track the actions of every message sent or received through it and relate message delivery notifications (MDNs) and replies to the original message. According to section 3 of the Direct Project Applicability Statement, every HISP must send a processed MDN once trust has been verified. If a HISP does not receive a processed MDN in a timely manner, it should proactively send standard email bounce messages to the sender to inform them of the inability to deliver; therefore restoring the typical email system quality of service your end users expect.
How does the HISP guarantee messages have been accepted by the recipient's HISP?
We also recommend email clients and end users take advantage of standard read receipt functionality. When used by both the sender and receiver, this provides additional validation the message was received.
Does the HISP audit all messages?
Every message sent or received through a HISP should be logged and be available for audit in a secure way. In addition, if the HISP offers a user interface to manage messages, it should include auditing for HIPAA disclosure and security. Audit events should be logged when messages are sent, read, printed, exported, and when attachments are opened.
Does the HISP provide reports on message throughput?
Message throughput reporting provides you useful insight into the communication patterns occurring in your community. Can the prospective HISP provide the capability to review information like number of messages sent, number of messages received, percentage of 1 way messages vs. 2 way conversations, etc.?
Leadership and Experience
We feel it’s important to align yourself with a utility provider that possesses the knowledge to help you lead effective and complete information exchange efforts. We’d also prefer our HISP to be involved in standards setting and proving. Ask these types of questions to determine whether the company can deliver:
Is the HISP part of the Direct Project Implementation Group?
Did the HISP participate in any Direct Project pilots?
Does the HISP contribute code or expertise to the .Net or Java reference implementations?
Selecting a partner that has a wide range of services and experience within the interoperability space will help you better meet the varied needs of your organization, regardless of where it is on the technology adoption spectrum.
Trust is a foundational principle on which the Direct Project is built and continues to be a hot topic for debate on how to establish and retain trust between HISPs and communicating endpoints.
How does the HISP verify the identities of those with Direct email addresses for which it serves and ensure they are involved in Treatment, Payment, or Operations (TPO)?
A stringent process is required for identity verification to comply with any proposed governmental policies related to the Direct Project. In general, this means that an authorized administrator or representative has verified the individual's identity face-to-face. From a healthcare professional standpoint, the individual must be employed by an organization or individual that is involved in TPO. Beware of HISPs supporting applications that allow for “ad hoc” invitations to be sent to other users to join the Direct network in a “receive-only” Direct account fashion. In this scenario, who vouches for that recipient’s identity to ensure they are who they say they are, and that they are in fact a healthcare professional? Trust is essentially lost in that model.
Does the HISP meet the minimum requirements specified by the Direct Project Applicability Statement?
To ensure safety and standards compliance, the HISP can implement the Direct Project Java Reference Implementation of the Direct Project Security and Trust Agent and the Direct Project DNS server implementation for discovery of certificates (both of which we have contributed the majority of existing open source code).
Is the facility in which the HISP is operating HIPAA-enabled and ISO 9001:2000-certified?
Does the HISP scan every attachment for viruses?
Every Direct message should be scanned and any infected attachment removed before the email is delivered to the recipient. Yes, your systems are susceptible to many of the same attacks as regular email, and a good HISP will help protect you!
More to come
The above list is not intended to be exhaustive, rather to highlight some of the thoughts we’ve had about how to determine whether a HISP can create a trusted and reliable mechanism for your users within the community you serve. Similar approaches to objectively evaluate HISP providers are being assembled across several of our fellow Direct Project community members (e.g. Rhode Island Quality Institute www.riqi.org).
We’ll likely revisit this topic over time, as the list of important factors tends to ebb and flow to match the latest thought leadership and agreed upon best practices. Powerful and simple information exchange is at your fingertips with the right Direct HISP as your partner. Hopefully, this helps you choose wisely.
Great! We can erase that portion of our whiteboard now. Maybe we’ll use the newly available space to compare and contrast the value/applicability of local utilities with national ones.