Common Practices for HISPs, Accrediting Bodies Established for Security and Interoperability
Last week the Office of the National Coordinator for Health IT (ONC) released the Direct Implementation Guidelines for Assuring Safety and Interoperability. The guide lays out ONC’s recommendations for a common set of policies and practices for security and interoperability for both health information service providers (HISPs) and accrediting bodies. Â The guidelines were drafted following the Direct Scalable Trust Forum last November and serve as an update on prior guidance issued for the State HIEÂ Program.
The ONC’s Claudia Williams, Director, State Health Information Exchange Program, explains in her blog post on HealthIT Buzz the importance of this implementation guide. In her post she says the guide offers a “universal exchange mechanism for Meaningful Use Stage 2 to support care coordination among providers and with patients.”
The ONC summarizes the purpose of the Direct Implementation Guidelines as follows:
Adoption of the consensus policies and practices by voluntary accreditation programs and trust communities and widespread HISP participation in those programs, such as DirectTrust, will enable providers to easily and securely exchange patient health information using Direct irrespective of organizational and vendor boundaries to meet Stage 2 Meaningful Use exchange requirements and overall care coordination needs. ONC strongly encourages HISPs providing Direct services to providers and hospitals for Meaningful Use Stage 2, as well as ONC grantees and their HISP partners, to conform to these policies and practices and participate in accreditation programs and/or trust communities that adopt them.
The ONC summarizes the application of interoperability guidelines as follows:
In using this guidance, HISPs and associated accreditation bodies and trust communities should keep in mind that the fundamental trust basis for Direct exchange is between the initiating sender and the final receiver of information (not between HISPs). A common set of policies will let HISPs automatically recognize each others’ certificates and provide confidence that information will be securely routed to the right recipient, but a provider will ultimately still need to decide to send/receive information to/from another party for patient care or for other reasons allowable under the Health Insurance Portability and Accountability Act (HIPAA).
While the implementation guidelines address recommended policies and practices for provider-to-provider exchange, providers will still need to securely exchange information with patients and their HISPs. To address provider-patient exchange a separate Blue Button certificate bundle been developed.
Read or download the Direct Implementation Guidelines for Assuring Safety and Interoperability here.