Wednesday, September 7, 2011

The Direct Project – Underlying Technology

As mentioned in our earlier post The Direct Project - Gluing EHR's Together , according to HHS.gov, the goal of the Direct Project is an:

“Easy-to-use, internet-based tool that can replace mail and fax transmissions of patient data with secure and efficient electronic health information exchange”

The title of that post may have been a bit misleading, since it left out the healthcare consumer (formerly called the “patient”). The consumer is a key player in all of this. In any case, how does the Direct Project team propose to attain this goal? One of their disclaimers states that the Direct Project:

“Focuses on the transport of health information”, not the larger issue of interoperability. Interoperability has three prerequisites:
  • Transport: How messages will be sent and received (Direct Project)
  • Semantics: The structure and format of their exchanged content (e.g. CCD document)
  • Vocabulary: What terminology/coding systems will be used (e.g. SNOMED)

The Direct Project only addresses transport – packaging the content of messages, securing it, and transporting it from a sender to a recipient. Also, it leverages technology that is already widely-used. Four criteria are focused on:
  1. Packaging message content
  2. Confidentiality and integrity
  3. Authentication of sender and receiver
  4. Routing
Those criteria are addressed as follows:
   
1. Packaging: The Direct Project uses MIME with optional XDM. MIME is a widely-used universal standard for email. Cross-Enterprise Document Media Interchange (XMD) is a “push” technology devised by the IHE consortium that complements their existing XDS Integration Profile “pull” technology for cross-enterprise document sharing by providing for transfer of confidential health information via email, CD-R and USB memory devices.

XDM focuses on managing the interchange of documents that healthcare enterprises (from individual physicians up to multi-hospital systems) have decided to share between the patient and the patient’s care providers, or between care providers. This enables better interoperability between Electronic Health Records (EHRs) and Personal Health Records (PHRs).

2. Confidentiality and integrity. Message content is kept confidential through S/MIME encryption and signatures. S/MIME is a standard for public key encryption and signing of MIME data.

3. Authenticity of sender and receiver. X.509 digital signatures are used.

4. Routing. Message routing is handled via SMTP.

None of this stuff is revolutionary technology. It can be obtained through open source libraries and there are commercial products like ZixMail that already meet these criteria. The benefit will be its adoption as a widely-used standard. To learn more about the technical details, the Direct Project's technical specification is available on-line.