Best Practice and Reference Implementation Vignettes
Jump to navigation
Jump to search
The Direct Project Reference Implementations
To drive adoption of the Direct Project specifications as quickly as possible, members of the community have worked together to create two Reference Implementations of the essential software required to run a "Health Information Service Provider". One implementation is written in Java, the other using the C#/.Net collection of tools. Both are licensed under the "BSD" software license, a very simple license that allows commercial software vendors to incorporate these works into their own products without further obligations, or anyone else to use and modify to meet their needs. The development process, like everything else on the project, was conducted in the public from the very start, so that a wide audience could inspect the work and offer improvements and additional quality control. One example of this was a small group that worked to make it easy to install the implementations in a cloud-hosted environment, called the "Bare Metal" project. The software is still being prepared for a 1.0 release, but has reached "code-complete" for the most essential pieces (the gateway, the agent, and the configuration interface) and is now ready to be implemented by the pilot projects.
Participants in this voluntary effort have included Allscripts, Cerner, Cryptiq, Epic, Garden State Health Systems, GE, Harris, MedAllies, MedNet, MedPlus, Microsoft, MedFX, RelayHealth, Siemens, Surescripts, and Techsant Technologies. We are always glad to see new volunteers interested in continuing to evolve and improve the platform.
_
Best Practices
The Best Practices Workgroup take recommendations from the various ONC committees and workgroups and attempts to synthesize a set of "best practice" recommendations for organizations participating in the Direct Connect pilots. After the completion of the pilot phase, we will analyze these recommendations to determine how effective and workable they are in the real world, and to keep them aligned with ongoing ONC recommendations that accompany the release of Stage 2 and Stage 3 Meaningful Use and other regulations that govern Health Information Exchange.
Our initial focus is to make the Direct Project as simple and easy to implement as possible for the various pilot projects, while doing our best to keep aligned with the emerging recommendations from the HIT Policy Committee, the Privacy and Security "Tiger Team" and other ONC workgroups. We believe that Direct Connect is an exemplar for "Directed Exchange" as defined by the Tiger Team, and we have defined our practice recommendations with Directed Exchange as the paradigm.
We encourage appropriate experimentation during the pilots, since our list of recommended practices will not be all-inclusive nor overly detailed, and since many of the ONC recommendations are not yet in regulatory form. We intend to learn from the pilots, and refine our practice recommendations as we go forward.
Current areas of focus on best practices for HISPs include:
To drive adoption of the Direct Project specifications as quickly as possible, members of the community have worked together to create two Reference Implementations of the essential software required to run a "Health Information Service Provider". One implementation is written in Java, the other using the C#/.Net collection of tools. Both are licensed under the "BSD" software license, a very simple license that allows commercial software vendors to incorporate these works into their own products without further obligations, or anyone else to use and modify to meet their needs. The development process, like everything else on the project, was conducted in the public from the very start, so that a wide audience could inspect the work and offer improvements and additional quality control. One example of this was a small group that worked to make it easy to install the implementations in a cloud-hosted environment, called the "Bare Metal" project. The software is still being prepared for a 1.0 release, but has reached "code-complete" for the most essential pieces (the gateway, the agent, and the configuration interface) and is now ready to be implemented by the pilot projects.
Participants in this voluntary effort have included Allscripts, Cerner, Cryptiq, Epic, Garden State Health Systems, GE, Harris, MedAllies, MedNet, MedPlus, Microsoft, MedFX, RelayHealth, Siemens, Surescripts, and Techsant Technologies. We are always glad to see new volunteers interested in continuing to evolve and improve the platform.
_
Best Practices
The Best Practices Workgroup take recommendations from the various ONC committees and workgroups and attempts to synthesize a set of "best practice" recommendations for organizations participating in the Direct Connect pilots. After the completion of the pilot phase, we will analyze these recommendations to determine how effective and workable they are in the real world, and to keep them aligned with ongoing ONC recommendations that accompany the release of Stage 2 and Stage 3 Meaningful Use and other regulations that govern Health Information Exchange.
Our initial focus is to make the Direct Project as simple and easy to implement as possible for the various pilot projects, while doing our best to keep aligned with the emerging recommendations from the HIT Policy Committee, the Privacy and Security "Tiger Team" and other ONC workgroups. We believe that Direct Connect is an exemplar for "Directed Exchange" as defined by the Tiger Team, and we have defined our practice recommendations with Directed Exchange as the paradigm.
We encourage appropriate experimentation during the pilots, since our list of recommended practices will not be all-inclusive nor overly detailed, and since many of the ONC recommendations are not yet in regulatory form. We intend to learn from the pilots, and refine our practice recommendations as we go forward.
Current areas of focus on best practices for HISPs include:
- Guidance on how HISPs should address their legal status (HIPAA and Business Associate questions)
- Recommendations on how to maintain appropriate security (policy and technology questions)
- Suggestions for meeting transparency and data retention recommendations
In addition to these HISP organizational issues, we are also working closely with the Privacy and Security Workgroup to define best practices for use of the digital certificates that encode the "trust fabric" necessary for secure and trusted exchange. We have proposed answers to such questions as:
- How should a community of users create, discover, and utilize "trust anchors" to validate user's certificates?
- Should certificates be issued at the user level or at the organizational level?
- What are the appropriate minimum identity and authentication requirements for end-users in a community?
- What is the appropriate lifetime for Direct Connect digital certificates?
- How should Direct Connect "universal addresses" be constructed?
- What about re-use of existing e-mail addresses and/or existing e-mail clients?