Session Notes 5

From Direct Project
Jump to navigation Jump to search

Session 5: Provider Directories

4/12/11: 3:00 --4:15PM

Session Objectives

  • Discuss provider directory strategies in the Direct context, including:
    • How provider directories are supporting exchange in Direct pilots
    • How providers access them
    • How information is managed and kept current


Presenters/Panelists

  • Kim R. Pemble, MS, CPHIMS, Executive Director, WI Health Information Exchange (WHIE)
  • Linda Syth, COO, Wisconsin Medical Society
  • Vincent P. Lewis, Principal Architect, MedAllies Consultant
  • Russel Weiser, Senior Consultant --Product Mgmt./Dev. Identity/Access Management, Verizon Business Inc.
  • Mike Weber, Manager – Product Management/Development, Verizon Business Inc.

Introduction, Kory Mertz

  • Provider directory definition: Electronic, searchable resource that lists all information exchange participants, their names, addresses, and other characteristics.
  • What is the value proposition of provider directories?
    • Enables secure point-to-point messaging,
    • Reduces demand on providers to respond to multiple requests to enter information and update information on provider directory capabilities


  • Evolution of Provider Directories - provider directories can evolve as grantees develop more complex data exchange capabilities
    • Manual look-up: human-readable directory
    • Machine readable directory: supports direct and networked point-to-point message exchange


  • Varied sources can be used to populate a provider directory (Medicaid, licensing boards, clinics, payers, professional associations, etc.)
    • Align data sources for directories to business interests to ensure relevance and accuracy.


  • Information Exchange work group (IEWG) produced provider directory use cases and recommendations
    • Looked at who are the users of a provider directory, what are the functions, what are the operating requirements


  • S&I Provider Directories Initiative will launch in May 2001. It will focus on:
    • Standard EHR API
    • Standard data model (corresponding to the API)
    • (Eventually) standardized approach for federation/national access


  • Requirements of provider directories associated with Direct:
    • Direct address has to be issued by a HISP
    • Certificates must be discoverable


  • Other functions that are not requirements, but may be useful for exchange include:
    • Consumable messages for the recipient
    • Communication mode definitions
    • Query functions that allow for address searches by name, specialty, place of practice, etc.


Presentation 1, Kim Pemble and Linda Syth, Wisconsin

  • Wisconsin’s goals:
    • Address “white space”
    • Leverage existing assets in WI - thinking about applications for tomorrow
    • Reuse and don’t duplicate
    • Emphasis on workflow
    • Separate process from data


  • WI Current State:
    • Current provider directory is facilitated via the WI Medical Society’s DRConnection


  • Conceptual Model
    • DRConnection has over 900 data elements
    • HISPs have their own pieces of the directory
    • Operational provider directory can be extracted out of this large database
      • May be twice a day, every hour...



  • A number of provider directory fields are under consideration
  • How these fields look is critical to the exchange
  • Providers with more than one Direct address
    • This increases the complexity significantly


  • The ability to search “local” and “global” lists becomes automated.
  • HISPs maintain their own audit trails of communications
  • It is too challenging for one entity to take on the responsibility of working with all HIPAA providers in a region to maintain their information.

Presentation 2, Vincent Lewis, MedAllies

  • MedAllies has a phased approach to meet the HISP requirements of maintaining a Provider Directory
    • Three phases
      • Phase 1 - Reference implementation
        • Does routing very well
        • Doesn’t do look-up (this is done out of band)
          • Certificates are also done out of ban


        • NY Pilot - implement the reference implementation - essentially, issuing certificates


      • Phase 2 - IHE-based Maintenance
        • Provider Directory information, including endpoints and Direct addresses, are maintained in relational databases
        • MDM - Master Data Management database allows for unique ID of providers and their practices, linked with their Direct addresses.
        • Authorized user information includes credential information and other identifiers sufficient to identify the provider


      • Phase 3 - National Provider Directory
        • MedAllies will be following the developments of the HIT Policy Committee for national direction




Presentation 3, Russel Weiser and Mike Weber, Verizon

  • S/MIME and PKI Challenges
    • This is not the first group looking to figure out how to solve these issues.
    • Encrypting and digitally signing certificates
    • There are actually two certificates required: One for digital signing and one for encryption
    • Sending a message to multiple people requires encryption by multiple agents


  • Key Management
    • This can be expensive
    • How do you:
      • Deal with lost keys
      • Revoke keys
      • Configure email clients



  • Dealing with “Trust Anchors”
    • Use of too many anchors can cause interoperability issues
    • There are “weakest link” issues with trust anchors.


  • Centralized Trusted Entity
    • Creating something like a “White Pages” for providers
    • Subscribe everyone to this environment (similar to Gmail) and use a centralized web portal
    • Trust can be challenging with respect to individuals and establishing identity.
    • Challenges keeping private keys secure
      • If someone gains access to the private key, they can “spoof” a doctor and act as him or her. Keeping these keys in the cloud can help to mitigate this risk.



  • Cloud-based Solutions
    • Directory
      • LDAP - Lightweight Directory Access Protocol
      • Network directory - public (extranet) and private (intranet)



  • Tradeoffs -
    • You want to get to a national approach for provider directories to improve the chances of rapid adoption and integration.
    • Private and public key issues would also be reduced because of central management.


FAQ Session

  • It’s important to parse the problems, e.g., creating a scalable approach to certificate management or maintaining accurate information on providers
    • HITPC, S&I Framework, and State HIE CoP are existing groups in which states can work through issues


  • LDAP search protocol
  • Question for Kim: Will HISPs be required to do comprehensive auditing?
    • Kim (WI): Doesn’t absolutely know if it will be required, but he can imagine that someone would want to be thorough.
    • Russ (Verizon): Provide PKI to HHS/identity cards and does FISMA audits; and every component is audited (complete record of transactions).

Retrieved from "https://directproject.mywikis.wiki/w139/index.php?title=Session_Notes_5&oldid=749"