The Office of the National Coordinator for Healthcare Information Technology’s (ONC) Direct Project was launched in March 2010 to standardize the technology and services necessary to securely push patient data from a sender to a receiver, but there have been some snags along the way it’s been in need of a jump start.
Back in 2010, Direct Project was often seen as a stopgap to health information exchange (HIE) and there are more than 200 participants from more than 50 different organizations. Though it seems as though the project has been on the back-burner of late, DataMotion recently filed a provisional patent that it thinks can help users make better use of the Direct Project technology.
ONC built the Direct Project as part of the Nationwide Health Information Network (NHIN). It has also been referred to as Direct protocol or just “Direct”, on S/MIME (Secure/Multipurpose Internet Mail Extensions) to give physicians more EHR meaningful use choices. S/MIME is innately tedious in that requires both the sender and recipient to present S/MIME certificates from an in-house certificate authority (CA) or a public CA that help encrypt data and serve as a digital signature. A good way to describe digital certificates would be as an ID card, such as a driver’s license or passport.
As DataMotion co-founder and Chief Technology Officer Bob Janacek explained, Direct Project took these digital certifications to the server level and used directory lookups to find users’ certifications and keep burden from those users.
“[Direct Project] makes it easier, but users still need a certification before they can communicate and 99.9% of patients don’t have a certification today,” Janacek said. “That’s a lot of enrolling before they can participate, they’re trying to get docs on and get certificates on EHR systems and get doctors to communicate.”
Because of the need for solid communication, standards need to be put in place to ensure security, Health Insurance Portability and Accountability Act (HIPAA) compliance. However, these standards mean S/MIME has never been able to scale successfully.
“If S/MIME is going to extend reach and incorporate providers and patients, it needs to be agile and not collapse under its own weight, which it has never proven to do,” Janacek said. “Our goal isn’t to replace the Direct Project – it’s to make it more agile.
DataMotion’s “Method and Apparatus for Securely Communicating Using Public/Private Keys” patent is supposed to target two key areas: Simplifying the certificate application process, single-sign on (SSO) capabilities and scalability. When a sender’s EHR data goes out toward the recipient, it lands in a secure holding area that doesn’t allow access until they’ve provided credentials. For example, a doctor will be able to send a patient information via email without the patient already having enrolled for a certification. Once they’ve received the certification, they can pull the message from the holding area.
The hope with the patent is that this makes HIE more efficient between healthcare providers and patients and fellow providers. DataMotion is already a platform as a service (PaaS) company gives users the opportunity to use a single-sign on with a consistent security model for their Direct Project data and other systems such as Exchange or DropBox. Using PaaS also make the technology scalable for small practices and clinics.
“They have access to the same technology that the larger organizations do and that levels the playing field, “Janacek said.
According to Janacek, the technology will work on any type of EHR interface and the patent application process and technique incorporation can last two years.