From the January/February 2016 issue of HealthCare Business News magazine
Navigating security challenges
Navigating these emerging security challenges means establishing standards for implementation of emerging technologies, such as Fast Health Interoperability Resources (FHIR), direct messaging and collaboration between vendors and stakeholders.
Establishing standards.
The Cybersecurity Act was signed in December 2015 as part of the omnibus spending package. One takeaway from this is the requirement for the Department of Health and Human Services to enact a cybersecurity task force composed of government, public and private stakeholders. The task force must quickly develop a plan to assess cybersecurity risks and identify EHR interoperability issues.
Prior to the Act’s passage, the ONC Health Information Technology Policy Committee, the Centers for Medicare and Medicaid Services, and the Certification Commission for Healthcare Information Technology have focused on EHR functionality.
Implementation of emerging technologies.
As health care continues to grow in size and complexity, security requirements are constantly evolving. We are seeing the development of technology, such as FHIR, Direct exchange, XML and APIs, to meet these changing needs.
FHIR is the next version of HL7. It is much easier to implement because it uses a modern Web-based suite of API technology (mobile apps and cloud technology). FHIR is composed of modular components, known as “resources," which are integrated into clinical and administrative working systems suitable for use in a wide variety of situations.
Direct exchange is a secure HIPAA-compliant way to exchange personal health information electronically, peer-to-peer. Direct exchange allows applications, such as EHRs, to send messages and attachments (files) to individual endpoints using any other application via a direct address assigned by a Health Information Service Provider (HISP). Messages and attachments are encrypted during their entire journey, and the end users’ identities are validated cryptographically.
Collaboration.
As consumers take a more active role in the integration process, it is no longer acceptable for vendors to block collaboration. As a result, vendor representation within government, public and private collaborative efforts is steadily growing. This has helped to create programs such as Direct Project, the Argonaut project and DirectTrust.
The Direct Project, launched by the ONC in 2010, required all EHR technology certified for use within Meaningful Use programs to be capable of sending and receiving messages and attachments according to the Direct protocols. This means that Direct, a method for the exchange of health information, is available to almost all eligible providers attesting to Meaningful Use. T
