Written by: John Lynn
The most promising healthcare data exchange I see coming is the Direct Project. Sure, it’s not the nirvana of health information exchange, but it’s a really reasonable step in the right direction. Plus, it’s something that’s feasible and achievable.
Aaron Stranahan wrote a great post on the ICA HITme blog which talks about a key characteristic of the Direct Project.
Earlier I mentioned that whitelists were only half the story. Rather than create a whitelist as a list of addresses, Direct focuses on which third parties (or CA’s) an organization trusts to vouch for addresses. In this way, a “circle of trust” can be created without the administrative overhead of listing out every address unless an organization really wants to. Instead, each organization exchanging Direct messages can decide for itself with which entities, and by extension the processes they represent, they’ll interact.
As you may have guessed, building a whitelist of CA’s involves key exchange. In this case, your Direct service provider, aka “HISP,” will collect the public key, for whichever third parties you trust, to sign off on messages you will receive. In the world of Direct, these public keys are called “Trust Anchors” as a nod to the idea of the circle of trust these third parties represent.
So, that’s it- Direct is about whitelists, but with a twist that simultaneously reduces administrative burden and ensures that messages are encrypted following best practices. It’s a whitelist on steroids! Next time someone asks why they can’t send a Direct “email” message to their gmail account you’ll know it’s because gmail isn’t in your organization’s circle of trust.
One of the biggest challenges to any HIE program is knowing who everyone is and in whom you trust. I love the way Direct Project is approaching this “Trust Circle.” It’s reasonable and is a major reason why I believe that Direct Project will be a major success. I’ll be glad once every EHR vendor supports the Direct Project.