Documents module

mdsupport wrote on Saturday, June 22, 2013:

How is the Direct Project more secure than what has been attempted with OpenEMR?

Sorry for my ignorance but what has OpenEMR currently attempted that does secure messaging with patients?

(fax)… This method is far more secure and superior to the example given in the white paper.

You are correct as long as you:

1. Accept US govt as a authority that both you and the Neurologist trust.

• Accepted that all telcos under FCC oversight will not look into the fax tranmission.

• Expect the telco(s) to deliver your fax to and only to one number that your staff dialed.

In reality, the only really secure process is to have your patient come to your office, pick up the results and take to the Neurologist. But typical physicians in our community do not do that.

The vast majority of my patients have no interest in obtaining their health records electronically.

We are glad that you are in that situation but many other practices spend significant amount of time (and employee salaries) in managing communications with patients. So we end up looking for ways to make it better for patients and the practices.

if one does not understand an investing instrument, for example, a collateralized debt obligation; don’t invest with it.

We have a different view about these new options which we consider to be office rather than investing instruments. Thankfully we all have the choice to choose our poison when it comes to MU, HIPAA and related stuff.

Finally, Vikram - sorry for hijacking this thread. This is the last post for me.

fsgl wrote on Sunday, June 23, 2013:

Considerable effort went into the module for HTTPS setup and SSL certificate creation; therefore, the question remains, how is the Direct Project more secure?

The Direct Project is an initiative of the Department of Health and Human Services. By implication, the United States government and the Department of HHS are more virtuous and trustworthy; while speaking about fax transmission, the same federal government and its agent, the Federal Communications Commission, are less virtuous and less trustworthy. That is devoid of common sense. The stated reason for the National Security Agency’s surveillance program is protection of the country. Until there are confirmed reports that there are other purposes to this program, I deem the fax mode of information transmittal to be more secure. If this public-private collaboration results in the emptying of my patients’ bank accounts, my office is prepared to add another layer of security by our hand delivery of the documents to other offices.

The first person, singular pronoun was used in the prior posts because I do not presume to speak for the entire physician community. The term “old folks” was also used because I understand that younger physicians don’t have the luxury of early retirement nor the option of non-compliance with Core Measure 7. My medical practice is privileged and unique, but that does not preclude my appreciation of the fact that fellow physicians must grapple with the challenges of that Measure.

The investing analogy is apt because should I implement a method of medical information transmission without fully understanding the risks, it would be an abrogation of responsibility to my patients; and to do so merely on the word of a nameless, faceless stranger would be incredibly foolish.

Difficult and probing questions should be asked in the exploration of solutions to meet the requirements of Core Measure 7, even if that process is unpleasant.

bradymiller wrote on Monday, June 24, 2013:

Hi,

Something to consider here is to have the offsite portal (ie. Z&H) support tunnels/vpn. Thus rather than an OpenEMR instance needing to be public on the internet for Z&H’s portal to communicate, they could do so via a secure/private/encrypted channel. Of course, this would likely drive the free portal into fee territory, but then would at least have the option of a patient portal without needing to place your openemr instance on the web.

Regarding direct, this is available in OpenEMR in the development version from the patient portal or from the Patient Report screen ( http://www.open-emr.org/wiki/index.php/Direct ). This is generally going to be used to send records between institutions/clinics but can be used to send to patients; I am super simplifying this, because whom is allowed to talk to whom is actually very complicated and not very well worked out at this point. http://www.healthit.gov/policy-researchers-implementers/direct-project

-brady
OpenEMR

zhhealthcare wrote on Wednesday, June 26, 2013:

Brady

I had a discussion with Kevin at one point to design a solution that he was comfortable with for the VPN/Tunnel of OpenEMR. We were hoping that he would do it, of course at a price, since he seems to have clear ideas about it. We didnt want to start something on that and then end up having to rework on the whole thing

This is a shout out to you, Kevin, to reengage

Shameem
ZH Healthcare

yehster wrote on Wednesday, July 03, 2013:

Shameem,
Because the third-party portal is closed sourced, I don’t think I could do an adequate job trying to secure it. Since your team has full access and a better understanding of the intricacies of the portal’s communication mechanism, they would likely do a better job than me.

zhhealthcare wrote on Wednesday, July 03, 2013:

Kevin,

Thank you. When we did not hear back from you, we started developing a solution and testing it out. Hope to have something for you guys to review soon

lcmaas3 wrote on Saturday, July 06, 2013:

Hi all,

I will try to explain a little about Direct messaging to help clarify the hows and whys a bit.

First off, I want to be fully transparent to the OpenEMR community. I am a physician and also the CTO of EMR Direct, a small company whose main focus is Direct messaging. We work on both the EMR integration and technical side and the credentials and trust side of Direct messaging.

Several months ago, we contributed code to the OpenEMR project to provide a tie-in to our Direct messaging infrastructure so that OpenEMR users could easily enable Direct messaging for their providers (both send and receive) and for their patients through the patient portal (send only). All three of these are requirements for OpenEMR to achieve MU Stage 2 certification.

What is Direct?

At the simplest level, Direct messaging is a variation on S/MIME secure encrypted email. Every participant is issued a Direct Address (which looks just like an email address, but usually includes the word “direct” in the domain part somewhere). You will undoubtedly start to see these addresses show up in the provider community. These addresses can be issued to individual providers, clinics, hospitals or hospital departments, other healthcare related companies, and patients. People call it Direct messaging, Directed exchange, Direct Secure Messaging (DSM), but these all mean the same thing. The standard was developed by a volunteer workgroup known as the “Direct Project” under the guidance of ONC (the same folks that write the MU2 certification criteria).

Every Direct message is digitally signed by the sender to ensure its integrity (a built-in hash confirms that there were no erroneous changes while in transit) and ensure its authenticity (a recipient knows where the message came from by looking at the signature). The message is then encrypted for confidentiality and delivered to the recipient. Only the recipient can decrypt the message. Unlike HIE-style exchange, Direct is a “push” technology; there is no central repository of data.

How does it work?

Each Direct Address is tied to a digital credential, a specific type of X.509 security certificate, and each participant has a public key and private key for encryption/decryption and signing. So there is no need for pre-shared secrets or private networks. The public key lets other people communicate with you. The private key lets you (and only you) decrypt messages sent to you and digitally sign outgoing messages so your recipient can be confident about the source of the message. Since everyone is following the same standard, broad interoperability across vendors is possible.

What about trust?

The credential ties together a public key and an identity, so that others can be sure who they are communicating with. The “strength” of these credentials depends on who issues them. This gets to the trust concept that Brady mentions above. A Direct message is transmitted only when the sender and receiver have previously determined that they trust one another. Essentially, you get to decide with whom you will exchange messages, i.e. “who you trust”. This is not unlike your web browser trusting SSL certificates issued by certain companies and not others. Your web browser company or operating system company decided ahead of time which certificate issuers get an “OK” and which get the “warning untrusted site” message.

Where do you get credentials?

A participant can issue its own “self-signed” certificate or it can have one issued by a formal Certificate Authority, like EMR Direct. We participate in larger trust organizations with common standards, so our certificates are already trusted by numerous EHR vendors and health information exchange companies, including Cerner, ICA, Surescripts, Microsoft HealthVault, and many others. If you issue your own credentials, you will have to convince each party you want to exchange with to manually add your credential to their trust stores. In addition to immediate membership into our large multi-vendor trust communities, we also allow our users to add (“white-list”) any additional parties they need to communicate with.

Better than fax?

Yes. First off, fax is not digital; you get a scan of the document. With Direct, you get the original digital document. No smudgy lines, low resolution degradation, missing pages, etc. Color images, high-resolution EKG tracings, radiology snapshots, and more can be included. Second, Direct can carry the new common CCDA transition of care documents as a payload, so you can transmit a full summary of care to an ER, or receive discharge summaries from your local hospital, or a patient can use the patient portal to transmit their records efficiently without bothering your staff. Third, fax numbers get mis-dialed; it’s a fact. Fourth, the delivery confirmation options in Direct are more extensive that what you get with fax. Fifth, it’s required for MU2.

Why isn’t this a free service?

Our objective is to enable hiqh quality digital interoperability at the lowest cost. You might ask “why wouldn’t I just build it myself? It’s just S/MIME, right?” The biggest reasons are the ongoing care and feeding required to issue and manage certificates and operate a Direct messaging infrastructure. You have to meet minimum standards regarding collection and verification of identity documents and management/security of your credentials before most other Direct participants will exchange with you. And you will have to maintain a proper credential infrastructure (timely updating of Certificate revocation lists, renewals, etc.) to keep your Direct messaging services operational. To ensure interoperability across vendors, extensive cross-testing of the technology is required. To make sure you can communicate broadly with other physicians, patients, and hospitals, active management of trust relationships is necessary. We have spent a lot of time to make sure we do these things right.

I invite anyone with additional questions or with an interest in enabling Direct with OpenEMR to continue this thread or contact us directly at “support at emrdirect dot com”.

Luis Maas III, MD, PhD
CTO, EMR Direct