tag:blogger.com,1999:blog-4384692836709903146.post6416722553887260575..comments2024-03-27T09:55:23.143-07:00Comments on Dispatch from the Digital Health Frontier: A Secure Transport StrawmanJohn Halamkahttp://www.blogger.com/profile/04550236129132159307noreply@blogger.comBlogger11125tag:blogger.com,1999:blog-4384692836709903146.post-63496097829415265562012-05-15T15:59:41.312-07:002012-05-15T15:59:41.312-07:00I think the only solution for most doctors and oth...I think the only solution for most doctors and other healthcare providers is free Direct email web-portals similar to the Microsoft HealthVault “Message Center” App.<br /><br />Given FAX is still the dominant solution with most healthcare providers, even this is a technological leap.<br /><br />My business specialty is large technology mashups for general users with a lot of emphasis on hand holding and cajoling. I have never worked in core healthcare (lots of 501(c) though).<br /><br />Recently I had an ER event that devolved into multiple surgeons and other physicians. Communications was chaotic, and the majority of the healthcare providers mandated only FAX or hand delivery/pickup of documents (e.g. Hoag Hospital).<br /><br />Based on a web search, I did all the following with free tools:<br /><br />1. Opened a Microsoft HealthVault and enabled their Direct email “Message Center” App.<br />2. Enabled other HealthVault Apps for labs, pharmacy etc.<br />3. Uploaded Blue Button health history files from the VA and CMS.<br />4. Uploaded imaging results from CD’s I obtained from hospitals etc.<br />5. Acquired health histories in digital and paper formats from MD’s and hospitals.<br />6. Used the Mayo Clinic Health Manager and other App’s to enter and upload health histories, doctors, contacts etc.<br />7. Printed and captured HealthVault reports in PDF.<br />8. Received all the provider-questionnaire Fax’s with a computer and used PDF-XChange Viewer to OCR and typewrite the results on to them. In every case, the providers would only accept them by return Fax.<br />9. Deliver everything else (labs, histories, contacts, Advance Health Care Directive etc.) to the involved parties according to their transmission rules.<br /><br />The greatest failure of my solution was that none of the player’s could/would receive or send Direct email. <br />Ironically, if there were <b>free</b> Web-HISP portals like the HealthVault Direct email “Message Center” for healthcare providers, most of the doctors were ready to try encrypted email.<br /><br />I had to deliver the new labs, radiology reports and images to all the doctors by email or FAX as all of them claimed they never received anything. I waited until three days after receiving them all myself.<br /><br />The real world, the virtual world and healthcare bedlam… In 50-years of technology (I started on GE computers in Europe) I thought I’d seen it all. <br /><br />...BrianBrian Mahoneyhttps://www.blogger.com/profile/13608008698212004963noreply@blogger.comtag:blogger.com,1999:blog-4384692836709903146.post-67667985057091116762011-01-12T04:31:44.023-08:002011-01-12T04:31:44.023-08:00Rather than bringing in yet more entites - HISP .....Rather than bringing in yet more entites - HISP ... into the mix as well as complexities of managing security, protocols, connectivity from Email to EHR systems.. Would'nt it be better to transfer information from physician to Patient (portal) and the appropriate information then transferred from Patient portal to the other doc ?<br><br />Ultimately, a Patient needs/owns all the medical history and would be the best one to manage the security of their records. Additionally, it would be easier for all EHR vendors to connect to a Patient portal.Prasad Mokkapatihttps://www.blogger.com/profile/08337432149249082419noreply@blogger.comtag:blogger.com,1999:blog-4384692836709903146.post-35006335765397528662011-01-10T07:26:36.581-08:002011-01-10T07:26:36.581-08:00Does your transport suggestion preclude, support, ...Does your transport suggestion preclude, support, or serve as a transition to the tagged-data proposal of PCAST?Hank Mayershttps://www.blogger.com/profile/17633765112934359683noreply@blogger.comtag:blogger.com,1999:blog-4384692836709903146.post-27569161700171746012011-01-04T10:15:31.861-08:002011-01-04T10:15:31.861-08:00John - I think clear implementation guidance (incl...John - I think clear implementation guidance (including use case applicability) is definitely needed in regards to this transport technology. Can you comment of the suitability of SMTP for communication that requires more real-time and synchronous behavior than simply sending content from sender to receiver (e.g. activities involving decision support, query of a registry like an immunization registry (which is an area that sorely needs transport specification harmonization), etc.)?<br />Thanks,<br />CoreyCorey Spearshttps://www.blogger.com/profile/07077504585869197739noreply@blogger.comtag:blogger.com,1999:blog-4384692836709903146.post-61722786310796983432010-12-29T15:22:29.243-08:002010-12-29T15:22:29.243-08:00I just posted on this topic on the Direct Project ...I just posted on this topic on the Direct Project blog: <br /><br />http://blog.directproject.org/2010/12/what-does-it-mean-to-be-direct-project-compliant.htmlArien Malechttps://www.blogger.com/profile/07012013033518862920noreply@blogger.comtag:blogger.com,1999:blog-4384692836709903146.post-3051669658916162392010-12-29T02:08:30.137-08:002010-12-29T02:08:30.137-08:00I always advocated for SMTP over TLS but gave up a...I always advocated for SMTP over TLS but gave up after getting shot down several times on the issue.<br /><br />The problem is the lack of support for using multiple certificates on server and client libraries. Making it difficult to establish circles of trust automatically in the TLS connection. Hard limit on the technology unfortunately, everyone wanted to do both TLS and S/MIME.<br /><br />-FTftrotterhttps://www.blogger.com/profile/08153748647265413845noreply@blogger.comtag:blogger.com,1999:blog-4384692836709903146.post-84055580516068652182010-12-28T09:28:05.243-08:002010-12-28T09:28:05.243-08:00David - The big guys need to be able to send and r...David - The big guys need to be able to send and receive from anyone else using at least the common SMTP/SMIME transport. How they handle local transport between big guys or internally is up to them, with TLS being a logical choice. However, these alternative transport methods should not be part of the Direct Core specification. Additional implementation guides such as SMTP/SOAP conversion will be helpful.John Halamkahttps://www.blogger.com/profile/04550236129132159307noreply@blogger.comtag:blogger.com,1999:blog-4384692836709903146.post-76542400897721075422010-12-28T08:58:21.322-08:002010-12-28T08:58:21.322-08:00I'll write a post next week about HISP funding...I'll write a post next week about HISP funding. In brief, State HIEs should offer conformance testing services for HISPs, paying vendors an incentive to conform with State HIE requirements. Additionally, State HIEs could pay a connectivity incentive for each clinician successfully transmitting data to the HIE, analogous to the Regional Extension Center program that is being used to incentivize EHR implementation. Ongoing fees to support the HISP will be provided by HISP customers.John Halamkahttps://www.blogger.com/profile/04550236129132159307noreply@blogger.comtag:blogger.com,1999:blog-4384692836709903146.post-3682517317658950752010-12-28T08:23:10.931-08:002010-12-28T08:23:10.931-08:00I think the proposed approach is solid. It makes g...I think the proposed approach is solid. It makes good sense. However I am curious to understand your thoughts on how the HISP would be funded.Andrewhttps://www.blogger.com/profile/11100130582250650587noreply@blogger.comtag:blogger.com,1999:blog-4384692836709903146.post-54290267226934878922010-12-28T07:26:11.351-08:002010-12-28T07:26:11.351-08:00The technology path is fairly quick to a SMTP/SMIM...The technology path is fairly quick to a SMTP/SMIME solution. SMTP and SMIME are already standards. The ISO 17090 standard is already available for health care X.509 certificates and, as a bonus, it enables data providers to assert professional credentials in a standard (X.509-2000) way.<br /><br />The biggest problem is major IT vendors lack of ease-of-use for SMTP/SMIME, and lack of X.509-2000 implementations. To kick-start the vendors may require government incentives, carrot and/or stick.Anonymousnoreply@blogger.comtag:blogger.com,1999:blog-4384692836709903146.post-14879899197054611052010-12-28T06:39:53.568-08:002010-12-28T06:39:53.568-08:00John,
Your position is understandable and clearly ...John,<br />Your position is understandable and clearly stated. What isn't explicit is your recommendation for the "crossover" scenarios where the "little guy" and the "big guy" need to exchange info. Since we don't want Balkanization where only little-little or big-big exchanges occur, the Direct Project spent lots of time on the SMTP/SOAP conversion scenarios which are addressed in the "XDR and XDM for Direct Messaging" specification" rather than in the "core" Direct specification. What's your strawman's position on how to handle transport in that scenario?<br />Thanks,<br />DavidDavidhttps://www.blogger.com/profile/13251393010554964308noreply@blogger.com