Provider Directories Tasking, Review and Mod Spec Presentation
NwHIN Power Team
April 17, 2014
HITSC Tasking
Task Brief Description
Provider Directories • Search for provider• Respond to search
Query for a Patient Record • Search for patient information• Respond to searches for patient information
Provider Data Migration and Patient Portability
• To enable patients who switch providers to have their care continue seamlessly (no repeat tests, missing key clinical information etc.).
• To enable providers switching EHR systems to continue providing seamless care to patients (coded data in old system is consumable by the new system so clinical decision support still works)
HITPC RecommendationsOverarching
Search for provider: EHR systems have the ability to query external provider directories to discover and consume addressing and security credential information to support directed and query exchange Respond to search: EHR systems have the ability to expose a provider directory containing EPs and EH addressing and security credential information
1. Scope: Standards must address PD transactions (query and response) as well as minimum acceptable PD content to enable directed and query exchange
2. Continuity: Build on Stage 1 and 2 approaches and infrastructure for directed exchange where possible and allow use of organized HIE or cross-entity PD infrastructures where applicable and available (ie, remain agnostic to architecture and implementation approaches)
3. Simplification: Set goal of having PD query and response happen in a single (or minimal) set of transactions
4. External EHR system: An EHR system of another distinct legal entity, regardless of vendor
HITPC RecommendationsGuidelines (1 of 5)
5. Transactions: a. Querying systems must have ability to:
i. Present authenticating credentials of requesting entity
ii. Validate authenticating credentials of provider directory holding entity
iii. Present provider-identifying informationiv. Securely transmit query message
HITPC RecommendationsGuidelines (2 of 5)
b. Provider directory must have ability to:i. Validate authenticating credentials of requesting
entityii. Present authenticating credentials to requesting
entityiii. Match provideriv. Respond with unambiguous information necessary
for message addressing and encryption or acknowledgement of non-fulfillment of request
HITPC RecommendationsGuidelines (3 of 5)
c. Provider directories must have administrative capabilities to:I. Submit updated provider directory information
(additions, changes, deletions) to external provider directories
II. Receive and process provider directory updates from external provider directories
HITPC RecommendationsGuidelines (4 of 5)
6. Transaction details: a. Provider directories should contain minimum amount
of information necessary on EPs and EHs to address and encrypt directed exchange and/or query for a patient record messages
HITPC RecommendationsGuidelines (5 of 5)
Recommended Standards, Implementation Specifications, and Certification Criteria
Requirement Standard Implementation Specification
Certification Criteria
Schema DSML IHE HPD subset Capability to securely send to an ELPD service a DSML
query for entities, and entities’ exchange services, and to
receive a response, as specified in the IHE HPD
profile.
Capability to enable a user or software to list and select from
ELPD responses.
Capability to retrieve the digital certificate for a selected entity.
Vocabulary LDAP + ISO IHE HPD subset
Transport REST or SOAP1 IHE HPD
Query Language LDAP IHE HPD + HPD Federation
Profile2
1 The Standards and Interoperability Framework team should select either REST or SOAP, as most appropriate within the context of the NwHIN standards currently being defined. 2 To support LDAP federation, a profile specifying a standardized way to federate LDAP directories is needed.
HITPC 2012 Request for Comment
Improving quality, safety, and reducing health disparities
IEWG102
New Certification criteria: The EHR must be able to query a Provider Directory external to the EHR to obtain entity-level addressing information (e.g. push or pull addresses).
Are there sufficiently mature standards in place to support this criteria? What implementation of these standards are in place and what has the experience been?
Primary- Privacy and Security WGSecondary- NwHIN PT
COMMENTS: Directories typically are integrated into other services, such as secure communications and enterprise security services, and not an independent capability. Indeed, the two existing EHR standards for secure communications (Direct and Exchange) each has its own integrated directory technology – each of which is supported by a very mature directory standard (DNS and UDDI respectively). Also, services sometimes change their directory solutions (for example, Exchange is considering changing from UDDI), and users of these services usually are unaware of what directory service is being used. We think it would be inappropriate to externalize directory services by creating a separate certification criterion. We therefore recommend that the proposed certification criterion be omitted from the final regulation.
Top Related