Post on 22-Feb-2016
description
Discussion on the Western States Consortium andInter-State Exchange
Robert Cothren, California Health eQualityInstitute for Population Health Improvement
Who we are…
2
Focus…
Investigating the policies, procedures, and technologies that allow interstate exchange of health information.
3
4
Use Case
Using Direct to exchange clinical information between providers across state lines for treatment purposes.
• Includes investigation of policies, procedures, and technologies.
• “Using Direct” concentrates on a simple use case being implemented today.
• “Across state lines” is a more complex version of “with unaffiliated providers”.
• “Between providers” and “for treatment purposes” places focus on interstate exchange rather than patient privacy issues.
5
Use Case
Using Direct to exchange clinical information between providers across state lines for treatment purposes.
Really about scalable trust.
Two important components…1. Establishing a Trust Community.2. Discovering how to communicate with others.
6
Use Case – the Future
Using Direct to exchange clinical information between providers across state lines for treatment purposes.
Focus on this use case for now, but we want to prepare for the future…
• Use cases beyond Direct.• Use cases within state lines but between unaffiliated
organizations. • Use cases beyond between providers.• Use cases beyond treatment purposes.
7
Pilot Scenarios
Using Direct to exchange clinical information between providers across state lines for treatment purposes.
Scenario 1 The sender knows the Direct address of the recipient.
– Defines a Trust Community of HISPs that conform to Eligibility Criteria. (governance task)
– Creates a Trust Bundle as the identities of Qualified Entities. (technology task)
– Currently underway.
8
Creating a Trust Community
Moving from today’s world of point to point trust agreements….
… to tomorrow’s world of scalable trust.
9
Creating a Trust Community
• Policies for sharing of information between HISPs.
• Eligibility criteria that look a little like accreditation.
• A process for managing and distributing trust anchors.
Add New Qualified Entity to Trust Community
Party StateGovernance Body Trust Bundle Coordinator
New Qualified Entity POC
Existing Qualified Entity POCs
Requests that Qualified Entity be
added to Trust Community.
Requests Trust Anchor.
Returns Trust Anchor (via email).
Inspects Trust Anchor to verify it
meets Eligibility Criteria.
Places Trust Anchor in test HISP.
Sends trust anchor for test HISP (via
email).
Places trust anchor for test HISP in HISP.
Conducts test of Trust Anchor
Conducts test of Trust Anchor.
Adds Trust Anchor to Trust Bundle.
Sends notice that Trust Bundle has been updated.
Corrects issues.
Notes update to Trust Bundle.
Retrieves Trust Bundle (via FTP) and
places in HISP.
Retrieves Trust Bundle (via FTP) and
places in HISP.
Corrects issues.
Sends notice of addition to Trust
Community.
Notes successful addition to Trust
Community.
Issues? yes
no
Issues?
no
yes
From “Eval of Qualified
Entity”
10
So on to the meat…
Using Direct to exchange clinical information between providers across state lines for treatment purposes.
Scenario 1 The sender knows the Direct address of the recipient.
Not today’s topic.
Question
We are looking for input, so will be asking questions today. A little practice…
• What is your favorite color?
11
My favorite color is blue.
I don’t like blue all that much.
Context
• Many states are focused on implementing Direct.• Direct doesn’t require provider directories, but
directories can facilitate use cases where the sender doesn’t know in advance recipients’ addresses and other desired information.
• Many solutions include address books or some other level of provider directory to serve their participants internally.
• However – the ability for participants to query directories outside of their HISP/HIE will be needed to continue to advance today’s exchange objectives and facilitate tomorrow’s.
12
13
Pilot Scenarios
Using Direct to exchange clinical information between providers across state lines for treatment purposes.
Scenario 1 The sender knows the Direct address of the recipient.Scenario 2a The sender does not know the Direct address of the recipient.
The picture…
• What is Dr. Smith’s Direct address?
14
HISP (directory)
HISP (directory)
query
response
NCHIN, an HIO operating a HISP with a directory in
California.
CareAccord, operating the
statewide HISPwith a directory
in Oregon.
15
The purpose…
• Test an emerging standard for Directory Services query.
• Drive out additional requirements as a result of user feedback.
• Address these issues without complications of federation.
Who are we talking about?
• For the WSC, and for right now, there is a one-to-one correspondence between HISPs and directories.
• This may not always be the case:– A HISP may use a third party directory provider.– A state may implement a statewide directory for
multiple HISPs.– A HISP may have multiple directories to serve
multiple geographies.
16
17
Pilot Scenarios
Using Direct to exchange clinical information between providers across state lines for treatment purposes.
Scenario 1 The sender knows the Direct address of the recipient..Scenario 2a The sender does not know the Direct address of the recipient.
– Requires that a HISP use a searchable provider directory containing provider demographics. (operations task)
– Defines a standard for Directory Services to query a provider directory for a Direct address. (technology task)
– Currently underway.
18
Concept of Operations
Trivial Case – Message to a local recipient.– For most HISPs, this is functionality that exists today.– Requires that there be a provider directory populated with
appropriate demographic information to perform a search.
NCHIN DirectoryOperated by NCHIN
HISP
Audit Log DirectoryAuthorized
User
1. Fills out query form.5. Retrieves Direct address.6. Ensures recipient address is appropriate.7. Sends message.
2. Searches local directory.3. Locates matching entry.4. Presents match to user.
19
Concept of Operations
Scenario 2a – Query another HISP.
NCHIN LDSOperated by NCHIN
HISP
Audit Log DirectoryAuthorized
User
Oregon LDSOperated by
CareAccord HISP
Audit Log Directory
1. Fills out query form.10. Retrieves Direct address.11. Ensures the recipient address is appropriate.12. Sends message.
2. Recognizes recipient not in local directory.3. Sends query to CareAccord LDS; logs sent query.8. Logs received response.9. Presents match to user.
4. Logs received query.5. Searches local directory.6. Locates matching entry.7. Sends response to NCHIN; logs sent
response.
LDS = local directory service, e.g. operated by a HISP
The standards…
SOAP:Robust web services standard widely accepted for health information exchange.HPD: Emerging IHE (LDAP) standard for Healthcare Provider Directory data model.HPDPlus: Emerging EHR | HIE Interop Workgroup recommendation that adds more robust organizational elements to HPD.DSML: OASIS standard for querying an LDAP directory.S&I: Guidance on query for individual.
20
The standards…
SOAP:Robust web services standard widely accepted for health information exchange.HPD: Investigating an update to incorporate HPDPlus functionality.HPDPlus: Commitment of many industry partners, plans to adopt / align with IHE adjustments to HPD.DSML: OASIS standard for querying an LDAP directory.S&I: Looking for experience of states implementing provider directories.
21
Question
There is a concern over protection of PII.• Should directory query be authenticated?
22
Yes, I want to know who is asking the question.
No, we should keep this simple. It is public information.
Question
There is a concern over protection of PII.• Should directory query be authenticated?
• This is a technology question implementing a policy decision.
• Currently, WSC approach is to include authentication between directory systems using TLS.– Note that individuals are NOT authenticated.– There is an assumption of system/organizational trust, part
of “scalable trust”.
23
Question
We have said that we will log a query.• What information should be logged?
24
Nothing.
Date and time, querying org, the query.
Date and time, querying org, the query, the response.
Question
We have said that we will log a query.• What information should be logged?
• While the technology may be “complicated”, this is really a policy question.
• Currently, WSC response is to log all queries and responses, but reconsidering responses since they include PII.
• Question for thought: What would you do with log information?
25
26
Pilot Scenarios
Using Direct to exchange clinical information between providers across state lines for treatment purposes.
Scenario 1 The sender knows the Direct address of the recipient.Scenario 2a The sender does not know the Direct address of the recipient.Scenario 2b The sender does not know the Direct address or the HISP of the recipient.
The picture…
• What is Dr. Smith’s Direct address?
27
StateStatequery
response
NCHIN, an HIO operating a HISP with a directory in
California.
CareAccord, acting on behalf
of Oregon.
HISP
query
resp
onse
IPHI, acting on behalf of
California.
28
The need for Scenario 2a…
Scenario 2a…• Requires knowledge of each
HISP in Trust Community.• Requires knowledge about
geography or customers served by each HISP.
• Is not scalable; requires coordinating updates to every HISP every time……a new HISP is added, or…a HISP changes the
customers it serves.
Scenario 2aleads back to…
NCHIN LDSOperated by NCHIN
HISP
Audit Log DirectoryAuthorized
User
Oregon LDSOperated by
CareAccord HISP
Audit Log Directory
1. Fills out query form.10. Retrieves Direct address.11. Ensures the recipient address is appropriate.12. Sends message.
2. Recognizes recipient not in local directory.3. Sends query to CareAccord LDS; logs sent query.8. Logs received response.9. Presents match to user.
4. Logs received query.5. Searches local directory.6. Locates matching entry.7. Sends response to NCHIN; logs sent
response.
California Statewide Provider Directory
The big picture…
Where we are headed…
29
CaliforniaSDS
OregonSDS
HawaiiSDS
NevadaSDS
NCHINLDS
RWMNLDS
SD BeaconLDS
SCHIELDS
IEHINLDS
AlaskaSDS
SDS = state directory service
LDS = local directory service
Hides complexity of federation.
California Statewide Provider Directory
The big picture…
Where we are headed… Western States
30
OregonSDS
HawaiiSDS
NevadaSDS
NCHINLDS
RWMNLDS
SD BeaconLDS
SCHIELDS
IEHINLDS
AlaskaSDS
SDS = state directory service
LDS = local directory service
Hides complexity of federation.
CaliforniaSDS
LDS = local directory service
SDS = state directory service
Hides complexity of federation.
California Statewide Provider Directory
The big picture…
Where we are headed… California
31
OregonSDS
HawaiiSDS
NevadaSDS
NCHINLDS
RWMNLDS
SD BeaconLDS
SCHIELDS
AlaskaSDS
SDS = state directory service
LDS = local directory service
Hides complexity of federation.
CaliforniaSDS
IEHINLDS
32
The purpose…
• Continue to test an emerging standard for Directory Services query.
• Drive out additional requirements as a result of user feedback.
• Address federation!
Who are we talking about?
• For the WSC, and for right now, California is implementing a federated directory service.– There are almost 30 HIOs operating in California,
with 5 separate HISPs.– This complexity should be hidden from the
provider.– The California state node stores no data; all
directory information is managed by local directories.
33
34
Pilot Scenarios
Using Direct to exchange clinical information between providers across state lines for treatment purposes.
Scenario 1 The sender knows the Direct address of the recipient.Scenario 2a The sender does not know the Direct address of the recipient.Scenario 2b The sender does not know the Direct address or the HISP of the recipient.
– Builds on Scenario 2a.– Addresses scalability by adding state Directory
Service and federation.
35
Concept of Operations
Scenario 2b – Query a state’s Directory Service.
NCHIN LDSOperated by NCHIN
HISP
Audit Log DirectoryAuthorized
User
California SDSOperated by IPHI/CHeQ
Audit Log
Oregon SDSOperated by
CareAccord HISP
Audit Log Directory
1. Fills out query form.15.Retrieves Direct address.16.Ensures recipient address is appropriate.17.Sends message.
2. Recognizes recipient not in local directory.3. Sends query to California SDS; logs sent query.13.Logs received response.14.Presents match to user.
4. Logs received query.5. Recognizes recipient not in California.6. Sends query to Oregon; logs sent query.11. Logs received response.12.Forwards response to NCHIN.
7. Logs received query.8. Searches statewide directory.9. Locates matching entry.10.Sends response to California; logs
sent response.
SDS = state directory service
Acts as an SDS and hides federation.
36
Concept of Operations
Scenario 2b – Query a state’s Directory Service.
NCHIN LDSOperated by NCHIN
HISP
Audit Log DirectoryAuthorized
User
California SDSOperated by IPHI/CHeQ
Audit Log
Oregon LDSOperated by
CareAccord HISP
Audit Log Directory
1. Fills out query form.15.Retrieves Direct address.16.Ensures recipient address is
appropriate.17.Sends message.
6. Logs received query.7. Searches local directory.8. Locates matching entry.9. Sends response to California SDS; logs sent
response.
4. Logs received query.5. Forwards query to LDS(es); logs sent
queries.10.Logs received response(s).11. Aggregates response(s).12.Forwards response(s) to Oregon.
2. Recognizes recipient not in Oregon3. Sends query to California; logs
sent query.13.Logs received response.14.Presents matches to user.
SDS = state directory service
Acts as both an SDS and an LDS.
The standards…
SOAP:Robust web services standard widely accepted for health information exchange.HPD: Investigating an update to incorporate HPDPlus functionality.HPDPlus: Addresses the need for complex organizational descriptions within the data model; not yet accepted or implemented.DSML: Not designed to address federation; one query to one directory.S&I: Looking for experience of states implementing provider directories.
37
Question
Federation allows for centralized or distributed policy decisions.
• Should the decision to respond be centralized or local?
38
Leave the decision with those responsible for the data.
Users have an expectation, so policy should be uniform.
Question
Federation allows for centralized or distributed policy decisions.
• Should the decision to respond be centralized or local?
• For now, WSC is adopting an approach of local autonomy. Each state and directory operator should be empowered to decide on whether to respond to a query.
39
Question
We said we should log information about the query. DSML does not support federation.
• What do you need to know about “who”?
40
I need to know the name of the individual.
I need to know the name of the organization (i.e., the HISP).
I need to know the name of the state.
Question
We said we should log information about the query. DSML does not support federation.
• What do you need to know about “who”?
• For now, WSC is passing only the identity of the last organization in a query.– Oregon knows the query came from California.– California knows the query came from NCHIN.– NCHIN knows the query came from Dr. Jones.
41
Question
DSML does not support federation. You can only have one response to a query.
• What do you do if someone errors?
42
Pass on all the matches there were. Sometimes the Internet fails.
Pass on the matches, but report an error.
I don’t know.
Question
DSML does not support federation. You can only have one response to a query.
• What do you do if someone errors?
• This is a technical issue with user experience implications.
• WSC is trying to think of the user.– What would the user do with the information?– Should errors be only an administrator’s issue?– If a user didn’t get the information they expected,
would they just ask again?
• DSML doesn’t support the answer we like.43
Question
DSML and HPDPlus support querying for members of an organization. Directory operators are concerned about protecting directory information.
• Should directory queries allow browsing?
44
No, you need to know enough to get a single response.
Yes, users are expecting to be able to browse a directory.
Question
DSML and HPDPlus support querying for members of an organization. Directory operators are concerned about protecting directory information.
• Should directory queries allow browsing?
• Must be controlled by policy.• WSC decided that browsing should not be allowed.• The first time a query was placed, the user asked “but
why can’t I get a list of the members”?– Our users have an expectation.– If we meet that expectation, we open the door to fishing.
• This is what pilots are for!45
Question
DSML allows for a rich set of query capabilities. Directory operators are concerned about protecting directory information.
• Is there a minimum standard for wildcards?
46
No, we decided that should be left to the directory operators.
Yes, so the users know what to expect.
Question
DSML allows for a rich set of query capabilities. Directory operators are concerned about protecting directory information.
• Is there a minimum standard for wildcards?
• This is really a policy decision.• For now, WSC has not established any requirements
for minimum data in the query.
47
HPD and HPDPlus are complex. They may not be uniformly populated. End users need to be able to decide whether they can use the address.
• Is there a minimum standard for data that must be included in a response?
Yes, directory operators to create good directories.
No, any information is useful and the user is smart enough.
Question
48
Question
HPD and HPDPlus are complex. They may not be uniformly populated. End users need to be able to decide whether they can use the address.
• Is there a minimum standard for data that must be included in a response?
• This is really a policy decision.• For now, WSC has not established any requirements
for minimum data in the response.
49