TRENDING:

Direct Exchange: Going Global?

Why Secure Messaging Could Spread Marianne Kolbasuk McGee (HealthInfoSec) • June 12, 2013    
Direct Exchange: Going Global?

Secure messaging based on the Direct Protocol may eventually be applied globally because of international interest in health information exchange, some backers say.

See Also: Healthcare HIPAA Breach Violations of All Sizes Now Under Microscope

"Other countries are looking at Direct," says Scott Rea, vice president and senior PKI architect at DigiCert, a provider of digital certificates and a certificate and registration authority for Direct exchange. Among the organizations outside the U.S. that have shown interest in duplicating Direct are healthcare providers that offer services to U.S. patients, such as military personnel, he says.

Developed as a U.S. government project and later spun off, the Direct protocol offers specifications for a secure, scalable, standards-based way to send encrypted health information directly to known, trusted recipients over the Internet. It facilitates only the simplest form of health information exchange (see: Will 'Direct' Exchange Doom HIEs?).

The protocol is also being heavily supported by U.S. regulators as a means of making it easier for healthcare providers to meet data exchange requirements for Stage 2 of the HITECH Act incentive program for electronic health records. Support of the Direct protocol is also a Stage 2 EHR software certification requirement.

The standards behind Direct makes it globally appealing, says security expert Dixie Baker, a senior partner at the consulting firm Martin, Blanck and Associates.

"All of the standards used in Direct are international standards," says Baker, who serves on panels that advise the Office of the National Coordinator for Health IT. "The main challenge would be governance, since DirectTrust, the governance body for Direct, defines its scope as U.S. only."

Independent security consultant Tom Walsh notes: "In exchanging healthcare information with any organization, regardless of the location inside/outside the U.S., the key is trusting the integrity of the data and the authenticity of the sender. ... The Direct Project establishes a way to authenticate the sender of an encrypted message."

International Users

Using Direct in other nations could prove appealing to U.S. citizens who seek care overseas and want to give local providers access to their records, Rea says.

For instance, the U.S. has military and other government personnel working around the world. These individuals need to be able access health services outside the U.S. yet still be able to communicate in a secure way with American-based healthcare providers managing their medical records, Rea says.

"There have already been questions coming from international organizations about doing Direct on an international scale," says Rea, who is also a member of the board of directors for DirectTrust, which maintains the security and trust framework for using the Direct protocol. "I do think we will see this protocol expand beyond the U.S. if we continue down the path of success."

Overseas interest is tied, in part, to Direct being "a set of technologies and protocols that are familiar," he adds.

Meanwhile, as Direct potentially expands globally, expanding support for multiple languages could play an important role. "The messaging interface is available in native tongues of users, making it easier [to communicate] and ... enabling better patient care," says Bob Janacek, co-founder and chief technology officer at DataMotion, a Health Internet Service Provider that facilitates secure Direct messaging back-end activities.

DigiCert and DataMotion announced on June 12 a partnership that the companies claim will make it easier for healthcare providers and government agencies to use Direct for secure data exchange. In addition, DataMotion will work with EHR vendors to support the Direct protocol in their products, Janacek says.

Previous
IT Tools Available to Stop NSA-Type Leaks
Next
Why Banks Pay for ATM Cash-Outs

About the Author

Marianne Kolbasuk McGee

Marianne Kolbasuk McGee

Executive Editor, HealthcareInfoSecurity, ISMG

McGee is executive editor of Information Security Media Group's HealthcareInfoSecurity.com media site. She has about 30 years of IT journalism experience, with a focus on healthcare information technology issues for more than 15 years. Before joining ISMG in 2012, she was a reporter at InformationWeek magazine and news site and played a lead role in the launch of InformationWeek's healthcare IT media site.



Around the Network

How 'Security by Default' Boosts Health Sector Cybersecurity
How 'Security by Default' Boosts Health Sector Cybersecurity
Properly Vetting AI Before It's Deployed in Healthcare
Properly Vetting AI Before It's Deployed in Healthcare
Protecting Medical Devices Against Future Cyberthreats
Protecting Medical Devices Against Future Cyberthreats
Safeguarding Critical OT and IoT Gear Used in Healthcare
Safeguarding Critical OT and IoT Gear Used in Healthcare
Is It Generative AI's Fault, or Do We Blame Human Beings?
Is It Generative AI's Fault, or Do We Blame Human Beings?
Medical Device Cyberthreat Modeling: Top Considerations
Medical Device Cyberthreat Modeling: Top Considerations
Evolving Threats Facing Robotic and Other Medical Gear
Evolving Threats Facing Robotic and Other Medical Gear
Transforming a Cyber Program in the Aftermath of an Attack
Transforming a Cyber Program in the Aftermath of an Attack
How the NIST CSF 2.0 Can Help Healthcare Sector Firms
How the NIST CSF 2.0 Can Help Healthcare Sector Firms
Identity Security and How to Reduce Risk During M&A
Identity Security and How to Reduce Risk During M&A

Continue »

Our website uses cookies. Cookies enable us to provide the best experience possible and help us understand how visitors use our website. By browsing govinfosecurity.com, you agree to our use of cookies.