Direct Exchange: Going Global?Why Secure Messaging Could Spread
Secure messaging based on the Direct Protocol may eventually be applied globally because of international interest in health information exchange, some backers say.
"Other countries are looking at Direct," says Scott Rea, vice president and senior PKI architect at DigiCert, a provider of digital certificates and a certificate and registration authority for Direct exchange. Among the organizations outside the U.S. that have shown interest in duplicating Direct are healthcare providers that offer services to U.S. patients, such as military personnel, he says.
Developed as a U.S. government project and later spun off, the Direct protocol offers specifications for a secure, scalable, standards-based way to send encrypted health information directly to known, trusted recipients over the Internet. It facilitates only the simplest form of health information exchange (see: Will 'Direct' Exchange Doom HIEs?).
The protocol is also being heavily supported by U.S. regulators as a means of making it easier for healthcare providers to meet data exchange requirements for Stage 2 of the HITECH Act incentive program for electronic health records. Support of the Direct protocol is also a Stage 2 EHR software certification requirement.
The standards behind Direct makes it globally appealing, says security expert Dixie Baker, a senior partner at the consulting firm Martin, Blanck and Associates.
"All of the standards used in Direct are international standards," says Baker, who serves on panels that advise the Office of the National Coordinator for Health IT. "The main challenge would be governance, since DirectTrust, the governance body for Direct, defines its scope as U.S. only."
Independent security consultant Tom Walsh notes: "In exchanging healthcare information with any organization, regardless of the location inside/outside the U.S., the key is trusting the integrity of the data and the authenticity of the sender. ... The Direct Project establishes a way to authenticate the sender of an encrypted message."
Using Direct in other nations could prove appealing to U.S. citizens who seek care overseas and want to give local providers access to their records, Rea says.
For instance, the U.S. has military and other government personnel working around the world. These individuals need to be able access health services outside the U.S. yet still be able to communicate in a secure way with American-based healthcare providers managing their medical records, Rea says.
"There have already been questions coming from international organizations about doing Direct on an international scale," says Rea, who is also a member of the board of directors for DirectTrust, which maintains the security and trust framework for using the Direct protocol. "I do think we will see this protocol expand beyond the U.S. if we continue down the path of success."
Overseas interest is tied, in part, to Direct being "a set of technologies and protocols that are familiar," he adds.
Meanwhile, as Direct potentially expands globally, expanding support for multiple languages could play an important role. "The messaging interface is available in native tongues of users, making it easier [to communicate] and ... enabling better patient care," says Bob Janacek, co-founder and chief technology officer at DataMotion, a Health Internet Service Provider that facilitates secure Direct messaging back-end activities.
DigiCert and DataMotion announced on June 12 a partnership that the companies claim will make it easier for healthcare providers and government agencies to use Direct for secure data exchange. In addition, DataMotion will work with EHR vendors to support the Direct protocol in their products, Janacek says.