Direct Project Guidance Issued
Recommendations for Implementing Secure MessagingThe Office of the National Coordinator for Health IT has issued new guidance to health information exchanges and others for how to implement Direct Project secure messaging in a standard way.
See Also: OnDemand | Don't Be the Next Cyber Attack Headline! Using Microsegmentation to Achieve Zero Trust
The guidance addresses what ONC portrays as inconsistencies in the use of the Direct Project protocol for secure peer-to-peer clinical data exchange.
The Direct Project specifies a simple, secure, scalable, standards-based way for participants to send authenticated, encrypted health information directly to known, trusted recipients over the Internet.
The guidance includes information about how to ensure security. It notes that if all organizations using the Direct Project protocol adhere to a common set of policies, it will help to "provide confidence that information will be securely routed to the right recipient."
The pending Nationwide Health Information Network Governance Rule will create "rules of the road" that will help alleviate the perceived need for peer-to-peer legal agreements among organizations coordinating the exchange of data, the guidance notes. In the meantime, the new guidance provides some common policies that can be immediately adopted across the more than 40 states that are implementing the Direct Project protocol.
Earlier in July, ONC issued guidance on how to exchange lab test results using the Direct Project secure messaging protocol.