Direct Project will be required in the next version of Meaningful Use

The Direct Project is poised to become the first health Internet platform.

The Direct ProjectThe Office of the National Coordinator for Health Information Technology (ONC) announced that the Direct Project would be required in stage 2 of Meaningful Use.

As usual the outside world knew almost instantly because of Twitter. Nearly simultaneous posts from @ahier (Brain Ahier) and @techydoc (Steven Waldren MD). More information followed shortly after from @amalec Arien Malec a former leader for the Direct Project.

There are some other important announcements ahead of the official release, such as the end of support for CCD, but this requirement element has the deepest implications. This is jaw-dropping news! Meaningful Use is the standard by which all doctors and hospitals receive money for Electronic Health Record (EHR) systems from the federal government. In fact, the term “Electronic Health Record” is really just a synonym for “meaningful use software” (at least in the U.S. market). Meaningful Use is at the heart of what health IT will look like in the United States over the coming decades.

The Direct Project has a simple but ambitious goal: to replace the fax machine as the point-to-point communications tool for healthcare. That goal depends on adoption and nothing spurs adoption like a mandate. Every Health Information Exchange (HIE) in the country is going to be retooling as the result of this news. Some of them will be totally changing directions.

This mandate will make the Direct Project into the first Health Internet platform. Every doctor in the country will eventually use this technology to communicate. Given the way that healthcare is financed in the U.S., it is reasonable to say that doctors will either have a Direct email address to communicate with other doctors and their patients in a few years, or they will probably retire from the practice of medicine.

It was this potential, to be the first reliable communications platform for healthcare information, that has caused me to invest so heavily in this project. This is why I contributed so much time to the Direct Project Security and Trust Working Group when the Direct Protocol was just forming. This is an Open Source project that can still use your help.

The Direct Project is extensively covered in “Meaningful Use and Beyond” (chapter 11 is on interoperability). I wrote about the advantages of the Direct Project architecture. I helped arrange talks about about Direct at OSCON in 2010, and in 2011, I gave an OSCON keynote about the Health Internet , which featured Direct. I wrote a commentary for the Journal of Participatory Medicine, about how accuracy is more important than privacy for healthcare records and how to use the Direct Project to achieve that accuracy. I pointed out that the last significant impact from Google Health would be to make Direct more important. I am certainly not the only person at O’Reilly who has recognized the significance of the Direct Project, but I am one of the most vocal and consistent advocates of the Direct Project technology approach. So you can see why I think this a big announcement.

Of course, we will not know for sure exactly what has been mandated by the new revisions of Meaningful Use, but it is apparent that this is a huge victory for those of us who have really invested in this effort. My hat is off to Sean Nolan and Umesh Madan from Microsoft, to Brian Behlendorf and Arien Malec, who were both at at ONC during the birth of Direct, to Dr. David Kibbe, Brett Peterson and to John Moehrke. There are countless others who have contributed to the Direct Project, but these few are the ones who had to tolerate contributing with me, which I can assure you, is above and beyond the call of duty.

Obviously, we will be updating “Meaningful Use and Beyond” to include this new requirement as well as the other changes to the next version of Meaningful Use (which apparently will no longer be called “stage 2”). Most of the book will not change however, since it focuses on covering what you need to know in order to understand the requirements at all. While the requirements will be more stringent as time goes on, the core health IT concepts that are needed to understand them will not change that much. However, I recommend that you get a digital copy of the book directly through O’Reilly, because doing so entitles you to future versions of the book for free. You can get today’s version and know we will update your digital edition with the arrival of subsequent versions of the Meaningful Use standard.

I wonder what other changes will be in store in the new requirements? ONC keeps promising to release the new rule “tomorrow.” Once the new rules emerge, they will be devoured instantly, and you can expect to read more about the new standards here. The new rule will be subject to a 60-day commentary period. It will be interesting to see if the most dramatic aspects of the rule will survive this commentary. Supporters of CCR will be deeply upset and there are many entrenched EHR players who would rather not support Direct. Time will tell if this is truly a mandate, or merely a strong suggestion.

Meaningful Use and Beyond: A Guide for IT Staff in Health Care — Meaningful Use underlies a major federal incentives program for medical offices and hospitals that pays doctors and clinicians to move to electronic health records (EHR). This book is a rosetta stone for the IT implementer who wants to help organizations harness EHR systems.


tags: , , , ,
  • Jason

    You do realize that DIRECT is simply a rebranding of SSL/TLS email, right? It’s a joke gone out of control. Like some techie at ONC was trying to make fun of his boss by proposing some really impressive sounding protocol while actually referring to email (SMTP) with tongue in cheek.

    Is it going to be made illegal to use that other basic protocol? You know, the one actually made to transport files securely? I think its called SFTP, but give me a few minutes and I’ll make up some impressive sounding jargon to make it seem new and revolutionary!

  • Brian Hoffman

    Hey Jason,

    Thanks for the clarification. In two years of developing Direct Project no one has brought that up. If you were more involved with the effort you would realize that it’s not SSL/TLS that makes Direct unique or important, although the fact that existing standards that have been proven scalable and secure surely provided a paramount foundation for moving forward with it as the underlying technology.

    As a security minded professional myself it did strike me at first as a rehash of existing technology but I missed the point. The real point is that it’s a simple way of allowing all medical related participants to use what you consider to be just rebranded existing technologies. Any other exchange method you can mention that’s out there is either too complex or isn’t widely adopted. That’s where this regulation comes in. Regardless of what you think about Direct, it’s coming.

  • Jason


    Yes, it’s coming. Mostashari punctuated his speech by saying:

    “The big message is, here we come with interoperability and exchange. By 2014 we’re going to see a big push on standards-based exchange.”

    The reason it’s coming is because ONC figured out last year that their stated goals weren’t going to be met. There is a breed of bureaucrat that will do anything not to get egg on their face. DIRECT is a cop-out. Let’s just get rid of all this complex tech and make sure we can get a checkbox on our spreadsheet of goals, eh? ONC’s reliance on DIRECT is motivated out of self-serving desires to meet their timeline.

    I take issue with the idea that current HIE tech is too complex. It works. There are shining examples all over the country. As a state MU manager (incentive program, HIE, etc) I have seen effective examples of HIEs implemented at a fraction of the cost of failed HIEs. The difference is management, with emphasis on skilled tech procurement and real-world sustainability plans the most valuable management skills. I reject the idea that DIRECT is necessary but for the limited use in rural “white spaces” not covered by an actual HIE.

    This policy direction will mortally wound countless promising HIE initiatives as managers are led to the easy way out. On the other side of the EHR equation, vendors will drop the “complex” HIE connectors they’ve been working on in order to placate the latest shifting of the winds. Thanks ONC, for taking our EHR and HIE vendors precious dev time away from “real” HIE. That’s where my issue with DIRECT truly lies.

    Snarkiness aside, I feel that DIRECT is bait for underachieving and mismanaged organizations, both provider and HIE orgs. With all the ARRA/HITECH funding, we’re pumping around 60 billion into this initiative. Don’t taxpayers deserve better than the very limited benefits of DIRECT? 60B for secure email? OK, HIE isn’t the only expected result of that money, I admit. Just requiring drug-allergy checks in EHRs and getting providers to adopt is a worthy goal in itself, among other benefits of EHRs. But HIE really was one of the pillars this whole push was based upon. I want better than DIRECT.

    More about the long-term effects of this DIRECT push: If you’re thinking that DIRECT will just end up being a gap-filler, I’d ask you to reflect upon the gov’s modus operandi- get the checkmark in the box and drop the subject. All this money will be eaten up accomplishing little and then we’ll be left without the promises of full, robust HIE. How much hope do you hold that our HIT community will come back to the table (and be supported by the gov) once DIRECT has been accomplished?

    I haven’t gotten into the actual deficits of DIRECT versus “complex” HIE. It sounds from your post that you might understand those failings. It seems that you are of the philosophy that this is a good start, that we’ll progress from this kindling to a more robust architecture in the near future as a logical next step. This is often a promising and prudent strategy. However, I firmly believe it is wrong in this situation. As stated, I believe promotion and reliance upon DIRECT will severely undermine current progress. ONC should stay the course, let the current generation of HIEs largely fail, and then regroup.

    It’s not that the tech is too complex. The problem is with administration from the feds and inept implementation on the ground. This is not a good reason to back off of standards that hold so much promise for our healthcare industry. Hold feet to the fire, rather than ease demands.

    You mentioned being security conscious, so I have to point something out that you may not be aware of. We security conscious people all share disdain for “group” encryption keys, right? As in, using the same private key for PKI within an organization, be it 2 or 200 people. That’s a serious misuse of PKI and kind of obviates the use of encryption. Consider that DIRECT is “the easy way”. What do orgs do when they take the easy way out? They implement it in the easiest way possible. That’s why every one of the orgs I’ve seen implement DIRECT have eschewed individual key pairs for org-level keys. It’s too “hard” and “complex”, they tell me, when I ask why they didn’t implement a proper PKI structure to support DIRECT. Oh, those cert servers are hard to manage aren’t they? Revocation lists? What are those? Of the many problems with DIRECT, this is one that really infuriates me. ONC left it up to implementers to do group or individual keys. I have to give the guys credit, though, for recommending the use of DNS to distribute keys for individuals. Good idea, but nobody is doing it.

    BTW, you mentioned, in your article, that CCD support was going away. Might you have meant CCR? I think Mostashari was talking about increased reliance on HL7 v3 CDA, which is transmitted via CCD.

    Whew! So there’s my contribution to the conversation once I had time for more than pithy comments. I can only hope that I’ve provided some material for thought that might influence your thinking about a subject very important to me.


  • Steve Beckmann

    From Fred’s article: “The Direct Project has a simple but ambitious goal: to replace the fax machine as the point-to-point communications tool for healthcare.”

    As a recent graduate of the ONC’s community college consortium for HIT training, I joined the HIM department of a 40 physician practice. Excited about the opportunity to jump into the thick of the EMR/HIE technology explosion, imagine my surprise when I learned that my days were to be spent working with 1980’s technology, the fax machine. I spend all day attaching incoming electronic photocopies (tiff files) to our EMR.

    The HIM team at my workplace is actually a dozen clerical workers who tediously send and receive hundreds of faxed documents daily.

    Yes, the Direct Project is needed. Meaningful Use mandates will be necessary to move my practice, and all the other facilities that we exchange data with, forward. Soon – please – no delays.

    Question for this community: New to the HIT/HIE world, what training should I pursue to become an active player in the Direct Project – HIE field?

  • They Keep promising the new rule, but it feels like it could be a while before they get around to it.