Yesterday, Meaningful Use Stage 2 was released.
As we read and parse the 900 or so pages of government-issued goodness, you can expect lots of commentary and discussion. Geek Doctor already has a summary and Motorcycle Guy can be expected to help us all parse the various health IT standards that have been newly blessed. Expect Brian Ahier to also be worth reading over the next couple of days.
I just wanted to highlight one thing about the newly released rules. As suspected, the actual use of the Direct Project will be a requirement. That means certified electronic health record (EHR) systems will have to implement it, and doctors and hospitals will have to exchange data with it. Awesome.
More importantly, this will be the first health IT interoperability standard with teeth. The National Institute of Standards and Technology (NIST) will be setting up an interoperability test server. It will not be enough to say that you support Direct. People will have to prove it. I love it. This has been the problem with Health Level 7 et al for years. No central standard for testing always means an unreliable and weak standard. Make no mistake, this is a critical and important move from the Office of the National Coordinator for Health Information Technology (ONC).
(Have I mentioned that I love that Farzad Mostashari — our current ONC — uses Twitter? I also love that he has a sense of humor!)
Now we just need to make sure that patient pseudonymity is supported on the Directed Exchange network. To do otherwise is to force patients to trust the whole network rather than to merely trust their own doctors. I have already made that case, but it is really nice to see both Arien Malec (founding coordinator of the Direct Project) and Sean Nolan (chief architect at Microsoft HealthVault) have weighed in with similar thoughts. Malec wrote a lovely piece that details how to translate patient pseudonymity into NIST assurance levels. Nolan talked about how difficult it would be for HealthVault to have to do identity proofing on patients.
In order to emphasize my point in a more public way, I have beat everyone to the punch and registered the account of DaffyDuck@direct.healthvault.com. Everyone seems to think this is just the kind of madness that we need to avoid. But this is just the kind of madness that patients need to really protect their privacy.
Here’s an example. Lets imagine that I am a pain patient and I am seeking treatment from a pain specialist named Dr. John Doe who works at Pain No More clinic. His Direct address might be firstname.lastname@example.org
Now if I provide DaffyDuck@direct.healthvault.com to Dr. Doe and Dr. Doe can be sure that he is always talking to me when he communicates with that address, then there is nothing else that needs to happen here. There never needs to be a formal cryptographic association between DaffyDuck@direct.healthvault.com and Fred Trotter. I know that there is a connection and my doctor knows that there is a connection and those are the only people that need to know.
If any cryptographic or otherwise published association were to exist, then anyone who had access to my public certifications and/or knew of communication between email@example.com and DaffyDuck@direct.healthvault.com could make a pretty good guess about my health care status. I am not actually interested in trusting the Directed Exchange network. I am interested in trusting through the Directed Exchange network. Pseudonymity gives both me and my doctor that privilege. If a patient wants to give a different Direct email address to every doctor they work with, they should have that option.
This is a critical patient privacy feature of the Direct protocol and it was designed in from the beginning. It is critical that later policy makers not screw this up.