NHIN Direct looks like a secure ISP model

If small practices are going to attain meaningful use starting in October they can't wait for NHIN Connect to trickle down. They need the services of a Health ISP working under NHIN Direct standards.
Written by Dana Blankenhorn, Inactive

Anyone who wants to understand the National Health Information Network (NHIN), NHIN-Direct, and the NHIN-Connect model it competes with, needs to read David Kibbe's latest, which is reprinted at The Health Care Blog.

I recommend it because it's clear, concise, and non-judgmental. It assumes the goodwill of all parties, which is a rare thing when dealing with a contentious issue.

The model for NHIN-Connect is Visa. Like any payment network there are requirements for membership, technical requirements that are updated regularly. This assures security and privacy, both of which are key to transmitting electronic medical records.

The trouble is that the technical hurdles a practice must jump through in order to use NHIN-Connect are those of a payment processor, not a merchant. There is a lot of complexity here that no clinician should be expected to master.

The model for NHIN-Direct, whose design is still being discussed, is that of a secure ISP. The differences between this and a regular ISP's work are straightforward:

  • A Health ISP verifies its members' identities. Membership has its privileges.
  • A Health ISP verifies the identify of both parties to every data exchange at the time of the exchange.
  • A Health ISP makes certain that the data is properly encrypted.

A Health ISP is more like a registrar than a network operator. You have to prove your identity, show you're Dr. Smith. So does every other clinician on the network. Your credentials can be pulled for violating the rules. You only connect through the network, and all transmissions are audited in real time. But within the network you're using the same e-mail address you have now, same PCs, same everything.

This makes it more like being a merchant on a payment network. You sign up with a processor, through a re-seller or your bank, and instead of getting a terminal you get software, controlled by your provider, which assures everything works.

NHIN Direct, then, is a set of protocols based on existing Internet standards, while NHIN-Connect is a secured network. NHIN Direct operates from the bottom-up, NHIN Connect from the top-down.

Hospitals would probably want to join an NHIN Connect service, now called a Health Information Exchange (HIE) (and previously called a Regional Health Information Organization (RHIO)), because the added authentication services would be valuable when you have hundreds or thousands of members in your organization.

Clinicians and individual doctors might just want to join a Health ISP, and become part of NHIN Direct, because they don't have those technical requirements and they probably already have all the gear they need to use one.

The hope is these systems can work together, that the work done in creating NHIN Connect over the last several years through government contracts won't be lost, and that the HIEs that emerged to serve those needs will retain their business model, perhaps also selling NHIN Direct services.

But if individual practices are going to attain meaningful use starting in October -- that's when the 2011 fiscal year starts -- they can't wait for NHIN Connect to trickle down. They need the services a Health ISP can provide now. We need the specs for NHIN Direct.

Editorial standards