Information Technology Reference
In-Depth Information
does actually belong to who it is claimed to belong to. The certificate binds the
public key to an entity, and that binding is certified by the authority. This adds
complexity and cost but it is widely used because no fully satisfactory alternate
solution to the public key authentication problem is known.
There is also the issue of making sure data is being routed to where it is intended
to go. Each provider in a DIRECT HIE also has a special email address for use only
in sending DIRECT messages. A process will be put into place to make sure that
each person or entity has a legitimate right to exchange PHI and that the address is
issued to the correct person or entity. The HISP will provide a related service so that
any provider in the HIE can look up the trusted DIRECT email address of any other
provider. HISPs can talk to other HISPs so, as DIRECT expands, this lookup service
and the ability to send DIRECT messages may become available regionally, state-
wide or even nationally.
Of course, the centralized HIE technologies also have a provider directory ser-
vice to manage trust. In these technologies DIRECT messages aren't being sent, so
this directory information is not in the form of an email address but, like a hospital's
credentialing system, it is designed to make sure that everyone can have faith that
data is being shared with the correct entity.
Most vendors of HIE technology now provide the necessary tools for DIRECT,
including HISP software. Anyone can create a DIRECT exchange. As a result, most
health systems that have an HIE will likely soon offer or are already offering
DIRECT and operate their own HISP. In all cases, the HISP will need to be main-
tained by a trusted entity. This might be the health system or, in a cross enterprise
HIE it might be a state designated agency. Whoever it is will probably mange the
PKI infrastructure for providers within their HIE. A process will be put into place to
make certain that everyone is who they claim to be and that the certificates are cor-
rectly issued to the person or entity that has a legitimate right to use them. Outside
of a health system the HISP and the entity that operates it may also operate the PKI
infrastructure.
Interoperability
In general we are considering health informatics from the provider practice perspec-
tive. In this section we'll take a brief detour into the world of hospital information
systems in order to discuss another long term goal of the field: interoperability.
Interoperability is the ability of diverse systems and organizations to work together
and exchange data meaningfully. It should already be clear that here in the US we
have a very diverse set of health information systems implemented in our hospitals
and clinics. In fact most US health systems have a very diverse set of information
systems
within their own enterprise
so interoperability is not just an issue across
health systems.
