Technology
e-Newsletter
Intelligence Unit Special Reports Special Events Subscribe Sponsored Departments Follow Us

Twitter Facebook LinkedIn RSS

Direct Protocol May Favor Large Providers and Vendors

Scott Mace, for HealthLeaders Media, December 10, 2013

And yet, the way Direct address are being allocated is very similar to the way doctors acquire the means to send e-prescriptions, counters Wes Rishel, an analyst at Gartner and longtime participant on ONC's HIT Standards Committee.

Gropper is also convinced that doctors should be able to self-certify their own security credentials in a way that deployment of Direct currently does not allow. "Direct is based on e-mail," Gropper tells me. "You don't need HISPs at all. You can run Direct using Mozilla Thunderbird on a $35 Raspberry Pi to do the encryption and decryption and white lists. The mail servers can be blind intermediaries with no filtering or encryption function if you want."

Yet, Rishel and I share concerns that such a scheme opens a massive hole for fraud. "If Sam's Endoscopy Club wants to self-certify, would you as the physician be happy to send your patient's data there?" Rishel asks. Conversely, he asks, "Would you as a physician only want to communicate with those physicians you know personally?"

Rishel and others say HISPs are necessary in order to scale secure messaging to the dimensions necessary to enable widespread trust even among providers who have never met and otherwise know nothing about each other.

Under Gropper's model, "The HISP would be instructed to keep track for each physician of who else the physician trusted," Rishel says. "For Massachusetts alone that would require keeping track of 319,600,000,000 trust relationships. While the database of [that many rows of information] for Massachusetts is feasible (although not cheap) with today's process, the administrative task of setting it up is imponderable."

1 | 2 | 3 | 4 | 5

Comments are moderated. Please be patient.

1 comments on "Direct Protocol May Favor Large Providers and Vendors"


Frank Poggio (12/10/2013 at 2:55 PM)
Scott another excellent piece on an issue that has pretty much gone ignored. But as you say soon it will burst to the surface. The problem is not only with small physician practices but also with small /mid-sized specialty system vendors. As I work with them through ONC Certification most are avoiding it like a plague. You only need to deal with it if you want /need full EHR certification or sell a portal system. It's another example of how government regulation favors large entrenched vendors over small innovative firms. As for the availability of getting government money to help defray development costs many simply do not have the time to chase after a grant while their clients have them up against the Stage 2 timetable.