Direct Project Guidelines
max.md is an HISP that meets all NHIN Direct Project Guidelines. The key eight points are addressed with specific mdEmail technologies. Description of both the criteria and the supporting technologies are provided.
Our NHIN Direct Project solution offers technical specifications for secure communication of clinical data. These specifications can validate the identity of the sender and then ensure both the authenticity and integrity of sent content using our secure push technology.
Eight key NHIN Direct Project criteria specify:
- Policy guidance for Direct Project exchange will be provided by the NHIN Workgroup of the HIT Policy Committee and will not be decided within the Direct Project itself. Organizations must choose the policies and practices that will support their specific environments.
- Direct Project exchange will conform to applicable federal and state laws, including but not limited to those related to security and privacy of protected health information.
- As required by law or policy, the Sender has obtained the patient’s consent to send the information to the Receiver. Therefore, the Sender and Receiver know that the patient’s privacy preferences are being honored.
- The Sender of a Direct message has determined that it is clinically and legally appropriate to send the information to the Receiver.
- The Sender has determined that the Receiver’s address is correct.
- The Sender has communicated to the receiver for the purpose of exchanging the information.
- The Sender and Receiver do not require common or pre-negotiated patient identifiers. Similar to the exchange of fax or paper documents, there is no expectation that a received message will be automatically matched to a patient or automatically filed in an EHR.
- Direct exchange will coexist gracefully with health information exchange services based on the existing NHIN standards and services.
The Model allows secure communication of health data among health care participants who already know and trust each other and thus is bound by a set of simplifying assumptions.
Figure 1: The Direct Project Abstract Model:
The Abstract Model introduces the concept of a HISP, or Health Information Service Provider. A HISP is not necessarily a separate business or technical entity; instead, it is a logical concept that encompasses certain services that are required for Direct Project exchange but may be performed or handled by a party other than the sender, depending on the deployment option chosen by the implementation.
How is Direct Project Exchange implemented technically?
In general, a Direct Project implementation is responsible for packaging message content, securing it, and transporting it from one location to another.
- Content is packaged using MIME and, optionally, XDM.
- Confidentiality and integrity of the content is handled through S/MIME encryption and signatures.
- Authenticity of the Sender and Receiver is established with X.509 digital certificates.
- Routing of messages is handled through SMTP.
The max.md secure email product, .mdEmail®, is a secure encrypted MIME format tool handled over SMTP. Encryption and decryption are authenticated and non refutable and do not require trust certificate pairs between users.