Direct Project: Sending medical information through the cloud

In almost all other industries, cloud computing has been a revolutionary force in promoting system interoperability and reducing it costs, but it is hard to adopt a cloud model for healthcare it. Today, medical IT in the cloud is largely limited to small applications of managed electronic medical records (EHR) providers, such as Eclinicalworks and practicefusion. Instead of focusing on data exchange, these providers focus on managed data and services (software as a service or SaaS model). The large hospital system has not yet adopted cloud computing in any meaningful way.

The potential cost savings of cloud computing could be a huge temptation for healthcare providers to move to a more efficient and open data infrastructure. The ability to safely share medical data across the health care system has improved the patient's medical reliability. And for software developers, medical IT represents a new area of innovation and discovery.

In this article, I'll introduce a sensitive data interchange protocol, Direct Project, with a broad perspective, developed and replicated by the U.S. federal government. First, IT outlines the requirements for Open data exchange and the limitations of common protocols in medical IT. It then describes how Direct Project can fill the security and infrastructure gaps that have hindered the medical system from adopting a more open Data interchange protocol so far. Finally, I will provide a simple programming example using direct Sender, direct Sender is an open source, java-based client that implements the direct protocol.

Medical IT and Open data exchange

Hospitals and doctors are notorious for providing online access to patient data. Even today in 2012, when you go to a typical American hospital to get your medical records, hospital staff simply print them out and charge you a certain copy fee. When your doctor needs to recommend you to another medical provider, he or she is likely to send a fax or telephone contact to the provider. Such unreliable data management can lead to huge waste and even medical errors.

HIE and Direct Project

The exchange of data among healthcare providers is a huge challenge, and the government has funded the establishment of special medical Information exchange (HIE) institutions such as Direct Project. Medical information exchange is an organization that provides infrastructure and services to promote the electronic sharing of medical-related information. Each HIE is usually served in a large city area or part of a state. On average, it takes more than 15 million dollars to build a HIE, and millions of dollars a year to keep it working. The "closeness" of the medical IT system is a significant cost to all of us.

For many reasons, medical IT's adoption of internet technology is very slow. This is partly due to the economic incentives that are off track, the highly fragmented Electronic medical records (EHR) market, the vendor lock-in created by EHR providers, the privacy regime, and the loose and fragmented data exchange standards. Thanks to these impediments, cloud computing has so far had little effect in the healthcare IT sector. Even in healthcare providers that have EHR implementations, it is often internal to host data and try to avoid external access.

Development history of Direct Project

The United States federal government initially developed the Medical information exchange network to connect the DoD (DoD) and VA (VA) hospitals so that wounded soldiers can receive more effective treatment across hospitals. The system is called the National Health Information Network (Health Information Network, NHIN). The system was subsequently taken over and transformed into an open source project by Office of national coordinator of Health IT (ONC) as a medical information exchange template for the entire United States. ONC renamed the item to Nationwide Health Information Network (Nwhin), and then renamed EHealth Exchange.

The core of the federal HIE Network is a service-oriented architecture (SOA) system called CONNECT, which is based on a Java ESB. Medical providers in the network can plug their systems into the bus. CONNECT networks can be organized in a layered way. But in practice, the maintenance and expansion of such a system is very complex.

Recognizing the limitations of Connect, ONC next developed a scaled-down version of the HIE infrastructure called Direct. Unlike the Connect,direct design, it is a peer-to-peer structure. Medical providers who are accustomed to sending messages back and forth are familiar with the open, Peer-to-peer data exchange model of direct, so direct is more likely to be used.

e-mail security and medical IT

Patient data stored in the medical IT system must comply with strict privacy and security regulations, such as the health Insurance Circulation and Accountability Act (HIPAA) and the Medical Information technology promotion Economic and Clinical Health Act (HITECH). These regulations combine to define how data should be stored and transmitted, and who should be responsible for data disclosure.

E-mail is the most widely used tool in the process of exchanging documents over the Internet. Although e-mail is ubiquitous, it is not safe enough to send sensitive data, such as medical records and referral information. e-mail addresses may be phishing, and e-mail content is passed through multiple Third-party mail servers on the Internet in clear text before reaching the recipient's inbox. These facts contradict HIPAA and HiTech security rules.