Difference between revisions of "Direct Project (MU3))"

From OpenEMR Project Wiki
Line 1: Line 1:
=Direct Project (MU3))=
=Direct Project (MU3))=
Notes and documentation on the Direct Project goes here.


For MU3 we need to meet the following testing criteria:
==Regulation Text==
 
§ 170.315 (h)(1) Direct Project— Applicability Statement for Secure Health Transport. Able to send and receive health information in accordance with the standard specified in § 170.202(a)(2), including formatted only as a “wrapped” message.
Delivery Notification in Direct. Able to send and receive health information in accordance with the standard specified in § 170.202(e)(1). (Source [https://www.healthit.gov/test-method/direct-project https://www.healthit.gov/test-method/direct-project])
 
===(h)(1)(i) - Send===
Technical outcome – The health IT can electronically transmit (send and receive) health information to a 3rd party which must be formatted only as a “wrapped” message using the Applicability Statement for Secure Health Transport, Version 1.2.


==(h)(1)(i) - Send==
Discover Certificates
* DNS discovery of address-bound and domain-bound certificates
* DNS discovery of address-bound and domain-bound certificates
* LDAP discovery of address-bound and domain-bound certificates
* LDAP discovery of address-bound and domain-bound certificates
Line 13: Line 16:
* Must meet 170.202(a)(2) standard which is the applicability statement for secure health transport which can be found here: https://wiki.directproject.org/w/images/e/e6/Applicability_Statement_for_Secure_Health_Transport_v1.2.pdf
* Must meet 170.202(a)(2) standard which is the applicability statement for secure health transport which can be found here: https://wiki.directproject.org/w/images/e/e6/Applicability_Statement_for_Secure_Health_Transport_v1.2.pdf


==(h)(1)(i) - Receive==
===(h)(1)(ii) - Send===
 
Technical outcome – The health IT can electronically transmit (send and receive) health information to a 3rd party using Direct in accordance with the Implementation Guide (IG) for Delivery Notification in Direct, Version 1.0.


=== Additional Testing Criteria===
Required Enhanced Testing
Required Enhanced Testing
* We have to certify sending and receiving from three unrelated HISPs.
* We have to certify sending and receiving from three unrelated HISPs.
* Requires certification of (b)(1) Transitions of Care


Note the documentation for the Direct service that was originally built and certified for MU2 is here:
==Resources==
[[Direct]]
* [[Direct]] - The documentation for the Direct service that was originally built and certified for MU2.
* Contact EMRDirect for up to date certification walkthrough guide that is extremely helpful for passing certification.  This document is proprietary and can't be uploaded here to the wiki.


The ONC (h)(1) criteria site is here: https://www.healthit.gov/test-method/direct-project
==GAP Analysis==
* Fix Mime Type Exclusion - Currently if an unknown mime type is sent to OpenEMR via Direct it is rejected. We will change the Document parsing to accept a document if it comes from a Direct validated address.
* Embed EMRDirect public certificate into OpenEMR for both testing and production to simplify EMRDirect installation for users.


Certification of (h)(1) requires also certification of (b)(1) which is the Transitions of Care: https://www.healthit.gov/test-method/transitions-care
==Relevant OpenEMR Code Sections==
 
Terminology:


==Terminology==
XDM - Standard can be found here: https://profiles.ihe.net/ITI/TF/Volume1/ch-16.html
XDM - Standard can be found here: https://profiles.ihe.net/ITI/TF/Volume1/ch-16.html
* XDM description from above link: Cross-Enterprise Document Media Interchange (XDM) provides document interchange using a common file and directory structure over several standard media types.
* XDM description from above link: Cross-Enterprise Document Media Interchange (XDM) provides document interchange using a common file and directory structure over several standard media types.
Line 35: Line 42:
* The XDS system of registry and repository is termed an integration profile and was created by Integrating the Healthcare Enterprise. XDS uses structured EHR standards such as Continuity of Care Record (CCR) and Clinical Data Architecture (CDA) to facilitate data exchange.
* The XDS system of registry and repository is termed an integration profile and was created by Integrating the Healthcare Enterprise. XDS uses structured EHR standards such as Continuity of Care Record (CCR) and Clinical Data Architecture (CDA) to facilitate data exchange.


==Testing Notes==
==Miscellaneous==
 
===Testing Notes===
====Trust Certificate====
Note in the Direct setup with EMR Direct that if you don't put in the intermediary trust certificate you have to use http:// instead of https:// for the Direct connection string.
Note in the Direct setup with EMR Direct that if you don't put in the intermediary trust certificate you have to use http:// instead of https:// for the Direct connection string.


====Custom Email Domain with google====
Note that custom domain name emails with google for the report recipient with the Edge Testing Tool (ETT) don't work, but regular gmail email addresses work.  ie yourname@mycustomgoogledomain.com won't receive ETT test results whereas yourname@gmail.com will work.  EMRDirect has a message about that:
Note that custom domain name emails with google for the report recipient with the Edge Testing Tool (ETT) don't work, but regular gmail email addresses work.  ie yourname@mycustomgoogledomain.com won't receive ETT test results whereas yourname@gmail.com will work.  EMRDirect has a message about that:
* IMPORTANT: The DCDT sends .crt (X509 certificate) attachments in the results that it emails back to you. Many mail antivirus systems will actively block messages with these attachments, so if you are not receiving the reports, try a different email domain. For example, accounts ending in gmail.com have received these reports reliably in the past for customers whose corporate email servers block these messages. Prior to your certification test, you should confirm that you are receiving the reports from the DCDT at the regular email address you plan to use on your test date.
* IMPORTANT: The DCDT sends .crt (X509 certificate) attachments in the results that it emails back to you. Many mail antivirus systems will actively block messages with these attachments, so if you are not receiving the reports, try a different email domain. For example, accounts ending in gmail.com have received these reports reliably in the past for customers whose corporate email servers block these messages. Prior to your certification test, you should confirm that you are receiving the reports from the DCDT at the regular email address you plan to use on your test date.
ollowing testing criteria:

Revision as of 18:30, 4 February 2022

Direct Project (MU3))

Regulation Text

§ 170.315 (h)(1) Direct Project— Applicability Statement for Secure Health Transport. Able to send and receive health information in accordance with the standard specified in § 170.202(a)(2), including formatted only as a “wrapped” message.

Delivery Notification in Direct. Able to send and receive health information in accordance with the standard specified in § 170.202(e)(1). (Source https://www.healthit.gov/test-method/direct-project)

(h)(1)(i) - Send

Technical outcome – The health IT can electronically transmit (send and receive) health information to a 3rd party which must be formatted only as a “wrapped” message using the Applicability Statement for Secure Health Transport, Version 1.2.
  • DNS discovery of address-bound and domain-bound certificates
  • LDAP discovery of address-bound and domain-bound certificates
  • Registration of Direct email address using the ETT (Edge Testing Tool)
  • Send payload to ETT is encrypted using the ETT’s Public Key and signed using OpenEMR’s Private Key.
  • verifies the identified health information is successfully transmitted to a third party using Direct, in accordance with the standard specified at § 170.202(a)(2), and using the RFC-5751 “wrapped” message format.
  • Must meet 170.202(a)(2) standard which is the applicability statement for secure health transport which can be found here: https://wiki.directproject.org/w/images/e/e6/Applicability_Statement_for_Secure_Health_Transport_v1.2.pdf

(h)(1)(ii) - Send

Technical outcome – The health IT can electronically transmit (send and receive) health information to a 3rd party using Direct in accordance with the Implementation Guide (IG) for Delivery Notification in Direct, Version 1.0.

Additional Testing Criteria

Required Enhanced Testing

  • We have to certify sending and receiving from three unrelated HISPs.
  • Requires certification of (b)(1) Transitions of Care

Resources

  • Direct - The documentation for the Direct service that was originally built and certified for MU2.
  • Contact EMRDirect for up to date certification walkthrough guide that is extremely helpful for passing certification. This document is proprietary and can't be uploaded here to the wiki.

GAP Analysis

  • Fix Mime Type Exclusion - Currently if an unknown mime type is sent to OpenEMR via Direct it is rejected. We will change the Document parsing to accept a document if it comes from a Direct validated address.
  • Embed EMRDirect public certificate into OpenEMR for both testing and production to simplify EMRDirect installation for users.

Relevant OpenEMR Code Sections

Terminology

XDM - Standard can be found here: https://profiles.ihe.net/ITI/TF/Volume1/ch-16.html

  • XDM description from above link: Cross-Enterprise Document Media Interchange (XDM) provides document interchange using a common file and directory structure over several standard media types.
  • XDM is document format agnostic, supporting the same document content as XDS and XDR. Document content is described in Document Content Profiles. Examples are XDS-MS, XPHR, XDS-SD, and XD-LAB.

XDS provides a registry for querying which patient records are in an EHR repository and methods for retrieving the documents.

  • https://en.wikipedia.org/wiki/Cross_Enterprise_Document_Sharing
  • The XDS system of registry and repository is termed an integration profile and was created by Integrating the Healthcare Enterprise. XDS uses structured EHR standards such as Continuity of Care Record (CCR) and Clinical Data Architecture (CDA) to facilitate data exchange.

Miscellaneous

Testing Notes

Trust Certificate

Note in the Direct setup with EMR Direct that if you don't put in the intermediary trust certificate you have to use http:// instead of https:// for the Direct connection string.

Custom Email Domain with google

Note that custom domain name emails with google for the report recipient with the Edge Testing Tool (ETT) don't work, but regular gmail email addresses work. ie yourname@mycustomgoogledomain.com won't receive ETT test results whereas yourname@gmail.com will work. EMRDirect has a message about that:

  • IMPORTANT: The DCDT sends .crt (X509 certificate) attachments in the results that it emails back to you. Many mail antivirus systems will actively block messages with these attachments, so if you are not receiving the reports, try a different email domain. For example, accounts ending in gmail.com have received these reports reliably in the past for customers whose corporate email servers block these messages. Prior to your certification test, you should confirm that you are receiving the reports from the DCDT at the regular email address you plan to use on your test date.

ollowing testing criteria:

Retrieved from "https://www.open-emr.org/wiki/index.php?title=Direct_Project_(MU3))&oldid=31737"