Category: Blog

Understanding “whitelists” in Direct Project secure e-mail

What’s a “Whitelist”?

As a follow-on to the last post about Direct messaging, I want to distinguish the Mass Medical Society’s vision of a “whitelist” from another concept that confusingly shares the “whitelist” moniker. Below, I’ll introduce two distinct terms and try to clarify the distinction:

“OR-gate whitelists” expand the communication pool

Mass Medical Society envisions a kind of per-physician “whitelist” that I’ll call an OR-gate whitelist. The basic premise of an OR-gate whitelist is that a physician can add any Direct address to her OR-gate whitelist via a UI in her EHR or HISP. By doing so, she’d be able to send secure e-mail to that address — regardless of CAs, trust bundles, or pre-existing local policy. An OR-gate whitelist acts like a logical “OR gate,” meaning that a message will be sent if institutional policy allows it, or if a physician’s personal OR-gate whitelist allows it.  With OR-gate whitelists, physicians can send to any Direct endpoint in the world, full stop.

“AND-gate whitelists” restrict the communication pool

The current Massachusetts HIWay has a deployed a different kind of “whitelist” functionality that I’ll call an AND-gate whitelist. Mass HIWay maintains a state-wide AND-gate whitelist of acceptable Direct addresses to which HIWay users are allowed to send Direct messages. An AND-gate whitelist acts like a logical “AND gate,” meaning that a message will be sent only if institutional trust bundles allow it (i.e. the recipient’s cert is signed by a CA that the organization trusts) and the institution’s AND-gate whitelist allows it. So Mass HIWay’s state-wide AND-gate whitelist is a way to avoid allowing, say, “all eClinicalWorks users across the whole country” into the pool at once. Instead, access can be restricted to the intersection of two sets: “All eClinicalWorks users across the whole country” and “Users on the Mass HIWay AND-gate whitelist.”

Direct Project: Secure e-mail in MU2

MU2 is here, and with it: secure e-mail

As Meaningful Use 2014 EHRs come online this winter, clinicians across the country gain access the host of new features included in the MU 2014 Certification Requirements. In this post, we’ll dig into one of these features: EHR-based secure e-mail capabilities that operate using the “Direct Project” specification. (If you’re new to this world: when you hear “Direct Project,” you should think “secure e-mail for healthcare.”)

Continue reading “Direct Project: Secure e-mail in MU2”

SMART, FHIR, and a Plan for Achieving
Healthcare IT Interoperability

Since 2010, the SMART team has been privileged to work on an exciting frontier of health data liberation, exposing structured patient-level data through an open API. We’ve striven for simplicity, with a constrained set of well-described data models, fixed vocabularies, a clean REST API, and Web-based UI integration. And we’ve endeavored to use existing standards where they fit the bill: that is, when existing standards were openly available and met our own subjective criterion of developer-friendliness.

When we launched our first preview of the SMART API back in 2010, there was no structured data content standard that fit the bill, so we rolled our own. We started with simple models for Patient, Medication, and Fulfillment, and over time we’ve expanded the collection to encompass over a dozen top-level clinical statements. Building and maintaining these data models was never our core goal, but until recently, there hasn’t been a suitable alternative on the horizon.
Continue reading “SMART, FHIR, and a Plan for Achieving
Healthcare IT Interoperability”

Kohane Commentary on Grande et al Findings

JAMA Int Med: Secondary Use of Health Information: Are We Asking the Right Question?A report on “Public Preferences About Secondary Uses of Electronic Health Information” has just been published by a group of researchers led by Dr. David Grande at UPenn’s medical school. The publishing journal, JAMA Internal Medicine, also invited SMART Co-Director Zak Kohane to comment. His remarks appear in Secondary Use of Health Information: Are We Asking the Right Question? and may be read in their entirety by enlarging the image on the right. (A subscription is required to access the articles’ full texts.)

Continue reading “Kohane Commentary on Grande et al Findings”

Kohane on Health Record Surveillance

Why You Should Demand More Surveillance—Of Your Health Records

Today on WBUR’s CommonHealth:

“Your medical data—the records of your doctors’ visits and operations and drug purchases—is already not as private as you might like to imagine. Dozens of agencies, commercial and governmental, routinely have access to it, ostensibly for the purpose of ensuring efficient and accurate payment.

Yet the vast majority of your health care data remains unused, discarded and ignored. It sits idle when it could be applied today to improve the delivery of health care—including yours—and advance medical science.…”

READ MORE >

SMART Networking at Health Datapalooza IV

Shown above (from left), SMART architects Nikolai Schwerter and Arjun Sanyal, co-director Ken Mandl, and advisor Mark Frisse all attended the fourth annual conference to liberate health data in Washington D.C. on June 3–5, hosted by the Health Data Consortium.
Continue reading “SMART Networking at Health Datapalooza IV”

Webinar Video with Transcript: Getting SMART about C-CDA

Enjoy this interactive transcript of Josh Mandel’s popular webinar about SMART’s open-source tools, synchronized to the video recording. Now you can:

  • Follow along in the text as the video plays
  • Click any word in the transcript to jump to its location in the video
  • Search for a specific keyword and then jump to each occurrence of that word
  • View the transcript in “scan view,” similar to a word cloud
  • Print the transcript
  • Download the transcript

Continue reading “Webinar Video with Transcript: Getting SMART about C-CDA”

Getting Data to Patients: Technology + Policy

ABBI and BlueButton+

Over the past six months, I’ve had the privilege of working with the Automate Blue Button Initiative on BlueButton+ specifications for sharing data with patients.  Since ABBI’s core goal of enabling automated patient access to health data is so closely aligned with SMART’s vision, it was exciting to see the initial (Push-based) BlueButton+ specifications implemented at HIMSS 13 this month.

Progress in ABBI’s Pull Workgroup has been slower.  We’re hashing out the details of an OAuth2-based framework that puts patients in control over when and how apps can fetch health data.  An important question has been: how can we enable an ecosystem where thousands of apps connect to providers across the country in a trusted way?

Continue reading “Getting Data to Patients: Technology + Policy”

Introducing the SMART C-CDA Scorecard

The SMART team is proud to introduce the C-CDA Scorecard, a web-based tool to help vendors, providers and other health data holders produce high-quality clinical summaries for Meaningful Use Stage 2.

Get ready for Meaningful Use Stage 2

Consolidated Clinical Document Architecture (C-CDA) is the specification cited by Meaningful Use Stage 2 for creating structured clinical summary documents. C-CDA documents are required by MU2 to support transitions of care, to enable patient-driven “view/download/transmit” objectives, and to promote medical record data portability.

Continue reading “Introducing the SMART C-CDA Scorecard”

Spotlight on OSEHRA

We recently posted about Ken Mandl’s participation in a panel at the OSEHRA 1st Annual Open Source EHR Summit and Workshop. Audio and slides are now available to those with OSEHRA user accounts; scroll to Day One, 3pm, “Open Source Best Practice and Business Models.”

OSEHRA logoNow we’d like to back up and talk briefly about OSEHRA itself, and share links that highlight its relationship to SMART.

Continue reading “Spotlight on OSEHRA”