The Office of the National Coordinator for Health IT (ONC) recently released guidelines for statewide health information exchanges to use direct clinical messaging. The guidelines are ONC’s aim to help health information service providers (HISPs) with the perceived need for peer-to-peer legal agreements, allowing them to seamlessly exchange messages.
Among the ONC’s guidelines are to “conform to all of the requirements specified in the Applicability Statement for Secure Health Transport,”and the “XDR and XDM for Direct Messagingspecifications.” ONC also says states should implement “the Certificate Discovery for Direct Project Implementation Guide.” The ONC’s guidelines recommend HISPS producecontractually binding legal agreements with their clients and demonstrate conformity with industry practices through a separately written audit.
In the document ONC says creating specific peer-to-peer legal agreements is expensive and time-consuming, and cumbersometo monitor and enforce. “They are not a realistic long-term basis for scalable trust,” it says. Thus, the ONC created these guidelines that will aim to be applicable to all HIEs.
Grand Prairie, Texas-based Rainbow Children's Clinic was the victim of a ransomware attack on its IT systems in August, affecting more than 33,000 patients, according to multiple news media reports this week.