Using both Direct and FHIR standards could improve data exchange
As HL7's FHIR standard continues to catch on across healthcare, there are ways it can be leveraged to work in tandem with the Direct protocol for better information exchange, a new report from DirectTrust shows.
Hospitals and medical practices could make progress in their interoperability initiatives by availing themselves of both approaches, according to the report, coauthored by DirectTrust CEO David Kibbe, MD, members of the DirectTrust Policy Committee and FHIR architect Grahame Grieve of HL7.
The two approaches are different, but offer synergies that bear exploration. FHIR is a standards framework created by HL7; Direct is an exchange network for easy and exchange of personal health information between providers and between provider and patients.
The white paper, "Direct, DirectTrust, and FHIR: A Value Proposition," explores different ways FHIR's web APIs can complement the Direct standard for more seamlessly exchanging healthcare data.
"The FHIR community’s current focus is 'perimeter interoperability' – that is, exchange of data outside the institution, either with patients/consumer directly, or between institutions," according to the report. "In the USA, most of the focus around FHIR has been consumer to business (C2B) rather than business to business (B2B). This focus is because institutions have their internal integrations and some external exchanges already in place, whereas C2B is where immediate value can be extracted and may lead to a marketplace for apps."
Meanwhile, "the primary use of the Direct protocol is for exchanging data between clinicians and support staff in institutions," the authors said. "Today, as a result of the meaningful use Program, Direct is commonly used to carry C-CDA formatted data between many institutions using version R2.1 of the C-CDA. There were over 98 million such exchanges via Direct in the DirectTrust network during 2016, and approximately 150 million transactions are expected in 2017."
Despite those very different origins and uses, however, there's big potential for harnessing the two specs together, especially across the DirectTrust network, which expect to host 150 million transitions in 2017.
"There is a perceived conflict between the current use and growth of Direct and the future use of FHIR," according to the study, "even though Direct is content agnostic, and FHIR as a resource is transport agnostic."
There are challenges to making the two standards work together – but also, potentially, big advantages.
There are two primary avenues through which Direct/DirectTrust and FHIR could work well together, the study shows. 1) FHIR resources can be pushed in Direct Messages; 2) DirectTrust framework and certificates can support FHIR’s RESTful API
The first approach could be most in cases where "each exchange information flow is unidirectional, and a Direct- based trust network like that of DirectTrust exists between the source and destination (i.e. the source knows how to deliver to the destination). Where these conditions exist, using Direct to send messages saves implementers from recreating the same distribution management system, such as certificate and policy frameworks and trust agreements."
The second strategy holds promise in that "existing work in the FHIR eco-system does not deal with establishing trust between systems," according to the white paper. "To authenticate system-to-system communication, some trust framework will be needed – either point to point agreement about certificates and other security tokens, or some mediated trust community will need to provide a framework in which these are managed. The DirectTrust community could serve this role – this would enable the 100,000+ existing DirectTrust enabled institutions and 1.5 million identity proofed addressess at those institutions to allow connections between each other without the need for point-to-point agreements."
Much more work remains to be done, and the report emphasizes the need for the DirectTrust and the FHIR communities find ways to build engagement to iron out how the technical specifications can better relate to each other and explore the implications for real-world use cases.
"Collaboration is key to getting the best out of standards," said Kibbe. "We should take every opportunity to combine the strengths of different interoperability standards, so that they enrich and support each other," said Kibbe. "No single standard, either for transport, or for content, or for trust in identity, can do everything that is needed by providers and patients wanting to securely share and exchange health information using various tools and technologies," he added.
"The existing work in the FHIR ecosystem does not standardize all aspects of establishing trust between systems,” said Grieve. "While FHIR offers SMART-on-FHIR as a way to delegate authorization, underlying trust frameworks are needed to provide a framework in which these are managed. Working with DirectTrust could potentially save the FHIR community from the costs of building a new trust framework by using one already proven to scale high identity assurance."