An Unsolicited “Push” of Clinical Health Information to a Known Destination Between Systems

Type	Standard / Implementation Specification	Standards Process Maturity	Implementation Maturity	Adoption Level	Federally required	Cost	Test Tool Availability
Standard	HL7® FHIR® RESTful API	Final	Production		Yes	Free	Yes
Standard	Direct™ (Applicability Statement for Secure Health Transport v1.2)	Final	Production		Yes	Free	Yes
Implementation Specification	eHealth Exchange Specification: Messaging Platform	Final	Production		No	Free	Yes
Implementation Specification	eHealth Exchange Specification: Authorization Framework	Final	Production		No	Free	Yes
Implementation Specification	eHealth Exchange Specification: Document Submission	Final	Production		No	Free	Yes
Implementation Specification	IHE-XDR (Cross-Enterprise Document Reliable Interchange)	Final	Production		No	Free	Yes
Implementation Specification	NCPDP® SCRIPT Standard, Implementation Guide, Version 2017071	Final	Production		Yes	$	Yes
Implementation Specification	Applicability Statement for Secure Health Transport Version 1.3	Final	Production		Yes	Free	Yes
Implementation Specification	NCPDP SCRIPT Standard, Implementation Guide, Version 2019071	Final	Production		No	$	No
Emerging Standard	DirectTrust™ Trusted Instant Messaging Plus (TIM+)	Balloted Draft	Pilot	Feedback Requested	No	Free	No
Emerging Standard	Specialty Transaction HL7 FHIR	Balloted Draft	Pilot		No	$	No

Limitations, Dependencies, and Preconditions for Consideration	Applicable Security Patterns for Consideration
The IHE-XDR implementation specification is based upon the underlying standards: SOAP v2, and OASIS ebXML Registry Services 3.0 The eHealth Exchange Specification: Authorization Framework implementation specification is based upon the underlying standards: SAML v1.2, XSPAv1.0, and WS-1.1. “The Direct Standard” is based upon the underlying standard: Simple Mail Transfer Protocol (SMTP) RFC 5321 and for security uses Secure/Multipurpose Internet Mail Extensions (S/MIME) Version 3.2 Message Specification, RFC 5751. For Direct, interoperability may be dependent on the establishment of “trust” between two parties and may vary based on the trust community(ies) to which parties belong. The leading trust communities to enable communication amongst the most users include DirectTrust (for provider messaging and consumer-mediated exchange) and NATE (for consumer-mediated exchange). The reference to FHIR for this interoperability need is in relation to the transport services that are conformant to the “RESTful FHIR API” The DirectTrust Trusted Instant Messaging Plus standard provides secure instantaneous communication via the XMPP standard between servers allowing for federated trust communities and cross-platform communication. The draft standard supports text-based communication, file transfers, group messaging, and "presence". Future versions of the Standard are expected to support audio and video communications. See Direct, FHIR, and IHE projects in the Interoperability Proving Ground. The Applicability Statement for Secure Health Transport Version 1.3 is a newer version of the standard that is available for health IT developers to voluntarily update and provide to their customers. It became available when it was added to the Approved Standards for 2022 through ONC’s Standards Version Advancement Process (SVAP).	Secure Communication – Create a secure channel for client-to-server and server-to-server communication. Secure Message Router – Securely route and enforce policy on inbound and outbound messages without interruption of delivery. Authentication Enforcer – Centralized authentication processes. Authorization Enforcer – Specifies access control policies. Credential Tokenizer – Encapsulate credentials as a security token for reuse (e.g., SAML, Kerberos). Assertion Builder – Define processing logic for identity, authorization and attribute statements. User Role – Identifies the role asserted by the individual initiating the transaction. Security Labeling – The health information is labeled with security metadata necessary for access control by the end user. Purpose of Use – Identifies the purpose for the transaction.

Limitations, Dependencies, and Preconditions for Consideration

Applicable Security Patterns for Consideration

The IHE-XDR implementation specification is based upon the underlying standards: SOAP v2, and OASIS ebXML Registry Services 3.0
The eHealth Exchange Specification: Authorization Framework implementation specification is based upon the underlying standards: SAML v1.2, XSPAv1.0, and WS-1.1.
“The Direct Standard” is based upon the underlying standard: Simple Mail Transfer Protocol (SMTP) RFC 5321 and for security uses Secure/Multipurpose Internet Mail Extensions (S/MIME) Version 3.2 Message Specification, RFC 5751.
For Direct, interoperability may be dependent on the establishment of “trust” between two parties and may vary based on the trust community(ies) to which parties belong. The leading trust communities to enable communication amongst the most users include DirectTrust (for provider messaging and consumer-mediated exchange) and NATE (for consumer-mediated exchange).
The reference to FHIR for this interoperability need is in relation to the transport services that are conformant to the “RESTful FHIR API”
The DirectTrust Trusted Instant Messaging Plus standard provides secure instantaneous communication via the XMPP standard between servers allowing for federated trust communities and cross-platform communication. The draft standard supports text-based communication, file transfers, group messaging, and "presence". Future versions of the Standard are expected to support audio and video communications.
See Direct, FHIR, and IHE projects in the Interoperability Proving Ground.
The Applicability Statement for Secure Health Transport Version 1.3 is a newer version of the standard that is available for health IT developers to voluntarily update and provide to their customers. It became available when it was added to the Approved Standards for 2022 through ONC’s Standards Version Advancement Process (SVAP).

Secure Communication – Create a secure channel for client-to-server and server-to-server communication.
Secure Message Router – Securely route and enforce policy on inbound and outbound messages without interruption of delivery.
Authentication Enforcer – Centralized authentication processes.
Authorization Enforcer – Specifies access control policies.
Credential Tokenizer – Encapsulate credentials as a security token for reuse (e.g., SAML, Kerberos).
Assertion Builder – Define processing logic for identity, authorization and attribute statements.
User Role – Identifies the role asserted by the individual initiating the transaction.
Security Labeling – The health information is labeled with security metadata necessary for access control by the end user.
Purpose of Use – Identifies the purpose for the transaction.

Comment

Submitted by pwilson@ncpdp.org on 2021-09-29

NCPDP Comments

NCPDP SCRIPT Standard, Implementation Guide, Version 2017071 - Update adoption level to 5
NCPDP SCRIPT Standard, Implementation Guide, Version 2019071 - This version has been published and available by trading partner agreement. Currently 2017071 is required by Medicare Part D and ONC certification.

Submitted by dididavis on 2020-12-22

eHealth Exchange Specifications Comment

Can the hyperlinks to the eHealth Exchange Specifications listed below be corrected to reference this corrected link (https://ehealthexchange.org/testing-program/technical-specifications/) because the current links are broken. Also, the eHealth Exchange would like to request that the Adoption Level level be increased 5 since the eHealth Exchange specifications used by network is very mature with 300+ gateways in production today exchanging data using these specifications since 2009 when it was an ONC project. Also, the test tool availability should reference this link (https://wiki.ihe.net/index.php/IHE_Test_Tool_Information). Please contact ddavis@sequoiaproject.org if you have any questions related to this request. eHealth Exchange Specification: Document Submission, eHealth Exchange Specification: Messaging Platform, eHealth Exchange Specification: Authorization Framework

Submitted by pwilson@ncpdp.org on 2020-11-07

NCPDP Comment

Add the following:

Type-Emerging Standard Standard Implementation/Specification- Specialty Transaction HL7® FHIR® Standards Process Maturity – Balloted Draft Implementation Maturity- Pilot Adoption Level – 1 Federally Required – No Cost – $ Test Tool Availability – No

Update the following:

Type-Implementation Specification Standard Implementation/Specification- NCPDP SCRIPT Standard, Implementation Guide, Version 2017071 Adoption Level – 2 Add: Test Tool Link: https://tools.ncpdp.org/erx/#/home

Add the following:

Type-Implementation Specification Standard Implementation/Specification- NCPDP SCRIPT Standard, Implementation Guide, Version 2019071 Standards Process Maturity – Final Implementation Maturity- Production Adoption Level – 2 Federally Required – No Cost – $ Test Tool Availability – No

MedicationList is a new transaction available in NCPDP SCRIPT Standard, Implementation Guide, Version2019071

Submitted by pwilson@ncpdp.org on 2019-09-24

NCPDP Comment

Add the following:

Type-Implementation Specification Standard Implementation/Specification- NCPDP SCRIPT Standard, Implementation Guide, Version 2017071 Standards Process Maturity – Final Implementation Maturity- Production Adoption Level – N/A Federally Required – No Cost – $ Test Tool Availability – Yes Test Tool Link: https://tools.ncpdp.org/erx/#/home

Add the following:

Type-Implementation Specification Standard Implementation/Specification- NCPDP SCRIPT Standard, Implementation Guide, Version 2019071 Standards Process Maturity – Final Implementation Maturity- N/A Adoption Level – N/A Federally Required – No Cost – $ Test Tool Availability – Yes Test Tool Link: https://tools.ncpdp.org/erx/#/home

MedicationList is a new transaction available in NCPDP SCRIPT Standard, Implementation Guide, Version 2019071 for transmission of dispensed medication data from dispensing entities to an HIE or HIE-like entity.

Submitted by juliemaas on 2017-11-20

Use of Direct for System-to-System Communication

There are many systems in the field today that have Direct-enabled endpoints in use to send or accept data for automated workflows at the system level. This model is most commonly used in care coordination, public health, and related applications. We see a lot of continued growth in the number of organizations joining Direct networks to take advantage of the system-to-system transmission enabled by Direct. Adoption Level of 1 understates this use and I encourage ONC to increase the stated Adoption Level to 2 or 3.

Julie Maas

CEO, EMR Direct

About the ISA

ISA Content

ISA Sections

Appendices

Specialty Care and Settings

ISA Publications

Recent ISA Updates

An Unsolicited “Push” of Clinical Health Information to a Known Destination Between Systems

Comment

NCPDP Comments

eHealth Exchange Specifications Comment

NCPDP Comment

NCPDP Comment

Use of Direct for System-to-System Communication