For those wondering, the Direct Project is a secure email protocol based on SMTP/S-MIME for doctor-doctor and doctor-patient secure communication. It is all-but-required in Meaningful Use version 2 and it is intended to replace the fax machine for the transfer of health information in the United States. I had a hand in designing the protocol.
NPPES is the authoritative source of doctor contact information in this country. <shamelessplug> DocNPI.com is probably the best way to actually search the NPPES data, and we have an API and everything. </shamelessplug> But you can download the NPPES data yourself and almost every insurance company, clearinghouse, HIE vendor, etc etc does this on a regular basis, in order to ensure that they have updated contact information for doctors, hospitals and other organizations in the healthcare system.
The NPPES publishes the NPI, which is basically the “social security number” for doctors and hospitals as they conduct business. Anyone who is legitimately connected to healthcare can get an NPI and you should, just so you understand what the signup process looks like.
When you register for your NPI, you have the opportunity to insert your contact information. Once you have an NPI, CMS publishes that contact information. This is the list of every possible contact field in the NPI data:
- Mailing Address Telephone Number
- Practice Location Address Telephone Number
- Authorized Official Telephone Number
- Mailing Address Fax Number
- Practice Location Address Fax Number
- Mailing Address
- Practice Location Address
This bundle of information is what a physcians is required, under HIPAA (the parts no one pays attention to) to keep updated. Right there in the middle you can see two fax numbers. As long as the NPPES data does not have a Direct Mailing address listed in addition to Fax numbers, the message from CMS is clear “Use Fax for health information exchange, not Direct”.
Here, are the reasons that NPPES is really the only place that a centralized Direct provider directory can be kept.
- It is the only contact information that a physician has a legal obligation to keep updated.
- The NPI is the basis for “HIPAA covered transactions” which could be conducted over Direct if there were a clean linkage
- Direct is designed to handle Cert discovery, so there is no need for NPPES do bother with any kind of x509 stuff..
- The alternative is “competitive” directories from private industry which directly (and already) translates to balkanization.
- At the stage, all CMS needs to do is starting asking for the address as part of the NPI signup as a non-required field… This would not need to be a mandate
- But even having a space for it in the record would cause Direct adoption to explode
- By publishing Direct Addresses in NPPES, it would be trivial to detect and call attention to “certificate balkanization” which is the biggest threat to Direct’s success
- There might be complicated reasons for also doing some other provider director solution. Which is fine as long as it is additional to putting Direct emails into NPPES..
- There is literally no other, better, way to get Direct into the conciousness of every doctor in the US. Until you start requiring Direct Email for Meaningful Use Attestation, but that is a post for another day.
Mostly, I just wanted to write this down as a brain dump so that others can easily email a link around as to why this is not a terrible idea.
I have proposed this several times, in person and I believe in some comment to Meaningful Use or something else on regulations.gov. I am certain that I am not the only one, but I tend to be more vocal than average about Health IT policy implementation details. But I cannot find what I have already written anywhere, and it is probably included in something longer I wrote. I am unfortunately given to ranting when people formally ask for my opinion. So I wanted to write a short post about why this is clearly the way forward for Direct Project adoption.
If you have anything to add to my bullet points, email me at fred dot trotter at that email service that google runs.