Is There Any Real Clarity As To Just Where Australia Is With Secure Clinical Messaging?

This release appeared a few days ago.

Media release - Secure messaging standards to be mandatory

20 January 2020: State, Territory and Commonwealth Governments have released a joint statement in support of new standards for secure messaging, stating that the standards will be mandatory in future procurement for applicable systems.

The joint statement was shared with industry at a workshop in December 2019 which was attended by over 50 representatives from clinical and secure messaging software suppliers, governments and clinical representatives.

The Australian Digital Health Agency has been working with industry and governments over a number of years to achieve interoperable secure messaging across different systems – necessary to accelerate use of electronic messaging over fax machines and paper transmission.

The workshop launched the approach to national scaling for a consistent, standards-based approach to secure messaging across Australia, to enable healthcare providers to communicate effectively as part of the National Digital Health Strategy 2018-22.

The workshop was jointly chaired by Ms Bettina McMahon the soon to be interim CEO of the Australian Digital Health Agency, Ms Emma Hossack Chief Executive Officer, Medical Software Industry Association (MSIA) and Dr Nathan Pinskier GP and former Chair of the RACGP Expert Committee – eHealth and Practice Services.

Ms Bettina McMahon said “Many people across industry, governments and peak associations have been working with us since our first meeting in December 2016 to solve what some were describing as an intractable problem. We’ve had quiet confidence that we could co-produce specifications and standards with industry and professionals, try them out in early implementations, and get to a point where Australia’s customers of these systems would require their use.

“We’re now at that point – with Governments confirming that future procurements will reference the standards as mandatory requirements.

Once again government, the health sector and the software industry have come together to address a key priority in the National Digital Health Strategy. It is this level of cooperation and shared insights that will let us achieve the benefits of digital health.”

Ms Emma Hossack said “There is work underway on a standards framework, trust framework and federated directory solution which is marvellous. We have consensus that these will be developed collaboratively and in keeping with the broader digital health interoperability approach. Whilst this can’t be rushed, we are optimistic that future development will occur through agreed standards, validation and conformance which is good news for all Australians using the health system.”

Dr Nathan Pinskier said “In the last three years, we have witnessed a significant level of industry collaboration and commitment in order to resolve a major deficiency in healthcare secure messaging being the lack of seamless interoperability between disparate software products. In this new decade of 2020, this collaborative program is now poised to deliver tangible benefits to both healthcare providers and their patients.”

A Communique on the outcomes of the workshop was released that describes the steps that will be taken to support national scaling of standards-compliant systems.

The Communique acknowledged the work done with industry to co-develop standards which were tested and refined through proof of concept implementations, the balloting of standards where appropriate, and the provision of financial support to industry to implement these standards.

ENDS

Here is the link:

https://www.digitalhealth.gov.au/news-and-events/news/media-release-secure-messaging-standards-to-be-mandatory

Here is the link to the Communique:

https://www.digitalhealth.gov.au/news-and-events/news/media-release-secure-messaging-standards-to-be-mandatory/Communique%20SM%20Industry%20Workshop_20191202.pdf

The key bits (extracted) were:

-----

Government commitment to interoperable secure clinical messaging

The State, Territory and Commonwealth governments issued a joint statement emphasising their commitment towards an interoperable secure messaging service.

National scaling approach

An approach for national scaling was discussed that encompasses the following initiatives:

1.       Develop a secure messaging governance framework

2.       Develop secure messaging use cases

3.       Develop standards and a standards framework

4.       Implement a federated directory solution

5.       Develop a trust framework

6.       Support change and adoption across the health sector

7.       Develop a framework of levers

There was support to continue work underway, especially for initiatives 2, 3, 4 and 5. Attendees recognised that there is more work to be done on these before commencement of work on the other initiatives.

Attendees agreed that the standards framework and governance arrangements should not be developed in a vacuum, bespoke to secure messaging. A collaborative, not “top down”, approach was endorsed for development in this space. The governance arrangements should be consistent with the broader digital health interoperability approach.

Flexibility in mindset and pragmatism in approach were endorsed as the means for achievement of the goal – not aiming for perfection but reflective of current approaches in software and practice. We will develop high-level criteria that define what success looks like. We will consider this over the next six months and agree next time we meet.

Workflow

Attention needs to shift to usability and workflow for end users. Now that barriers to interoperability at the technical layer are largely addressed, with the exception of financial and business models, the success of national scaling is dependent on the experience of clinicians using secure messaging solutions.

Attendees agreed that user experience design work is best done by industry in conjunction with end user stakeholders. It was acknowledged that the Agency could assist this important work through facilitation of collaboration across industry and professional associations. The Agency would also have a role with provision of enabling services, such as test environments.

Directories

Attendees acknowledged the critical importance of directories in achieving secure messaging interoperability. There was a recognition of the need to continue work on federated directories, and that the success of our efforts will impact workflows and usability. It was also noted that directories should be open rather than closed federations.

Priorities

Momentum for change and adoption should be created by selecting a use case and a timeframe for achievement of the most widely used message type occurring via secure messaging by a set date. Attendees supported the Agency proposing a use case (e.g. referrals or discharge summaries) to be primarily electronic by a specific point in time, with various change and adoption levers applied in support.

The Agency will consult on a suitable use case and timeframe by April 2020.

Success criteria will be defined along with the timeframes for them to be met. Once these criteria have been met, a plan for national adoption will be developed.

Looking to the future

Attendees recognised the plans underway to achieve interoperability across a broad range of healthcare systems, and their relevance to the goal of seamless national secure clinical messaging.

Incremental improvements towards interoperability in secure messaging were acknowledged and supported as an approach to date, but the next iteration is now approaching where systems will exchange data through APIs rather than the current transport protocols. Some software organisations are already investing in this capability, so there will be a time when these new technical methods will supersede current methods.

There is a desire to develop for the future, not just for legacy systems. As we move to new methods – including more use of FHIR-based APIs –development should occur through a pathway of agreed standards, validation and conformance criteria. Clarity in respect of quality control measurements and monitoring will be an essential part of this progress.

It was generally agreed that previous approaches have not progressed as quickly or as smoothly as anticipated. In the meantime the digital health environment has continued to develop. The new methods that are emerging will be well suited to the contemporary environment, and these too will be covered by a framework to avoid silos and the mistakes of the past.

-----

Even odder is this:

Secure Message Delivery

Secure Message Delivery (SMD) is a set of specifications that were developed collaboratively by the digital health community, including NEHTA (which transitioned to the Australian Digital Health Agency on 1 July 2016), Standards Australia, desktop software vendors and secure messaging service providers. This set of specifications defines an approach to digital health communication using widely supported IT industry standards.

The SMD specifications support the secure delivery of messages containing clinical documents and/or other information between healthcare providers, either directly or through one or more messaging service providers.

In addition to having a secure messaging connection, sending and receiving clinical systems need to be conformant to message format specifications. The Agency has defined Clinical Document Architecture (CDA) specifications for Referrals, specialist letters, discharge summaries, event summaries and shared health summaries. This allows the exchange of these document types using secure messaging.

Over time, the Agency and other bodies may define specifications for additional document types. The Australian secure messaging standards provide a general purpose secure web service protocol for the delivery of business service messages from one healthcare provider organisation to another.

The secure messaging standards are:

• AS 5552-2013 -eHealth Secure Message Delivery (SMD)
• AS 5551-2013 eHealth XML Secured Payload Profiles (XSP)
• AS 5550-2013 eHealth Web Services Profiles (WSP)

The SMD standard makes use of the XSP and WSP standards. These standards supercede the following older Australian secure messaging specifications:

• ATS 5822-2010 eHealth Secure Message Delivery (SMD)
• ATS 5821-2010 eHealth XML Secured Payload Profiles (XSP)
• ATS 5820-2010 eHealth Web Services Profiles (WSP)

All existing SMD implementations are based on the older ATS 5822-2010 and its related XSP and WSP specifications. The Agency has published a conformance assessment scheme and conformance test tools for ATS 5822 and conformance to ATS 5822 is required for the Department of Health's Practice Incentive Program eHealth Incentive.

Here is the link:

https://developer.digitalhealth.gov.au/products/secure-messaging

So all the standards are dated 2013 or earlier and all the current implementations are based on 2010 standards which need updating! Also the move to APIs seems to make some of this moot. Also where are the working large scale pilot implementations?

As far as I can tell there are really a lot of words and spin but no substantive progress.

If I have got this wrong please let us all know! Smoke and mirrors I suspect.

David.

ps. I have to note, sadly, just how uncritical the techpress is of these ADHA releases. A bit more digging all round - rather the press release re-writes - would be good!

It also makes it tricky to demand compliance to our Standards if they are not proven and working does it not?

D.