The New York eHealth Collaborative (“NYeC”), has begun to identify the basic “Dial Tone Services” which a Regional Health Information Organization (“RHIO”) must make available to Participants in the RHIO, as the Statewide Health Information Network of New York (“SHIN‑NY”) is rolled out. Either by New York State Regulation or by contract for participation in the SHIN-NY, RHIOs will be required to offer the following services to Health Care providers participating in a RHIO:
- Patient Record Lookup
- Secure Messaging
- Consent Management
- Notification (Alert)
- Identity Management and Security
- Provider and Public Health Clinical Viewer
- Public Health Integration and Results Delivery
Some, if not all of these services are already offered by some RHIOs; however, most will have to catch up. One key area of concern for data sources involves whether or not Identity Management and Security will require “two factor authentication”. This will likely be a hot topic for “Public Comment” on the Regulations.
While secure (direct) messaging is expected to be a priority, discussions continue as to how direct messaging networks (referred to as HISPs) will link to each other in a manner that does not require network to network contracting. A HISP may allow for direct messaging among its members via “secure” email and unique user IDs, the required “trust network” is still being developed. ONC has awarded a grant to Direct Trust.org, to develop certification standards and to become the “Seal of Approval” for direct messaging. In the meantime, HISPs are left with no other choice than to enter into one to one, or HISP to HISP, agreements to allow for secure messaging beyond the borders of a given HISP network.