editorial_directory standards

	Perspectives on Information Technology for the Health Care Industry
	Home \| HIPAA \| Health Care PKI \| Internet \| EDI \| Email \| Editorials \| Contact Tunitas

Directory Standards are the Next Target for Health Care Computing and Communications
by Ann Geyer

It seems that we in the health care industry are getting more and more comfortable with the use of email for communicating with our peers and industry associates. I'm sure that most of us can recognize an email address and are familiar with how to send email. But before we start to use email for routinely communicating patient information, we need better methods for identifying people and for determining appropriate authorization attributes. That's where directories have a lot to offer, and it's where the LDAP (for lightweight directory access protocol) is going to become as much an asset to electronic communications as SSL.
Directories and directory services are vital components for connecting users and managing information resources in a distributed computing environment. If you want to establish an online facility that lets your health care associates send you messages, schedule appointments, submit orders, get results, track services, monitor inventory levels, pay bills, then you have an immediate need to authenticate individuals and assign authorization privileges. If you're part of a typical provider organization, you interact with many other health care organizations and keeping track of all the individuals that support your patient services is an overwhelming proposition.
But that's just want we'll all be doing under the new federal HIPAA security regulations. We will shortly be faced with the need to uniquely identify each individual that we interact with and to whom we disclose patient information.
One solution is to employ directory services which lets your organization centralize the location of personnel information, access roles and privileges, software preferences, and other data necessary to administer information systems. A nice feature of directories is that individual organizations, or indeed each individual, can maintain aspects of their own information. This way those closest to the information can maintain its accuracy.
The goal then is to develop directories that can be synchronized to each other. This means that you would be able to link your directory to those of other organizations that you communicate with. But to do so requires some standards. This is where X500 and LDAP come in. X500 is a directory standard that defines attributes that can be used to establish the personal entries. Directory entries all consist of an attribute-value pair. Directories using the same set of attributes can be replicated and synchronized. Directories that use conflicting attributes for the same information need to translated on a case by case basis. Therein lies the reason for standardized directory attributes and a protocol to communicate between directories.
Standard Directory Attributes for Health Care
Although the X500 standard defines a large set of directory attributes, it does not yet contain attributes that are commonly used in the health care industry. In the course of our consulting, we at Tunitas Group, are generating health care attributes that will be used in LDAP directories for our provider and health plan clients. Based on these efforts, we are generating a set of recommendations for creating X500 health care attributes and have petitioned the ASTM standards body to incorporate the recommendations as part of its Healthcare Informatics standards. ASTM is one of the health care standards organization that provides input to HCFA for HIPAA regulations. If you are interested in more information about standardized directory attributes for health care, please contact us at tunitas@earthlink.net