In July the nonprofit DirectTrust named former Cerner executive Scott Stuewe its new CEO to replace founding CEO Dr. David Kibbe. In a recent interview with Healthcare Informatics, Stuewe spoke about working more closely with EHR vendors and expanded opportunities for his organization’s trust framework.
Stuewe spent 24 years at Cerner, including working on interfacing and systems integration. His last three years there were spent focused on the Commonwell Health Alliance and trying to convince Cerner clients to get more involved, so working on interoperability issues is not new to him.
In fact, the role at DirectTrust seems like a logical next step in his career. “I spent some of the most exciting years of my life working on systems integration efforts,” he said. The Commonwell effort gave him an opportunity to get to know key players in the interoperability space. He also participated in Carequality advisory group, where he got to know people at Epic and other places that had not been active in Commonwell.
I asked Stuewe what he had discovered about the strengths of DirectTrust in his first few months.
“I think what was new to me was the strength of the trust framework as a technical trust framework,” he said. Other interoperability groups have trust frameworks that are legal and policy documents. “Those documents are the bread and butter of what those organizations are about. DirectTrust has this technical trust framework. which is about stretching the highest security mechanism across identity-proofed endpoints, and that is kind of a unique model. That is the advantage of the trust framework that DirectTrust represents – that identity proofing process and technologies associated with it are hardened at a level that really nothing else at its scale can really point to.”
When I interviewed Dr. Kibbe in June, he spoke about how DirectTrust was working with the Office of the National Coordinator on an extension of its trust framework to FHIR. I asked Stuewe if he saw that as an area with potential.
He replied that it is a huge opportunity for DirectTrust. He said something like SMART on FHIR uses the same technologies that are in use in Facebook and other social media platforms. But higher levels of trust need to be established in healthcare than has been used in social media, where there have been some very large-scale data breaches. “The way the FHIR community has so far imagined that connections will be made is that the end points, that is, the provider organizations, take the responsibility to ensure that the people who are able to get to their data are who they say they are and are appropriate,” Stuewe said. People do all sorts of secure transactions over the internet, but they do so using a public key infrastructure (PKI) of the sort that DirectTrust represents, he added. “I think there is great potential there. We have demonstrated it is doable, but it does require both the caller and receiver to make relatively small accommodations for the certificates that will enable that exchange. That is not the way FHIR has been rolled out so far.”
What are some other areas where DirectTrust needs to make progress?
Stuewe says the organization could make more headway by engaging with the EHR vendors who so far have not been very engaged with DirectTrust. “There are some gaps in features among the EHRs that frankly are the same gaps we saw in query-based exchange in Commonwell. There are usability problems; the way a given feature surfaces in one EHR is so different than another that you can’t even do the same work flow across the two systems.”
He noted the same was true in query-based exchange and it took three years of meetings with the EHR vendors showing each other their user interfaces to make progress. “That is what I believe we can get done in DirectTrust,” he said. “Our clinician work group issued a consensus statement on the features/functions required for Direct to be fully adopted by the clinical community. The problem is we don’t have enough of the EHR players as participating members to really stimulate that conversation. I am eager to reach out and point this out because we are actually not that far from being able to make tremendous headway. In fact, there are a ton of things we can do right now. We are already at 1.7 million addresses and 50 million transactions per quarter. It is really happening. But there are a whole lot of things DirectTrust could do that it can’t right now given the differences in the way the EHRs work.”
Stuewe said that by far the biggest opportunity for DirectTrust is to apply its trust framework in other contexts. “FHIR is one of them, but we look at some other healthcare communication vectors, and believe healthcare communication can be secured by our PKI regardless of what standards or technologies are used for those.”
He added that it would be important to identity-proof the consumer at scale to enable more comfort from provider organizations around the connections people are going to want to make to them. “We believe that has a huge value and I think given the entry of the large consumer-based organizations into the world of healthcare, that is the opportunity we have,” Stuewe explained. “If you combine FHIR, a trust framework and a major consumer player, then that is when you can make a lot of this stuff actually work. I am excited about it.”