-
Notifications
You must be signed in to change notification settings - Fork 7
Endpoints
IX. Provider Digital Contact Information
...
As of June 2018, NPPES has been updated to include the capability to capture one or more pieces of digital contact information that can be used to facilitate secure sharing of health information. For instance, providers can submit a Direct address, which functions similar to a regular email address, but includes additional security measures to ensure that messages are only accessible to the intended recipient in order to keep the information confidential and secure. “Direct” is a technical standard for exchanging health information. Direct addresses are available from a variety of sources, including EHR vendors, State Health Information Exchange entities, regional and local Health Information Exchange entities, as well as private service providers offering Direct exchange capabilities called Health Information Service Providers (HISPs) (https://www.healthit.gov/sites/default/files/directbasicsforprovidersqa_05092014.pdf). NPPES can also capture information about a wide range of other types of endpoints that providers can use to facilitate secure exchange of health information, for instance a FHIR server URL or query endpoint associated with a health information exchange.
...
Entities seeking to engage in electronic health information exchange need accurate information about the electronic addresses (for example, Direct address, FHIR server URL, query endpoint, or other digital contact information) of potential exchange partners. A common directory of the electronic addresses of health care providers and organizations could enhance interoperability and information exchange by providing a resource where users can obtain information about how to securely transmit electronic health information to a provider.
We propose to increase the number of providers with valid and current digital contact information available through NPPES by publicly reporting the names and NPIs of those providers who do not have digital contact information included in the NPPES system. We propose to begin this public reporting in the second half of 2020, to allow individuals and facilities time to review their records in NPPES and update the system with appropriate digital contact information. We are also requesting comment from stakeholders on the most appropriate way to pursue this public reporting initiative, including where these names should be posted, with what frequency, and any other information stakeholders believe would be helpful.
Seems like CMS has a system for managing endpoint information through Health Information Handlers (HIHs): https://www.cms.gov/Research-Statistics-Data-and-Systems/Computer-Data-and-Systems/ESMD
This describes using the CMS Electronic Submission of Medical Documentation (esMD) system to process Additional Documentation Requests (ADRs) However, it requires: “Endpoint information where the eMDR has to be sent” “eMDR enrollment must use the NPPES system to gather provider consent and endpoint information” Provider shall enter the following information in NPPES: • Endpoint Type: ‘Connect URL’ • Endpoint: [Website URL of the HIH] (to be provided by HIH) • Endpoint Description: [HIH OID] (to be provided by HIH) • Endpoint Use: ‘Other’ • Other Endpoint Use: ‘CMS esMD eMDR’ Is this Endpoint affiliated to another Organization? (Here provider shall choose ‘Yes’ and enter all the details of the HIH) (If the provider themselves are HIHs then choose their own name and address)
They don’t explicitly mention FHIR, but this seems like an enforced use of NPPES to collect (and update) endpoint information.
Cf. https://www.cms.gov/Regulations-and-Guidance/Guidance/Transmittals/2019Downloads/R2281OTN.pdf https://www.cms.gov/Research-Statistics-Data-and-Systems/Computer-Data-and-Systems/ESMD/Which_HIHs_Plan_to_Offer_Gateway_Services_to_Providers
https://www.regulations.gov/document?D=HHS-ONC-2019-0002-0001
VII.B.4.e.II PUBLICATION OF FHIR ENDPOINTS
In order to interact with a FHIR RESTful API, an app needs to know the “FHIR Service Base URL,” which is often referred to colloquially as a “FHIR server's endpoint.” (93) The public availability and easy accessibility of this information is a central necessity to assuring the use of FHIR-based APIs without special effort, especially for patient access apps. Accordingly, we propose to adopt in § 170.404(b)(2) a specific requirement that an API Technology Supplier must support the publication of Service Base URLs for all of its customers, regardless of those that are centrally managed by the API Technology Supplier or locally deployed, and make such information publicly available (in a computable format) at no charge. In instances where an API Technology Supplier is contracted by an API Data Provider to manage its FHIR server, we expect that this administrative duty will be relatively easy to manage. In instances where an API Data Provider assumes full responsibility to “locally manage” its FHIR server, the API Technology Supplier would be required, pursuant to this proposed maintenance requirement, to obtain this information from its customers. We strongly encourage API Technology Suppliers, health care providers, HINs and patient advocacy organizations to coalesce around the development of a public resource or service from which all stakeholders could benefit. We believe this would help scale and enhance the ease with which Service Base URLs could be obtained and used.
https://ushik.ahrq.gov/sif/workgroups/Provider_Directories?system=si https://www.ahrq.gov/cpi/about/otherwebsites/ushik.ahrq.gov/index.html