How Do We Move Forward?
This is a really interesting question, because whilst we need to support what we are doing today, we desperately need to let go of the past. We thought about this internally long and hard. Here is what we at Nimbus Secure see as being important;
No Messaging Intermediaries
Data should travel point to point. There should be NO intermediary. The patient data you are sending, should not be stored on some cloud server until it is collected. The platform should be smart enough to know who you want to send to, and make every effort to get it there for you. The data should stay in your control, until the receiver is ready to receive it.
Whilst we appreciate that NASH is a existing method of authentication in health care, it is a 're-used' certificate. We believe that data should be encrypted using one time certificates, so that if a certificate is compromised for whatever reason, it does not give the attacker access to all other transfers that used that certificate. Encryption should be a specialist task, rather than "our industry uses this already, so we'll just use that".
Everyone In The System Gets Paid
In the current model, each practitioner needs a subscription to a Secure Messaging platform, typically at a fixed cost, regardless of wether you use the service or not. We suggest moving to a transactional model, so you only pay for what you send. We also propose a revenue share between the secure messaging provider and the the practice management systems, to fund the continued integration and simplification of secure messaging within their product. This would be a percentage of revenue generate from messages that their software facilitated the generation and sending of the message.
No Directory Administration
Practitioners should be able to administer their own profile in a directory. They should also be able to choose wether they appear in a global directory, or are hidden. They should be able to administer this from the platforms offering, or from an external directory, such as the SRA.
No Inbound Firewall Rules
A secure solution should not require inbound firewall rules to send and receive messages. Networks can be run over private tunnels. This increases the security at a practice or clinic.
Real Time Messages
Provided both the sender and the recipient are online, the data should be sent in real time. No waiting for send\recieve cycles to happen. Medical data is important, it should be in the recipients hands as quickly as possible.
Easy To Use Forms
When referring to another practitioner, the receiving practitioner may need specific information that the doctor has, to make the first appointment as useful as possible. We believe this should just be part of the offering, rather than an 'up-sell'.
Monitored By Specialists
Practitioners should only need to send their message. It is up to the software to ensure it gets there - like a persistent postman. If something goes wrong, the software can self-report issues to a support team, who work with the practitioner to get their message on its way.
Future Use Capabilities
The industry is moving towards IoT, FHIR and many other "online" based systems. The secure messaging system should be able to provide access to these systems via a secure channel, without requiring the system to be internet accessible.