Secure Messaging

Product

Context

The current healthcare experience for many patients’ and carers’ involves interacting with numerous healthcare providers, and the ability of these providers to easily, reliably and securely exchange health information – both directly with one another and with their patients – is a key enabler of their coordination of care and integration of care.

My Health Record supports the collection of Referral documents so when a healthcare provider creates the referral it is sent directly to the referee, as per current practices. A copy may also be sent to the individual’s My Health Record .

What is secure messaging?

Healthcare providers frequently exchange patient information with other members of a patient's care team. To enable this to occur in a streamlined and paperless manner, secure and interoperable connectivity between clinical systems – also known as secure messaging - is essential.

Benefits of secure messaging

Research shows that general practitioners waste 10 per cent of their time daily in searching for paper records.

Secure messaging is a key driver of health service efficiency, as well as patient engagement and satisfaction. An economic analysis, undertaken as part of the development of the National Digital Health Strategy, has estimated the gross economic benefit of ubiquitous secure messaging could be around $2 billion over 4 years and more than $9 billion over 10 years.

Context in digital health

Secure messaging is a foundational capability that supports a wide range of interactions that reflect the many ways in which organisations may communicate with each other. This includes the exchange of clinical documents such as referrals, specialist letters and discharge summaries.

The following diagram provides a simplified view of the current use of secure messaging between healthcare organisations, through one or more messaging providers.

Secure Messaging Diagram

Figure 1: Clinical document delivery high-level overview

In order to receive electronic correspondence, a receiving organisation will implement their own messaging capability, or alternatively register details of their services and practitioners with one or more messaging providers.

  1. The sending organisation produces an electronic message addressed to a service or practitioner, and service endpoint. It finds addressing information in either the local address book of the clinical information system or it may query a number of external service directories.
  2. The message is passed to the sending messaging system which then finds the recipient’s service endpoint (either in its own messaging directory or other external service directories) and delivers the message. This is usually operated by the messaging provider on behalf of the receiving organisation.
  3. The receiving messaging system receives the message on behalf of the recipient and passes it to the receiving clinical system.
  4. The receiving clinical system routes the received message to the intended service or practitioner.

Secure messaging in the Australian context

While there are significant pockets of secure messaging already in use, there has historically been an inconsistent approach to secure messaging and information exchange across the Australian healthcare sector. This has exacerbated information sharing challenges across the sector.

The Australian Digital Health Agency's secure messaging product provides the capability for healthcare providers’ systems to securely invoke business services of other healthcare providers for the purpose of exchanging electronic clinical documents, managing cross-organisational clinical workflows and other purposes.

The product is comprised of multiple components that include interoperability specifications and standards, along with shared national infrastructure to support interoperability. These components are at varying stages of development and implementation.

The Agency is working collaboratively with industry, suppliers of secure messaging solutions and clinical software vendors to reduce existing barriers to adoption and provide pragmatic and implementable solutions.

Specifications

Secure Message Delivery

Secure Message Delivery (SMD) is a set of specifications that were developed collaboratively by the digital health community, including NEHTA (which transitioned to the Australian Digital Health Agency on 1 July 2016), Standards Australia, desktop software vendors and secure messaging service providers. This set of specifications defines an approach to digital health communication using widely supported IT industry standards.

The SMD specifications support the secure delivery of messages containing clinical documents and/or other information between healthcare providers, either directly or through one or more messaging service providers.

In addition to having a secure messaging connection, sending and receiving clinical systems need to be conformant to message format specifications. The Agency has defined Clinical Document Architecture (CDA) specifications for Referrals, specialist letters, discharge summaries, event summaries and shared health summaries. This allows the exchange of these document types using secure messaging.

Over time, the Agency and other bodies may define specifications for additional document types. The Australian secure messaging standards provide a general purpose secure web service protocol for the delivery of business service messages from one healthcare provider organisation to another.

The secure messaging standards are:

  • AS 5552-2013 -eHealth Secure Message Delivery (SMD)
  • AS 5551-2013 eHealth XML Secured Payload Profiles (XSP)
  • AS 5550-2013 eHealth Web Services Profiles (WSP)

The SMD standard makes use of the XSP and WSP standards. These standards supercede the following older Australian secure messaging specifications:

  • ATS 5822-2010 eHealth Secure Message Delivery (SMD)
  • ATS 5821-2010 eHealth XML Secured Payload Profiles (XSP)
  • ATS 5820-2010 eHealth Web Services Profiles (WSP)

All existing SMD implementations are based on the older ATS 5822-2010 and its related XSP and WSP specifications. The Agency has published a conformance assessment scheme and conformance test tools for ATS 5822 and conformance to ATS 5822 is required for the Department of Health's Practice Incentive Program eHealth Incentive.

Subject to industry agreement and budget approvals, the Agency will update the conformance assessment scheme and tools to support AS 5552-2013 and its related XSP and WSP specifications in the future.

My Health Record and the Healthcare Identifiers (HI) Service also make use of ATS 5821 (XSP) and ATS 5820 (WSP).

Secure Messaging Related Specifications

Figure 2: Secure Messaging and related specifications

Related specifications and foundations

Existing SMD implementations make use of the Endpoint Location Service (ELS) V1.3 specification and the Healthcare Provider Directory (HPD) that is provided as part of the Healthcare Identifiers (HI) Service.

The Agency is participating in a collaboration between software industry participants and the HL7™ Australia Patient Administration working group to develop a common HL7 FHIR® standard (FHIR) Provider Directory (PD) interface to allow secure messaging participants to query different directories using a common interface.  Over time, this will supersede the use of ELS and the HPD.

Australian Technical Specification ATS 4888 Electronic Transfer of Prescription (ETP) makes use of the foundational XSP and WSP standards for the secure exchange of electronic prescriptions.

    Current Specifications: 
    Identifier: 
    EP-1880:2014

    The Agency’s Secure Messaging provides software developers with information and tools to assist in the implementation of Secure Message Delivery (SMD) and Endpoint Location Service (ELS).

    Supporting Specifications: 
    Identifier: 
    EP-2730:2018

    The Secure Messaging Integration Toolkit contains libraries for B2B connectivity to Secure Message Delivery (SMD) and Endpoint Location Services (ELS), providing sample code for all operations, as well as a Medical Document Management (MDM) library to create the payload for SMD.

    External Specifications: 

    By operation of the Public Governance, Performance and Accountability (Establishing the Australian Digital Health Agency) Rule 2016, on 1 July 2016, all the assets and liabilities of NEHTA will vest in the Australian Digital Health Agency. In this website, on and from 1 July 2016, all references to "National E-Health Transition Authority" or "NEHTA" will be deemed to be references to the Australian Digital Health Agency. PCEHR means the My Health Record, formerly the "Personally Controlled Electronic Health Record", within the meaning of the My Health Records Act 2012 (Cth), formerly called the Personally Controlled Electronic Health Records Act 2012 (Cth).

    Back to Top