The following frequently asked questions relate to the Secure Messaging Industry Offer webinars. Items a categorised into the following topics: Provider Directory Service, Local Address Book, Message Payloads, NASH PKI Organisation Certificates and Testing.
Does this mean as a CIS Developer we need to have an agreement with a Secure Messaging Provider to access the federated search?
Does the Agency maintain the directory service or Secure Messaging Providers maintain the directory service?
No. The Agency facilitates a Technical Working Group (TWG), that any CIS Developers and Secure Messaging Providers can participate in. The TWG develop specifications and set standards for Secure Messaging. If you want to join the TWG please send an email to [email protected] to request to join the technical working group and we can provide more information.
Secure Messaging Providers will deliver aggregation end points based on FHIR profiles and host those end points for CIS Developers to leverage.
Do we need to implement both 6.2.1 Directory Consumer with Directory Operator and 6.2.2 Directory Consumer with Aggregator?
No. The intent of the developer guide was to allow for the CIS developers (Directory Consumers) to choose whether they want to integrate with an Aggregation endpoint hosted by the Secure Messaging vendors (we believe this to be the more common implementation pattern) or whether they want to integrate with a Directory Operator endpoint (if provided by Secure Messaging vendor) and perform the aggregation locally (we anticipate less of a take up of this implementation pattern).
Do we need to implement authentication mechanisms for each Secure Messaging Provider?
No. Mutual x509 provides the minimum mandatory standard. However, if the CIS Developer and Secure Messaging Provider can agree to use an additional authentication profile, this will be based on a bi-lateral agreement between the CIS Developer and Secure Messaging Provider.
To authenticate to the Provider Directory do we only need to implement the mandatory Mutual x509 profile or will some Secure Messaging Providers require us to implement one of the optional profiles in addition to mutual x509?
Yes at a minimum the x509 access profile is mandatory for CIS and SM vendors to support so there is certainty of interoperability with any vendors. We have included API key and Smart-on-FHIR authentication options but they are not mandatory. Please see section 6.1.4 of the Provider Directory Service & Message Payload Developer Guide.
Who will ensure that the Secure Messaging Providers’ aggregation capabilities are similar and they don’t produce different results?
They should all be the same as they need to follow the agreed AU FHIR PD specifications.
How complete is the data in the Provider Directory? Do all Healthcare Providers have provider numbers, AHPRA numbers and HPI-I codes etc. required for referrals?
The AU FHIR PD profiles have optional fields to drive adoption, so initially data completeness will be partial, however there are initiatives that the Agency has in the proof-of-concept stage to improve both data quality and completeness.
Who will connect to the FHIR services we publish as a CIS Developer? Is this the Secure Messaging Provider who will include it in their federated search?
The typical scenario will be for the Secure Messaging Providers to publish the FHIR services for CIS Developers to consume and present to users (Healthcare Providers). Currently, the Provider Directory FHIR services are read/search only. There is no write capability. Any updates to Healthcare Provider details will continue as they currently do via existing channels.
Will there be an additional cost to use the Address book and services. What is expected?
The Agency cannot comment on commercial agreements between CIS and Secure Messaging organisations.
Do you have developer documentation for FHIR (API) based the National Health Services Directory (NHSD)?
The NHSD, managed by HealthDirect, is accessed using FHIR APIs. Further documentation on the NHSD FHIR API can be found here: https://help.nhsd.com.au/plugins/servlet/desk/portal/2/create/67
What is the recipient’s preferred Secure Messaging Provider and if our CIS customer has HealthLink and the recipient prefers ReferralNet does the API tell us if that is commercially possible?
If you have a HealthLink Secure Messaging agent at a Practice and HealthLink has agreement with ReferralNet to be able to publish their details (and therefore exchange messages) then HealthLink would effectively be able to aggregate those details and provide them to the CIS – there may be duplicates that will be presented to the user allowing them to then select the Healthcare Provider address they want to select.
Will each Secure Messaging Provider only provide information for the networks it supports?
Secure Messaging providers will provide information based on the networks and other Secure Messaging providers it has an agreement with.
My Health Record uses ANZSIC codes to identify specialties. Are there mappings to SNOMED CT?
How are duplicate healthcare provider records identified when conducting a search?
There is no requirement or agreed method to identify duplicate records. Users will be presented with all results to enable them to decide which record to select. For more information please see section 184.108.40.206 of the Provider Directory Service & Message Payload Developer Guide. The Service Registration Assistant (SRA) will address some of the data quality aspects of the Provider Directory.
Who will develop the federated search/aggregator? ADH, CIS or SMD provider?
Typically Secure Messaging vendors. However, there is nothing in specifications that states that a CIS provider cannot develop aggregation capabilities. Please see section 3 of the Provider Directory Service & Message Payload Tester Guide. The Service Registration Assistant (SRA) will address some of the data quality aspects of the Provider Directory.
- Is there any sample code for connecting to the directory service?
There are FHIR libraries in .NET and Java with the following links:
Nuget FHIR R4: https://www.nuget.org/packages/Hl7.Fhir.R4/
Nuget FHIR STU3: https://www.nuget.org/packages/Hl7.Fhir.STU3/
Currently we store provider details in the CIS, usually received from the PAS. We send this directly to the Secure Messaging Provider. Is the recommended practice to change from this and then perform searches as required?
Any updates to healthcare provider details in online directories should be done as per existing channels and processes. The scope of the current Secure Messaging industry offer does not include or specify updating healthcare provider details in the online directories. It specifies how provider details can be found across multiple online provider directories from varying organisations. Having said that, suggestions are provided on how to maintain local address books aligned with healthcare provider details in online directories.
Is this service replacing our internal address book?
The Agency understands that some products with local address books manage additional metadata about healthcare providers. This service is intended to ensure that if products use a local address book to manage information about healthcare providers that they are kept up to date and aligned with the core addressing changes made in the online provider directory to ensure delivery of message.
Can we update information in the local address book automatically, without troubling the user?
Yes, this is possible and recommended.
The main thing we'd be wanting to synch to local address book is preferred Secure Messaging Provider of the recipient and their mailbox name for that Secure Messaging Provider (e.g. HealthLink ‘Sunnybank Med’ but these fields not in sample page - will this be there ?
Yes, you can search for the recipient and the Secure Messaging identifier (a.k.a. Vendor Directory Identifier – VDI). This is effectively the “mailbox name” issued by the recipient Secure Messaging provider.
Is PUT/POST required to send back up?
HTTP PUT and POST to online provider directory are currently not supported. The read/search is executed by performing a GET operation.
Do you have any suggestions on aggregating healthcare providers from the Provider Directory into an existing local provider address book?
Please refer to section 6.3.2 of the PDS & MP Developer Guide. Although directory caching is not a mandatory requirement, is recommended for implementation to improve performance of queries.
- Where can I find the SNOMED CT speciality types?
SNOMED CT is available using the Ontoserver. https://ontoserver.csiro.au/