Recommendation #1 - Assign an "Authorized Administrator" for your practice
As soon as you decide to adopt Direct Messaging, identify a staff person to be the point of contact at your practice. This Authorized Administrator will work with the Health Information Service Provider (HISP) to set up your Direct account(s) and work with The Rhode Island Quality Institute (RIQI) to join the Rhode Island Trust Community (RITC).Recommendation #2 - Join the Rhode Island Trust Community
The Rhode Island Quality Institute has established the Rhode Island Trust Community (RITC)- a community of verified Rhode Island providers that have a legitimate need to use Direct Messaging to exchange protected health information. As a member of the RITC, your practice will receive a digital certificate - an electronic credential similar to an electronic passport that identifies you on the Internet as a member of this trusted community. Benefits of joining the RITC:- Validates that RITC members - entities and individuals - are who they say they are and have a legitimate need and desire to exchange patient health information (PHI)
- Validates that entities are businesses operating in "good standing" with the State of RI
- Issues your practice a RITC-digital certificate that is more affordable:
- RITC digital certificates are free to members for the first year. Members are responsible for renewal costs, which are approximately $11 per year per certificate.
- If you don't join the RITC, and opt to get a digital certificate from a HISP, keep in mind that HISPs typically charge between $50 and $100 per certificate in the first year with variable renewal costs.
- Simplifies setting up and managing your trusted contacts.
Recommendation #3 - Keep your Direct email inbox separate from your regular email inbox
When deciding between web-based or desktop based email (e.g., Outlook) for Direct Messaging, it is important to understand the pros and cons of each. Even though desktop based email is sometimes easier to integrate into your current workflow than web-based email, there are risks associated with having your regular email in the same application as your secure Direct email.If opting for a desktop based email, there are two important error scenarios that you need to consider:
- First scenario (low-risk error): Since your regular email and Direct email inboxes will look the same it is possible to use your Direct account by mistake to compose a message not intended to be sent via Direct Messaging. In this case, the message will not be delivered, because the HISP will not recognize the non-Direct email address. As the sender, you will receive a non-delivery error message and will have to re-send the message from the correct email account.
- Second scenario (high-risk error): It is possible to use your regular email account to compose a message containing protected health information (PHI) in the message or attachment intended to be sent via Direct Messaging. In this case, the message will travel through an unsecured, unencrypted connection that could be intercepted by unauthorized users. Your message will "bounce back" to you because the intended recipient's Direct email account can only receive messages coming from a Direct (Secure) email account.