Provider Directories

Interest in provider directories has increased as efforts to promote health information exchange have spread across the country. Federal policy, through ARRA, has also provided a strong impetus. Directories offer access to the information users need to contact partners for the exchange of health information. The federal advisory committees, both the Health Information Technology Policy Committee (HITPC) and the Health Information Technology Standards Committee (HITSC), have established work groups to help develop policy and select standards that deal with directories. Two flavors of directories have been envisioned by these work groups. Entity Level Provider Directories (ELPDs) could be thought of as listing mostly large enterprises with more than one provider such as hospitals, group practices, payors, etc. The entity would be responsible for routing information and protecting privacy and security of information within its walls. On the other hand, Individual Level Provider Directories (ILPDs) would provide information about individual providers. What are the purposes of directories?



Directories function like electronic white/yellow pages. The information they contain might include basic demographics (names, addresses, phone numbers etc.), electronic addressing information (URLs) of the anticipated recipient, and digital certificates or links to certificates (certificates fulfill a number of very important privacy and security roles-they are used for authentication, digital signatures, and are the keys used to encrypt and decrypt protected health information), and information about types of information exchange applications supported. Some directories deliver the entire directory on user request. Others utilize a query function so that users can select filters to locate the specific information they are seeking. How are directories established?


There are a number of approaches being used to set up directories. First the sources of data must be identified. Software and hardware configurations must be determined. An entity must be selected that will take the responsibility of hosting the directory. Directory information must be maintained so that the information is accurate and up-to-date. Those with experience managing directories have found this to be a real challenge. The business model chosen for the directory should provide guidance for financing the establishment and on-going operating expenses. Directories are easier to manage when they serve a limited geographic or functional area. Nationwide information exchange would most likely depend on a federated model of interoperable directories. The actual architecture at this level can become complex. Some of the standards used in directories, such as Lightweight Directory Access Protocol (LDAP) are mature and well established. Others are still being developed and tested. Many of the currently functioning directories were home-grown and employ proprietary software. For more information concerning directories look at the first part of the meeting slide deck of the HITSC Privacy and Security WG meeting of March 24th.


A reasonable question is: why do we need directories at all? It is possible search for providers using the Internet or we can dial information on the telephone. Once we have a telephone number, then the other contact information may be just a call away. I think the answer is that directories can facilitate these manual processes and help make them more efficient. Of course, once contact information is located it can be stored on one's own system, much like we store contact information for email systems.


There are problems related to directories. They do not scale easily, as mentioned previously. Another problem is that many clinicians work at a number of institutions or provide care and use EHRs at multiple sites. Trying to determine which of all the possible contact addresses would be the correct one for the purpose intended will require an exercise in logic and some luck. Furthermore, having two different types of directories may create a level of complexity that may be difficult for all but the most tech savvy users to navigate. Directories may present more complexity than is necessary. For example, the contact information needed to use the Nw-HIN Direct specification requires just two pieces of information: a URL for the recipient and the associated digital certificate. These can be transferred using old-fashioned email.


The HITPC and HITSC will be completing their discussion on the two types of provider directories over the next few months. Then they will make recommendations to the Office of the National Coordinator for Meaningful Use stages 2 and 3. It will be an interesting process to keep an eye on.