Rhapsody Health Solutions Team

How Providers Are Exchanging Health Information

There are a handful of ways care providers can choose to interface, or connect, to external health organizations, be they a member of the local medical community or an official health information exchange (HIE) organization. Formal HIEs are gaining steam thanks to maturity and providers’ motivation to meet Meaningful Use Stage 2 requirements, but the active process of exchanging health information – the verb, not the noun – has been the goal since the HITECH act pushed the industry into the modern world via electronic health records.

So how, exactly, do health organizations send health records to an external organization? Since “by hiring a professional” doesn’t really provide you with any real knowledge, let’s examine a handful of HL7 message transport methods most commonly used by our customers and throughout the health industry. Each method has pros and cons, which will be explored.

Because there are several different methods currently in use, I’ll present the methods in a timeline layout, of sorts, beginning with VPN and ending with Direct messaging, which is the direction the industry is headed.

But, first things first: if you’re going to connect externally, be sure that you’re doing so using designated standards in a “meaningful” way. Meaningful Use Stage 2 rules state that disparate vendor data must become more compatible and require applications to transmit clinical data using a common content and vocabulary, such as Consolidated CDA or, more specifically, CCD over the Internet using methods such as Web Services and Direct Project (more on these below).

The rules also state that CCD or Consolidated CDA documents received from an outside entity must be actionable, meaning they need to be integrated into the EHR system after receipt.

Now, let’s explore the common methods of health information exchange:


FTP stands for File Transfer Protocol. It is a standard network protocol used to transfer files from one host to another over a network, such as the Internet. FTP is built on a client-server architecture. It can be secured by SSL (FTPs) or SSH (sFTP) technologies.

Pros: Great for large batch files. Other workflows allow data to accumulate and to be sent at intervals.  There are options to ensure that the data you’re sending and receiving is encrypted and secure.

Cons: Batch processing of data is typically required for data transported over FTP. The receiving organization must import received data and have an application in place to process the batch. This is not a real-time solution.


This low-level communications protocol is used to connect hosts on the Internet or a network. TCP/IP connections are established between clients and servers via sockets. TCP/IP is stream-oriented, meaning it deposits data in one end and they show up at the other end.  In order for a TCP/IP connection to be secured for external communications, it is wrapped in a VPN tunnel.

Pros: A real-time connection. Rather than rely on batch processing as in a FTP connection, data is automatically transmitted to the receiving organization as it is processed. TCP/IP has traditionally been the go-to data communication method used by hospitals when they need a live, direct connection to their provider community. This is because the hospital can utilize the same protocol they are using within their facility and securely extend it outside the facility using VPN. VPN connections, however, can be time consuming to set up and costly to maintain.

Cons: Creating TCP/IP over VPN interfaces to external organizations can be an obstacle because the HL7 message must be negotiated between EHR systems produced by different vendors.

Web Services

Web Services is communication between electronic devices that can be securely exposed over the Internet. Web Services makes it easier to communicate health data between disparate organizations, regardless of the operating system or software in use.

Web Services Description Language (WSDL) is an XML-based language that provides the framework to send messages electronically over the Internet. XML messages that follow the SOAP standard for secure communications is the most common Web Services standard used in healthcare.

Pros: By using this method with an integration engine, organizations can securely exchange large amounts of data over the Internet and integrate received data into their application environment without the need for scripting. Web Services is highly interoperable and allows for real-time query-based updates based on designated trigger events for updating to one or more HIE using industry-standard methods, such as IHE profiles. Because Web Services allows data transmission regardless of the vendor or workflow, it has been proven to be the ideal communication method for connecting remote providers and applications across an HIE network.

Cons: The utilization of Web Services for transporting patient data is still limited in use in healthcare IT.  Not all vendor applications provide robust and intuitive support for Web Services. There is also a learning curve for healthcare IT personnel.

Direct Messaging

Direct messaging is a government-sponsored initiative to promote the secure communication of patient health information. To do this, Direct uses the SMTP protocol as its communication backbone. This has led many in the industry to refer to the standard as “secure e-mail.” However, Direct has the potential to be much more than just traditional e-mail.

Pros: The Direct protocol is an ideal substitute for VPNs. Patient health data can be sent securely, sent on demand, and sent using the SMTP protocol. The HL7 message payload can be parsed and sent and received automatically. Using SMTP as the backbone, applications can share data using Direct without any human intervention, much in the same way that Web Services or TCP/IP using VPNs might be utilized. Secure SMTP transfer is easy to implement, while maintaining scalability.

Direct has the capability to handle a variety of data formats, including all the standard healthcare formats. Computer–to-computer sharing of patient health information is simplified by XDM packaging. All of the metadata for the content, such as CCD/CDA, CCR, HL7 V2, DICOM, etc., is defined in a metadata file. This allows the receiving system to decide rather simply how to process the content.

In addition, content can be displayed without the need to parse apart the document. Take for instance the very simple prospect of displaying a CCD document. Without metadata, even when the document is in an XML format (such as CCD/CDA or CCR), the receiving application would still need to “look inside” the content before it can decide how to render the contents. But with XDM metadata available, the application can do that, and a lot more decision making about how to process the content, without ever looking inside. This allows for a much simpler processing path.

Cons: Direct messaging and Web Services are the health information exchange methods of the future, both for their ease of use and external, real-time interoperability. However, Direct messaging is constrained in that it is a push-based form of communication.  It cannot query for documents in the same way Web Services can.

Related Blogs

Sameer Sule, Chief Information Security Officer

Trust is always the foundation

Rhapsody understands the importance of keeping data secure and is committed to providing secure, stable, reliable, and high-quality solutions for healthcare organizations.

Read more

Rhapsody Health Solutions Team

How to solve healthcare data quality issues using semantic interoperability

Semantic interoperability is key to building a strong foundation of usable healthcare data and can improve quality of care.

Read more

Natalie Sevcik, Director, Communications and Content

Congratulations to all award winners recognized at HIMSS24

Congrats to all the HIMSS award winners who are making global healthcare safer, more efficient, more equitable, and better for all populations.

Read more