We believe there is.

Each provider puts up a web service
To facilitate secure communications, there should be a secure endpoint at each practitioners locations. This shouldn't be an onerous task, just a simple installation. The web service should not be internet exposed, rather over a secure tunnel to maintain security - however this should be transparent to the user of the software.
‍
Any communications with the web service are secured & the identity of both client and server in the exchange are validated
Every connection should be validated, when a transmission occurs, the recipient service should check the sender is who they say they are. If they are, on time transfer information should be shared and the transfer can begin. If something is erroneous, this is reported to a network operations team for investigation and the transfer stopped.
‍
A registry of Australian healthcare service providers is set up.
The Australian Government is working on the Service Registration Assistant (SRA), this could be used to populate and maintain a directory for secure messaging. Furthermore, the practitioner should have the choice to update the SRA or via their software, and that update be replicated on the other side.
‍
Anyone can register providers with the registry.
Registration should not be a barrier to entry. A practitioner should be able to install, and get started within minutes. They can later have their data published on the SRA should they choose to do so, however they can register themselves into the secure messaging directory. The SRA is an augmentation to the secure messaging directory, but is not a dependency for it to work. It is meerely a convenience to the practitioner.
‍
Easy way to send secure data, without worrying about certificates
Any registered user should be able to send a secure message. The software should take care of the certificates it is using for the purposes of secure messaging. The technical issues should be taken care of by the software or a support team, so that the practitioner can do what they do best.
‍
In addition to receiving real time messages, the end-point can also be a FHIR server and/or provide other services as well
The secure messaging endpoint should be able to expose additional services to facilitate patient care. A technical administrator can list these services into the software and choose who can access them.
‍
As part of the payment process, Medicare and potentially other payers check that providers have a current registered end-point that works before paying the provider (after a grace period to get it set up)
The software provider should automatically inform any payer that the endpoint is operational. The payer would then pay directly to the organisation or practitioner.‍

This is a really interesting question, because whilst we need to support what we are doing today, we desperately need to let go of the past. We thought about this internally long and hard. Here is what we at Nimbus Secure see as being important;

No Messaging Intermediaries
Data should travel point to point. There should be NO intermediary. The patient data you are sending, should not be stored on some cloud server until it is collected. The platform should be smart enough to know who you want to send to, and make every effort to get it there for you. The data should stay in your control, until the receiver is ready to receive it.

Specialised Encryption
Whilst we appreciate that NASH is a existing method of authentication in health care, it is a 're-used' certificate. We believe that data should be encrypted using one time certificates, so that if a certificate is compromised for whatever reason, it does not give the attacker access to all other transfers that used that certificate. Encryption should be a specialist task, rather than "our industry uses this already, so we'll just use that".

Everyone In The System Gets Paid
In the current model, each practitioner needs a subscription to a Secure Messaging platform, typically at a fixed cost, regardless of wether you use the service or not. We suggest moving to a transactional model, so you only pay for what you send. We also propose a revenue share between the secure messaging provider and the the practice management systems, to fund the continued integration and simplification of secure messaging within their product. This would be a percentage of revenue generate from messages that their software facilitated the generation and sending of the message.

No Directory Administration
Practitioners should be able to administer their own profile in a directory. They should also be able to choose wether they appear in a global directory, or are hidden. They should be able to administer this from the platforms offering, or from an external directory, such as the SRA.
‍
No Inbound Firewall Rules
A secure solution should not require inbound firewall rules to send and receive messages. Networks can be run over private tunnels. This increases the security at a practice or clinic.

Real Time Messages
Provided both the sender and the recipient are online, the data should be sent in real time. No waiting for send\recieve cycles to happen. Medical data is important, it should be in the recipients hands as quickly as possible.

Easy To Use Forms
When referring to another practitioner, the receiving practitioner may need specific information that the doctor has, to make the first appointment as useful as possible. We believe this should just be part of the offering, rather than an 'up-sell'.

Monitored By Specialists
Practitioners should only need to send their message. It is up to the software to ensure it gets there - like a persistent postman. If something goes wrong, the software can self-report issues to a support team, who work with the practitioner to get their message on its way.

Future Use Capabilities
The industry is moving towards IoT, FHIR and many other "online" based systems. The secure messaging system should be able to provide access to these systems via a secure channel, without requiring the system to be internet accessible.

Every practice is unique in how they do "the day to day". We believe that any solution should fit in with your existing workflows, rather than dictate how they should work. Nimbus Secure has a suite of modules to meet the day to day needs of a modern practice.

Nimbus Secure
Our heart and soul. Nimbus Secure keeps your files moving and your workflows ticking. Send files in real time, create and submit forms, share sensitive data with your patients and external associates.

Nimbus Office
Send any word document (or template) securely, right from the Microsoft Word toolbar. If your practice management system uses Microsoft Word as its letter writer, than you shouldn't need to leave your PMS system to send a referral.

Nimbus Forms
Build bespoke forms and publish them for completion. If you're a specialist, this allows you to front load more questions to the GP\doctor to make your first appointment more valuable.

And Get These Extra Benefits ...

No Inbound Firewall Rules
We never want you to have to open a hole in a firewall, because that isn't secure. Nimbus Secure operates over a private tunnel.

Monitored By Encryption Specialists
We monitor the Nimbus network in real-time. That means, should an issue arise (which is very rare), our team is on it immediately. In most cases, we don't need to disturb your day to resolve the issue - it will be like it never happened.

Easy Interface - No Learning Curve
We know learning new systems takes time and effort. Thats why we've made every effort to keep the Nimbus Secure interfaces clean and simple.

Always Innovating
Our team loves hearing how our products and make our customers days even better! We encourage our customers to suggest feedback. This feedback is then managed by our product managers to deliver a product that helps your practice be the best it can be. We've even implemented and distributed some customer feedback in under 24 hours!