Skip to Content

DIRECT HIE Technology

What is Direct Technology?

Directed, or point-to-point, health information exchange (HIE) relies on The Direct Project secure messaging protocol, which was created by a public-private consortium in 2010. 

Direct technology is a transport solution for HIE and does not focus on the content being exchanged.  Therefore, anything from simple text narratives to structured documents, such as CCDs, lab results, or images can be exchanged using Direct.

  • Direct operates similarly to electronic email so the technology is easy to adopt into a clinical practice workflow. 
  • Direct messages can include attachments, such as clinical summaries, that providers need to exchange.

Direct uses a HISP (health information service provider) just as other email services use an ISP (internet service provider) to manage the flow of email transmissions.

  • To transmit Direct messages, providers must use what are known as health information service providers (HISPs).  These are similar to internet service providers (ISPs), except that HISPs must follow the Direct protocol, be registered with a registration authority, and hold digital certificates from a certificate authority. 
  • Secure, Direct messaging can only occur between participants of Direct technology.  In short, a Direct message can only be sent by and/or received by those who have adopted Direct accounts.  You cannot exchange Direct messages with Yahoo or Gmail accounts as any accounts other than Direct would not be ‘recognized’ by the HISP as acceptable recipients.  This protects your PHI information!

Direct messages are made secure by employing a Public Key Infrastructure (PKI) that encrypts messages and enables trust between two or more parties without manual exchange of encryption codes. 

  • Direct is secure in that each message is encrypted as soon as the sender hits ‘send’ and remains encrypted during transport until the intended recipient opens the message.  This protects your PHI information!
  • Direct messages are accessed through a web portal or directly from an electronic health record (EHR) system, providing information transfer via special accounts dedicated solely to Direct communications
  • Direct addresses are issued to those who should be sharing PHI (personal health information) and follow adequate security policies, including HIPPA.
  • HISPs only issue Direct addresses to those whose identity has been verified, a process called authentication.

For Stage 2 of Meaningful Use, all certified EHR systems must include Direct capability (i.e. upgraded to EHR versions that incorporate Direct into the EHR functionality). 

  • Direct will enable eligible professionals and hospitals to meet the MU requirements that they provide clinical summaries to other providers at transitions of care, including referrals.

Common Scenarios of using Direct messaging to support the transport of clinical information
Direct messaging supports common scenarios where one person or organization needs to send clinical information to another person or organization securely.
This simple push of information covers clinical scenarios like:

  • A primary care doctor refers her patient to a specialist. She sends the specialist a copy of the patient's clinical snapshot.
    • When the specialist completes his consult, he sends information about his findings back to patient's primary care provider.
  • A primary care doctor refers her patient to the hospital for observation or a scheduled surgery. She sends the hospital a copy of the patient's pertinent clinical information.
    • The patient is discharged from the hospital, which sends the patient’s discharge information back to the referring provider.
  • A care provider orders a lab on a patient.
    • The laboratory sends the lab results back to the ordering care provider.
  • A provider, clinic, or hospital sends a clinical snapshot, follow-up reminders, or information about a recent visit to the patient.
  • A patient receives an immunization.
    • The physician sends a record of the immunization to public health.

Many scenarios, each with a point who has the data, sending it to another point that needs the data. The Direct Project doesn't focus on what the data is, only the way it's transported.

Establishing Trust between HISPs
A trade organization called Direct Trust (DTO) launched a national accreditation program for HISPs, certificate authorities, and registration authorities in collaboration with the Electronic Health Network Accreditation Commission (EHNAC).  The goal of this program is to create a foundation of trusted data exchange and performance guarantees by operating under the same fundamental transport guidelines and security procedures.  This thereby, eliminates the need for each HISP to contract with other HISPs by completing BAs (Business Agreements) or TPAs (Trading partner Agreements) currently required by point-to-point exchange entities that operate data transport with differing guidelines.

Tennessee will be endorsing those HISPs listed in Accredited status for the DTAAP-HISP program on the EHNAC website, under the Accreditation Status Link. (http://www.ehnac.org/status) This ensures that Tennessee’s market-based HISPs are fully invested in maintaining the foundation of trust established under DTO by adhering to strict transport and security standards.

RELATED LINKS:

Learn more about Direct and The Direct Project – the original Direct project led by the Office of the National Coordinator for Health IT (ONC). (link to current Direct Project pdf)

Learn more about Direct Trust and the foundation of trust being established for HISPs.

Learn more about Tennessee’s Health eShare Direct Project, the benefits of using Direct for secure health information exchange, and how to register your personal Direct address with the Directory so others know you are a Direct user.

Also visit the Tennessee Health eShare Direct Project website: www.HealtheShareTN.com