Direct Project


Direct Project is a government-sponsored initiative to promote the secure communication of patient health information. Its simplicity makes health data exchange possible for all providers.

Direct offers a simplified method for externally sharing health data in a variety of formats including Consolidated CDA, HL7 v2 and DICOM.

Users of Direct will be patients and caregivers who will exchange secure emails to their providers and also EHRs that send and receive automated messages.

Direct Project is an attractive option for sending patient data because it:

  • Fulfills a key requirement of Meaningful Use Stage 2
  • Is an ideal substitute to costly VPN connections
  • Has the potential to displace the need to utilize certain Web Services for HIE participation
  • Provides the ability to quickly fulfill data transport requests from the clinical team.

Direct Project is often compared to secure email because it uses the simple mail transfer protocol (SMTP) as its communication backbone. SMTP is a common Internet standard used for e-mail transmission.

Instead of faxing protected health information to external providers, providers using Direct will attach the PHI to an email and send to an external provider’s Direct email address. The email will be secure and a designated Health Information Service Provider (HISP) will be utilized for authentication.

How secure is Direct communication?

Once a trust relationship is established with other Direct Project users, health data transmitted on a Direct network will be securely delivered to the trusted Direct user.

The Direct Project mandates the use of S/MIME, which provides:

  • Message Authentication
    Digital certificates assure messages are received from a known endpoint
  • Message Encryption
    Targeted encryption to only the destination endpoint
  • Message Integrity
    Signing capability assures receivers of the sender’s identity

Meaningful Use and Direct Project

The ONC requires all Stage 2-certified complete EHRs to support Direct Project, making it the “minimum threshold” data communication method for exchanging health data.

Organizations can also use SOAP-based Web Services, but certified EHRs are only required to support Direct Project.

While it is required for certified EHR software to support the Direct Project for ToC scenarios, there are other areas where it can be applied for Meaningful Use Stage 2.

Purpose and Definition of Transfer of Car (ToC), Patient Access (DVT), Public Health Reporting, and Lab Results.

Benefits of Direct Project

The Direct Project has the capability to significantly change the way providers share information, including the potential to replace TCP/IP over VPN.

Direct Uses: Traditional Communication and Direct Replace Capability

Direct Project and healthcare standards

The Direct Project can handle a variety of data formats, including all standard healthcare formats, including CCD, Consolidated CDA, HL7 v2, DICOM, and more. All of the metadata for the attached documents are defined in an attached file.

With XDM metadata available, the receiving application can make decisions about how to process the content, which further simplifies integration.

Direct messages can be viewed without the need to parse the document. Consolidated CDA documents, for example, can be read without the need for computer processing.

Roles of an interface engine with Direct Project

Direct will function as other connection methods into and out of integration engines. However, the integration engine can determine how involved it will be in the formation of the Direct message.

A base level of Direct support would involve creating an unsecure MIME message and handing this off to a HISP. The HISP would then be responsible for encrypting the data with a public key, signing the payload with hash and a private key, and routing the message via SMTP to the receiving HISP.

Basic Direct Project Workflow Diagram

A full participation in Direct would involve the integration engine performing the functions of a HISP, including encrypting and signing on the sending side and decrypting and authenticating on the receiving side along with managing all the certificates.

The engine could choose to only act as a HISP for messages that flow through the integration engine, or it could also act as a HISP for any other application that wants to send secure e-mails.

Workflow Diagram using Corepoint Integration Engine

With Corepoint Integration Engine, Healthcare IT managers have complete control over their monitoring decisions to ensure connections remain operational. We listen closely to our customers and continuously work to improve how we help them meet any integration initiative with complete confidence.

 Print Friendly