The DirectTrust Network just achieved a major milestone in the first quarter of 2023 of four billion Direct Messages transactions. The number of Direct Message transactions in the first quarter of 2023 was more than 222 million Direct Message transactions!
DirectTrust
DirectTrust is a non-profit trade association that develops and maintains the policies, procedures, technical standards, and legal framework for secure bi-directional communications among identity-proofed patients, providers, payers, and devices.
DirectTrust federates trust by accrediting organizations that comply with the DirectTrust standard operating policies, procedures, technical standards, and legal trust agreements. These organizations include Registration Authorities (RA), Certificate Authorities (CA), and Health Information Services Providers (HISPs).
Upon achievement of DirectTrust Accreditation as a Health Information Provider and either EHNAC Accredited for Privacy and Security or HITRUST Certification, these organizations are eligible to participate in sharing data in the DirectTrust Accredited Trust Anchor Bundle (ATAB) as a Network Services Provider.
DirectTrust Direct Secure Messaging is a secure encrypted communications standard based on the Direct Standard® Protocol for secure bi-directional sharing of medical records nationwide. DirectTrust Direct Secure Messaging was developed to be an easy-to-use, inexpensive, ANSI standard for sharing medical records that can be used with or without an EHR. Direct Messages are exchanged using an identity-proofed trusted electronic endpoint called a Direct Address. There are three parts to creating a DirectTrust Compliant Direct Address, they are:
DirectTrust Accredited Registration Authority
The DirectTrust Accredited Registration Authority is responsible for verifying the identity of patients, providers (individuals or organizations), payers, or devices for whom the certificates are requested.
DirectTrust Accredited Certification Authority
The DirectTrust Accredited Certificate Authority is responsible for creating and assigning two pairs of x.509 certificates (one key pair is used for digital signature and the other for encryption) these key pairs are bound to the real id-proofed individual or entity.
DirectTrust Accredited Health Information Services Provider
The DirectTrust Accredited Health Information Services Providers are responsible for
- Custodianship of Direct Address and isolated storage of cryptographic keys. At iShare Medical, we store the private keys on an isolated hardware security module (HSM) compliant with FIPS 140-2 or higher. HSMs are physical servers designed to detect a physical hardware attack or software attack. When a hardware or software attack is detected, the HSM will erase all the data and destroy itself. For this reason, HSMs should be mirrored with a geographically distinct HSM. For example, iShare Medical has two data centers, one in Kansas City, Missouri, and another outside of Des Moines, Iowa about three hours north of Kansas City.
- Facilitating Secure Direct Messaging including identity proofing, creation of cryptographic key pairs, authentication, authorization, and encryption/description of Direct Messages.
- Participating in the DirectTrust Network as a Network Services Provider.
- Maintaining an audit trail of all transactions.
- Revoking the credentials of bad actors. In fact, a HISP can revoke the credentials of one bad actor without impacting the entire network.
- Data provenance – maintaining the source of the data.
- Maintaining the federated identity. A federated identity is an identity that is trusted throughout the health care system by 2.8 million providers.
- Secure encrypted sharing of medical records resulting in reduced risk.
- Automatic routing of messages to the provider at the point of care to the patient chart inside of the EHR.
- Bi-directional communications among patients, providers, payers, and devices.
Benefits of DirectTrust Trust Framework
- A known digital identity establishes rights and trust. There are different rules under HIPAA and the FTC based upon whom you are communicating with such as a patient, provider, payer, or device.
- It is not possible to spoof or spam a DirectTrust Direct Message as the identity of the sender and the receiver is always known.
History of DirectTrust, the ONC, and the Direct Standard
In 2004 President George W Bush issued an executive order requiring healthcare providers to adopt electronic medical records within 10 years. This order also created the Office of National Coordinator for Health Information Technology (ONC) whose role was to define what that meant to be an electronic medical record system.
Five years later in 2009, President Barack Obama signed into law the Health Information Technology for Economic and Clinical Health Act (HITECH Act) which created economic incentives for providers to adopt electronic medical records and use them in a meaningful way. This incentive program was known as “The Meaningful Use Program” which defined a minimum set of requirements that providers had to implement to meet to qualify for incentive payments. Meaningful Use was later replaced by the Quality Payment Program (QPP) under the Medicare Access and CHIP Reauthorization Act of 2015 (MACRA).
Then in 2010, the Direct Project (now the Direct Standard®) was a grass-roots public/private partnership to create a simple, easy-to-use, scalable standard way for providers to send and receive encrypted health information directly between known identity-proofed recipients. This first network was referred to as the Nationwide Health Information Network (NwHIN). This Direct Standard was created and maintained by the ONC until 2017.
In 2011 the first meeting of DirectTrust was held to discuss the creation of a “trust community” for the Direct Project. By 2012, DirectTrust was incorporated as a non-profit trade association. In 2013, DirectTrust was awarded a two-year grant by the ONC to create a Trust Framework for the Direct Messaging Standard. DirectTrust developed a set of policies, technical procedures, and legal documents to ensure the trusted, secure, encrypted, sharing of medical records between patients, providers, payers, and devices. It is important to reiterate that from the beginning, DirectTrust included all four stakeholders: patients, providers, payers, and devices. In April 2015, DirectTrust launched the Accredited Trust Anchor Bundle (ATAB).
In 2017, DirectTrust became an American National Standard Institute (ANSI) standards development organization (SDO) and took over the maintenance of the Direct Standard. In 2021, the Direct Standard® became an ANSI Accredited Standard.
Today, DirectTrust conducts regular Standards Development Organization meetings to discuss the evolution of the Direct Standard protocol as well as DirectTrust Members Workgroups to revise policies, procedures, and Accreditation criteria.
In 2023, EHNAC merged with DirectTrust. EHNAC is an accreditation body with over 15 Accreditation programs. Further, EHNAC is also a HITRUST Authorized CSF Assessor providing HTRUST CSF Certification.
About iShare Medical
The Direct Messaging Protocol is required to be in every Certified Electronic Health Record Technology (CEHRT). In fact, 95% of hospitals and 87% of doctors have attested to using a CEHRT product. This means that Direct Messaging is already in your EHR; but to use it you will need a Direct Address and Direct Messaging Account which you can get from iShare Medical.
iShare Medical has been EHNAC Accredited for Privacy and Security and a DirectTrust Accredited Trust Anchor Health Information Services Provider since the inception of the DirectTrust Accredited Trust Anchor bundle in 2015.
By signing up for an iShareID Direct Address and iShare Medical Messaging Account you will be able to send and receive Direct Messages across organizational boundaries to patients, providers, payers, and devices via our nationwide network of 2.8 million healthcare providers. This helps you to improve care coordination, reduce costs, and save time. Plus, iShareID Direct Address and iShare Medical Messaging account include access to and a listing in the iShare Medical Directory of Direct Addresses. Sign up today and start sharing medical records now.
Sign up today for iShare Medical Messaging and start sharing medical records now. Call us today at 816.249.2555 or email us at info@isharemedical.com.