Launched in March 2010 as a part of the Nationwide Health Information Network, the Direct Project was created to specify a simple, secure, scalable, standards-based way for participants to send authenticated, encrypted health information directly to known, trusted recipients over the Internet. The Direct Project has more than 200 participants from over 50 different organizations. These participants include EHR and PHR vendors, medical organizations, systems integrators, integrated delivery networks, federal organizations, state and regional health information organizations, organizations that provide health information exchange capabilities, and health information technology consultants.
The Direct Project focuses on the technical standards and services necessary to securely push content from a sender to a receiver and not the actual content exchanged. However, when these services are used by providers and organizations to transport and share qualifying clinical content, the combination of content and Direct-Project-specified transport standards may satisfy some Stage 1 Meaningful Use requirements. For example, a primary care physician who is referring a patient to a specialist can use the Direct Project to provide a clinical summary of that patient to the specialist and to receive a summary of the consultation.
Two primary Direct Project specifications are the Applicability Statement for Secure Health Transport and the XDR and XDM for Direct Messaging.
Applicability Statement for Secure Health Transport
The Applicability Statement for Secure Health Transport is intended to provide constrained conformance guidance on the interoperable use of a set of RFCs describing methods for achieving security, privacy, data integrity, authentication of sender and receiver, and confirmation of delivery consistent with the data transport needs for health information exchange.
The document describes how to use SMTP, S/MIME, and X.509 certificates to securely transport health information over the Internet. Participants in exchange are identified using standard e-mail addresses associated with X.509 certificates.The data is packaged using standard MIME content types. Authentication and privacy are obtained by using Cryptographic Message Syntax (S/MIME), and confirmation delivery is accomplished using encrypted and signed Message Disposition Notification. Certificate discovery of endpoints is accomplished through the use of both DNS and LDAP. Advice is given for specific processing for ensuring security and trust validation on behalf of the ultimate message originator or receiver.
The current version of the Applicability Statement for Secure Health Transport specification (Version 1.1) was published on 7/10/2012. Download the Applicability Statement for Secure Health Transport [PDF - 640 KB].
XDR and XDM for Direct Messaging
This specification discusses the application of XDR and XDM to the direct messaging environment and the interaction between the primary Direct Project environment, which uses SMTP and RFC 5322 to transport and encode healthcare content, and the XDR and XDM specifications. This specification defines:
- Use of XD* Metadata with XDR and XDM in the context of directed messaging
- Additional attributes for XDR and XDM in the context of directed messaging
- Issues of conversion when endpoints using IHE XDR or XDM specifications interact with endpoints utilizing SMTP for delivering healthcare content.
The current version of the XDR and XDM for Direct Messaging specification (Version 1.0) was published on 3/9/2011. Download the XDR and XDM for Direct Messaging Specification [PDF - 485 KB].
ONC Implementation Guide for Direct Edge Protocols
Direct Project’s Applicability Statement for Secure Health Transport establishes the standard protocols, along with message formats and processing requirements, for communication between Security/Trust Agents (STAs), which are commonly referred to by the name of the entities that operate STAs on behalf of others: Health Information Service Providers (HISPs). The communication protocol between HISPs is known as the Direct backbone protocol and is based on SMTP. While the Direct project has standardized the backbone protocol for communication between HISPs, currently there is minimal implementation guidance on how HISPs’ clients’ Edge systems should communicate with their respective HISP. This implementation guide refers to the protocols used between HISP clients and the HISP as “Direct Edge protocols” and HISP clients as Edge systems.
Establishing standards between Edge systems and HISPs will enable CEHRT (Certified EHR Technology) to more easily interoperate with a variety of different HISP partners. In addition organizations such as HISP vendors, HIOs and RHIOs can support the standardized edge protocols as part of their HISP solution and expect Edge systems to integrate using the standardized edge protocols. The absence of these standardized edge protocols lead to custom solutions between HISPs and the Edge systems and negatively affect interoperability between systems.
This implementation guide provides guidance for standardizing Direct edge protocols and improving interoperability between HISPs and Edge systems. This implementation guide is complementary to currently existing Direct project specifications.
The current version of the ONC Implementation Guide for Direct Edge Protocols (Version 1.1) was published on 6/25/2014. Download the ONC Implementation Guide for Direct Edge Protocols [PDF - 937 KB].