What is DirectTrust?
DirectTrust is a collaborative non-profit association of 121 health IT and health care provider organizations to support secure, interoperable health information exchange via the Direct message protocols. DirectTrust has created a “trust framework” that extends use of Direct exchange to over 106,000 health care organizations and 1,582,373 Direct addresses/accounts. This trust framework supports both provider-to-provider Direct exchange and bi-directional exchange between consumers/patients and their providers.
DirectTrust’s trust framework makes it easy for health care professionals, health IT vendors and their patients/customers to communicate securely, with identity proofing and regardless of end-user application. Over 300 EHR and PHR vendors’ products, and over 50 HIEs, participate in the DirectTrust network, ensuring interoperability and security via Direct for exchange of health information to more than half the professionals in the U.S. health care system.
Whether you are a health care professional, medical practice, health plan, hospital, pharmacy, clinical lab, or individual consumer/patient, there are DirectTrust members ready to onboard you with Direct exchange services right now.
Find a DirectTrust network service provider ready to serve your community
We welcome you to explore the benefits and costs of joining DirectTrust.
Get further details about how the DirectTrust trust framework works.
The common goal of DirectTrust members is to establish and maintain a national, transparent Security and Trust Framework upon which trust relationships for exchange technology can be scaled and federated nationally. This Framework comprises technical, legal, and business standards that members of the DirectTrust community agree to follow, uphold, and enforce. Based upon this Trust Framework, DirectTrust provides DirectTrust HISP Accreditation and partners with EHNAC to offer an Accreditation Program for CAs and RAs in Direct exchange, and DirectTrust has launched a Trust Anchor Bundle Distribution Service for use by accredited entities. As of October 2017, there are 38 DirectTrust accredited HISPs participating in the DirectTrust Accredited Trust Anchor Bundle.
In March 2013, DirectTrust was awarded an ONC Cooperative Agreement to further work in accreditation, trust anchor distribution services, and governance of the DirectTrust community. The Cooperative Agreement was renewed for another year in 2014. Part of the Exemplar Health Information Exchange Governance Program, the grant was to “increase interoperability, decrease cost and complexity, and facilitate trust among participants using Direct for health information exchange of personal health information for health care improvements.”
All DirectTrust activities are consistent with the governance rules for the Direct Project and the NwHIN promulgated by HHS, ONC, and the mandates of the HITECH Act.
Building the Trust Framework for Direct Exchange
DirectTrust.org is an outgrowth of a series of discussions and workgroup meetings that began in April, 2011, among stakeholders interested in helping to develop a Security and Trust Framework suitable for the stable and interoperable growth of Direct exchange in the United States. Trust is important to the confidence that the public will have in both privacy and security of Direct exchanges of messages and attachments. A central issue in those discussions was how to make it possible for purchasers and subscribers of the new Health Internet Service Provider, HISP, and Certificate Authority services for Direct exchange to have confidence in their choices in these trust agents, and be assured that vendors would subscribe to, and be held accountable to, a common yardstick of security and trust best practices.
A central issue taken up by this group of parties was how to establish trust among HISP-CAs in the issuance, exchange, and management of digital certificates that are used in the cryptographic method employed by Direct exchange, known as Public Key Infrastructure technology, PKI. Businesses, state/federal agencies and contractors have long deployed PKI for secure e-mail, controlled access to web services, and online authentication, among other uses, for over a decade. However, its use in health care has been very limited. Most health care providers are not familiar with participation in a PKI, and, since the Direct Project potentially represents the largest scale deployment of a PKI within health care to date, there is an urgent need for education about PKI architecture and the formation of a community that can instill confidence in its uses.
David McCallie (Cerner Corp.), Brett Peterson (Ability), David C. Kibbe (AAFP), and Gary Christensen (RIQI) were among the first participants in those discussions, although the members of the workgroup (that came to be known as the Direct Rules of the Road workgroup) quickly grew to more than two dozen individuals. By late September, there were over 50. In early November, 2011, the members of that workgroup formally moved their work to the DirectTrust.org wiki, in the anticipation of the establishment of DirectTrust.org as an independent non-profit organization. DirectTrust.org was incorporated as a not-for-profit trade association in April, 2012, and as of late June there were over 180 participants in the DirectTrust.org wiki. They include representatives from HISP vendors, Certificate Authorities, state and regional HIEs, physician membership organizations, EHR and PHR companies, consultants, and other interested parties.
It is the intention of those who have come together to help form this new entity that DirectTrust.org will be complementary and subject to, as well as supportive of, the governance rules and regulations for the Direct Project and the Nationwide Health Information Network, NwHIN, promulgated by HHS and ONC, and the mandates of the HITECH Act.
DirectTrust.org is organized as a non-profit, competitively neutral, self-regulatory entity created by and for Direct community participants. Our goal is to develop, promote and, as necessary, help enforce the rules and best practices necessary to maintain security and trust within the Direct community, and to foster widespread public confidence in the Direct exchange of health information.