Secure, Scalable and Standards-Based PHI Transfer

Direct Messaging FAQ

What is the difference between email encryption and Direct secure messaging?

Direct Secure Messaging (aka Direct) is a type of message and file encryption that uses a protocol standard specified by the US government for use in the health industry. Direct has very specific rules and protocols that must be followed by any vendor or organization using it. The goal is to provide an interoperable secure messaging service nationwide for personal health information (PHI). It is facilitated by independent Health Information Service Providers which operate a virtual Direct Secure Messaging network, aka NwHIN (nationwide health information network). Direct Secure Messaging requires new ‘e-mail-like’ addresses to be issued for both senders and recipients. It is not compatible with traditional email addresses, clients or email servers. DataMotion is an accredited HISP providing DataMotion Direct, a Direct Secure Messaging service.

Email Encryption generically has many commercial implementations (including DataMotion SecureMail) that are typically proprietary implementations or variations on encryption standards, which leverage traditional email addresses, clients and servers – and are therefore compatible with traditional email networks, servers and clients. In most cases, email encryption services and solutions are not interoperable between vendor offerings.

How can I get my Direct Messages in my EHR, my cell phone, and my tablet?

DataMotion’s HISP is based on a hub and spoke architecture with a standard data base at its core and connectors that readily interface the data base to a variety of applications and devices. Under this flexible architecture, an EHR’s desktop interface can be linked to the DataMotion’s HISP via web service calls while mobile devices can be interfaced to the HISP via SMTP/POP.  Connectivity to mobile devices leverages user interfaces sized and formatted to mobile requirements, ensuring a consistent and friendly end-user experience.

Can I send a Direct Message to my Gmail account?

No.  Gmail and other standard e-mail services do not support the authentication and encryption capabilities that are fundamental requirements for Direct Secure Messaging (Direct).  Direct is differentiated from Gmail and similar services by combining SMTP, S/MIME protocols and (X.509) digital certificates to securely facilitate health information exchange via the internet.  Unlike Gmail, Direct authenticates the identity of senders and receivers and insures the integrity of the message and attachment(s) in transit using encryption.  In short, Direct guarantees that the intended message is sent to its intended recipient with maximum privacy.

How can I integrate DataMotion Direct into my EHR or HIE technology?

DataMotion offers multiple approaches for establishing a connection between third party health information technologies and DataMotion’s HISP.  Standards compliant connectivity is achieved via:

  • Web service calls/APIs
  • DataMotion-provided embeddable web portal

To enable developers and compress development cycles, DataMotion’s connectivity methodologies are incorporated into a developers sandbox.  Developers familiar with standard web communication protocols, including HTTP, XML, and SOAP will be able to use the sandbox with minimal training and support.  The sandbox contains:

  • Integration code samples
  • API documentation
  • Implementation guide
How quickly can I implement a Direct solution for Meaningful Use Stage 2 (MU2) certification?

DataMotion’s development tools will be immediately intuitive to and easily mastered by developers with a good working knowledge of web communication protocols in .net or Java environments.  Sample code provides readily available Direct messaging functionality and a strong foundation for application-specific integration.  Based on actual use cases, Direct functionality can be incorporated in as little as 1-2 days.  Total time to complete a Direct solution depends on the additional development hours needed to polish and fine-tune the application.

What is included in DataMotion’s Direct product/service offering?

DataMotion delivers all of the Direct products and services you need to:

  • Achieve Meaningful Use 2 certification for the following requirements:
    • Transitions of Care (170.314 (b)(1), (b)(2))
    • VDT (170.314(e)(1))
  • Enable your providers with Direct addresses to attest to the following objectives:
    • Core Measure 15 (Transitions of Care)
    • Core Measure 7 (View Download Transmit)
  • Issue Direct addresses for general health information exchange beyond ONC requirements for transitions of care and VDT

DataMotion’s Direct solution includes:

  • HISP services delivering Direct Secure Messaging fully compliant with the Direct Project protocols
  • Developers’ sandbox featuring a software development kit (SDK) compliant with open standards including web services, XDM/XDR + SOAP, S/MIME, SMTP, secure POP, and open APIs.  Integration is easily achieved with a variety of HIT systems such as EHR/EMR, HIE, EDIS, patient portal, billing systems, and others.


<< Back


Secure, Scalable and Standards-Based PHI Transfer

Share This