Guest Article: Secure message exchange using the Direct Protocol is not a myth, there really are people using it

I recently chaired a couple of conferences and my next HealthIMPACT event is coming up later this month in NYC. At each one of the events and many times a year via twitter and e-mail I am asked whether the Direct Project is successful, worth implementing in health IT projects, and if there are many people sending secure messages using Direct. To help answer these questions, I reached out to Rachel A. Lunsford, Director of Product Management at Amida Technologies. Amida has amassed an impressive team of engineers to focus on health IT for patient-centered care so their answer will be well grounded in facts. Here’s what Rachel said when I asked whether Direct is a myth or if it’s real and in use:

Despite wide adoption in 44 States, there is a perception that Direct is not widely used. In a recent conversation, we discussed a potential Direct secure messaging implementation with a client when they expressed concern about being a rare adopter of Direct messaging.  While the team reassured them that their organization would in fact be joining a rich ecosystem of adopters, they still asked us to survey the market.

In 2012, the Officer of the National Coordinator for Health Information Technology (ONC) awarded grants to State Health Information Exchanges to further the exchange of health information. There are two primary ways to exchange information: directed and query-based. ‘Directed’ exchange is what it sounds like – healthcare providers can send secure messages with health information attached to other healthcare providers that they know and trust. The most common type of ‘Directed’ exchange is Direct which is a secure, scalable, standards-based way to send messages. Query-based is a federated database or central repository approach to information exchange which is much harder to implement and growth in this area is slower.  Thanks in part to the grants and also in part to the simplicity of the Direct protocol, 44 States have adopted Direct and widely implemented it. And yet the myth persists that Direct is not well adopted or used.

As with other new technologies, it may be hard to see the practical applications. When Edison and Tesla were dueling to find out which standard – direct or alternating current – would reign supreme, many were unsure if electricity would even be safe enough, never mind successful enough, to replace kerosene in the street lamps. It was impossible for people to foresee a world where many live in well-lit homes on well-lit streets, and none could have imagined using tools like the computer or the Internet. Thankfully, the standards debate was sorted out and we continue to benefit from it today.

There are two groupings of data we can look towards for more detail on use of Direct. The first are the States themselves; they self-report transaction and usage statistics to the ONC. It was reported in the third quarter of 2013 that the following were actively exchanging some 165 million ‘Directed’ messages:

  • 20,376 Ambulatory entities (Entities/organizations that provide outpatient services, including community health centers, independent and group practice, cancer treatment centers, dialysis centers, etc.)
  • 738 Acute Care Hospitals (Hospitals that provider inpatient medical care and other related services for surgery, acute medical conditions or injuries)
  • 157 Laboratories (Non-hospital clinical)
  • 16,329 other health care organizations (Home health care, long-term care, behavioral health programs/entities, psychiatric hospitals, payers, release of information vendors, health care billing services, etc.)

Another organization collecting data on Direct implementation is Charged by ONC, oversees development of the interoperability framework and rules used by Direct implementers, works to reduce implementation costs, and remove barriers to implementation. Additionally, DirectTrust supports those who want to serve as sending and receiving gateways known as health information service providers (HISPs). By’s count, the users number well over 45,000 with at least 16 organizations accredited as HISPs. Further, over two million messages have been exchanged with the roughly 1,500 Direct-enabled sites. With Meaningful Use encouraging the use of Direct, we can expect even more physicians and healthcare organizations to join in.

As more doctors are able to exchange records, everyone will benefit. When a provider can receive notes and records from other providers to see a fuller, more complete view of her patient’s health, we have a greater possibility of lowering healthcare costs, improving health outcomes, and saving lives.  Once we open up the exchange to patients through things like the Blue Button personal health record, the sky is the limit.



Newsletter Sign Up

4 thoughts on “Guest Article: Secure message exchange using the Direct Protocol is not a myth, there really are people using it

  1. Rachel, thanks for delivering the facts (and Shaid for the invitation) — we see more and more messages flowing every month. And more importantly, we’re seeing folks that have already deployed the infrastructure finding new “unexpected” use cases for it … e.g., the patient->provider exchanges happening with California Direct. Who would have thought we would ever get multiple uses out of a piece of HIT? Woo hoo!

    1. Hi Sean — thanks for dropping by, and the feedback. Rachel’s done many of us Direct Project advocates a real service here by pointing out real usage. Your reference to unexpected use cases is also terrific — if you have some examples I’d love to post them. 🙂

  2. Fantastic article, Shahid. Begs the following questions:

    1. In the current Direct userbase (across all the categories you mentioned), is there a way to tell how many users are using it directly from their EMR (i.e. the embedded Direct capability in the EMR)?

    2. What percentage are using 3rd party HISPs and what percentage are hosting their own Direct service?

    3. Which HISPs are hosting DIRECT for multiple enterprises? Are they doing one DIRECT instance per enterprise? Or is it one single instance? Whichever it is, why is it so?

    4. When Amida talks about a Bluebutton based PHR, have they
    “implemented” Blue Button? Or have they committed to it (like Cerner)?

    5. Is there any place we can find out which HISP uses which Certificate Authority?

    ~ @pallavsharda

    1. Pallav, thanks for the great round of questions. Most of the data that would answer questions 1, 2, 3, and 5 are self-reported and so they aren’t readily available. I’d like to do some more due diligence on Direct usage with these questions as my guide and do a follow up post.

      As for question 4, we at Amida have added to the Blue Button by creating a data reconciliation engine to parse and normalize, match and de-duplicate, and reconcile Blue Button files. We are also committed to Blue Button as many of the team members were on the original implementation team at the VA. More information about the DRE can be found at

      Thanks for the excellent questions — look for a follow-up post soon.

Add Comment