direct-secure-messaging

JSON twin: https://www.healthaidb.com/software/direct-secure-messaging.json

Company Name

DirectTrust

Product URL

https://directtrust.org/what-we-do/direct-secure-messaging

Company URL

https://directtrust.org

Categories

• clinical
• interoperability
• messaging
• standards
• security

Summary

A standards-based secure email transport (Direct protocol) for exchanging encrypted clinical messages and attachments between trusted healthcare participants.

Description

Direct Secure Messaging (Direct) is a secure, standards-based messaging service and set of policies that enables encrypted push exchange of clinical documents, referrals, notifications, and patient data among providers, organizations, HIEs and patients using Direct addresses and trusted certificates.

Api Available

unknown

Certifications

• DirectTrust Accreditation (HISP accreditation/trust framework membership)
• HITRUST (commonly held by participating HISPs / vendors)

Company Founding

2012

Company Offices

• United States

Compliance

• HIPAA
• HITECH
• DirectTrust Trust Framework requirements
• ONC guidance/recognition (uses Direct Project standards)

Customers

• Epic
• Cerner
• Allscripts
• athenahealth
• Meditech
• eClinicalWorks
• NextGen
• PointClickCare
• Greenway
• Netsmart
• MatrixCare
• EMR Direct
• RelayHealth
• WellSky
• Brightree
• Glenwood Systems

Data Residency

Primarily US (national DirectTrust network); hosting region depends on chosen HISP/vendor (regional or cloud hosting options)

Data Standards

• Direct Standard (The Direct Protocol)
• S/MIME (for payload encryption)
• PKI / X.509 certificates
• HL7 C-CDA (as a common document payload)
• IHE XDM (Cross-Enterprise Document Media Interchange)

Deployment Model

• protocol (standards-based)
• SaaS (via HISP providers)
• on_prem (HISP/on-prem SMTP deployments)
• hybrid

Features

• Encrypted push messaging using the Direct Standard (push transport)
• End-to-end S/MIME encryption with PKI-based digital certificates
• Direct addresses (identity-proofed addresses for send/receive)
• Support for attachments of any file type (clinical documents, images)
• Support for CCDA/XDM clinical document payloads
• Digital signatures and message integrity
• Trust bundles and directory services for discovery of endpoints
• Message routing via Health Information Service Providers (HISPs)
• Use cases: referrals, transitions of care, EMS handoff, provider-to-patient
• Access/audit logging of message activity
• Routing/relay between organizations (inter-HISP exchange)
• Organization and personnel level address endpoints
• Scalable national network for clinical exchange
• Interoperability guidance and implementation artifacts

Id

P0478

Integration Partner S

Integrations

• Epic
• Cerner
• Allscripts
• athenahealth
• eClinicalWorks
• Meditech
• NextGen
• PointClickCare
• Netsmart
• Brightree
• EMR Direct / HISP vendors (e.g., DataMotion, Inpriva, MaxMD)
• Orion Health
• Regional HIE platforms / state HIEs
• EHR inboxes / Outside Messaging implementations

Languages Supported

• English

Last Updated

2025-09-07

License

proprietary/service-based (varies by vendor)

Links

• https://directtrust.org/what-we-do/direct-secure-messaging
• https://directtrust.org/standards/the-direct-standard
• https://directtrust.org/who-we-are
• https://directtrust.org/resources
• https://directtrust.org/standards/the-direct-standard/versions
• https://www.healthit.gov/sites/default/files/page/2020-07/0720_Direct%20Secure%20Messaging%20Basics.pdf
• https://pmc.ncbi.nlm.nih.gov//articles/PMC9352441/
• https://datamotion.com/solutions/healthcare/direct-secure-messaging
• https://kno2.com/connectivity/direct/
• https://directtrust.org/blog/the-continued-growth-of-direct-secure-messaging/

Market Segment

• enterprise
• smb

Optional Modules

• Directory services/trust bundle membership
• Certificate issuance and identity proofing
• HISP accreditation/compliance services
• Event notifications via Direct
• Interoperable secure cloud fax (Direct-based fax)
• Trusted Instant Messaging Plus (TIM+)

Os Platforms

• Web (HISP consoles/webmail)
• EHR-integrated (Epic/Cerner/etc.)
• Windows
• macOS
• Linux

Pricing Details

Vendor-dependent; typically sold as a subscription/service through HISPs or integrated in EHR/HIE products—contact vendor for pricing and trial options.

Pricing Model

enterprise_quote

Privacy Features

• BAA available via HISP/vendor contracts
• Identity proofing for Direct addresses
• Encrypted attachments and minimization of plaintext PHI in transit

Ratings

Regions Available

• United States

Release Year

2010

Security Features

• End-to-end encryption (S/MIME)
• PKI-based digital certificates and digital signatures
• TLS for transport
• Authentication/identity-proofing of addresses
• Audit logging
• Trust bundle validation

Specialties

• primary care
• hospital medicine
• radiology
• laboratory
• cardiology
• oncology
• mental health
• emergency medicine
• ambulatory care

Support Channels

• email
• phone
• community
• ticketing
• documentation

System Requirements

HISP-capable SMTP servers, PKI/X.509 certificate management; EHR integration via vendor inbox connectors (if on-prem deployments exist)

Target Users

• clinicians
• clinical staff/nurses
• health IT administrators
• health information exchanges (HIEs)
• laboratories
• imaging centers
• billing/administrative staff
• patients/consumers
• payers

Training Options

• documentation
• webinars
• live_online

Type

product

User Reviews

Version

1.0

Canonical JSON

{
  "company_name": "DirectTrust",
  "company_url": "https://directtrust.org",
  "company_offices": [
    "United States"
  ],
  "company_founding": "2012",
  "product_url": "https://directtrust.org/what-we-do/direct-secure-messaging",
  "categories": [
    "clinical",
    "interoperability",
    "messaging",
    "standards",
    "security"
  ],
  "market_segment": [
    "enterprise",
    "smb"
  ],
  "links": [
    "https://directtrust.org/what-we-do/direct-secure-messaging",
    "https://directtrust.org/standards/the-direct-standard",
    "https://directtrust.org/who-we-are",
    "https://directtrust.org/resources",
    "https://directtrust.org/standards/the-direct-standard/versions",
    "https://www.healthit.gov/sites/default/files/page/2020-07/0720_Direct%20Secure%20Messaging%20Basics.pdf",
    "https://pmc.ncbi.nlm.nih.gov//articles/PMC9352441/",
    "https://datamotion.com/solutions/healthcare/direct-secure-messaging",
    "https://kno2.com/connectivity/direct/",
    "https://directtrust.org/blog/the-continued-growth-of-direct-secure-messaging/"
  ],
  "summary": "A standards-based secure email transport (Direct protocol) for exchanging encrypted clinical messages and attachments between trusted healthcare participants.",
  "description": "Direct Secure Messaging (Direct) is a secure, standards-based messaging service and set of policies that enables encrypted push exchange of clinical documents, referrals, notifications, and patient data among providers, organizations, HIEs and patients using Direct addresses and trusted certificates.",
  "target_users": [
    "clinicians",
    "clinical staff/nurses",
    "health IT administrators",
    "health information exchanges (HIEs)",
    "laboratories",
    "imaging centers",
    "billing/administrative staff",
    "patients/consumers",
    "payers"
  ],
  "specialties": [
    "primary care",
    "hospital medicine",
    "radiology",
    "laboratory",
    "cardiology",
    "oncology",
    "mental health",
    "emergency medicine",
    "ambulatory care"
  ],
  "regions_available": [
    "United States"
  ],
  "languages_supported": [
    "English"
  ],
  "pricing_model": "enterprise_quote",
  "pricing_details": "Vendor-dependent; typically sold as a subscription/service through HISPs or integrated in EHR/HIE products—contact vendor for pricing and trial options.",
  "license": "proprietary/service-based (varies by vendor)",
  "deployment_model": [
    "protocol (standards-based)",
    "SaaS (via HISP providers)",
    "on_prem (HISP/on-prem SMTP deployments)",
    "hybrid"
  ],
  "os_platforms": [
    "Web (HISP consoles/webmail)",
    "EHR-integrated (Epic/Cerner/etc.)",
    "Windows",
    "macOS",
    "Linux"
  ],
  "features": [
    "Encrypted push messaging using the Direct Standard (push transport)",
    "End-to-end S/MIME encryption with PKI-based digital certificates",
    "Direct addresses (identity-proofed addresses for send/receive)",
    "Support for attachments of any file type (clinical documents, images)",
    "Support for CCDA/XDM clinical document payloads",
    "Digital signatures and message integrity",
    "Trust bundles and directory services for discovery of endpoints",
    "Message routing via Health Information Service Providers (HISPs)",
    "Use cases: referrals, transitions of care, EMS handoff, provider-to-patient",
    "Access/audit logging of message activity",
    "Routing/relay between organizations (inter-HISP exchange)",
    "Organization and personnel level address endpoints",
    "Scalable national network for clinical exchange",
    "Interoperability guidance and implementation artifacts"
  ],
  "optional_modules": [
    "Directory services/trust bundle membership",
    "Certificate issuance and identity proofing",
    "HISP accreditation/compliance services",
    "Event notifications via Direct",
    "Interoperable secure cloud fax (Direct-based fax)",
    "Trusted Instant Messaging Plus (TIM+)"
  ],
  "integrations": [
    "Epic",
    "Cerner",
    "Allscripts",
    "athenahealth",
    "eClinicalWorks",
    "Meditech",
    "NextGen",
    "PointClickCare",
    "Netsmart",
    "Brightree",
    "EMR Direct / HISP vendors (e.g., DataMotion, Inpriva, MaxMD)",
    "Orion Health",
    "Regional HIE platforms / state HIEs",
    "EHR inboxes / Outside Messaging implementations"
  ],
  "data_standards": [
    "Direct Standard (The Direct Protocol)",
    "S/MIME (for payload encryption)",
    "PKI / X.509 certificates",
    "HL7 C-CDA (as a common document payload)",
    "IHE XDM (Cross-Enterprise Document Media Interchange)"
  ],
  "api_available": "unknown",
  "system_requirements": "HISP-capable SMTP servers, PKI/X.509 certificate management; EHR integration via vendor inbox connectors (if on-prem deployments exist)",
  "compliance": [
    "HIPAA",
    "HITECH",
    "DirectTrust Trust Framework requirements",
    "ONC guidance/recognition (uses Direct Project standards)"
  ],
  "certifications": [
    "DirectTrust Accreditation (HISP accreditation/trust framework membership)",
    "HITRUST (commonly held by participating HISPs / vendors)"
  ],
  "security_features": [
    "End-to-end encryption (S/MIME)",
    "PKI-based digital certificates and digital signatures",
    "TLS for transport",
    "Authentication/identity-proofing of addresses",
    "Audit logging",
    "Trust bundle validation"
  ],
  "privacy_features": [
    "BAA available via HISP/vendor contracts",
    "Identity proofing for Direct addresses",
    "Encrypted attachments and minimization of plaintext PHI in transit"
  ],
  "data_residency": "Primarily US (national DirectTrust network); hosting region depends on chosen HISP/vendor (regional or cloud hosting options)",
  "customers": [
    "Epic",
    "Cerner",
    "Allscripts",
    "athenahealth",
    "Meditech",
    "eClinicalWorks",
    "NextGen",
    "PointClickCare",
    "Greenway",
    "Netsmart",
    "MatrixCare",
    "EMR Direct",
    "RelayHealth",
    "WellSky",
    "Brightree",
    "Glenwood Systems"
  ],
  "user_reviews": [],
  "ratings": [],
  "support_channels": [
    "email",
    "phone",
    "community",
    "ticketing",
    "documentation"
  ],
  "training_options": [
    "documentation",
    "webinars",
    "live_online"
  ],
  "release_year": "2010",
  "integration_partner s": [],
  "id": "P0478",
  "slug": "direct-secure-messaging",
  "type": "product",
  "version": "1.0",
  "last_updated": "2025-09-07",
  "links_json": {
    "self": "https://www.healthaidb.com/software/direct-secure-messaging.json"
  }
}