DirectTrust

Ownership

Not-for-Profit Trade association (501c6)

Governance

Governed by a Board of Directors, which is elected by the members at large. Two advisory committees operate beneath the board. The Policy Committee reviews and approves all policy documents. The Trust Anchor Approval Committee reviews applications of HISPs and CAs to join the Trust Anchor Bundle. A number of standing Work Groups covering operational, technical and policy components also exist. 

Geographic Reach (within US)

Nationwide

Mission

The mission of DirectTrust is to support health information exchange that is secure, interoperable, affordable, ubiquitous and usable by diverse end-users. The mission is pursued in the interest of the public good, as a non-profit, competitively neutral, membership ‘learning organization’ for voluntary self-governance of health information exchange.

How does this approach facilitate exchange?

DirectTrust develops and maintains the policies, standards, and practices that support the trusted and effective use of Direct messaging within the DirectTrust Network. The DirectTrust Trust Framework scales trust by making it unnecessary to negotiate one-off agreements, instead creating a "network of trust". At the heart of this Trust Framework, is the Public Key Infrastructure, which allows for the management of digital certificates and public-key encryptions necessary for the exchange of a Direct message.

To exchange messages on the DirectTrust Network, one need only have a Direct address provided by one of our Accredited health information service providers (HISPs). Some EHR companies offer HISP services to their clients as a part of their offering while other EHR companies can partner with HISPs to provision addresses to their users. These HISPs provide these services to other organizations including health plans, health departments, registries and virtually any party that wants to exchange healthcare data securely – including consumers that wish to communicate directly with provider organizations. The DirectTrust Accredited HISPs have undergone a rigorous testing and audit process to show that they are in compliance with the DirectTrust polices and procedures including the DirectTrust Certificate Policy. HISPs must complete ongoing interoperability testing to ensure that they remain in compliance with the DirectTrust Trust Anchor Bundle requirements.

Access Method (Use Cases)

Direct Secure Messaging (Push messaging)
Transitions of Care
Referrals
Release of information

Primary Goals/Objectives

Establish and maintain a national, transparent Security and Trust Framework upon which trust relationships for exchange technology can be scaled and federated nationally. This Framework comprises technical, legal, and business standards that members of the DirectTrust community agree to follow, uphold, and enforce.

Type

Secure messaging network

Number of Live Connections and/or Participants

According to end of first quarter 2019 metrics:

• DirectTrust organizations served: 167,000 health care organizations served by DirectTrust health information service providers (HISPs) and engaged in Direct exchange (increased 49% compared with the same time last year.)
• DirectTrust trusted address: More than 1.9 million trusted Direct addresses able to share PHI (increased 13% compared with the same time last year.) 
• DirectTrust patient/consumer addresses: More than 265,000 patients/consumers involved in using Direct messaging (increased nearly 19% compared with the same time last year.)
• Direct exchange transactions: There were more than 164 million messages sent and received within the DirectTrust network during the first quarter of 2019. This is an increase of almost 54 million messages, or nearly 49%, compared with the previous quarter, and three and a half times over the same period last year. The cumulative total of Direct exchange transactions since its inception in 2014 reached 771 million at the end of the first quarter; a growth rate of 30+ million transactions per month.

Members

Members include the 41 accredited operators of the DirectTrust network, including:

• Health Information Service Providers (HISPs),
• Certificate Authorities (CAs),
• Registration Authorities (RAs)

Other members include but are not limited to HIE organizations, EHR vendors and health systems. DirectTrust HISP Accreditation, along with the Direct Trusted Agent Accreditation Program (DTAAP) for RAs and CAs are the programs administered by DirectTrust. 
As of April 2019, 109 organizations are members.

View the member list.

Primary Participants

A number of participants from the health IT ecosystem have the opportunity to obtain a Direct address, including but not limited to health care professionals, medical practices, health plans, hospitals, pharmacies, clinical labs, or individual consumers/patients.

Costs (Amount and/or Party Incurring Cost)

DirectTrust does not have control over pricing nor access to member information on what they charge for Direct secure messaging.

An estimate of approximately $10-15 per address per month could be a guide, but a variety of pricing models exist. For example, an EHR or HIE may absorb all costs and provide the address to the end-user at no charge. Other end users pay a separate product fee for HISP services. Charges for consumer addresses also widely vary.

Directory/MPI Details

The DirectTrust Provider Directory Data Aggregation Service encourages the sharing of Direct Address information among accredited HISPs and subscribers. Participating HISPs upload their Direct address directories into the service to create a consolidated directory. To be eligible to participate, HISPs must be in good standing, a member of an Accredited Trust Anchor Bundle, and execute the Federated Services Agreement.

Standards Leveraged

The Direct Standard™

X.509 public key infrastructure (PKI) standard

Onboarding Process (Requirements to connect)

Provision of a Direct address requires the involvement of a Registration Authority (RA) to conduct identify proofing of the end-user, a Certificate Authority (CA) to issue and manage a digital certificate tied to the account, and a Health Information Service Provider (HISP) to issue a Direct address and bind that address to the digital certificate. End users are able to obtain a Direct address by simply requesting an account, completing identity proofing and receiving a Direct address.

CAs, RAs, and HISPs must be accredited to operate as a part of the DirectTrust network. 

Data Persistance

Federated Model: DirectTrust does not store any data exchanged in direct transactions. Receiving end-point systems may capture the payloads and persist this data.

Certification Requirements for Participation

All participating HISPs, CAs, RAs must complete an accreditation process to participate. End users with Direct accounts do not have certification requirements for participation but need to be identity proofed.

Testing

Testing is required to be accepted into a Trust Bundle and must be conducted with at least 10 other entities. Ongoing interoperability testing is conducted twice a year to ensure all HISPS can communicate with all others.

Future Plans

Plans include extending use cases leveraging current capabilities to create new value and leveraging the trust framework to support other technologies.

DirectTrust's Public Key Infrastructure (PKI) can support other technologies. This PKI, (a set of rules, roles, policies, standards and procedures needed to create, manage, distribute, use, store and revoke digital certificates and manage public-key encryption) can help to scale trust nationally. In Direct exchange, the PKI is used to both encrypt and decrypt, and then sign and verify the message and attachments. This infrastructure can potentially be applied to interoperability standards, such as HL7 FHIR®, or technologies, such as Blockchain.

Current Collaboration across Efforts

In 2019, DirectTrust and CommonWell created a reciprocal membership relationship. DirectTrust leadership and members participate in numerous Carequality task forces and working groups.

DirectTrust maintains ongoing contact with CHIME, HIMSS, The Carin Alliance, the Center for Medical Interoperability and many other industry groups. Through the structure of our ANSI Accredited standards development efforts, DirectTrust Standards will likely collaborate on new standards with IHE, HL7, X12 and others.

Surescripts is accredited by and a member of DirectTrust. DirectTrust accredited organizations can exchange clinical messages with Surescripts users. (source)

Several EHR vendors are members and/or accredited HISPs under the DirectTrust Framework.