The Direct Experts

HISPDirect™ is a cloud-based Direct messaging service, providing secure, reliable transport of patient information, such as referrals, consults, or lab reports to providers or patients.

Direct has caused a lot of questions in the industry.  Below, we'll answer the most frequent questions from our customers about HHS ONC's Direct.  

What is "Direct"

"Direct" is short for the protocol developed by HHS Office of the National Coordinator (ONC) "the Direct Project".  This transport protocol is referenced as "Applicability Statement for Secure Health Transport" in the Meaningful Use Stage 2 rule.  An overview of the project can be found on at the HealthIT.gov site.  

The basic idea was to make secure exchange of computable health records as easy as sending by fax... and in many ways, Direct has accomplished this goal.

What is a HISP?

Basically, a HISP (Health Information Service Provider) is an organization that operates the messaging servers.  A HISP is responsible for the transport of messages, but not the creation of the content.

Because of the specialized needs of the HISP, most EHRs and system vendors choose not to operate as their own HISP, and look to others to provide that service.

Do I need Direct?

If you need to certify to, or attest to Meaningful Use Stage 2, the answer is yes.  Direct is required for the following criteria:

§170.314(b)(1) -- Transitions of care – receive, display and incorporate transition of care/referral summaries,

§170.314(b)(2) -- Transitions of care – create and transmit transition of care/referral summaries, and

§170.314(e)(1) -- View, download, and transmit to 3rd party

Direct may be used for other objectives like secure messaging or public health, but it is only required in the above 3 criteria.

What can I do with Direct?

Direct can be used for transitions of care and patient engagement as the MU 2 rule requires.  But, because all MU 2 certified EHRs will be able to send and receive care summaries via Direct, many exchange use cases can be easily be enabled via Direct.

We are seeing an explosion in the ways Direct can be used because of it relative low cost, ease of implementation and ability to transport any file type (content agnostic).

Some of the emerging use cases enabled via Direct we see are:

  • Submissions to repositories -- for public health, payers or as an inexpensive repository in settings with many EHRs,
  • Automated transmission of notifications -- From statewide ADT networks, to purpose specific cases, Direct can easily distribute notifications between different communities and care settings,
  • Communication with associated providers --  With Direct, everybody can communicate.  Sending messages or health records to providers outside of your community or EHR system is easy.

We see a continually growing set of ways to use Direct and we're happy to share what we've seen.  Just contact us


How Easy is Direct?

As easy as email... and sometimes easier.

From a user's perspective, it looks and works like email.  From a system perspective, it can be even easier to integrate.

We've created a simplified RESTful API that allows systems in integrate incredibly quick.  How quick?  With a few calls to enable full messaging, most systems integrate with our HISP in 2 days.  We had one customer go from initial call, through implementation and successful certification testing in 2 weeks.


What is Trust and how do I trust others?  Is Direct secure?

Part of the Direct protocol's security is the need to explicitly "trust" other organizations or individuals before being able to message them. With so many provider organizations out there, this can become a massive job to establish one-to-one trust for many providers.

Direct allows for the use of a "trust bundle" whereby every member of the bundle is trusted by every other.  This makes large scale trust easier, but brings with it policy questions  - "how can I trust everyone in the bundle?".

DirectTrust.org has a mission to address these an other issues.  They have created trust bundles requiring best practices be adhered to by all members.  Nitor is a member of DirectTrust and a fully accredited member of the DirectTrust.org bundle.

Nitor is also a fully accredited EHNAC DTAAP HISP.  Nitor applies the highest standards in the operations of our products.


learn more...

The Direct protocol is secured by an encrypted PKI infrastructure, requiring digital certificates at both ends (sender and receiver).

Nitor Group goes beyond the protocols required, ensuring security of PHI data.  Our HISPDirect(TM) product is the only EHNAC accredited HISP to be hosted a fully accredited EHNAC hosting facility -- Sidus BioData.  From highly secure facilities, to accredited operations -- your data is safe with Nitor.

To learn more about the HISPDirect product certifications, please visit our product certifications page.

How Can I Learn More?

Contact us.  We have been told by many organizations that a brief call made the whole "Direct thing" a lot clearer.  We're happy to shed some light.