New Guidance for Using Direct Project Messaging Protocols

Federal guidance is available for more than 40 state health information exchanges and other entities intending to implement secure clinical messaging services using the Direct Project protocols.

Guidance from the Office of the National Coordinator for Health Information Technology is intended to heighten confidence that Direct is being properly implemented, encourage consistent practice standards, and enable development of trusted communities across health information service providers at the regional and state levels, according to the ONC.

The guidance covers defining common policies, standards and implementation approaches in areas such as issuing digital certifications and proving identity of end users, among other issues. Users of the guidance need to keep two considerations in mind, according to ONC:

1. “The fundamental trust for directed exchange is between the initiating sender and the final receiver (not between HISPs). A common set of policies will let HISPs automatically recognize each other’s certificates and provide confidence that information will be securely routed to the right recipient, but a provider will ultimately still need to decide to send/receive information to/from another party for patient care or for other reasons allowed under HIPAA.”

2. “The guidance is offered to support state grantees’ Direct implementations that are being deployed now and over the next few months. The specific policies and standards may need to be adjusted to mirror the requirements of Nationwide Health Information Network governance once they are established through regulation.”