Programs & Services

Q: What is the national Direct Project?

The ONC-sponsored national project sets the stage for collaboration within the private sector to create a secure, simple, and cost-effective mechanism to send health information directly to known, trusted recipients over the internet. 

Q: What is Direct Messaging?

Direct Messaging is secure e-mail designed for the exchange of health information between providers. Direct Program messaging functionality is simple in concept and yet carries many benefits.

The Direct Program enables providers to send patient health information via the internet in a secure and encrypted format to only those recipients with a Direct Program address (a special e-mail address). It is simple, fast, inexpensive, and allows for the exchange of various types of information such as notes, CCDs, referrals, and summary of care records that lead to a more efficient and complete coordination of care.

Q: What is the difference between Direct Messaging and regular e-mail?

Regular e-mail carries numerous risks of information being compromised during transmission, or being accessed by unauthorized users, making it inappropriate for the exchange of patient health information. The Direct Program, on the other hand, offers an easy work-around to help providers communicate clinical information more securely, which will ultimately help provide better care to patients in RI.

Q: How do I differentiate my Direct account from a regular e-mail account?

In a mail client application such as Microsoft Outlook, the Direct Messaging account will appear underneath the regular e-mail account. See image below for reference:

Direct Account

Q: How do I find e-mail addresses of other providers using Direct? 

Contact the user to obtain their Direct address—either in person, by phone or e-mail, or by any other method that is convenient.

Q: What makes Direct more secure than other communication mechanisms?

Direct was created using a technology infrastructure called Public Key Infrastructure (PKI). This framework makes Direct more secure than regular e-mail by:

  • Requiring digital certificates to validate/establish the identity of senders and recipients
  • Using public and private keys to encrypt and decrypt data
  • Engaging a trusted third party, called a Certificate Authority, to establish trust and issue digital certificates that maintain the keys that enable encryption
    Note: A Certificate Authority is a third party trusted by both the sender (owner of the certificate) and receiver.
    To obtain a digital certificate, a user must go through a vetting process: A trusted certificate authority or the RI Trust Community must validate that the users requesting a certificate are authentic (that is, that NPI numbers are correct and practice addresses are real) to ensure intended recipients that the senders can be trusted and vice versa. A certificate authority is in charge of issuing and managing digital certificates.
  • Using the S/MIME standard to secure content of message (commonly used standard to encrypt and/or sign MIME data)

This technology infrastructure enables Direct to protect digital PHI through:

  • Message encryption - the capability to encrypt messages (that is, scramble information so that unauthorized users cannot read the message) and keep them confidential. Only the intended destination users can decrypt the messages. Digital certificates are issued by a Certificate Authority.
  • Message integrity validation - the Direct message can be signed to ensure to the intended recipient that the message did not change during transmission and that it is coming from the right sender.
  • Transport security - transport-level security (TLS) ensures that connections are made only to trusted systems. TLS ensures security for information that travels over the internet and that network connections are encrypted and cannot be accessed by unauthorized users.

As a result of this security infrastructure:

  • Direct messages are routed only to intended and trusted recipients.
  • Direct messages cannot be compromised during transmission.
  • Direct messages can be read only by the intended recipient.

Q: If the message is opened by an unauthorized user, can the user be traced?

Like regular e-mail, Direct Messaging will not have tracing functionality built into the technology. However, the Direct Program has implemented several safeguards to prevent unauthorized users from opening messages. For instance, messages do not travel outside of a secure environment without being encrypted. Even if a message were to be opened by an unauthorized user, the unintended recipient will not be able to read it due to the encryption measures taken.

Q: What if I mistakenly send a message to the wrong person?

If you mistakenly send a message to the wrong person who does not have a Direct address, the message will not be delivered. If you mistakenly send an e-mail to an unintended provider using a Direct address, the message could be delivered, but not read.

Q: What is a Health Information Service Provider, or HISP?

A HISP is similar in concept to an internet service provider (ISP). As such, a HISP is responsible for delivering Direct Program messages from a sender to a receiver via the internet. HISPs encrypt, authenticate, and run trust verification activities to ensure patient health information is secure. In essence, a HISP ensures that messages get to the intended recipient in a secure way.

Q: Who controls the Direct usernames and passwords?

Your HISP will provide you with your username and temporary password, which can then be updated, just like you do with regular e-mail. 

Q: What is the RI Trust Community?

The RI Trust Community is a service provided by RIQI; it is a network of authenticated users who are verified physically by RIQI or a Notary Public, and have legitimate need and desire to exchange PHI within the state of Rhode Island.  As a member, providers will receive RIQI-signed digital certificates.

Q: How will RI REC help me?

RI REC will offer:

  • Design and delivery of provider and community education on what the Direct Program is, why it is important, and how to use it effectively
  • Availability of dedicated Relationship Managers for ongoing support for eligible PCPs
  • Identification of pre-qualified HISPs as part of RI REC’s Vendor Marketplace
  • Opportunity to enroll in the RI Trust Community

Q: What do I need to do to adopt Direct Messaging?

Once a provider has learned about the benefits of Direct Messaging, there are six steps to adoption:

  1. Evaluate vetted HISP providers in the RI REC Vendor Marketplace and select a HISP.
  2. Sign up with a HISP.
  3. Join the RI Trust Community (optional).
  4. Receive Direct account information from your HISP.
  5. Use your new Direct address to access your Direct e-mail account via webmail or via an existing mail client (Microsft Outlook, Mac Mail, or other).
  6. Send and receive Direct messages (if using an existing mail client, the mail client settings will need to be configured with the Direct settings provided by your HISP).

Q: What is a digital certificate?

A digital certificate is an electronic credential that ensures to the receiver of a message that the message is authentic and that it comes from a trusted sender’s electronic address. Digital certificates also maintain the key that is used to encrypt a message.

Q: What are the benefits of using Direct Messaging?

Direct Messaging

  • Helps replace less secure communication mechanisms - in the current healthcare environment, many providers are forced to rely on communication mechanisms such as fax machines, courier mail, and phone calls. These methods are not only time-consuming, expensive, and inconvenient, but also lack the level of security that is compulsory to communicate sensitive health information among providers, patients, and healthcare organizations.
  • Provides a uniform means of exchange - providers who adopt Direct Messaging will be able to communicate securely with any provider who also owns a Direct Program e-mail address.
  • Helps achieve Stage 1 Meaningful Use - assists providers in meeting Stage 1 Meaningful Use for electronic exchange of information when used to transport content exported from an EHR.

Q: Do I need an EHR to use the Direct Program?

An EHR is not required to send and receive Direct Program messages. Providers can use their Direct Program address to securely send mail to other recipients who also have a Direct Program address via webmail or their existing mail client.

Q: How much does Direct Messaging cost?

Direct Messaging costs will vary among HISP vendors. When choosing a HISP vendor, be sure to ask about all of their fees, including monthly fees per physician, activation, maintenance or annual renewal fees. There may also be fees for each workstation that must be security enabled. 

Q: How complicated is it to use Direct Messaging? 

If you are comfortable using e-mail, then you should be comfortable using Direct. The solution was designed for easy and efficient use.

Q: Do I need to go through RI REC to get a Direct Program address?

No, you do not need to go through RI REC to start using Direct Messaging; however, RI REC will help you go through the adoption process faster.

Q: I am a specialist interested in adopting Direct Messaging. Will I have access to a Relationship Manager?

At this time, only eligible PCPs have access to Relationship Managers as part of RI REC’s grant-funded EHR Adoption Program for eligible PCPs. As a specialist, you have access to RI REC’s educational materials, vendor expos, and the HISPs in the Vendor Marketplace.

Q: Where can I get more information about the Direct Program?

The best sources for information about the Direct Program are available online. Review the Related links listed on this page for detailed information about the national program.

Programs & Services

related