DIRECT Project

http://www.healthit.gov/policy-researchers-implementers/direct-project

Launched in March 2010 as a part of the Nationwide Health Information Network, the Direct Project was created to specify a simple, secure, scalable, standards-based way for participants to send authenticated, encrypted health information directly to known, trusted recipients over the Internet. The Direct Project has more than 200 participants from over 50 different organizations. These participants include EHR and PHR vendors, medical organizations, systems integrators, integrated delivery networks, federal organizations, state and regional health information organizations, organizations that provide health information exchange capabilities, and health information technology consultants.

The Direct Project focuses on the technical standards and services necessary to securely push content from a sender to a receiver and not the actual content exchanged. However, when these services are used by providers and organizations to transport and share qualifying clinical content, the combination of content and Direct-Project-specified transport standards may satisfy some Stage 1 Meaningful Use requirements. For example, a primary care physician who is referring a patient to a specialist can use the Direct Project to provide a clinical summary of that patient to the specialist and to receive a summary of the consultation.

Two primary Direct Project specifications are the Applicability Statement for Secure Health Transport and the XDR and XDM for Direct Messaging.

Applicability Statement for Secure Health Transport

Overview

The Applicability Statement for Secure Health Transport is intended to provide constrained conformance guidance on the interoperable use of a set of RFCs describing methods for achieving security, privacy, data integrity, authentication of sender and receiver, and confirmation of delivery consistent with the data transport needs for health information exchange.

The document describes how to use SMTP, S/MIME, and X.509 certificates to securely transport health information over the Internet. Participants in exchange are identified using standard e-mail addresses associated with X.509 certificates.The data is packaged using standard MIME content types. Authentication and privacy are obtained by using Cryptographic Message Syntax (S/MIME), and confirmation delivery is accomplished using encrypted and signed Message Disposition Notification. Certificate discovery of endpoints is accomplished through the use of both DNS and LDAP. Advice is given for specific processing for ensuring security and trust validation on behalf of the ultimate message originator or receiver.

The current version of the Applicability Statement for Secure Health Transport specification (Version 1.1) was published on 7/10/2012. Download the Applicability Statement for Secure Health Transport [PDF - 640 KB].

XDR and XDM for Direct Messaging

Overview

This specification discusses the application of XDR and XDM to the direct messaging environment and the interaction between the primary Direct Project environment, which uses SMTP and RFC 5322 to transport and encode healthcare content, and the XDR and XDM specifications. This specification defines:

• Use of XD* Metadata with XDR and XDM in the context of directed messaging
• Additional attributes for XDR and XDM in the context of directed messaging
• Issues of conversion when endpoints using IHE XDR or XDM specifications interact with endpoints utilizing SMTP for delivering healthcare content.

The current version of the XDR and XDM for Direct Messaging specification (Version 1.0) was published on 3/9/2011. Download the XDR and XDM for Direct Messaging Specification [PDF - 485 KB].