The Direct Project

Ali EmamiSoftware Engineeraliemami@microsoft.com

Quick History of the Direct Project

04/13/2023

Launched just after HIMSS 2010

Response to community frustration about state of exchange

Collaboration across the industry: government, vendors, advocates

Today: real production use in multiple programs across the country

Why is there a need for Direct?

04/13/2023

Current methods of health information exchange are inadequate

Communication of health information among providers and patients still mainly relies on mail or fax

– Slow, inconvenient, expensive– Health information and history is lost or hard to find in paper charts

Current forms of electronic communication may not be secure– Encryption features of off-the-shelf e-mail clients not often used in

healthcare communications today

Physicians need to transport and share clinical content electronically in order to satisfy Stage 1 Meaningful Use requirements.

– Need to meet physicians where they are now– Direct will be one of the communication methods in the Nationwide

Health Information Network

Direct Project Secure Internet-based Direct Communications

» Simple. Connects healthcare stakeholders through universal addressing using simple push of information.

» Secure. Users can easily verify messages are complete and not tampered with in travel.

» Scalable. Enables Internet scale with no need for central network authority.

» Standards-based. Built on common Internet standards for secure e-mail communication.

Direct Project specifies a simple, secure, scalable, standards-based way for

participants to send encrypted health information directly to known, trusted

recipients over the Internet.

b.wells@direct.aclinic.org h.elthie@direct.ahospital.org

Direct ProjectHigh quality open source libraries

» The history of the Internet shows the power of permissively licensed open source in driving standardization:

• TCP/IP: Berkeley TCP/IP stack• DNS: BIND• HTTP: Apache

» Successful open standards have easily accessible high-quality libraries trivially available to developers, including high quality documentation

» A key deliverable of Direct Project is a BSD-licensed software stack enabling:

• Client-side connectivity, for EHRs, EHR Modules, PHRs, etc. and• Server-side connectivity for “out of the box” HIOs and Health

Information Service Providers (HISPs)

Protocols and Technology

» SMTP Gateway• Direct uses SMTP as its transport protocol.

» S/MIME• Messages are signed and encrypted using the S/MIME standard. • A decades old protocol for ensuring authenticity, non-tampering,

confidentiality, delivery only to intended recipients. » DNS

• Used to serve up certificates bound to an e-mail address or organization.

• The highest scale distributed directory on the planet. Powers internet addressing.

» Configuration Web Service and DB• Storage and access to org’s certs, private keys, trust anchors

HISP

ConfigurationWeb Service

Security & Trust Agent

SQL

Configuration Web UI

Email Server

XD* SOAP Endpoint

XD* Agent

HTML/HTTPAdmin

SMTP Gateway

Internet

Internet

DNS Server

SOAP Client

MIME+ TLS

HTTPGateway

DNSGateway

Firewall

Scenario: Doctor to patient messaging

» Dr. Alex wants to send a visit summary to patient Jill.

From: alex@direct.ahospital.orgTo: jill@direct.aphr.orgSubject: Your health visit summary

Jill,

Here is the summary information from your visit.

- Dr. Alex

<Summary Attached>

Sending a message

» Alex creates and sends the message using his favorite e-mail client.• Or his hospital’s EHR software.

» A Direct gateway is installed at ahospital.org. Secure e-mails at ahospital are relayed through this gateway.

» The gateway receives the message and determines it needs Jill’s certificate in order to send the message. It uses DNS to resolve it.

» The gateway:• Signs the message with Alex’s private key. • Encrypts the message with Jill’s public key.• Sends the message over SMTP to Jill’s gateway.

04/13/2023

Receiving a message

» Jill is using a PHR system that provides her with a Direct address. • Microsoft HealthVault is one such PHR system.

» The PHR’s Direct gateway receives the message from ahospital.org.

» The gateway looks up Jill’s private key from its local configuration backend.

» Jill’s Gateway:• Decrypts the message using Jill’s private key. • Verifies the signature on the message is valid. • Verifies that the signer is trusted. ie. Jill trusts Dr. Alex. • Forwards the message to Jill’s inbox.

04/13/2023

More scenarios

» Provider-to-Provider scenarios have equivalent flow. • Scenario: Referring doctor sends patient information to another

doctor.

» Patient-to-Provider scenarios are just as easy!• Gateways can be configured to allow incoming messages,

outgoing messages, or both for a given address or domain. • Example: Doctor wants to send to patients but NOT receive.

Direct ProjectThe Process

Direct standards and specifications are developed by a group of public-private stakeholders. Weekly teleconferences and periodic face-to-face meetings facilitate active collaboration.

Direct Project Output:• Standards and Service Definitions• Implementation Guides• Reference Implementation• Pilot project testing and real-world

implementation

Vendors incorporate reference

implementation into HIT products

First phase grounded in real-world

pilot projects implemented

by early 2011

Incorporation of HITPC, HITSC, and ONC policy

guidance

Wide-scale adoption of Direct standards by late 2012

Momentum is Remarkable

Some vendors that have already announced plans to support the Direct Project include:· Allscripts· CareEvolution· Cerner Corporation· Covisint· eClinicalWorks· Epic· Greenway Medical Technologies· Kryptiq Corporation· MedPlus (A Quest Diagnostics Company)· Microsoft Corporation· NoMoreClipboard.com· OpenEMR· Siemens· Surescripts· VisionShare

CareSpark (TN)

Direct Project Real-world Implementation

- 14 -

Redwood MedNet (CA)

MedAllies (NY)

Rhode Island Quality Institute (RI)

Medical Professional Services (CT)

Direct Project is architected for rapid adoption by:• Thousands of hospitals• Hundreds of thousands of physicians• Millions of providers• Tens (or hundreds?) of millions of patients• Many other stakeholders in healthcare

Direct Project will be demonstrated in real-world pilots across the country

VisionShare (MN)

VisionShare (OK)

Links to Direct Project Resources

Get involved! http://wiki.directproject.orgC# Reference: http://wiki.directproject.org/CSharp+Reference+ImplementationJava Reference: http://wiki.directproject.org/Java+Reference+Implementation

For more informationMy e-mail: aliemami@microsoft.com