Direct Standard approved by ANSI as a national measure

The organization that oversees the development of consensus standards brings new visibility to largely hidden capabilities. 

Anne Ziegler 

The American National Standards Institute has approved DirectTrust’s Direct Standard as a national standard, bringing a new level of trust and visibility to a key function within electronic health records systems.

The Direct Standard is the foundation of the Direct Secure Messaging protocol, which supports efforts to support secure, identity-verified electronic exchanges of protected health information. The standard was developed through DirectTrust, which was born out of a partnership with the Office of the National Coordinator for Health Information Technology about a decade ago.

During the last several years, Direct has built out its infrastructure through a consensus-building process, but despite the group’s having achieved internal agreements about its direction, these agreements had no outside binding authority. However, the approval from ANSI brings a new level of authority and credibility to the Direct Standard.

Direct is already used widely by individuals to send authenticated encrypted health information to known, trusted recipients across the Internet. To participate in Direct exchanges, users must have a Direct address, as these messages cannot be sent by email or other Internet communications technologies. The standard specifies a profiled use for public key infrastructure (PKI) and deployed Internet scale infrastructure for message structure and security.

As of late 2020, there were 2.7 million Direct addresses in existence serving 268,000 organizations. Direct Secure Messaging users have sent or received a total of 2.6 billion messages. While there are several ways to use Direct Secure Messaging, one common use is when providers exchange CCDA documents.

“ANSI approval inspires additional confidence in using Direct Secure Messaging and instills more trust,” said Scott Stuewe, president and CEO of DirectTrust. “We believe some may see this approval as a reason to begin using Direct or use it even more."

Perhaps even more importantly, though, it will raise the visibility of Direct’s workings within EHRs. While this is not widely known, EMR vendors have been required to provide Direct functionality to their platforms since the 2014 edition of the ONC EMR certification standards. However, one problem with managing this functionality is that EMR vendors can give the Direct function any name they wish. In fact, virtually every EMR vendor has slapped its own name onto its Direct functionality.

“Direct can be very behind the scenes,” said Julie Maas, CEO of software developer EMR Direct, which supports secure health information exchange across the Internet. “People may not know they had it. You don’t have to lift a finger – it just happens.”