Direct FAQs

Est. reading time: < 1 minute

DataMotion™ Direct allows healthcare providers to send and receive Protected Health Information (PHI) with other Direct address holders to meet MU2 requirements, comply with HIPAA, and enhance health information exchange.

Check out the frequently asked questions about DataMotion Direct, below.

What is Direct Secure Messaging

The Direct Project established a set of standards to support workflows in which a patient transitions from one health care provider to another. Direct Secure Messaging (Direct) allows an EHR user to “push” a patient’s information to a clinician and for that clinician to receive the information in his or her EHR. “Push” refers to sending a patient’s information proactively, as opposed to a “pull” model, which information is requested when needed. Direct uses Public Key Infrastructure (PKI) to establish trust between its participants by applying digital certificates.

There are many ways to initiate a Direct Secure Message:

  1. XDR (Cross-enterprise Document Reliable Interchange) – This method uses a web service according to specifications defined by Integrating the Healthcare Enterprise (IHE). XDR requires an established relationship between the sender and receiver through a certificate exchange. DataMotion can establish one destination to send XDR Messages to (Endpoint) per company.
  2. SMTP Native Connection (Simple Mail Transfer Protocol) – This is the protocol used to send email over the internet, and the Direct Project added message-level encryption for use in healthcare. SMTP provides a means of discovering how to route a message based on the recipient’s address, using Domain Name System (DNS) services, so you don’t need an organization record for each recipient’s organization. DNS, like SMTP, is a staple of Internet connectivity.
  3. SMTP Web Interface (DataMotion Direct Messaging Portal) – While utilizing the same DNS and Lookup process as native SMTP, DataMotion provides a full featured web interface for sending and receiving Direct messages.
  4. API (Application Programming Interface) – These are a set of programming instructions and standards for accessing a Web-based software application. DataMotion has a full suite of APIs available for implementing an integrated experience with your application. These APIs allow you to create new messages, verify sent messages, manage users and more. Messages are still delivered via SMTP through the Direct Protocol.

What is Direct address

A Direct address is used to route a Direct message to a specific recipient. It looks just like an email address and, like email, has two parts separated by an “at” (@) symbol.

Before @ is the local part of the address. The local part lets the health care organization receiving a Direct message know what user or In Basket pool should get the message. After @ is the domain part. The domain part serves two purposes:

  1. The domain lets the system sending a Direct message find the system to which it should send that message.
  2. If the message is being sent through a HISP (see below), the domain lets the HISP know to which of its members the HISP should route that message.

What is Health Information Service Provider (HISP)?

A Health Information Service Provider (HISP) is an intermediary that routes Direct Secure Messages to and from your organization.

When a HISP sends a Direct Secure Message, it will:

  1. Use DNS (Domain Name System – A service that translates domain names into IP addresses) to look up the server that the HISP should send the message and the certificate the HISP should use to encrypt the message.
  2. Check whether the HISP trusts the recipient’s digital certificate. If it does not, the HISP rejects the message.
  3. Encrypt the message using the recipient’s certificate.
  4. Sign the message using the sender’s certificate.
  5. Send the message

When a HISP receives a Direct Secure Message, it will:

  1. Check that it trusts the certificate used to sign the message. If it does not, the HISP rejects the message.
  2. Decrypt the message.
  3. If it is a third-party HISP, use the domain part of the Direct address to determine which of its member organizations is the intended recipient and send the message to that organization

Note that if two organizations happen to share the same HISP, the routing is simpler. In that case, the HISP would receive the message from one of its members and send it directly to the other member.

When you communicate with your HISP using XDR, DataMotion as a receiver’s HISP will use Direct SMTP to communicate with the rest of the world as illustrated in the diagram below.

Is a HISP always needed for sending or receiving a Direct Secure Message?


A HISP not only provides the actual software for sending messages it also provides a suite of other services required “behind the scenes” such as DNS hosting, certificate lookup and the rights of being part of the DirectTrust bundle(s).

A DirectTrust Bundle is a collection of trust anchors (high level digital certificates utilized to establish initial trust during Direct exchange, as opposed to end-entity Direct certificates) that meet a common set of minimum policy requirements within a Trust Community Profile.

What is included in DataMotion's Direct product/service offering?

DataMotion is a full service HISP for Direct, compliant with the Direct Project Protocols, with products/services including:

  • Direct addresses issued for all your users
  • Access to the comprehensive DataMotion Healthcare Provider Directory (HPD)
  • Services to help you achieve Meaningful Use Stage 2 (MU2) certification

What is a Health Provider Directory?

It’s an electronic, searchable resource that contains entries for providers, and potentially other entities like clinics or specialty departments, to which a Direct message may be sent. Each entry generally includes the recipient’s name, Direct address, practice location, contact information (phone/fax), National Provider Identifier (NPI), provider specialty, and role/functions within the organization.

What is the role of a HISP in provider directory exchange?

The role of a HISP is to securely route Direct messages. When you join a HISP with bundled directory services, you typically will gain access to the provider directories from your HISP’s other customers, and the other customers likewise will gain access to your provider directory.

If an organization uses a different HISP, can I send a Direct message to a provider at that organization?

Yes, if you have that provider’s Direct address, DataMotion as a HISP can route a message to anyone who has a Direct address. However, doing so also requires establishing a trust relationship between DataMotion and the recipient’s HISP. As an EHNAC-accredited HISP, DataMotion can interoperate with any HISP that participates in the DirectTrust bundle.

Can I get the provider directories of organizations that don't use the same HISP as my organization?

Possibly. While not every HISP will be able to provide you with a directory that extends beyond its own customers, DataMotion substantially extends the scope of its provider directory by partnering with other HISPs and healthcare entities to make DataMotion Direct addresses discoverable to other providers across the country

Why should I choose DataMotion as my HISP?

DataMotion is an Electronic Healthcare Network Accreditation Commission (EHNAC) accredited HISP. EHNAC’s Direct Trusted Agent Accreditation Program (DTAAP) ensures that HISPs adhere to policy and best practice recommendations surrounding Directed exchange.

Does DataMotion include a Service Level Agreement with its DataMotion Direct services?

The DataMotion HISP Technical Support Agreement, part of the overall DataMotion HISP Agreement outlines the support mechanism for the DataMotion HISP. The SLA specifies the response time for different levels of support issues.

If we choose a HISP, what should the domain be for our organization’s Direct addresses?

A typical domain name for your organization would be

Once your application is approved, your new Direct address is assigned. It might look something like this: [], or this: []. Depending on whether your organization will have many Direct address holders and its own, custom direct domain name as seen in the first example, or if you want to use the DataMotion Direct ‘’ domain – which makes sense for small organizations that just need a few Direct addresses.

There can be options regarding a domain name as well as some technical limitations that could affect what options are compatible with your current webhost or DNS provider. DataMotion provides assistance to Direct customers to make the right choice of domain name and structure.

What if my referral/trading partners do not have Direct addresses?

Because of the strict guidelines and protocols set forth by Direct Trust, both the sender and recipient of a Direct message must have a Direct address. If the recipient does not have a Direct address, then the message will not be sent.

Can I send a Direct message to a regular email account?

No. Direct Secure Messages may only be sent to a Direct another Direct address. A standard email address is not a Direct address.

How can I integrate DataMotion Direct into my EHR or HIE technology?

DataMotion offers multiple options for establishing a connection between third party health information technologies and the DataMotion HISP. Standards compliant connectivity is achieved via:

  • Web service calls/APIs
  • DataMotion-provided web portal

What steps does a hospital need to take to integrate its EHR system with a HISP?

Integration typically involves the following steps:

  1. Establish Direct addresses for the EHR users who need access to Direct
  2. If the EHR supports connectivity via the XDR protocol, establish an XDR connection
  3. If API integration is involved, use the developer sandbox provided by DataMotion to develop and test the application calling into the DataMotion APIs.

The DataMotion Direct Software Developer Kit (SDK) offers up a set of robust APIs that integrate into your workflow without any disruption. DataMotion will setup all the Direct addresses, certificates, encryption, and message routing. DataMotion provides assistance all the way through and is also recognized by our customers as a reliable integration partner.

With DataMotion’s HISP, which EHRs can I send Direct messages to/receive Direct messages from?

You can send a Direct message to (or receive a Direct message from) any EHR that is in DataMotion’s HISP, or to any EHR that is in another HISP.

Can I access my Direct messages in my EHR, my cell phone, and my tablet?

Yes, it is possible to access your Direct Messages in a secure manner from your cell phone, tablet, and any other mobile device, using the DataMotion mobile optimized Direct Messaging Portal.

What is in DataMotion’s developers’ sandbox?

To enable developers and compress development cycles, DataMotion’s connectivity methodologies are incorporated into a developers sandbox with open web standards such as web services, S/MIME, SMTP, etc. to test your system. Developers familiar with standard web communication protocols, including HTTP, XML, and SOAP will be able to use the sandbox with minimal training and support. The sandbox contains:

  • Integration code samples
  • API documentation
  • Implementation guide

Visit our Direct Developer Center here!

Can I provision my own users or does DataMotion need to?

Yes, you can provision your own users through the DataMotion Direct Administrator User Interface.

What types of digital certificates are utilized in Direct and what is the difference between them?

DirectTrust standards currently support a model where certificates can be unique to an individual Direct address, or to a collective, organizational domain. Read more here

  • Individual Certificates are assigned to a person who is not part of an organization but needs to send Direct messages.
  • Organizational Certificates are assigned to an Organization’s domain for use in Direct messaging.

What types of Direct addresses does DataMotion offer?

DataMotion offers the following categories of Direct addresses:

  1. Individual Direct Address
  2. Group Direct Address
  3. Workflow Direct Address

Read more about these types of addresses here

What is the data retention policy for mailboxes on the DataMotion Direct HISP?

As per DataMotion HISP agreement, the standard data retention period for each DataMotion Direct mailbox is 30 days.

For what purposes and how does Direct involve user identity validation?

DataMotion adheres to DirectTrust LoA3 for all Direct Users (equivalent to NIST 800-63-1 Level 3 or Kantara Level 3 or FBCA Basic or Medium). Read more here

How quickly can I implement a Direct solution for Meaningful Use Stage 2 (MU2) certification?

DataMotion can implement your Direct solution in as little as 1 day.

Does DataMotion cover MU requirements for both Transitions of Care and View Download Transmit?

Yes. DataMotion covers the MU requirements for both Transitions of Care and View Download Transmit (VDT).

Updated on December 15, 2020

Was this article helpful?

Related Articles

Not the solution you were looking for?
Click the link below to create a support ticket
Request Support