By Lisa Nelson, Fractional Chief Technical Officer

Interoperability in healthcare has come a long way, but it has been slow going. The introduction of FHIR holds many promises, but there’s a practical challenge: how do we shift the industry to use more modern, more standardized structured health information? Are there options to securely communicate information expressed in FHIR between organizations without requiring a complete infrastructure overhaul? That’s where FHIR over Direct comes in.

FHIR over Direct is exactly what it sounds like: the use of Direct Secure Messaging to send FHIR-based content. It’s a low-risk, cost-effective, and incremental step forward that builds on the secure digital communication infrastructure many healthcare organizations already have in place and permits the payload to be FHIR Resources.

As co-chair of the Metadata & Payloads Consensus Body at DirectTrust®, I’m fortunate to work with a group of dedicated experts and innovators who are helping make this possibility a reality. Here’s why this work matters – and how you can get involved.

 Why FHIR Over Direct Now?

FHIR is the future of health data exchange. It provides a modern, standardized way to structure and represent information – from care summaries to social risk data to explanation of benefits – and it’s backed by a growing ecosystem of developers, providers, and regulators.

But for many organizations, especially those in underfunded or underserved areas, building and maintaining a FHIR server is a heavy lift. FHIR APIs are powerful but require OAuth, infrastructure, and technical know-how that can take months or years to stand up at a significant cost.

Direct Secure Messaging, on the other hand, is already widely used. It’s a proven transport mechanism supported by every certified EHR, backed by identity-verified digital certificates, and capable of carrying any type of content including FHIR bundles. It supports both push and request-receive paradigms of exchange between trusted Direct address endpoints.

That makes FHIR over Direct a practical extension – not a replacement. For organizations already using Direct, adopting FHIR content doesn’t require a major reinvestment. In fact, it can be a cost effective, incremental approach to keeping pace with a healthcare ecosystem that’s rapidly shifting to adopt FHIR.

Instead of asking organizations to rip and replace, we’re offering a bridge: use Direct to carry FHIR content. It’s a practical idea with big implications.

 The Metadata & Payloads Consensus Body

At DirectTrust, we knew this solution had promise – but to make it work across healthcare, we needed an easier, repeatable way to specify message payload and the needed metadata to make information exchange and processing possible via Direct. That’s the job of the Metadata & Payloads Consensus Body.

We’re creating an implementation guide that does two things:

  1. Establishes a framework for specifying how FHIR content can be transported in Direct messages, making it easier for implementation guides to be produced for a wide range of use cases.
  2. Helps groups quickly document their own use cases using the established reusable framework.

The Consensus Body’s goal is to publish version 1.0 of the guide by the end of 2025 – and we’re already seeing strong interest from groups working on real-world use cases.

One of the most exciting aspects of FHIR over Direct is its flexibility. It’s not just for hospitals or health systems – it’s for anyone who needs to send or receive health information securely and in a modern format. This includes:

  • Healthcare providers exchanging care summaries
  • Public health agencies monitoring population trends
  • Payers and quality organizations requesting claims attachments, providing explanation of benefits information, or collecting structured quality reporting data
  • Social care organizations coordinating services for housing, food, or behavioral health
  • Small community clinics that want to do more with what they already have

For many of these groups, Direct may already be in use. Adding FHIR is as simple as adopting a new payload format. No new servers or complex client registrations are needed. A secure push of information in FHIR makes it possible for information recipients to begin processing information structured according to this new, more ubiquitous standard.

Identity and Trust are Still Foundational

None of this works without identity and trust – and that’s where DirectTrust’s existing framework is so valuable.

Every Direct endpoint is tied to a verified identity backed by a digital certificate. That means when you receive a Direct message carrying a FHIR payload, you can trust where it came from and that it hasn’t been altered in transit. It’s secure and trusted by design and already operates on a national scale.

This is particularly important as we explore new frontiers like notarized patient documents or consumer-driven health data exchange. Whether it’s an advance directive document or a social care referral, or an explanation of benefits, identity information for senders and receivers needs to be reliable and trusted.

FHIR over Direct in Action

You can see what this looks like in practice by joining us at the DirectTrust Annual Conference in St. Louis this August. We’ll be showcasing early demonstrations of FHIR over Direct, including a powerful use case focused on digitally notarized advance care planning documents.

We’ll also be diving deeper into the Metadata & Payloads Implementation Guide, highlighting how organizations can start experimenting with FHIR over Direct right now.

If you’re working in healthcare, social care, public health, or policy, this is the moment to pay attention. FHIR over Direct offers a practical on-ramp to interoperability that’s secure, inclusive, and ready to scale.

There are three ways to take the next step:

The future of interoperability isn’t one-size-fits-all – but it can be faster, more affordable, and more secure when we build on what already works. That’s what FHIR over Direct is all about.