by Kathryn Ayers Wickenhauser, Chief Strategy Officer

The Assistant Secretary for Technology Policy (ASTP) and the Office of the National Coordinator for Health Information Technology (ONC) recently published a blog highlighting the widespread use of Direct Secure Messaging, often called Direct. The blog specifically shared information and a quick stat from the 2023 American Hospital Association (AHA) Information Technology Supplement showcasing Direct as the most common interoperable mechanism for sending and receiving health information.

By the Numbers

Our quarterly metrics provide additional validation of the growth of Direct Secure Messaging. Each quarter, DirectTrust collects metrics from accredited Health Information Service Providers (HISPs) to understand the state of the DirectTrust network and Direct Secure Messaging. For the first quarter of 2025, over 466 million Direct Secure Messages were exchanged, meaning that over 6.5 billion messages cumulatively have been exchanged since we began tracking message volume in 2014. Furthermore, there are over 2.8 million trusted Direct addresses and over 200,000 organizations nationwide that can participate in Direct. Our metrics back up ASTP’s statement: Direct is widely deployed and used.

A Part of the Interoperability Puzzle

As the ASTP blog indicates, the interoperability landscape has certainly shifted from when the Direct Project was introduced back in 2009/2010. At the time, there were significant government efforts for two interoperable exchange modalities, one for “push,” and one for “query.” Today, both of these modalities continue to grow. Even so, there is an expanding ecosystem and significantly more work to be done to get to our ideal communication state.

Just as life requires different means of communicating (email, texting, phone calls, instant messaging, and more), clinical communication also requires different communication methods. Not only do we need “push” via Direct and query via the CommonWell Health Alliance, eHealth Exchange, and the Trusted Exchange Framework and Common Agreement (TEFCA), there is also a growing FHIR ecosystem (apps), Trusted Instant Messaging Plus, Health Information Exchanges (HIEs), and as the AHA survey points out, mail and fax are still common. Regardless of the communication methodology (we are #TeamInterop!), trusted communication in healthcare relies on knowing and having confidence in the identity of data sharing partners.

A key component from the very beginning of Direct was to build something that was simple and secure, but also scalable, and that scale came through creating a network built on top of a trust framework. Those initial concepts are what have allowed DirectTrust as the home of the Direct Standard® to grow the Direct Secure Messaging network to be the only interoperable push modality deployed at scale today.

Factors for Growth

Results from the AHA survey were not surprising. Use of Direct is growing and here’s why:

Direct Secure Messaging is:

  • Well-established and credible, backed by a governing body.
  • Built on the ANSI-recognized Direct Standard®, which is part of the Certified Electronic Health Record Technology (CEHRT) requirements since 2014.
  • Easily accessible in technology, either embedded within EHRs or other technologies, or accessible via web-browser or apps.
  • The only interoperability exchange modality broadly deployed for “push” messaging.
  • Content-agnostic. C-CDAs and PDFs are the most common attachments, but technically anything can be included in a Direct Message (including a FHIR payload!).
  • The most common way electronic referrals are sent, and
  • A major way Electronic Case Reports (eCR) and Admission/Discharge/Transfer (ADT) Notifications are sent since they are push-based.
  • Continually growing in use cases, and
  • Privacy-preserving; the sender knows who needs the information and why (e.g. a referral to another treating clinician).

As the healthcare industry has steadily embraced interoperability, Direct has grown in parallel, proving itself as a foundational and enduring method of exchange. Part of its strength lies in complementing other interoperability models, such as TEFCA, by supporting “push” workflows that enhance, rather than compete with, query-based approaches. While TEFCA aims to expand the possibilities of health information exchange, the proven value of Direct and the trust framework provided by DirectTrust ensures Direct Secure Messaging’s continued relevance in a more connected, collaborative interoperability landscape.

What’s Next for Direct

At DirectTrust, our community is made of organizations who support and use Direct Secure Messaging.

DirectTrust is responsible for ensuring that Direct continues to evolve as a valuable and effective interoperability mechanism, for all healthcare stakeholders. There are two major opportunities for implementers and adopters to ensure Direct continues to realize its potential.

First, in order to exchange information via Direct, a user needs to know what Direct address to send to. DirectTrust has updated the DirectTrust Aggregated Directory to make it easier to use and improve accuracy, and those investments are paying off. Education on the types of available Direct addresses is improving the way Direct is used. While most people associate Direct addresses to be assigned at the individual clinician level, Direct addresses are also available for teams or workflows. Both of these address types are critically important, yet many don’t know about team-based addresses, and others haven’t published this type of Direct address in the Directory. For Direct to continue to grow in usability, it’s important that both types of addresses be published in the Directory so they are discoverable. This publication enables Direct exchange to not only happen, but for a message to end up in the exact right place.

Second, the differentiation of Direct Secure Messages can unlock powerful workflows. Our Standards work around “Metadata and Payloads” offers next generation Direct Secure Messaging, as the group considers the impact of standardized metadata and payloads per use case. Historically messages have also been undifferentiated, meaning that all messages look the same coming into an inbox. By expanding and normalizing the use of metadata in these messages, they can be labeled as an “admission notification” or a “referral.” This labeling enables critical routing capabilities and supports more automated workflows. To use an email analogy, think of this as a standardized subject line. For something like “hospital discharge notification,” a rule could be enabled to allow that message to skip a clinician’s inbox and go straight to a care coordination team to schedule a hospital follow up appointment, allowing the team to work to its full capacity.

Furthermore, the Metadata and Payloads Consensus Body is considering the impact of setting expectations that for particular use cases, defined payloads are also attached. This means the types and content of message attachments will be predictable and standardized for certain use cases. The impact of this concept was recognized in the Event Notifications via Direct Consensus Body as they worked to define a standardized way to send and receive ADT notification to be compliant with the CMS Condition of Participation requiring these messages be sent. Expect more to come from Metadata and Payloads that will positively impact the usability of Direct.

Progress in these areas means that Direct will continue to grow in usability and usefulness for clinical teams.

Celebrating Progress

We celebrate the many members of DirectTrust and the broader Direct Secure Messaging community as they continue to recognize and support the use of Direct. DirectTrust looks forward to the continued evolution of the Direct Standard®, and supports the adoption of secure and identity verified communication, especially for healthcare. for many years to come.

Want to get involved? Join us to be part of the interoperability solution!