Frequently Asked Questions (FAQ)

DirectTrust Basics

The DirectTrust Provider Directory Data Aggregation Service is designed to promote interoperability through Direct exchange by encouraging the sharing of Direct Address information among DirectTrust accredited HISPs and their subscribers on a non-commerical basis, while maintaining the integrity and currency of the Direct Address information.

No. To exchange messages via Direct, you will need to partner with a HISP (health information service provider). DirectTrust Accredited HISPs have undergone a rigorous testing and audit process to show that they are in compliance with the DirectTrust Policies.

Our network functionality doesn’t give us any authority or technical ability to opt out any participants/patients in information exchange. DirectTrust doesn’t have a centralized system or visibility to the contents of messages sent on our network. Our network does not support “queries” at all. Our accredited members that operate our network also don’t have any knowledge of the contents of messages or the identity of patients that are the subject of such messages. This decentralized approach is by design. Provider organizations usually provide the ability to sign an opt-out election to information exchange. Unfortunately, there isn’t a way to opt out of all exchange with a single action.
For questions regarding DirectTrust Accreditation, contact [email protected]. For questions regarding DirectTrust Standards, contact [email protected]. For all other questions, contact [email protected].

DirectTrust Accreditation Programs

“Participation in the DirectTrust Network as a HISP, CA or RA requires accreditation from DirectTrust. DirectTrust Accreditation ensures that all of the entities in the DirectTrust Network all conform to the same policies.

Any HISP that wishes to exchange messages within the DirectTrust Network MUST be DirectTrust Accredited and participate in the Accredited Trust Anchor Bundle.

Any CA that wishes to issue Certificates for use in the DirectTrust Network must be accredited by DirectTrust. Every DirectTrust Accredited CA must use a DirectTrust Accredited Registration Authority.”

Accreditation of your HISP, CA or RA by DirectTrust brings recognition that your organization operates at a very high level of privacy, security, and trust in identity, and signals to users/subscribers that you are a trustworthy agent and service provider for Direct Secure Messaging. Accreditation also means that your anchor certificates may be included in the DirectTrust Network, and for use by relying parties in Direct exchange. Distribution of trusted anchor bundles is DirectTrust members’ way of creating federated trust among the DirectTrust community, eliminating the need for most costly bi-directional contracts and time-consuming negotiations between each HISP that wishes to exchange Direct Secure Messages and attachments with other HISPs and their users/subscribers. Accreditation provides clarity, transparency, and choice as to levels of assurance of certificates issued by DirectTrust community members, and for use by relying parties in Direct exchange.

DirectTrust Accreditation is valid for two years.

Applicants have 8 months from the date their application is approved and their payment is received to complete the accreditation process. The actual elapsed time depends on the Applicant response time completing all of the Self Attestation questions and submitting the required Evidence.

“The Accreditation Program Self Attestation Questionnaire response MUST be submitted within four (4) months of the application approval process in order to allow DirectTrust adequate time to review the Applicant HISP’s submission.

Please see the Accreditation Program Standard Operating Procedures for more information.”

Trust Bundles

To join the Accredited Trust Bundle, you will need to apply to the Trust Anchor Approval Committee, and upload your certificates and other artifacts for review by the Committee. Instructions and detailed information are available at the DirectTrust Trust Network Services website at services.directtrust.org. You will need meet the following requirements for inclusion in the Bundle:

1. The HISP and CA/RA must sign the Federated Services Agreement with DirectTrust. The FSA is a legal document that binds the Direct service provider to its terms and conditions.

2. The HISP and CA/RA must have paid its initial annual fees for use of the DirectTrust Anchor Certificate Services.

3. The HISP must be fully accredited through the DirectTrust Accreditation Program and CA/RA must be fully-accredited and audited by DirectTrust.

When these requirements are met the HISP must submit to the Approval Committee the following artifacts via the website:

1. All trust anchor file(s).

2. Sample end-entity certificate(s) chaining to each trust anchor.

3. Completed profile spreadsheet. Once your submission is complete, the Trust Anchor Approval Committee will be notified and will review your submission in a timely manner.

Meet Our Leadership

About DirectTrust