Frequently Asked Questions (FAQ)

DirectTrust Basics

What is the Provider Directory Data Aggregation Service and who can access the information?

The DirectTrust Provider Directory Data Aggregation Service is designed to promote interoperability through Direct exchange by encouraging the sharing of Direct Address information among DirectTrust accredited HISPs and their subscribers on a non-commerical basis, while maintaining the integrity and currency of the Direct Address information.

Does DirectTrust provide secure email services or Direct addresses?

No. To exchange messages via Direct, you will need to partner with a HISP (health information service provider). DirectTrust Accredited HISPs have undergone a rigorous testing and audit process to show that they are in compliance with the DirectTrust Policies.

Can I personally opt out of health information exchange with DirectTrust?

Our network functionality doesn’t give us any authority or technical ability to opt out any participants/patients in information exchange. DirectTrust doesn’t have a centralized system or visibility to the contents of messages sent on our network. Our network does not support “queries” at all. Our accredited members that operate our network also don’t have any knowledge of the contents of messages or the identity of patients that are the subject of such messages. This decentralized approach is by design. Provider organizations usually provide the ability to sign an opt-out election to information exchange. Unfortunately, there isn’t a way to opt out of all exchange with a single action.

Need Additional Information?

For questions regarding DirectTrust Accreditation, contact [email protected]. For questions regarding DirectTrust Standards, contact [email protected]. For all other questions, contact [email protected].

DirectTrust Accreditation Programs

Why should I become DirectTrust Accredited?

“Participation in the DirectTrust Network as a HISP, CA or RA requires accreditation from DirectTrust. DirectTrust Accreditation ensures that all of the entities in the DirectTrust Network all conform to the same policies.

Any HISP that wishes to exchange messages within the DirectTrust Network MUST be DirectTrust Accredited and participate in the Accredited Trust Anchor Bundle.

Any CA that wishes to issue Certificates for use in the DirectTrust Network must be accredited by DirectTrust. Every DirectTrust Accredited CA must use a DirectTrust Accredited Registration Authority.”

What are the benefit of DirectTrust HISP, CA, and RA Accreditation?

Accreditation of your HISP, CA or RA by DirectTrust brings recognition that your organization operates at a very high level of privacy, security, and trust in identity, and signals to users/subscribers that you are a trustworthy agent and service provider for Direct Secure Messaging. Accreditation also means that your anchor certificates may be included in the DirectTrust Network, and for use by relying parties in Direct exchange. Distribution of trusted anchor bundles is DirectTrust members’ way of creating federated trust among the DirectTrust community, eliminating the need for most costly bi-directional contracts and time-consuming negotiations between each HISP that wishes to exchange Direct Secure Messages and attachments with other HISPs and their users/subscribers. Accreditation provides clarity, transparency, and choice as to levels of assurance of certificates issued by DirectTrust community members, and for use by relying parties in Direct exchange.

How long does Accreditation last?

DirectTrust Accreditation is valid for two years.

How long is the Accreditation process?

Applicants have 8 months from the date their application is approved and their payment is received to complete the accreditation process. The actual elapsed time depends on the Applicant response time completing all of the Self Attestation questions and submitting the required Evidence.

How early can an Applicant submit an Accreditation Program Self Attestation Questionnaire prior to the Applicant's valid until date?

“The Accreditation Program Self Attestation Questionnaire response MUST be submitted within four (4) months of the application approval process in order to allow DirectTrust adequate time to review the Applicant HISP’s submission.

Please see the Accreditation Program Standard Operating Procedures for more information.”

Trust Bundles

How do we join the Accredited Trust Anchor Bundle?

To join the Accredited Trust Bundle, you will need to apply to the Trust Anchor Approval Committee, and upload your certificates and other artifacts for review by the Committee. Instructions and detailed information are available at the DirectTrust Trust Network Services website at services.directtrust.org. You will need meet the following requirements for inclusion in the Bundle:

1. The HISP and CA/RA must sign the Federated Services Agreement with DirectTrust. The FSA is a legal document that binds the Direct service provider to its terms and conditions.

2. The HISP and CA/RA must have paid its initial annual fees for use of the DirectTrust Anchor Certificate Services.

3. The HISP must be fully accredited through the DirectTrust Accreditation Program and CA/RA must be fully-accredited and audited by DirectTrust.

When these requirements are met the HISP must submit to the Approval Committee the following artifacts via the website:

1. All trust anchor file(s).

2. Sample end-entity certificate(s) chaining to each trust anchor.

3. Completed profile spreadsheet. Once your submission is complete, the Trust Anchor Approval Committee will be notified and will review your submission in a timely manner.

Meet Our Leadership

Learn More About Our Leaders

About DirectTrust

Who Is DirectTrust