Frequently Asked Questions (FAQ)

DirectTrust Basics

The DirectTrust Provider Directory Data Aggregation Service is designed to promote interoperability through Direct exchange by encouraging the sharing of Direct Address information among DirectTrust accredited HISPs and their subscribers on a non-commerical basis, while maintaining the integrity and currency of the Direct Address information.

No. To exchange messages via Direct, you will need to partner with a HISP (health information service provider). DirectTrust Accredited HISPs have undergone a rigorous testing and audit process to show that they are in compliance with the DirectTrust Policies.

Our network functionality doesn’t give us any authority or technical ability to opt out any participants/patients in information exchange. DirectTrust doesn’t have a centralized system or visibility to the contents of messages sent on our network. Our network does not support “queries” at all. Our accredited members that operate our network also don’t have any knowledge of the contents of messages or the identity of patients that are the subject of such messages. This decentralized approach is by design. Provider organizations usually provide the ability to sign an opt-out election to information exchange. Unfortunately, there isn’t a way to opt out of all exchange with a single action.

For questions regarding DirectTrust Accreditation, contact [email protected]. For questions regarding DirectTrust Standards, contact [email protected]. For all other questions, contact [email protected].

DirectTrust Accreditation

DirectTrust Accreditation is an independent, third-party validation that confirms an organization meets defined criteria related to trust, privacy, security, identity, and interoperability. Accreditation verifies that policies, procedures, and operational practices align with industry standards and governance requirements through examination of evidence and follow up interviews by professional assessors.

Accreditation demonstrates your organization’s commitment to trust, transparency, and operational excellence. It provides independent validation of compliance, strengthens credibility with customers and partners, and may be required for participation in certain programs and trust frameworks.

Accredited organizations gain independent third-party assurance, increased market credibility, participation in federated trust frameworks (where applicable), structured evaluation against objective criteria, and enhanced operational maturity.

Accreditation is valid for two (2) years from the date of award. Organizations must complete reaccreditation prior to expiration to maintain continuous status.

Applicants have one (1) year from application approval and payment to complete the process. The overall timeline depends on organizational readiness, documentation completeness, and responsiveness during review.

The process includes application submission, completion of an assessment, submission of required documentation and evidence, independent Assessor review, clarification questions (if needed), and a final determination.

Applicants must submit policies, procedures, and supporting evidence demonstrating conformance to applicable criteria. Requirements vary by program but generally include governance, security, identity, operational, and compliance materials.

Yes. Organizations may pursue multiple accreditation programs depending on the services they provide and the frameworks in which they participate. Most of the time, a single assessor is assigned to all of these assessments and many of the programs are subject to a multi-program discount.

If accreditation expires, status is no longer valid and participation in applicable programs or trust frameworks may be suspended. Reapplication or reinstatement may be required.

We recommend beginning at least six (6) months prior to expiration to allow adequate review time and prevent any lapse in status.

Accreditation pricing is program-specific and scales based on the size and complexity of your organization. Factors that influence cost may include organizational scope, number of locations, and the depth of review required under the selected accreditation program. For detailed pricing information and to determine the appropriate program for your organization, please visit: https://accreditation.directtrust.org/apply

Trust Bundles

To join the Accredited Trust Bundle, you will need to apply to the Trust Anchor Approval Committee, and upload your certificates and other artifacts for review by the Committee. Instructions and detailed information are available at the DirectTrust Trust Network Services website at services.directtrust.org. You will need meet the following requirements for inclusion in the Bundle:

1. The HISP and CA/RA must sign the Federated Services Agreement with DirectTrust. The FSA is a legal document that binds the Direct service provider to its terms and conditions.

2. The HISP and CA/RA must have paid its initial annual fees for use of the DirectTrust Anchor Certificate Services.

3. The HISP must be fully accredited through the DirectTrust Accreditation Program and CA/RA must be fully-accredited and audited by DirectTrust.

When these requirements are met the HISP must submit to the Approval Committee the following artifacts via the website:

1. All trust anchor file(s).

2. Sample end-entity certificate(s) chaining to each trust anchor.

3. Completed profile spreadsheet. Once your submission is complete, the Trust Anchor Approval Committee will be notified and will review your submission in a timely manner.

Meet Our Leadership

Learn More About Our Leaders

About DirectTrust

Who Is DirectTrust