The Integration Challenge

Anyone who has developed software in healthcare or managed healthcare integrations is well-aware of the challenges presented by such projects. There are cost concerns due to sometimes unfavorable licensing and maintenance arrangements with vendors or because of scaling issues that would necessitate building large numbers of interfaces to effectively implement a significant number of clients. If one were to implement their third-party application with an EMR via an ADT or CCDA interface that required the use of MLLP or a VPN, then each individual site – e.g., a hundred different sites if a hundred instances of a specific system were hosted by the clients – would need a separate interface. Once one begins thinking about seriously scaling an interoperability solution, it is easy to see how the costs and maintenance headaches can quickly compound. Application Programming Interfaces or APIs have offered some relief from these challenges; however, not all of the data necessary from an EMR is available via many of the APIs, not all of the major vendors have easy to access APIs, and there are still sometimes significant costs associated with the use of APIs. Some even assess a small tariff whenever one makes an API call to access information. While the trend appears to be towards APIs becoming more reliable and accessible, the current state is not at that point, and it is likely to be some time before APIs become both nearly universal and widely used.

A Simple, Low-Cost Alternative

There are, however, some alternatives to the current predicaments. DirectTrust is a method of transferring data from one point to another – e.g., from a provider to another provider in the case of a referral or loop closure post-referral, from a practice to a health information exchange (HIE). DirectTrust messaging can work often like a regular e-mail address, and indeed, the most common implementation of it is as an overlay to the existing e-mail framework. In those cases, protocols such as IMAP and SMTP are used to send an receive messages; however, it must be noted that DirectTrust e-mails can only be sent to other DirectTrust addresses – i.e., it acts as a private e-mail system. Additionally, there are high-levels of encryption in transit to protect the PHI sent through the system.

Due to Meaningful Use, DirectTrust is available in some format in nearly all electronic records. Thus, a third-party seeking to integrate using DirectTrust can send data directly to an EMR and can receive data directly from an EMR.
Obtaining a DirectTrust Address

It is often very simple – and extremely affordable – to obtain a DirectTrust address. If one is coming from the practice perspective, one can often open a support ticket with one’s EMR vendor to get the process started. There is often – but not always – a small recurring charge or setup fee for implementing DirectTrust. An practice will often need to get a form notarized for the EMR vendor so that the EMR vendor can assert to the HISP (health information service provider) who actually provides the transmission of the information and certifies the identities of the senders/receivers. Once the paperwork is complete, one can begin using their DirectTrust account.

To setup an account separately from an EMR, one can reach out to a HISP directly (an example would be Inpriva) and go through the same registration process. Once the on-boarding is complete, one is provided with a DirectTrust e-mail account that can be accessed (sometimes) via a webmail interface or through a normal e-mail program such as Thunderbird or Outlook. Additionally, one can programmatically control the e-mail address as part of an integrated solution.


While DirectTrust is relatively affordable and easy to use, it is not, however, without challenges. Some EMRs, for example, have implemented it in a manner that requires that a CCDA be sent to the EMR for the DirectTrust message to be even processed. Such a requirement limits some of the options for the use of DirectTrust. Additionally, some EMRs only allow data to be sent as part of a referral; thus, if one wanted to send data via DirectTrust as part of an integration, not as a referral to a different provider, they would be unable to do so. Some EMRs also make it unnecessarily difficult to send to providers by requiring that the EMR vendor use a local provider directory or that the practice manually adds DirectTrust addresses to the EMRs referring provider tables. This artificially limits some of the capabilities of DirectTrust. That said, where the capabilities exist – especially if one wants to use CCDAs as the cornerstone of an integration project – DirectTrust can be the most affordable integration option.