Direct secure messaging (Direct), a standardized protocol for exchanging clinical messages and attachments, has not caught on significantly among physicians. Even advocates of the secure messaging system acknowledge it is still in an early stage of adoption, comparable to the first year of electronic prescribing.
This slow uptake of Direct is somewhat surprising, given the government’s promotion of the secure messaging protocol. The latest version of EHR certification requires Direct messaging capability, and physicians can use Direct to meet the Meaningful Use stage 2 requirement that they exchange clinical summaries at transitions of care. In fact, physicians who use Direct at this point seem to be doing so mainly to obtain Meaningful Use incentives.
Need a new EHR for ICD-10? | Download our free guide
Physicians interviewed by Medical Economics say that most of their colleagues either are unaware of Direct messaging or are uninterested in it. “Most physicians have zero understanding of what Direct is and have no interest and hope that some administrator will take care of it,” says Medhavi Jogi, MD, a Houston endocrinologist who exchanges Direct messages with physicians in a few other practices.
Cindy Dunn, a healthcare consultant with the Medical Group Management Association
(MGMA), says that none of the groups she works with use Direct.
Related: MU2: Mission Impossible
Even doctors who do send Direct messages may use it in ways for which it was not intended. For example, Jeffrey Kagan, MD, an internist in Newington, Massachusetts, and a Medical Economics editorial advisory board member, said he sends Direct messages from his EHR to an electronic mailbox in the local healthcare system, where most of the specialists he refers to also have mailboxes. They must log in to the hospital system to pick up the messages, and he has no idea whether they actually do. So he also faxes the same referrals to those specialists.
“We’re still using our current system to send referrals,” he says. “We’re just using Direct to appease CMS” [the Center for Medicare & Medicaid Services].
E-faxing has become commonplace in physician offices, notes Dunn. Secure texting, which offers some of the advantages of Direct, is also growing rapidly. And new standards are being developed to allow physicians to search for patient information across communities. So the future of Direct may depend on whether it meets a need that no other technology does.
NEXT: Barriers to Direct
Barriers to Direct
In the near term, Direct’s success hinges on building a critical mass of adopters in individual communities. Consequently, doctors’ lack of awareness of Direct is a major obstacle. While the Office of the National Coordinator of Health IT
(ONC) helped create Direct, neither ONC nor CMS has undertaken a full-scale campaign to educate physicians about the technology. In fact, ONC’s new “interoperability roadmap” downplays the potential of Direct messaging.
Some EHR vendors provide no Direct training to doctors. Jogi had to figure it out on his own, for example. The Direct messaging tool can also be hard to find, notes David Kibbe, MD, president of DirectTrust
, a trade association that accredits the health information service providers (HISPs) that convey Direct messages between providers. The functionality may be buried in an EHR referral module and may be unavailable for any type of communication not related to referrals, he says.
Even if physicians can find the Direct module and know how to use it, they might have difficulty locating other doctors with whom to exchange Direct messages. Terry Hashey, DO, who practices family medicine with one partner in Jacksonville, Florida, says he has been unable to find any primary care or specialty practice or hospital that accepts Direct messages.
Jogi says he asked about 60 physicians to exchange Direct messages with him. Although they all had Direct addresses, only a handful responded to his request. He doubts the others even saw his messages.
The overall situation is not as dire as these anecdotes imply. According to Kibbe, about 10 million Direct messages were exchanged in the second half of 2014. While that’s just a “trickle,” he says, the number of Direct exchanges is increasing as more organizations use them to attest to Meaningful Use and as health information exchanges move patient data via Direct.
John Blair III, MD, chair of DirectTrust and chief executive officer of MedAllies
, a leading HISP, points out that it takes time to introduce something as complicated as Direct. Currently, he says, most physicians are just finding out about Direct and activating their EHR’s Direct functionality. Next, they must reorganize their workflows so that their practices know how to handle Direct messages. When a significant number of practices do that, which he predicts will happen over the next two years, there will be a big jump in use of the Direct messaging protocol, he predicts.
Are EHR vendors aboard?
Workflow is not the only obstacle that must be overcome, however. Dunn believes that the cost of using Direct is discouraging some practices. On average, Blair says, HISPs charge from $100 to $200 per provider per year. But some EHR developers may tack on extra fees, he adds.
The vendors either contract with one or more HISPs or operate their own HISP. But they don’t necessarily encourage the use of Direct to exchange information with practices that use different EHR systems.
Related: 4 ways EHR vendors are building better systems
Jogi says that his EHR vendor so far has allowed him to exchange Direct messages only with other users of its system. He has learned how to exchange Direct messages with a few other physicians who use different EHRs through a web portal. But that means that the messages don’t go directly into his colleagues’ EHRs, and they have to interrupt their workflow to visit the portal.
An article last summer in the newsletter iHealthBeat found that some vendors were making it difficult for physicians to use Direct messaging to facilitate the flow of clinical information. eClinicalWorks
’ HISP, for example, had not joined the DirectTrust network, so many other HISPs would not exchange Direct messages with it.
Similarly, Epic had designed its EHR so that it would accept only Direct messages that had attachments of clinical summaries in the CCDA format. That ruled out text or PDF documents and imaging reports, as well as messages without attachments. (Epic has since upgraded its Direct module to accept other kinds of messages.)
Blair says he doesn’t believe that vendors are purposely obstructing Direct. Neither does Kibbe. “It’s hard to make the case that they’re deliberately trying to screw this up,” he says.
NEXT: Direct addresses
To send and receive Direct messages, a physician must have a Direct address and must be able to access the Direct addresses of his or her trading partners. According to DirectTrust, the 38 HISPs in its network have “provisioned” more than 650,000 Direct addresses to healthcare professionals in 33,000 healthcare organizations. But finding those addresses can be a challenge.
The problem is that each HISP has a directory of its customers’ addresses, but doesn’t have access to other HISPs’ directories. Consequently, physicians can view only the addresses of the physicians who use the HISP owned or hired by their EHR vendor, unless other addresses have been loaded into their EHR.
An existing standard called HPD could enable physicians to search all HISPs’ directories from their EHRs. But HPD is still being tested and won’t be available for use for another year, Blair says.
Currently, he notes, MedAllies has a database of about 200,000 Direct addresses, including those of its 60,000 customers. When MedAllies signs up a new practice, he says, the company asks the practice to identify their providers’ trading partners. About half of those partners’ Direct addresses are typically in MedAllies’ database; the company can get most of the rest from EHR vendors and other HISPs. Then it loads them into their customer’s EHR.
Related: Direct-pay medical practices could diminish payer headaches
To eliminate this time-consuming task, DirectTrust is trying to create its own central directory for in-network HISPs. But Kibbe says some HISPs have told him they can’t participate because of contracts with EHR developers that don’t want their customers’ addresses to be made public.
Why should you use Direct?
Assuming that all these obstacles can be swept away, Direct still won’t succeed unless you and your colleagues use it. Here are some of the pros and cons.
Direct messaging can only “push” data from point to point; it can’t be used to search for information in other EHRs. But Blair says that would be sufficient for many physicians. “If you can send relevant referrals with pertinent information, docs will do a backflip over that,” he says.
Jogi says that if Direct worked the way it is supposed to, he’d be delighted, because “it’s faster and easier to communicate with Direct. There would be a lot less redundancy in lab testing and imaging. I’d be wasting a lot less time trying to find out what was going on with this patient who has been referred to me,” he says.
But from the viewpoint of many other physicians—including Jogi’s own partners—Direct fixes a nonexistent problem. They’re used to sending computerized faxes with referrals and consultant reports, and their offices are “hardwired” for that process, notes Jogi.
This system works well for Kagan, who e-faxes a note and a clinical summary when he refers a patient to a specialist. The entire process, he says, takes place within his EHR, and someone on the staff slots incoming e-faxes into patient records. Both Kagan and Dunn say that the e-faxes are encrypted and Health Insurance Portability and Accountability Act (HIPAA)-compliant.
But Ron Sterling, a health IT consultant in Silver Spring, Maryland, says that e-faxes, while HIPAA compliant, are less secure than Direct messages. E-faxes are sent securely from an EHR to a fax server, which should be encrypted to protect health information. However, the transmission from the fax server to the fax machine in another practice is not encrypted and doesn’t have to be. Fax transmissions, which go directly from one phone number to another, fall under the HIPAA privacy rule but not the security rule, Sterling points out.
NEXT: What's ahead for Direct?
Secure texting alternatives
Kagan also uses a secure texting service that the hospital has provided to him and his colleagues. “It seems to be a more efficient way to communicate,” he says. “A lot of doctors have embraced it and found it to be very helpful.”
Robert Segal, MD, a family physician and medical director of ambulatory informatics for the Scottsdale/Lincoln Health Network
, a five-hospital system in Scottsdale, Arizona also uses secure texting and likes it very much. All of the health system’s employed physicians and the independent doctors who belong to its ACO have secure text access, so he can communicate easily with most of the specialists he refers to. Moreover, he can attach an image or a document to his texts by snapping a picture of it on his smartphone.
Related: Text messaging with patients: steps physicians must take to avoid liability
For example, Segal recently saw a patient for a preoperative exam and performed an electrocardiogram that proved to be abnormal. “I took a picture of it and I sent it through [secure text] to the cardiologist,” he recalls. “I said, ‘Can you have a look at this? Is this anything that requires further evaluation before I clear it for a surgery?’”
In addition, Segal uses secure texting to monitor the care of patients he sends to the emergency department (ED). He’ll text an ED physician he knows with a brief description of the patient’s condition and history and will ask the doctor to text him a brief note about the disposition of the case. Case managers also text Segal to let him know when one of his patients has been discharged from the hospital.
What’s ahead for Direct?
The lesson of secure texting is that when a new technology is simple to use and meets an immediate need, physicians will use it. Direct messaging is nowhere near as intuitive and simple as regular email or Facebook, Jogi says.
And while proponents regard Direct as a big improvement over faxes, the workflow changes needed to make it function properly are likely to discourage some practices from using it.
What will happen to Direct messaging after the need to show Meaningful Use has passed? Kibbe believes that it will continue to grow, mainly because of the increased importance of care coordination in value-based reimbursement arrangements.
In Kibbe’s opinion, this will provide the business case that healthcare providers need to adopt Direct messaging. But it will be large healthcare systems, not small physician practices, that will lead the way, he says.
“Docs want to communicate with other doctors more effectively around patient care,” he says. “The business case has to be for the larger organization they’re working with: the hospital, the health system, the ACO. Because individual practices have a hard time creating any sort of system. And this is something that’s about more than just the technology; it’s about workflow and care coordination.”
NEXT: What is Direct messaging?
What is Direct messaging?
Direct messaging is essentially email, but with some key differences. Instead of the email server being maintained for the addressees/subscribers by an employer or by an email provider like Google or Yahoo, an agent known as a Health Internet Service Provider (HISP) handles the email exchanges. The HISP carries out the encryption/decryption and digital signing of each message.
Direct messages can have any type of file attachment, and both message and attachments are encrypted along the entire route from sender to receiver to protect the privacy of the content.
Each sender and receiver in Direct exchange must have a unique Direct address, much like a regular email address, but with the word “direct” in the address line, e.g. [email protected]
. In fact, this format for a Direct address is not a mandatory requirement within the DirectTrust community; however, it is a strong convention that is widely followed.
What to keep in mind:
Decide whether mobile devices will be used to access, receive, transmit, or store patients’ health information, or used as part of your organization’s internal networks or systems.
Consider how mobile devices affect the risks (threats and vulnerabilities) to the health information your organization holds.
Identify your organization’s mobile device risk-management strategy, including privacy and security safeguards.
Develop document and implement mobile device policies and procedures to safeguard health information.
Conduct mobile device privacy and security awareness and training for providers and professionals.
Secure text messaging services to consider
There are a number of secure text messaging services that offer HIPAA-compliant products that physicians can use to communicate with their staff and other providers. Here are some companies that offer these services: