The Direct Messaging protocol is mandated for use by the US government Electronic Health Record (EHR) incentives program’s “Meaningful Use” requirements. EHRs are require to be capable of sending and receiving using the Direct Messaging protocol.
Direct Messaging can be thought of as a form of “secure e-mail” although technically it is not only implemented that way. Direct Messaging addresses look just like regular e-mail addresses. By convention (although it is not required), the domain (the part after the “@” symbol) of a Direct Messaging address begins with “direct.” Unlike regular e-mail, Direct Messaging is a HIPAA-compliant way to transmit protected health information (PHI) from one system to another.
Direct “Trust Bundles”
With regular e-mail, you can enter any valid e-mail address in the world, press “send”, and expect the message to be delivered. However, due to its special secure nature, it doesn’t work that way with Direct Messaging. For one Direct Messaging domain (e.g. direct.carebox.it) to be able to send to another – the two domains must “know” about each other and exchange secure encryption credentials in advance.
To facilitate this exchange of credentials and recognition of other domains by DIRECT Messaging systems, something called a “Direct Trust Bundle” is created whereby many organizations get together and publish their Direct Messaging credentials (in a secure way) so that their systems can communicate with each other using Direct Messaging.