Start sharing information with patients — today!

Last week I had a great time participating in an HHS press event
launching the Direct Project. At the
event we announced that every
HealthVault record would automatically be given a Direct address
. This is
really cool — anybody in the country can get a free, convenient, familiar
email address and use it to receive critical health information from their

Well, I’m super-psyched to say that we’ve followed through
on that announcement and the HealthVault
Message Center
is now live and kicking. We’ll do some cosmetic work over
the next few months, especially around integrating the Message Center into the
pages at — but it is up
and live and ready for action. So go get your address now!

Now — the next obvious question is — how do providers
get wired up so they can actually SEND STUFF to these great new addresses? Hey,
I’m nothing if not here to help.

1. Already
have a vendor?

If you’re already using an EMR or other software in your
practice — check with them to see what their strategy is for Direct. Most of
the relevant
out there have been working with us on the project already
(Allscripts has been particularly active), and as momentum grows I’m seeing
more interest every day. Chances are you’ll see Direct wired into your everyday
experience sooner rather than later.

2. Check
with your state HIE

You might also check with your state HIE organization and
see if they’ve got plans
for Direct
. ONC is asking state HIEs to ensure that providers have access
to Direct, and I’ve spoken with a number of teams that are moving quickly to do
just that.

3. Do it
yourself — it’s easier than you think!

Especially if you just want to send messages to patients —
this is really a pretty simple way to go. John Halamka and I had some
conversations about this and he posted
an overview on his blog

The quickest way to get going is to just set up a Direct
Gateway in your office … this can all run on a single machine.  Direct participants have already written two
versions of a gateway that you can just install and run, one in Java and one
for Windows/.NET.  The basic steps for
sending outbound to HealthVault are just:

  • Install a gateway using the instructions and
    downloads at
    (this is for the .NET gateway).
  • Create an organizational certificate to use for
    your messages (see the end of this post of how to use the “makecert” utility on
    Windows for this).
  • Exchange certificates with us so that we know
    about each other. Tell us who you are and send us your public certificate at, and we’ll respond with
    our “anchor” certificate.
  • Configure the gateway with your certificate, email
    domain (, and the HealthVault “anchor” we sent you.
  • Configure the gateway with an address that will
    be the “from” address for your messages (e.g.,

That’s it! You can now construct a “plain old” email message
and send it through the gateway — using any email client configured to talk
to the gateway as its SMTP server — and it will be properly encrypted and
sent on its way.

Extending your gateway so that it can receive inbound
messages is pretty simple as well — you just need to make sure that it can be
reached from other machines on the Internet. This involves some setup using a “DNS”
service like — I’ll post more on that later, or feel free to drop
me a line if your ready to give it a shot.

4. Can’t I
just sign up for service online?

Not quite yet — but I know of at least two companies that
are planning to have this service available in the next few months. We’re
looking at how we might do it ourselves as well — still early on that one.

The cool thing about Direct is that running it is (almost)
as easy as running any other email system … so contact your regular email
provider and tell them they could get some great business by extending their
service to support the healthcare protocols at — just about any
credible ISP could make it happen without a lot of trouble.


OK, now how
do I know what HealthVault address to send to?

This is way simpler that folks might suspect. First, just
ask your patient for their Direct address when they’re at the front desk. If
they have one, great — you’re good to go. But at least at first, most of them
won’t, so we provide a really great way to take care of this case too.

Just ask the patient for their “regular” email address, and
then send their Direct message to,
setting the Subject of the message to
their regular address. We will store the message away in a special holding pen,
and automatically forward the patient a “pickup message” at their normal email
account. This message will include a special code and instructions for setting
up their HealthVault account and claiming their information.

This is really
important to making the system work — you can use Direct to send messages to
ALL of your patients that want to receive information electronically, not just
those that have already set up a PHR account. I love this feature!


Over the next few weeks and months, I’ll post more “how-tos”
about working with Direct. But if you want to get started quickly and are stuck
— drop me a note using the contact form at the top of the blog, and I’ll do
whatever I can to help. It is super-important that we get information flowing
so that we can check it off and start on the next level of problems. This
really matters!


*** You can make your
own self-signed certificate on Windows using the “makecert” utility:

makecert -r
-pe -n “,” -ss My -sr LocalMachine
-a sha1 -sky signature -m 18 -eku

The “-m” parameter
creates a certificate good for 18 months, which is the Direct project
recommendation, and the “-eku” parameter identifies the certificate as used for
email security.

Comments (3)

  1. hlthblog says:

    Way to go, Sean. Just like I posted on HealthBlog, this is secure physician to patient e-mail communication for the "rest of us".  See…/secure-physician-to-patient-e-mail-communication-for-the-rest-of-us.aspx

  2. How a physician can send a secure Direct message from Care360 EHR to a

    patient's Healthvault PHR account…/sending-secure-direct-message-from.html

    These are excting times in health IT 🙂

  3. Sean Nolan says:

    Woo hoo Medplus! This is so freaking cool — I can't wait for folks to see the demos at HIMSS. Thanks for posting the link!