More on adding Direct patient messaging to an EHR

Wow, what a nutty three days at HIMSS. As I said to Martha
on the plane home, "enough social interaction to last me the rest of the year."
But net-net it was totally worth it ... some great (and inspiring) conversations
with customers, productive interactions with analysts, partners and prospects,
awesome rolling thunder for Direct, especially in some joint press discussions
with MedPlus, and even a bit of Disney (Illuminations
is still just stunning, even after running for ten years).

As part of one of those partner discussions, I committed to
writing up specific steps on how to implement provider-to-patient messaging
using Direct and HealthVault in an EHR system. For this post I'm going to
assume you already know how Direct works in general and are specifically
looking at the issues around patient messaging -- if you want more of a
starting point, give this
a shot.

Question #1: "How do
you get the patient's address?"

People think this is going to be hard - but it's not. You
just ask the patient. Remember, we're talking about the delivery of care here,
so the patient (or their advocate) is going to show up, in person, in the
clinic or institution. And when they're there, you believe they are who they demonstrate
they are --- so just ask for their Direct address like you would ask for their
phone number or mailing address.

Usually, this is best done during the registration process,
but it could really happen anywhere in your workflow that's convenient. In your
patient record database, you'll need a new demographic field to hold the Direct

Pretty simple, but it leads to ....

Question #2: "What happens
when the patient doesn't HAVE a Direct address?"

This will of course be the case for pretty much all patients in our early days. The good
news is that HealthVault has implemented a neat feature that enables EHRs to "kickstart"
creation of a patient's Direct address automatically. Here's how it works:

The EHR sends a standard Direct message containing the
clinical content to the address,
and sets the Subject of the message to the patient's "regular" email address.
When HealthVault receives the message, it will store it away in a special
holding pen, and automatically forward the patient a "pickup message" at their
normal email account. This message will include a special code and instructions
for setting up the HealthVault account and claiming their information (As a special
case, if the user receives one of these pickup messages and already has a
HealthVault account, they can easily just log in and add the information to
their existing record).

A section of a clipboard form (or registration web page) that
collects information and takes advantage of this functionality might look
something like this:

Once you have this stuff, you're all set - whether your EHR sends
the information on an automated basis (e.g., as a visit summary or a reminder
of an upcoming appointment), or manually (as a message typed by a provider or staff
member), you have everything you need to get the information to the patient.

And as I mentioned above, it's OK if you send to the "newuser"
address multiple times for a patient --- the user interface we've implemented
will allow them to log into their existing account if they already have one, so
they'll still end up with a single, unified record.

Question #3: How can
I test all of this during development?

Direct is integrated into the existing HealthVault test
environment, so it's easy for you to test your code, experiment with features,
etc. in a completely safe and PHI-free environment. Getting running just takes three

  1. Create your test patient addresses. Create a
    test HealthVault account and assign it an address by logging into the test
    message center at
  2. Send us your test certificate by emailing it as
    an attachment to
    Note that Microsoft's email system will strip out certain attachment types, so
    it's safest to add the certificate to a ZIP file before sending.
  3. We'll reply to that mail with our own test
    certificate, which you will need to install in your Direct gateway as a trusted
    "anchor" for sending messages.

We're working on making steps 2 & 3 be "self-service" so
that you can do this all yourself, but for now sending mail to the HVBD alias
will do the job.

Once this is configured, messages you send will show up in
the test message center. The "newuser" mechanism works great in this
environment too --- just send to
for testing.

That's about it! If you have any trouble, we'd love to help
out. Just post a question to our HealthVault developer forums at and the
message will get to us. Alternatively, you're always welcome to use the contact
form off of my blog and I will make sure the right folks take a look.

Geeky Addendum #1:
How do I turn a "newuser" into a real Direct address?

This is a "to come" feature ... once a user "picks up" their
information and creates their HealthVault account, our plan is to send an
automated Direct message back to the sender that contains the new Direct
address for that patient in a structured way. Once we do this, EHRs will be able
to easily update their patient demographics table with that address.

There are always more features to write! Not sure exactly
when we'll get this one done, but it is on the list for sure. For now --- there's
no harm in sending multiple "newuser" messages until the patient has the
opportunity to update their address during registration for a future visit.

Geeky Addendum #2:
Can I add another layer of security to the "newuser" mechanism?

When the user "picks up" information sent to new user, they
have to prove their identity by supplying two pieces of information:

  1. The code that was embedded in the email message
    they received, and
  2. The email address that the message was sent to.

If desired, the EHR can customize that second question to
make it even more difficult to intercept. This is done by adding a unique "question"
and "answer" to the subject line of the message, separated by semicolons.
Actually, there's quite a bit that can go into that Subject line. The format
looks like this:


So there are three parts to this:

  • The email address to send the pickup
    notification to (Required).
  • A "question" and "answer" that will be used in
    place of #2 above (Optional). If you want to be super-conservative, you could
    send a unique PIN number with every message --- but then you'd have to have a
    way to give that PIN to the patient during their visit. An easier model might
    be to have a question like "Please enter the patient's birthdate MM/DD/YYYY"
    and use information from the patient record to auto-populate the question. It
    is important to note that the patient's answer will have to match exactly for the
    pickup to work --- so make the question as clear as you can!
  • A "real subject" that will be used as the
    subject line of the message saved to HealthVault (Optional). If this isn't
    present, we'll just show a default subject in the message list.

We tried to make this simple for folks to use (email address
only), but with enough flexibility that EHRs can provide a rich experience.
Look forward to seeing it start to spread!



Comments (2)
  1. Kim Weesner says:

    I like this, I will try it. I ported the C# reference implimentation to .NET 4.5 and just got it all running (for the most part). I am operating a small HIE out of a PCP office in southern Orange county working with several HMO's, hospitals and physicians trying to get everone linked. Healthvault is a great platform, you should be proud Sean, I know it's your baby, good job. I have been a Windows programmer for 35+ years now, drivers and system level.


  2. Sean Nolan says:

    Thanks Kim! Big fan of OpenEMR too — best of luck with the HIE and let me know if HV can help going forward. —S

Comments are closed.

Skip to main content