Family Health Guy

In which Sean talks about HealthVault and other cool ideas in Personal Health

Start sharing information with patients --- today!

Start sharing information with patients --- today!

  • Comments 3

Last week I had a great time participating in an HHS press event launching the Direct Project. At the event we announced that every HealthVault record would automatically be given a Direct address. This is really cool --- anybody in the country can get a free, convenient, familiar email address and use it to receive critical health information from their providers.

Well, I'm super-psyched to say that we've followed through on that announcement and the HealthVault Message Center is now live and kicking. We'll do some cosmetic work over the next few months, especially around integrating the Message Center into the pages at --- but it is up and live and ready for action. So go get your address now!

Now --- the next obvious question is --- how do providers get wired up so they can actually SEND STUFF to these great new addresses? Hey, I'm nothing if not here to help.

1. Already have a vendor?

If you're already using an EMR or other software in your practice --- check with them to see what their strategy is for Direct. Most of the relevant vendors out there have been working with us on the project already (Allscripts has been particularly active), and as momentum grows I'm seeing more interest every day. Chances are you'll see Direct wired into your everyday experience sooner rather than later.

2. Check with your state HIE

You might also check with your state HIE organization and see if they've got plans for Direct. ONC is asking state HIEs to ensure that providers have access to Direct, and I've spoken with a number of teams that are moving quickly to do just that.

3. Do it yourself --- it's easier than you think!

Especially if you just want to send messages to patients --- this is really a pretty simple way to go. John Halamka and I had some conversations about this and he posted an overview on his blog.

The quickest way to get going is to just set up a Direct Gateway in your office ... this can all run on a single machine.  Direct participants have already written two versions of a gateway that you can just install and run, one in Java and one for Windows/.NET.  The basic steps for sending outbound to HealthVault are just:

  • Install a gateway using the instructions and downloads at (this is for the .NET gateway).
  • Create an organizational certificate to use for your messages (see the end of this post of how to use the "makecert" utility on Windows for this).
  • Exchange certificates with us so that we know about each other. Tell us who you are and send us your public certificate at, and we'll respond with our "anchor" certificate.
  • Configure the gateway with your certificate, email domain (, and the HealthVault "anchor" we sent you.
  • Configure the gateway with an address that will be the "from" address for your messages (e.g.,

That's it! You can now construct a "plain old" email message and send it through the gateway --- using any email client configured to talk to the gateway as its SMTP server --- and it will be properly encrypted and sent on its way.

Extending your gateway so that it can receive inbound messages is pretty simple as well --- you just need to make sure that it can be reached from other machines on the Internet. This involves some setup using a "DNS" service like --- I'll post more on that later, or feel free to drop me a line if your ready to give it a shot.

4. Can't I just sign up for service online?

Not quite yet --- but I know of at least two companies that are planning to have this service available in the next few months. We're looking at how we might do it ourselves as well --- still early on that one.

The cool thing about Direct is that running it is (almost) as easy as running any other email system ... so contact your regular email provider and tell them they could get some great business by extending their service to support the healthcare protocols at --- just about any credible ISP could make it happen without a lot of trouble.


OK, now how do I know what HealthVault address to send to?

This is way simpler that folks might suspect. First, just ask your patient for their Direct address when they're at the front desk. If they have one, great --- you're good to go. But at least at first, most of them won't, so we provide a really great way to take care of this case too.

Just ask the patient for their "regular" email address, and then send their Direct message to, setting the Subject of the message to their regular address. We will store the message away in a special holding pen, and automatically forward the patient a "pickup message" at their normal email account. This message will include a special code and instructions for setting up their HealthVault account and claiming their information.

This is really important to making the system work --- you can use Direct to send messages to ALL of your patients that want to receive information electronically, not just those that have already set up a PHR account. I love this feature!


Over the next few weeks and months, I'll post more "how-tos" about working with Direct. But if you want to get started quickly and are stuck --- drop me a note using the contact form at the top of the blog, and I'll do whatever I can to help. It is super-important that we get information flowing so that we can check it off and start on the next level of problems. This really matters!


*** You can make your own self-signed certificate on Windows using the "makecert" utility:

makecert -r -pe -n "," -ss My -sr LocalMachine -a sha1 -sky signature -m 18 -eku ""

The "-m" parameter creates a certificate good for 18 months, which is the Direct project recommendation, and the "-eku" parameter identifies the certificate as used for email security.

Leave a Comment
  • Please add 7 and 2 and type the answer here:
  • Post
Page 1 of 1 (3 items)