Family Health Guy

In which Sean talks about HealthVault and other cool ideas in Personal Health

More on adding Direct patient messaging to an EHR

More on adding Direct patient messaging to an EHR

  • Comments 2

Wow, what a nutty three days at HIMSS. As I said to Martha on the plane home, "enough social interaction to last me the rest of the year." But net-net it was totally worth it ... some great (and inspiring) conversations with customers, productive interactions with analysts, partners and prospects, awesome rolling thunder for Direct, especially in some joint press discussions with MedPlus, and even a bit of Disney (Illuminations is still just stunning, even after running for ten years).

As part of one of those partner discussions, I committed to writing up specific steps on how to implement provider-to-patient messaging using Direct and HealthVault in an EHR system. For this post I'm going to assume you already know how Direct works in general and are specifically looking at the issues around patient messaging -- if you want more of a starting point, give this post a shot.

Question #1: "How do you get the patient's address?"

People think this is going to be hard - but it's not. You just ask the patient. Remember, we're talking about the delivery of care here, so the patient (or their advocate) is going to show up, in person, in the clinic or institution. And when they're there, you believe they are who they demonstrate they are --- so just ask for their Direct address like you would ask for their phone number or mailing address.

Usually, this is best done during the registration process, but it could really happen anywhere in your workflow that's convenient. In your patient record database, you'll need a new demographic field to hold the Direct address.

Pretty simple, but it leads to ....

Question #2: "What happens when the patient doesn't HAVE a Direct address?"

This will of course be the case for pretty much all patients in our early days. The good news is that HealthVault has implemented a neat feature that enables EHRs to "kickstart" creation of a patient's Direct address automatically. Here's how it works:

The EHR sends a standard Direct message containing the clinical content to the address, and sets the Subject of the message to the patient's "regular" email address. When HealthVault receives the message, it will store it away in a special holding pen, and automatically forward the patient a "pickup message" at their normal email account. This message will include a special code and instructions for setting up the HealthVault account and claiming their information (As a special case, if the user receives one of these pickup messages and already has a HealthVault account, they can easily just log in and add the information to their existing record).

A section of a clipboard form (or registration web page) that collects information and takes advantage of this functionality might look something like this:

Once you have this stuff, you're all set - whether your EHR sends the information on an automated basis (e.g., as a visit summary or a reminder of an upcoming appointment), or manually (as a message typed by a provider or staff member), you have everything you need to get the information to the patient.

And as I mentioned above, it's OK if you send to the "newuser" address multiple times for a patient --- the user interface we've implemented will allow them to log into their existing account if they already have one, so they'll still end up with a single, unified record.

Question #3: How can I test all of this during development?

Direct is integrated into the existing HealthVault test environment, so it's easy for you to test your code, experiment with features, etc. in a completely safe and PHI-free environment. Getting running just takes three steps:

  1. Create your test patient addresses. Create a test HealthVault account and assign it an address by logging into the test message center at
  2. Send us your test certificate by emailing it as an attachment to Note that Microsoft's email system will strip out certain attachment types, so it's safest to add the certificate to a ZIP file before sending.
  3. We'll reply to that mail with our own test certificate, which you will need to install in your Direct gateway as a trusted "anchor" for sending messages.

We're working on making steps 2 & 3 be "self-service" so that you can do this all yourself, but for now sending mail to the HVBD alias will do the job.

Once this is configured, messages you send will show up in the test message center. The "newuser" mechanism works great in this environment too --- just send to for testing.

That's about it! If you have any trouble, we'd love to help out. Just post a question to our HealthVault developer forums at and the message will get to us. Alternatively, you're always welcome to use the contact form off of my blog and I will make sure the right folks take a look.

Geeky Addendum #1: How do I turn a "newuser" into a real Direct address?

This is a "to come" feature ... once a user "picks up" their information and creates their HealthVault account, our plan is to send an automated Direct message back to the sender that contains the new Direct address for that patient in a structured way. Once we do this, EHRs will be able to easily update their patient demographics table with that address.

There are always more features to write! Not sure exactly when we'll get this one done, but it is on the list for sure. For now --- there's no harm in sending multiple "newuser" messages until the patient has the opportunity to update their address during registration for a future visit.

Geeky Addendum #2: Can I add another layer of security to the "newuser" mechanism?

When the user "picks up" information sent to new user, they have to prove their identity by supplying two pieces of information:

  1. The code that was embedded in the email message they received, and
  2. The email address that the message was sent to.

If desired, the EHR can customize that second question to make it even more difficult to intercept. This is done by adding a unique "question" and "answer" to the subject line of the message, separated by semicolons. Actually, there's quite a bit that can go into that Subject line. The format looks like this:


So there are three parts to this:

  • The email address to send the pickup notification to (Required).
  • A "question" and "answer" that will be used in place of #2 above (Optional). If you want to be super-conservative, you could send a unique PIN number with every message --- but then you'd have to have a way to give that PIN to the patient during their visit. An easier model might be to have a question like "Please enter the patient's birthdate MM/DD/YYYY" and use information from the patient record to auto-populate the question. It is important to note that the patient's answer will have to match exactly for the pickup to work --- so make the question as clear as you can!
  • A "real subject" that will be used as the subject line of the message saved to HealthVault (Optional). If this isn't present, we'll just show a default subject in the message list.

We tried to make this simple for folks to use (email address only), but with enough flexibility that EHRs can provide a rich experience. Look forward to seeing it start to spread!



Leave a Comment
  • Please add 7 and 4 and type the answer here:
  • Post
  • I like this, I will try it. I ported the C# reference implimentation to .NET 4.5 and just got it all running (for the most part). I am operating a small HIE out of a PCP office in southern Orange county working with several HMO's, hospitals and physicians trying to get everone linked. Healthvault is a great platform, you should be proud Sean, I know it's your baby, good job. I have been a Windows programmer for 35+ years now, drivers and system level.


  • Thanks Kim! Big fan of OpenEMR too --- best of luck with the HIE and let me know if HV can help going forward. ---S

Page 1 of 1 (2 items)