HealthVault and the Direct Project

HealthVault & The Direct Project
HealthVault allows patients to receive encrypted email messages from providers who participate and
use the Direct protocols.
This provides a simple approach that allows vendors to support key User Stories of the Direct Project:
Provider sends patient health information to the patient
 Hospital sends patient health information to the patient
New Key Features That Support the Direct Project:
• Microsoft will provide a health email addresses
(e.g., to every user of HealthVault using the Direct S/MIME
secure email approach for transport.
• HealthVault allows providers to sign up users who do not yet have a HealthVault account by
sending an email using the Direct protocol to with a subject
line containing the patient's existing email account. The patient will be sent instructions to set
up an account and receive their secure health message.
• Microsoft has created the HealthVault Message Center to allow users to create a health email
address and to view messages.
How to Send Messages to HealthVault
1. Sending a Direct message – options:
a) Use an existing product that supports S/MIME to encrypt AND sign outbound
b) Generate an S/MIME message outside of the email system and then submit it as any
other message to your existing Exchange server for delivery.
c) Install an instance of the C# or Java gateways offered as open source as part of the
Direct Project. For outbound messaging, message generating code can send SMTP to the
gateway, and it can then sign/encrypt and forward through the existing email system.
With this approach, certificates can be installed in the gateway software.
2. Managing certificates:
a) For encryption: use the HealthVault organizational public certificate.
b) For signatures: provide HealthVault a copy of your organizational public certificate, and
then sign outbound messages with the private key.
3. Testing:
o Self-provision HealthVault test accounts and Direct addresses at, which connects to the HealthVault
“pre-production environment” where developers build and test code.
a) The HealthVault Direct Pre-Production certificates can be downloaded from
4. Enabling a connection to HealthVault:
a) Contact Microsoft and send us your anchor (public key) to allow your Direct messages to
be successfully delivered to HealthVault users. Contact
Send a standard RFC 822 email message:
Required – a text OR html body representing a human-readable version of the summary
care record
– If sending HTML, you should ideally also include a Text only version.
Optional – attachments of any type, including PDF, JPG, Xml, CCD etc.
Attachments that are ‘clinical documents’ are additionally hoisted into their equivalent
HealthVault Item Types.
Clinical documents are currently defined as those with Content-Type:
– We grovel through the Xml and determine if the Xml represents a CCR or CCD doc
– If so, extracted into its equivalent HealthVault Item Type
– Extracted into a CCD Item Type
– Extracted into a CDA Item Type
– Extracted into CDA Item Type
Links to Direct Project & HealthVault Resources
 HealthVault Message Center (Pre-Production Environment for testing)
 (SMTP for testing)
 HealthVault Message Center (Production)
 Sean Nolan’s Health Blog
Questions? Contact