By Richard Sethre, Psy.D., L.P., with generous research support provided by Procentive

The Patient Protection and Affordable Care Act (PPACA, or “Obamacare”) includes many major changes in the delivery of healthcare, including increased communication between medical providers to coordinate care. This has created significant challenges for Mental Health Professionals (MHPs).  The PPACA mandates eventual use of Electronic Heath Records (EHRs) that have capabilities that raise concerns for MHPs about patient confidentiality, including the capability of exchanging Protected Health Information (PHI) among the patient’s medical professionals.

As you may have noticed, we have already had to use four acronyms in the first paragraph, and several more will follow shortly.  It is necessary to be familiar with the concepts discussed, and even mandated by, the PPACA (there we go again!), and there is no way to avoid acronyms in order to have an informed discussion. We will try to use acronyms only when necessary, but it is important for MHPs (sorry) to understand these terms and be able to participate in high-stakes discussion about the issues that come with these terms, including risk of Health Information Portability and Accessibility Act (HIPAA) violations.  We will try our best to balance having an informed discussion in this paper with not making it too dense and hard to read.  On the other hand, thankfully, there is a limit to the number of concepts and acronyms necessary to understand, at least at a basic level, the issues involved with balancing compliance with PPACA/HIPAA and maintaining patient confidentiality when exchanging PHI and coordinating care.

We will refer to the people who use our services as “patients” because this is the term used by PPACA, HIPAA and regulatory bodies that are monitoring our compliance with these laws.  You are welcome to think “client.”

Here are a few more crucial acronyms that are necessary to understand mandated coordination of care issues:

  • Pushing digital information: This is a secure sending of information between two known entities with an established business relationship, such as a primary care provider and a specialist. These types of transactions typically relate to routine workflow and processes. A non-health care example of a push transaction would be sending an email (1),
  • Pulling digital information: This is a secure accessing of information that involves a query and a response. The query is the request for information about a patient, and the response is the retrieval of clinical information on the patient or information on where the clinical data can be found. For example, conducting a Google web search is a non-health care example of a pull transaction. (1)
  • Coordination of Care Documents (CCDs): documents exchanged, with the patient’s authorization, between the patient’s medical professionals and care systems, with the goal of coordinating care and improving the services provided to the patient.
  • Health Information Exchange (HIE): a service that provides digital access to a consolidated patient record. The record is a collection of documents about the patient collected from the patient’s medical professionals and health care systems. This information is aggregated and may be accessed by any medical professional or health care system staff that the patient has authorized to have access to the patient’s records. In other words, the information may be pulled from the aggregated records by an authorized professional or staff.  Also, HIE’s may push information out, such as by providing reminders of services that need to be done, such as immunizations, and providing data to authorized organizations such as Managed Care Organizations (MCOs) and regulatory agencies, such as The Center for Medicare and Medicaid Services (CMS)(1).
  • Direct Secure Messaging (DSM- also often referred to as just “Direct”): DSM is a secure messaging system that was specifically designed to securely exchange PHI. DSM may be viewed as a sort of email system for exchanging encrypted messages for coordination of care, including making referrals, exchanging CCD and communicating with MCOs.   Information about how DSM messages are exchanged will be provide below.
  • Healthcare Information Service Providers (HISPs) manage the exchange of DSM messages. HISPs maintain a directory of registered DSM users for their system, and may be able to access a national data base of DSM users to facilitate broad exchange of CCDs.  HISPs are responsible for ensuring that:
    • the sender is who they say they are
    • the message is encrypted
    • the recipient is who they say they are
    • the recipient is able to receive the message and have it decrypted so that it is usable to the recipient.

In other words, the HISP enables the sender to trust that they are sending information to the recipient, using DSM, with confidence that the message will be sent securely (encrypted) and the recipient is the intended recipient (the professional or organization that the patient authorized to receive their PHI).  The HISP enables the recipient to trust that they are receiving information from the actual sender, and that the information has been sent securely (again, encrypted).

HIE Privacy Concerns: HIEs do not have systems in place to allow patients control over who sees what in their digital heath record

Aggregated PHI

HIE systems provide access to aggregated PHI for each patient.  For example, records from the patient’s primary care provider (PCP), MHP, and other medical specialists, such as their cardiologist, will be sent to the HIE and aggregated to create the patient’s digital medical record.  This may have distinct advantages, such as helping the PCP to be aware of mental health concerns that are impacting the patient’s health care, or helping the cardiologist be aware of mental health concerns that might be exacerbating cardiac symptoms.  Or, it may be helpful for the MHP to be aware of the patient’s medical symptoms and medical treatments.

Uncontrolled access to PHI

There are many concerns for both MHPs and their patients about how all of this information is aggregated and accessible to all of their authorized medical professionals – and potentially office staff and others with access to the HIE system.  Also, patients may want one medical professional, such as their PCP, to have access to their mental health PHI, but may also prefer that their cardiologist not have access to this data.  Or, patient’s may want their medical professionals to have access to some of their mental health PHI, such as an intake summary, interim treatment summary, or discharge summary, but to not have access to other parts of their PHI, such as a psychological testing raw data, progress notes, psychosexual assessments, marital therapy sessions, and so on.

PHI may be pushed and pulled to many recipients

Information in HIE databases may be collected by having it pushed into the system, such as when an EHR is programmed to automatically send a progress note or other PHI document to the HIE.  HIEs may also be programmed to automatically pull information from authorized sources into the HIE system. Theoretically, the latter function would help ensure that the patient’s digital health record is complete, but it may also result in others having access to PHI in unexpected ways, and ways that the patient has not intended to authorize.

DSM Privacy Advantages

Controlling what info is sent, to which recipients

DSM allows patients to selectively authorize what PHI is sent, and who is to receive it. This system relies on the ability of the HISP to:

  • Verify the identity of the sender.
  • Securely encrypt the message.
  • Verify the identity of the receiver.
  • Enable the receiver to receive decrypted information in a usable form.

Mature technology

The technology for doing all of this is mature and works reliably (with the possibility, which is a risk for all digital data exchanges these days, of problems caused by hackers.  Hackers are, however, likely to be focused on stealing financial information much more than on stealing PHI.)

The current challenge for DSM is the fact that it is a relatively new service, and medical professionals, including MHPs, who register for a DSM service (and therefore become trusted users for their DSM service), which we can call Company A, may want to send information to other medical professionals who are not registered with Company A.  The prospective recipient may be registered with DSM Company B, and therefore the recipient would be a trusted user for B, but not A.  Or, the recipient may not be a DSM user.

Rapidly increasing adoption of DSM

The good news for DSM users is that registration for DSM services is increasing rapidly. According to the

  • The number of healthcare organizations serviced by DSM HISPs has increased from 667 in 2013 to 52,241 in 2015
  • The number of DMS “trusted addresses” has increased from 8,723 in 2013 to 1,099, 484 in 2015.
  • The number of DSM transactions has increased from 122,842 in 2013 to 67,227,936 in 2015. (3)

Some DSM providers, such as Inpriva (which has partnered with Procentive EHR)  have a system that enables limited communication with non-DSM-registered recipients   This problem will often be workable, just like the problem of exchanging information by fax is workable- just like it is often necessary to call a prospective recipient’s office to find out their fax number, it will be possible to call a prospective recipient’s office to find out if they are a registered DSM user.  In the future, just like many websites include the office’s fax number to facilitate coordination of care, websites are likely to include information about whether the office has DSM capability, and if so, how other DSM-enabled providers can send DSM messages

DMS challenges

DSM relies on a system of “trusted users,” with these users being certified by HISPs to “be who they say they are.”  In other words, it is important for DSM users to be registered with HISPs and therefore to have been, in effect, vetted by the HISP.  This enables other users to trust communications with other users. Unfortunately, a few HISPs do not follow the national certification criteria for their users – they have not properly vetted their users.  Therefore, when considering registering with a DSM provider it is important ask how your prospective provider handles exchanges with HISPs who do not properly certify their members.


  • DSM technology is a better match for mental health services than HIE technology.
  • Use of DSM is increasing rapidly.
  • As more medical professionals, including MHPs, register with DSM companies, DSM will become increasingly easy to use.
  • Patients can trust that they have control over what PHI is sent to
  • DSM will also be increasingly used to make referrals.
  • The ability to coordinate care, either with HEI or DSM, will be mandatory for participating in Accountable Care Organizations (ACOs – our last acronym!) and is likely to be required by major medical and MCO systems in order to receive referrals and participate in the care of patients who are members of the system.
  • MHPs who do not use HEI or DSM are likely to be increasingly marginalized, and potentially left behind, as the US medical care system evolves. They are likely to receive less referrals and to experience barriers in exchanging PHI for coordination of care.


  1. “A Practical Guide to Understanding HIE, Assessing Your Readiness and Selecting HIE options in Minnesota,” accessed on the Department of Human Services website at:
  2. “Demystifying Direct Services Messaging; An Orion Health Whitepaper,” accessed at:  This whitepaper provides more detailed information about the technical aspects of DSM.
  3. This website has very detailed information about both the concepts of Direct Trust and the technical details about how it works.


One thought on “Digital Secure Messaging: The Solution for Confidentiality Concerns For MH Coordination of Care

  • April 21, 2016 at 1:48 am

    Thanks for putting this together. It is a great summary. One thing I would point out is that HISPs across the country belong to a broad group if they use the appropriate vetting process that lets you connect with HISP A to HISP B pretty seamlessly. It is like one person using gmail and another using hotmail–they figure out each other’s addresses and can send emails back and forth.


Leave a Reply

Your email address will not be published. Required fields are marked *

This site uses Akismet to reduce spam. Learn how your comment data is processed.