Direct Project (MU3))

From OpenEMR Project Wiki

Notes and documentation on the Direct Project goes here.

For MU3 we need to meet the following testing criteria:

(h)(1)(i) - Send Discover Certificates

  • DNS discovery of address-bound and domain-bound certificates
  • LDAP discovery of address-bound and domain-bound certificates
  • Registration of Direct email address using the ETT (Edge Testing Tool)
  • Send payload to ETT is encrypted using the ETT’s Public Key and signed using OpenEMR’s Private Key.
  • verifies the identified health information is successfully transmitted to a third party using Direct, in accordance with the standard specified at § 170.202(a)(2), and using the RFC-5751 “wrapped” message format.
  • Must meet 170.202(a)(2) standard which is the applicability statement for secure health transport which can be found here:

(h)(1)(i) - Receive

Required Enhanced Testing

  • We have to certify sending and receiving from three unrelated HISPs.

Note the documentation for the Direct service that was originally built and certified for MU2 is here:

The ONC (h)(1) criteria site is here:

Certification of (h)(1) requires also certification of (b)(1) which is the Transitions of Care:


XDM - Standard can be found here:

  • XDM description from above link: Cross-Enterprise Document Media Interchange (XDM) provides document interchange using a common file and directory structure over several standard media types.
  • XDM is document format agnostic, supporting the same document content as XDS and XDR. Document content is described in Document Content Profiles. Examples are XDS-MS, XPHR, XDS-SD, and XD-LAB.

XDS provides a registry for querying which patient records are in an EHR repository and methods for retrieving the documents.

  • The XDS system of registry and repository is termed an integration profile and was created by Integrating the Healthcare Enterprise. XDS uses structured EHR standards such as Continuity of Care Record (CCR) and Clinical Data Architecture (CDA) to facilitate data exchange.

Testing Notes

Note in the Direct setup with EMR Direct that if you don't put in the intermediary trust certificate you have to use http:// instead of https:// for the Direct connection string.

Note that custom domain name emails with google for the report recipient with the Edge Testing Tool (ETT) don't work, but regular gmail email addresses work. ie won't receive ETT test results whereas will work. EMRDirect has a message about that:

  • IMPORTANT: The DCDT sends .crt (X509 certificate) attachments in the results that it emails back to you. Many mail antivirus systems will actively block messages with these attachments, so if you are not receiving the reports, try a different email domain. For example, accounts ending in have received these reports reliably in the past for customers whose corporate email servers block these messages. Prior to your certification test, you should confirm that you are receiving the reports from the DCDT at the regular email address you plan to use on your test date.