DirectTrust Working on Standard For Secure Instant Messaging

In recent years, instant messaging has taken its place alongside texting as a platform for quick ‘n dirty business communication. The thing is, instant messaging platforms generally haven’t been built for the privacy-critical information healthcare professionals share.

To address this gap, DirectTrust – the alliance behind the Direct Secure Messaging protocol – has starting developing a Trusted Instant Messaging+, a standard designed to allow safe real-time communication of health information. TIM+ is designed to allow secure transmissions between known, trusted entities within and across enterprises.

As we all know, there are already many ways to send quick text messages, including Messenger and enterprise collaboration systems like Slack. However, healthcare professionals use them at their potential peril, as transmitting patient information via these tools could easily violate HIPAA or other privacy regulations.

What makes the situation worse is that in the past, there has been no standard secure instant messaging in healthcare, particularly between disparate systems, said Scott Stuewe, DirectTrust’s president and CEO.

“The goal of the TIM+ standard is to create a secure and protected instant messaging standard for providers to communicate with each other, as well as with patients and other care team members,” Stuewe said in a prepared statement. “This is critical in eliminating the risk of violating HIPAA and other privacy regulations, and for the storing and sharing of protected health information.”

The new TIM+ standard plans to support file transfers, as well as text-based communication such as one-on-one messaging, group or “room”-based messaging and feedback notification of message status. It will also determine whether trusted endpoints are present and available, and tracks changes in availability status and endpoint authorization control of viewing status in near real-time.

It’s worth bearing in mind that there are already proprietary solutions which offer secure messaging for healthcare providers, such as Trillian ( and Netsfere ( Not every hospital or medical group will want to build their own standards-based solution for instant messaging, particularly when there are some well-established products on the market.

However, particularly with CMS and ONC pushing for greater health data interoperability, it might make sense for providers to use standard-based instant messaging technologies going forward.

In any event, whether it’s TIM+ or another standard, it probably makes sense to have an instant messaging standard in place. After all, if we don’t have a standards-based infrastructure for secure instant messaging, we’re creating another silo, aren’t we? And that’s the last thing we need, particularly with the industry facing greater pressure than ever to implement interoperable standards.

About the author

Anne Zieger

Anne Zieger

Anne Zieger is a healthcare journalist who has written about the industry for 30 years. Her work has appeared in all of the leading healthcare industry publications, and she's served as editor in chief of several healthcare B2B sites.