Frequently Asked Questions


expand all
Is my data safe?

Yes. MaxMD’s security policies meet 100% of the technical and security requirements of 45 CFR Parts 160 and 164, sub parts A and C. Our technical infrastructure is housed at a SSAE 16 Type II Soc 1 certified facility which undergoes annual independent audits. MaxMD is also independently accredited by the Electronic Healthcare Network Accreditation Commission (EHNAC) as a Health Information Service Provider (HISP), Registration Authority (RA), and Certificate Authority (CA). EHNAC performs a comprehensive review of MaxMD’s technical infrastructure, policies and procedures on alternating years. Finally, MaxMD also has an audited business recovery plan.

Will this assist in our pursuit of Meaningful Use?

Yes. For eligible hospitals, the MaxMD HISP can be integrated with your existing inpatient EHR via our EaaS® configuration, enabling the bi-directional exchange of Summary of Care records to disparate systems. For individual healthcare providers, our Hosted Direct mdEmail® Version 3.0 accounts are ONC HIT Certified for 170.314(b)(2), 170.314(g)(1), and 170.314(g)(2). For either configuration, MaxMD is happy to provide access to Direct messaging reports for measuring your numerator.

Can our organization use Direct even though we don’t have an EHR?

Yes. If you have a unique HIT application with a messaging capability or a dedicated mail server, MaxMD can interface our HISP via the EaaS® configuration. If you don’t have an application to leverage, MaxMD provides a standalone Hosted Direct mdEmail® Version 3.0 product. Hosted Direct mdEmail® Version 3.0 is accessible via mobile devices, desktop clients (e.g. Thunderbird or Outlook), or our webmail client which can even be branded with your custom colors and logo.

How quick is the turnaround time for Direct services?

MaxMD EaaS® configuration is typically implemented in 10 days or less. The fastest implementation to an inpatient EHR was achieved in 2 hours. The timeline for delivery of Hosted Direct mdEmail® Version 3.0 is within 24 hours of procurement and completion of the MaxMD Implementation Checklist.

Can our organization interoperate with other Direct addresses outside of MaxMD?

Yes. MaxMD is interoperable with 100% of the HISPs in the DirectTrust Accredited Trust Bundle. We also allow clients to customize their own Trust Relationships by adding unaccredited HISP’s certificates to their own unique trust bundle with the completion of proper documentation.

Can our organization use our current domain name for our Direct addresses?

Yes. MaxMD adheres to the Applicability Statement for Secure Health Transport Standards and will assist you in creating a sub-domain such as direct.yourdomain.com which will be used for your Direct addresses.

Can multiple individuals share the same Direct address?

Yes. To satisfy requirements of the Direct Protocol, each of these individuals accessing a Common Address must still be identified as unique Authorized Users in order to create the requisite audit trail for all activity.

Will MaxMD notify me when I receive a Direct message?

Yes. A message notification feature is standard to the Direct mdEmail® Version 3.0 product. Notifications can be either an SMS message to a smart phone or an email notification to a designated non-direct address.

Is there a directory of Direct addresses?

Yes. MaxMD supports access to the DirectTrust.org directory in three ways: a filter tool on the max.md website, the native address book within Hosted Direct mdEmail Version 3.0 accounts, and by calling the directory through an API. Direct policy requires that you must be a part of the directory in order to access the directory.

What is identity proofing?

Direct operates as a Trusted Network designed to improve interoperability between disparate systems and improve care coordination between healthcare professionals. It is the identity proofing aspects of the Direct Protocol that create a spam-proof, spoof-proof network with a foundation of trust-in-identity. Direct policy requires each user of the Direct Protocol to be proofed to NIST Level of Assurance 3, which is satisfied with two forms of ID.

Can MaxMD leverage the proofing undertaken during our hiring process rather than duplicate those efforts?

Yes. As an EHNAC Accredited Registration Authority, MaxMD can leverage what is called Antecedent Proofing as described in NIST 800-63-2, and identity proof one individual at an organization as a Trust Agent who will attest to the identity of all employees designated as Authorized Users by the organization.