Get Started with Direct Secure Messaging

Direct Secure Messaging, available in PCC EHR, is a communication technology used to exchange private medical information. Direct Secure Messaging requires special registration and unique addresses that are similar to, but not the same as, email.

Watch the Video: Watch Get Started with Direct Secure Messaging to learn how to configure your PCC system to send, receive, and reconcile direct secure messages.

If your practice activates Direct Secure Messaging and you register clinical users, you can:

  • Send a direct secure message containing a Summary of Care (also called a Transition of Care) document to another medical practice
  • Receive direct secure messages from other medical practices and add the information they contain to a patient’s chart
  • Allow your patient and families to send a visit summary directly from the patient portal to another medical practice using a direct secure message

Patient Portal Messages vs. Direct Secure Messaging: The patient portal and PCC EHR support two different messaging technologies. Portal messages are a secure, optional messaging tool built into the patient portal. Patient portal users can exchange messages with their pediatric practice, and the practice can receive and send portal messages with PCC EHR or pocketPCC. Direct Secure Messaging, on the other hand, is a specialized message technology used to share and send medical information. It requires registration with a third-party service and it allows for secure transmission of C-CDA transition of care documents or visit summaries. For more information, refer to Receive and Respond to Portal Messages or Direct Secure Messaging.

Activate Direct Secure Messaging For Your Practice

When you are ready to activate Direct Secure Messaging for your practice, contact PCC Support. We will create your practice’s Direct Secure Messaging connection. PCC partners with Updox to manage the back-end of the service.

Create Direct Secure Messaging Accounts for Users

After Direct Secure Messaging is turned on for your practice, create a Direct Secure Messaging account for any user who needs to be able to send and receive direct secure messages.

Open User Administration

Open the User Administration tool from the Tools menu in PCC EHR.

Create a Direct Secure Messaging Account

Edit the user’s account, click on the “Direct Secure Messaging” tab, and create a Direct Secure Messaging account.


Who Needs a Direct Secure Messaging Account?: Users only need a Direct Secure Messaging account in order to send and receive direct secure messages. Other operations, such as matching inbound messages to the right patients, reconciling the contents of inbound messages to patient charts, or deleting inbound messages, may be performed by any user who has the relevant role permissions in PCC EHR. No Direct Secure Messaging account is required to perform these actions.

View and Manage the User’s Direct Secure Message Account

After you create the account, you can see the user’s Direct Secure Messaging address as well as options to deactivate their account or set directory preferences.

Users Can Look Up Their Own Direct Secure Message Address

Users with Direct Secure Messaging accounts may look up their own addresses in the My Account tool under the File menu in PCC EHR.


Users can share their Direct Secure Messaging address with patients or other medical practices for the purpose of receiving transition of care documents.

Register Your Practice with the DirectTrust Network

Once your practice’s Direct Secure Messaging service is enabled, users with accounts can send direct secure messages to individuals in other organizations who also have a Direct Secure Messaging address.

As with an email address, if you know the Direct Secure Messaging address of another individual you can send them a message. If you do not know whether your recipient has a Direct Secure Messaging address or what their address is, you can search for them by name or organization in one of several directories.

Updox maintains a directory of individuals and organizations who use their Direct Secure Messaging service. From the moment your practice activates Direct Secure Messaging, users with accounts can search the directory for the Direct Secure Messaging addresses of other members.

Updox also offers the option to register for the DirectTrust Network. The DirectTrust Network grants access to a directory of Direct Secure Messaging addresses far beyond Updox’s network. Members of the DirectTrust Network can look up each others’ Direct Secure Messaging addresses.

In order to register with the DirectTrust Network, one Direct Secure Messaging user at your practice must undergo identity verification and register to serve as your practice’s legal representative. Only one Direct Secure Messaging user at your practice needs to complete the registration with the DirectTrust Network.

To register, the designated user opens the My Account tool in PCC EHR and clicks on the blue link below their Direct Secure Messaging address.

The link redirects to a registration form on Updox’s website.


The user completes the registration steps on the Updox website. They will need to enter identifying information and answer demographic questions to verify their identity.

Once the process is complete, you will see the result in the User Administration tool, or in the My Account tool.

Once one user on your system has registered your practice with the DirectTrust Network, all Direct Secure Message users will have access to the Direct Secure Messaging trust network.

What to Do When the Authorized Representative Leaves Your Practice: When you disable a user account in PCC EHR, it also disables their Direct Secure Messaging account. If you disable the account of your authorized representative, PCC EHR will send a message to Updox, the third-party vendor that manages Direct Secure Messaging accounts. Your practice will lose access to the DirectTrust Network until you register a new authorized representative. To register a new authorized representative, contact PCC Support with the name of the person you would like to designate.

Known Display Issue: Authorized Representative Appears to Change: Once established, the name of the authorized representative can rotate. This is a cosmetic display issue and does not actually reassign the role of authorized representative to a different user. Your practice can continue to use DSM without issue, even if the authorized representative name appears to change over time. PCC aims to correct this issue in the near future.

Configure Users to Work with Inbound Messages

Users with the right role permissions can work with inbound direct secure messages in PCC EHR. These users do not need a Direct Secure Messaging account.

With the right role permissions, users in PCC EHR can match inbound messages to the correct patient, reconcile clinical data from inbound messages to patient charts, and, in exceptional cases, delete inbound messages. Each operation is controlled by a separate permission in the User Administration tool.

The Messaging Queue permission gives users access to the Messaging queue in PCC EHR, where they can match inbound messages to the correct patient. The Reconciliation permission gives users the ability to reconcile clinical data from inbound messages to patient charts. The Direct Secure Message Removal permission gives users the ability to delete inbound messages from the Messaging queue in PCC EHR. Deletion is an irreversible action that should only be taken under special circumstances, such as when you receive a message for a patient who does not belong to your practice.

You can add the above permissions to existing roles or create new roles dedicated to Direct Secure Messaging. To learn more about creating and assigning user roles in PCC EHR, read Set User Roles for Permissions and Security.

Send a Direct Secure Message with a Summary of Care Record

You can use Direct Secure Messaging to send a message and a Summary of Care Record to a specialist for a referral or to another clinician as part of a transition of care.

For more information, read the Send and Receive Direct Secure Messages help article.

Receive a Direct Secure Message and Add It to a Patient’s Chart

To learn how to receive a Direct Secure Message in PCC EHR, as well as how to add it to a patient’s chart, work with the message and import medical data, read Send and Receive Direct Secure Messages.

Customize Your Practice’s Direct Secure Message Protocol

When you work with Direct Secure Messages in PCC EHR, you can use a custom protocol that includes components that will help you respond to the information in the message and take action.

Your practice can customize the Direct Secure Message protocol in the Protocol Configuration tool. For example, you may want to add the patient’s Problem List, History, or Upcoming Appointments components to assist your workflow when you read and evaluate a Direct Secure Message.


For information about protocols in PCC EHR, you can read about Protocol Configuration.

Patients and Families Can Send Direct Secure Messages in MyKidsChart, the Patient Portal

Once your practice has activated Direct Secure Messaging, your patients and families can use the patient portal to send their own visit summary directly to other physicians and medical practices.

To learn more, read Send and Receive Direct Secure Messages.

  • Last modified: July 25, 2022