Call Us: 866.966.9030

Direct Secure Messaging FAQ’s

When do I need a Direct Secure Messaging account?
You need a Direct Secure Messaging account if you want to exchange electronic Protected Health Information (ePHI) to meet the Meaningful Use requirement for data exchange between providers, payers or any other HIPAA identified entity for purposes of treatment, payment or operations.

How do I get a Direct Secure Messaging account?
Your supervisor or office manager must complete the Subscriber Agreement (found at for all DSM users in your organization. Questions can be directed to the AeHN office at 866-966-9030, ext. 2.

How long does it take to get a Direct Secure Messaging account?
Alaska eHealth Network is committed to protecting and securing patient health data. In order to ensure that our participants are also meeting our high standards, we do several security checks on applicants including active business license and driver’s license reviews. The process usually can be completed within 24 hours. If you have questions, please contact our help desk at

How secure is Direct Secure Messaging?
The Direct Secure Messaging solution uses self-signed certificates for the trust and encryption of messages that conform to all of the requirements specified in the Applicability Statement for Secure Health Transport for Direct Messaging specifications. The messages cannot be sent outside of the secure mail server environment and can only be sent between two trusted sources. The content and route of the message are at the discretion of the sender. Once the message is received, the use of that message is at the discretion of the recipient.

Will Direct Secure Messaging work on a Mac?
Yes, DSM is independent of the hardware platform and runs in a browser window.  However, on a Mac it can only run on Firefox.

Where can I find training materials for AeHN Direct Secure Messaging?

What is the file size for attachments on Direct Secure Messaging?
The file size for one attachment is limited to 20 MB. The total of all attachments in one email is limited to 50 MB. Your user mailbox is set to store 1 GB of data. Please contact if you have any problems with file size.

Can I send messages to my personal or work email account?
No, Direct Secure Messages can only be read within the DSM system. However, you can send notifications to yourself when a new Direct Secure Message has been received. To set up notifications:

• Select Settings (upper menu bar)
• Select Mail Options (left menu bar)
• Turn Enable Notifications ON
• Add the email address where you wish to receive notifications in Notifications Address

What browser should I use to access the AeHN Direct Secure Messaging service?
The following browsers are supported: Internet Explorer (IE) 6 and higher or Firefox 10 ESR

Why can’t I use group mail like I did on You Send It?
You Send It is not a protected health information system (PHI). The Direct Messaging System is designed to meet the HIPAA and ONC requirements for sending PHI and auditing the user access to PHI.  Please see the How To’s to setup a personal group list.

Why am I not receiving my Read Receipts?
Make sure you have setup your Reply To address to go to your DSM account. This feature only works within the DSM system.
• Click on Settings > Webmail Settings > Reply To

ONC Implementation Guidelines for State HIE Grantees on Direct Infrastructure & Security/Trust Measures for Interoperability:
Specifically with respect to identity validation, RAs, CAs and any other entities performing RA functions should ensure that individuals and organizations are identity proofed at the medium assurance level (as specified in FBCA X.509 Certificate Policy for the Federal Bridge Certification Authority Dec. 9, 2011).

Standard: TECHNICAL SAFEGUARDS Sections Implementation Specification R/A?
Person or Entity Authentication 164.312(d) R
The Rule States: “Implement procedures to verify that a person or entity seeking access to electronic protected health information is the one claimed.”
Solution: Username and Password are used for access control; strict control is given over who can access user’s accounts.