Frequently Asked Questions

We offer a variety of pricing plans ranging from our free, personal accounts to enterprise-level secure exchange bundles to suit the needs and budgets of any customer.

Learn More

To log into your DataMotion account, first navigate to your secure mailbox, enter your email address and password in the logon window and click “Enter” to login. If your organization has single sign on enabled, simply click the identity provider button to login. You will then be routed through the identity providers verification process.

Yes, during initial setup of your DataMotion account, you will be prompted to select a delivery method such as encrypted PDF push and web delivery. You always have the option of changing it later through your preferences.

Your mailbox storage space varies based on your pricing plan and is counted using the messages SENT from your account, not received. Please contact us for more information.

Yes, messages do expire. To protect the sensitive nature of your messages, the DataMotion system stamps each message you send with an expiration date. By default, SENT messages expire after 30 days. The DEFAULT maximum expiration period of your sent messages can be extended to 2 or more years. Increasing your default expiration period will cause your mailbox to fill up quicker. There is also the option to change the expiration period on a per message basis.

After a message has expired, the contents and any attachments associated with that message will no longer be available. Metadata of the message will still be available forever in the form of message tracking and reporting.

The Outlook add-in can be configured to route secure messages to the DataMotion secure mailbox in three (3) different ways:

• Client-Side Encrypting: In this version of the add-in the message is sent as an encrypted payload to the DataMotion secure mailbox for processing. An additional feature of the add-in is that it downloads an unencrypted version of the message from your secure email inbox directly to your Outlook inbox. This version of the Outlook add-in does not require the DataMotion secure content filter.
• Server-Side Encrypting: This version of the add-in redirects a secure message over an encrypted channel to the DataMotion secure mailbox. This version of the add-in requires the DataMotion secure content filter to process and redirect the message.
• Subject Line Tagging: If your policy is not to modify message headers for secure messages, then the tagging option is also available. With this option, a tag is added to the subject line of a message which can be scanned by the content filter and routed securely to the DataMotion secure mailbox. When the content filter recognizes the tag in a subject line, it strips it out before the message is forwarded to the DataMotion secure mailbox.

Note: In order to implement the tagging option, ALL of your messages will need to be routed through the DataMotion secure email content filter.

The content filter has some of the most common PHI and PII rule patterns built-in, including financial policy rules, healthcare rules, and personal identifying information rules.

Additional built-in rules include tags to scan a subject line of an email and take the appropriate action.

There are multiple actions that can be specified when a condition is matched. Some of the common ones are to send the message securely, route the messages to another SMTP server, and delete the message. In any of these cases, the sender and other individuals (administrators, managers) can be notified by the content filter.

Yes, the DataMotion secure email content filter includes the ability to use Regular Expressions for pattern matching, as demonstrated by many of the pre-configured rules. You can create custom rules using your own set of Regular Expressions as well. While the secure content filter has the most common PHI, PII, and HIPAA compliant patterns built-in and has been tuned over DataMotion’s years of experience, it is flexible enough to give you free reign over writing your own patterns (rules). The content filter is also capable of exact matching; meaning you can create a flat file with the exact keywords that you wish the content filter to scan.

Yes, the content filter can be installed in an active / passive cluster, VMWare or in a load balanced configuration.

Yes, there are various methods such as implementing user groups and rules whereby you can control your accounts.

The message will be received by the DataMotion secure mailbox and will sit in the ‘Drafts’ folder of the sender’s account. The sender will receive a notification that they do not have permission to send a message and to contact their IT administrator. Once their account has been fully licensed, the message in the drafts folder will automatically be sent out. The sender does not need to resend the message.

SSO with industry-leading Identity Providers offered by DataMotion follows strict security measures put in place by these vendors to protect their users. Ultimately, safeguarding access to user accounts (whether via SSO or regular user ID/password combination) is in the hands of users, who must take all necessary precautions so as not to compromise their account credentials.

DataMotion customers concerned about providing users within their companies with SSO, have an option to disable it for their licensed users (auto-created recipient users will still have it available).

Any users who use the Outlook Add-in that requires authentication or DataMotion APIs, must continue using their current authentication method with email/user ID and password.

Integrating an EHR system with a HISP typically involves the following steps:

1. Establish Direct addresses for the EHR users who need access to Direct
2. If the EHR supports connectivity via the XDR protocol, establish an XDR connection
3. If API integration is involved, use the developer sandbox provided by DataMotion to develop and test the application calling into the DataMotion APIs.

The DataMotion Direct Software Developer Kit (SDK) offers up a set of robust APIs that integrate into your workflow without any disruption. DataMotion will setup all the Direct addresses, certificates, encryption, and message routing. DataMotion provides assistance all the way through and is also recognized by our customers as a reliable integration partner.

You can send a Direct message to (or receive a Direct message from) any EHR that is in DataMotion’s HISP, or to any EHR that is in another HISP.

Yes, it is possible to access your Direct Messages in a secure manner from your cell phone, tablet, and any other mobile device, using the DataMotion mobile-optimized Direct Messaging Portal.

To enable developers and compress development cycles, DataMotion’s connectivity methodologies are incorporated into a developer’s sandbox with open web standards such as web services, S/MIME, SMTP, etc. to test your system. Developers familiar with standard web communication protocols, including HTTP, XML, and SOAP will be able to use the sandbox with minimal training and support. The sandbox contains:

• Integration code samples
• API documentation
• Implementation guide

DataMotion offers the following categories of Direct addresses:

• Individual Direct Address
• Group Direct Address
• Workflow Direct Address

Read more about these types of addresses here.

As per DataMotion HISP agreement, the standard data retention period for each DataMotion Direct mailbox is 30 days.

DataMotion adheres to DirectTrust LoA3 for all Direct Users (equivalent to NIST 800-63-1 Level 3 or Kantara Level 3 or FBCA Basic or Medium).

Yes. DataMotion Direct Secure Messaging has achieved Office of the National Coordinator of Health Information Technology (ONC-HIT)  Modular Certification, see Certified Health IT Product 10017.

The secure message delivery API is a subset of our family of APIs for the secure message center. It does not include APIs for administration and provisioning. Unlike the secure message center APIs, it only supports the sending of messages in one direction.

No, the secure message delivery API only supports the sending of messages and attachments in one direction.

The direction that your secure messages are sent depends on your application. It can be coded to support user-initiated secure messages from your app or portal, or you can enable emails to be sent automatically or manually from your system to your end-users.

Your developer account has a 10GB limit for storing sent messages. You can release the storage taken by a message by deleting it via API.

The maximum attachment size is 20MB. Your users can choose to send one attachment up to 20MB in size or multiple attachments totaling up to 20MB.

You can retract the message, review its delivery status and delete the message from your account to release the storage taken by it.

Pay-per-use means that you only pay for the transactions that are actually made while using this API. Transactions are based on the number of recipients per message. So, one message sent to one recipient is billed as one transaction. However, one message sent to five recipients would be billed as five transactions.

A member of our sales team will be reaching out to you once you run out of credits on your developer account to inform you of your next steps to refill your balance.

For in-depth documentation, including base URLs, endpoints, response and request body formats, and more, please visit our developer center. To learn more about this API and what it does, head on over to our Developer Experience page on our website.

According to the HITRUST Alliance, the HITRUST Certification “is a globally recognized certification of an organization’s compliance to the rigorous comprehensive security and privacy protection requirements specified in the HITRUST CSF.” The certification provides a framework for compliance with top security and privacy regulations, including ISO, NIST, PCI, HIPAA, and GDPR.

Learn more about what the HITRUST CSF Certification is in our blog post “HITRUST CSF® Certification: What Is It and Why Does It Matter?”

Any organization that earns HITRUST CSF Certification is considered to have demonstrated “the highest level of trust.” HITRUST also states that that those who achieve the certification have proven that they implement the highest security controls and place a strong emphasis on protecting their data’s security and reducing risk.

In other words, the HITRUST Certification provides verified assurance that an organization is performing the greatest level of diligence to protect your data.

To become HITRUST CSF Certified, an organization must complete a minimum of 156 (typically, many more) rigorous controls (requirements). These controls span across fourteen categories, including risk management, security policy, compliance, and business continuity management. After implementing each control, the organization must be verified via self-assessment or third-party assessor. An organization must be recertified every two years.

DataMotion Direct Secure Messaging and the secure email platform are HITRUST CSF Certified.

Each HITRUST CSF-certified company must undergo a full reassessment bi-annually and a partial one in the interim.

We recommend stopping by “HITRUST CSF® Certification: What Is It and Why Does It Matter?” on the DataMotion Blog and visiting the HITRUST website.