DirectTrust.orgBuilding the Trust Framework for Directed                Exchange         David C. Kibbe, MD MBA      NeHC ...
Today’s talk• About DirectTrust.org• Our mission and goals• Brief overview of Directed exchange • Why e-mail? Why ‘push’ ?...
About DirectTrust.org• DirectTrust.org is being organized as an  independent, non-profit, and  competitively neutral entit...
• Our web presence:      About DirectTrust.org  www.directtrust.wikispaces.com• ~80 members of the wiki, representing  HIS...
About DirectTrust.org• Two active workgroups:  Security and Trust  Compliance; Certificate Policy and  Practices• Organiza...
The Direct Project Created a set of protocols, specifications, and standards, that, with a policy and trust framework, en...
Meaningful Use, Quality Care   Direct Project facilitates the communication of many different kinds of content   necessary...
Specific HISP duties:- provide subscribers with account and Direct addresses     - provide web portal or EHR/PHR integrati...
Security and Trust      are Essential!• We trust our doctors and nurses with our  health information.• We will need to be ...
Desirable HISP attributes:         - strong, validated security practices           - a track record in data exchange   - ...
Why Digital Certificates are So        Important to Directed Exchange• Digital certificates “stand in” for the  individual...
Direct Identity, Trust, and Address Provisioning                                                              Certificate ...
Issues Remaining to be Resolved withRespect to the Direct Exchange Trust             Framework• Who will be acceptable (ie...
Questions, Comments• David C. Kibbe, MD MBA• kibbedavid@mac.com• 913 205 7968
Upcoming SlideShare
Loading in...5
×

David Kibbe of DirectTrust.org at 2012 eCollaboration Forum

721

Published on

Published in: Technology
0 Comments
0 Likes
Statistics
Notes
  • Be the first to comment

  • Be the first to like this

No Downloads
Views
Total Views
721
On Slideshare
0
From Embeds
0
Number of Embeds
0
Actions
Shares
0
Downloads
0
Comments
0
Likes
0
Embeds 0
No embeds

No notes for slide

David Kibbe of DirectTrust.org at 2012 eCollaboration Forum

  1. 1. DirectTrust.orgBuilding the Trust Framework for Directed Exchange David C. Kibbe, MD MBA NeHC University, February 8, 2012 kibbedavid@mac.com
  2. 2. Today’s talk• About DirectTrust.org• Our mission and goals• Brief overview of Directed exchange • Why e-mail? Why ‘push’ ?• The importance of security and trust• Components of the Trust Framework • It’s all about identity!
  3. 3. About DirectTrust.org• DirectTrust.org is being organized as an independent, non-profit, and competitively neutral entity created by and for Direct community participants.• Our goal is to develop, promote and, as necessary, help enforce the rules and best practices necessary to maintain trust within the Direct exchange community, and to foster widespread public confidence in the Direct exchange of health information.
  4. 4. • Our web presence: About DirectTrust.org www.directtrust.wikispaces.com• ~80 members of the wiki, representing HISPs, HIEs, EHR technology vendors, Certificate Authorities, Identity Providers, state officials, patient advocacy organizations, providers, consultants, others.• Please join if you wish to contribute to the effort!
  5. 5. About DirectTrust.org• Two active workgroups: Security and Trust Compliance; Certificate Policy and Practices• Organizational Committee Members • AAFP, Arcadia Solutions, Cerner, DigiCert, Gorge Health Connect, Relay Health, Rhode Island Quality Institute, SAFE- BioPharma, Surescripts
  6. 6. The Direct Project Created a set of protocols, specifications, and standards, that, with a policy and trust framework, enables simple, secure transport over the Internet, to be used for exchange between known participants in support of meaningful use.
  7. 7. Meaningful Use, Quality Care Direct Project facilitates the communication of many different kinds of content necessary to fulfill meaningful use requirements. Examples of Meaningful Use  Other Providers/Authorized Entities:  Clinical information for care coordination  Labs – test results DIRECT  Referrals – summary of care record EXCH ANGE  Patients:  Health information  Discharge instructions  Clinical summaries b.wells@direct.aclinic.org  Reminders1 Get a Direct Address ( e-mail-like) and a ) security certificate  Public Health:2) Send mail securely using most e-mail  Immunization registries clients OR contract with a HIO or HISP  Syndromic surveillance that performs authentication, encryption and trust verification on your behalf  Laboratory Reporting
  8. 8. Specific HISP duties:- provide subscribers with account and Direct addresses - provide web portal or EHR/PHR integration - arrange for identity verification - org and individual - arrange for digital certificate issuance, management - maintain integrity of trust and security framework - stay current with federal policies and regulations
  9. 9. Security and Trust are Essential!• We trust our doctors and nurses with our health information.• We will need to be able to trust HISPs with our health information.• Without a high level of trust accompanied by the requisite levels of security and privacy protection, health data exchange of any type or technology will likely fail.
  10. 10. Desirable HISP attributes: - strong, validated security practices - a track record in data exchange - working relationship with one or more RA/CA- able and willing to interoperably exchange with other HISPs - robust subscriber directory
  11. 11. Why Digital Certificates are So Important to Directed Exchange• Digital certificates “stand in” for the individual/organizational identity in cyberspace• They are issued by an RA/CA only after identity verification proves you are who you say you are• They are used to sign, validate, and encrypt Direct exchange messages and attachments• Any breach of trust with respect to certificate issuance or use threatens the integrity of exchange
  12. 12. Direct Identity, Trust, and Address Provisioning Certificate Authority (CA) Identity/Trust Certificate Verification Validation Service Certificate Signing Revocation Services Services The CA and RA enforce the 6. Certificate Signing 7. Direct Organization policies specified in the Request Certificate DirectTrust.org and FBCA 2. Request Direct Certificate Policies (CPs). Organization Assume hasDigital Identity Certificate Registration Authority (RA) Certificate 3. Credentials and Documentation Compile/Validate Identity and Trust HCO Documentation  Representative Representative FBCA Credentials  Representative Healthcare AuthorizationOrganization (HCO)  Legal Entity Documents 4. Direct 5. Public 8. Direct Organization Organization  Membership/Trust Domain Key Certificate Agreement  HIPAA status Domain Name System (DNS) 1. Enroll with HISP 9. Direct Address/ Health Information Service Org Certificate Provider (HISP) LDAP Name System Source: DirectTrust.org February, 2012
  13. 13. Issues Remaining to be Resolved withRespect to the Direct Exchange Trust Framework• Who will be acceptable (ie. trustworthy) as Certificate Authorities?• What level(s) of identity verification is required for groups; professionals; patients?• What will be decided at a federal policy level, and what at an industry level?
  14. 14. Questions, Comments• David C. Kibbe, MD MBA• kibbedavid@mac.com• 913 205 7968

×