1 David C. Kibbe, MD MBA DirectTrust Collaborating to Build the Security and Trust Framework for Direct Exchange June 20, 2013.

Slides:



Advertisements
Similar presentations
#CONNECT2013 Connecting for Good Loews Coronado Bay Resort, San Diego, California David C. Kibbe, MD MBA President and CEO, DirectTrust David C. Kibbe,
Advertisements

The Internet2 NET+ Services Program Jerry Grochow Interim Vice President CSG January, 2012.
ONC Policy and Program Update Health IT Standards Committee Meeting February 20, 2013 Jodi Daniel, Office of Policy and Planning, ONC.
Interoperability Roadmap Comments Sections E, F, and G Transport & Security Standards Workgroup Dixie Baker, chair Lisa Gallagher, co-chair March 11, 2015.
Identity Federation Rules and Process Linda Elliott President, PingID Network Electronic Authentication Partnership Washington, DC February 12, 2004.
Certificate Interoperability S&I Framework Initiative Final Report August 17, 2011.
1101 Connecticut Ave NW, Washington, DC :00 pm EST, January 9, (626)
1101 Connecticut Ave NW, Washington, DC :00 pm ET, April 4, (773)
Interoperability Kevin Schmidt Director, Clinical Network.
Connecticut Ave NW, Washington, DC Direct Exchange from Provider to Patient/Consumer ….and Back! David C. Kibbe, MD MBA.
1101 Connecticut Ave NW, Washington, DC :00 pm EDT, July 11, (773)
Connecticut Ave NW, Washington, DC September 30, 2014 David C. Kibbe, MD MBA President and CEO, DirectTrust Luis Maas, MD.
Direct Project Scalable Trust and Trust Bundles. 12/06/10 Overview What is Scalable Trust State of Trust Trust Issues Trust Solutions Trust Bundle Demo.
HISP-to-HISP Discussion May 13, HISP Definition What is a HISP? An organization that provides security and transport services for directed exchange.
Understanding and Leveraging MU2 Optional Transports Paul M. Tuten, PhD Senior Consultant, ONC Leader, Implementation Geographies Workgroup, Direct Project.
ONC HIT Policy Committee Interoperability and HIE Workgroup Panel 3: State/Federal Perspectives August 22, 2014 Jennifer Fritz, MPH Deputy Director Office.
1101 Connecticut Ave NW, Washington, DC :00 pm EDT, May 2, (773)
Introduction to OIX: A Market Solution to Online Identity Trust Don Thibeau.
Connecticut Ave NW, Washington, DC Direct Exchange An Introduction for Providers Engaged in Stage 2 Meaningful Use David.
HIE Implementation in Michigan for Improved Health As approved by the Michigan Health Information Technology Commission on March 4, 2009.
Federated Identity Management in New Zealand Sat Mandri Service Manager TNC15 REFEDs Meeting, 14 th June 2015.
Georgia Health Information Exchange Georgia Rural Health IT Forum January 26, 2012.
NENA Development Conference | October 2014 | Orlando, Florida Security Certificates Between i3 ESInet’s and FE’s Nate Wilcox Emergicom, LLC Brian Rosen.
Exchange: The Central Feature of Meaningful Use Stage Meaningful Use and Health Care Innovation Conference Craig Brammer Office of the National.
Tom Clarke VP, Research & Technology National Center for State Courts.
Wicked Problems, Righteous Solutions: Learnings from Two Years of DirectTrust PKI and Interoperability Testing Experiences DirectTrust Technical Break-out.
0 Presentation to: Health IT HIPPA Workshop Presented by: Stacey Harris, Director of Health IT Innovation September 26, 2014 Division of Health Information.
S&I Framework Architecture Refinement & Management (ARM) 01/07/2013.
Nationwide Health Information Network: Conditions for Trusted Exchange Request For Information (RFI) Steven Posnack, MHS, MS, CISSP Director, Federal Policy.
1 Manatt Health Solutions NYS Office of Health Information Technology Transformation Academy Health State Health Research and Policy Interest Group 2008.
1 EAP and EAI Alignment: FiXs Pilot Project December 14, 2005 David Temoshok Director, Identity Policy and Management GSA Office of Governmentwide Policy.
Connecticut Ave NW, Washington, DC David C. Kibbe, MD MBA President and CEO, DirectTrust Senior Advisor, AAFP AMDIS, Boston,
State HIE Program Chris Muir Program Manager for Western/Mid-western States.
HIT Policy Committee NHIN Workgroup Recommendations Phase 2 David Lansky, Chair Pacific Business Group on Health Danny Weitzner, Co-Chair Department of.
E-Authentication: Enabling E-Government Presented to PESC May 2, 2005 The E  Authentication Initiative.
E-Authentication: Simplifying Access to E-Government Presented at the PESC 3 rd Annual Conference on Technology and Standards May 1, 2006.
Integrating Federated Identity and Web services in the RHIO Environment John Richardson Vice-Chair, Liberty Alliance eHealth SIG Intel Corporation Digital.
Public Health Data Standards Consortium
Updated September 30, 2010 Open Health Tools (OHT) Strategic Plan.
Open Health Tools Strategic Plan. Mission “to significantly contribute to the health and well-being of individuals and communities by improving their.
1101 Connecticut Ave NW, Washington, DC :00 pm ET, July 10, (626)
Overview of Issues and Interests in Standards and Interoperability Mary Saunders Chief, Standards Services Division NIST.
ONC’s Proposed Strategy on Governance for the Nationwide Health Information Network Following Public Comments on RFI HIT Standards Committee Meeting September.
1 David C. Kibbe, MD MBA DirectTrust A Discussion About Scalable Trust May 9,
January 26, 2007 State Alliance for e-Health January 26, 2007 Robert M. Kolodner, MD Interim National Coordinator Office of the National Coordinator for.
1101 Connecticut Ave NW, Washington, DC :00 pm ET, June 15, (626)
EResearchers Requirements the IGTF model of interoperable global trust and with a view towards FIM4R AAI Workshop Presenter: David Groep, Nikhef.
Health Information Exchange in California Right Care Capitol Region University of Best Practices 9 February 2015 Robert M. Cothren, PhD, Executive Director.
Adoption and Use of Electronic Medical Records (in Federally Qualified Health Centers) and Supporting an ASP Community Care Network of Virginia, Inc.
Scalable Trust Community Framework STCF (01/07/2013)
Mariann Yeager, NHIN Policy and Governance Lead (Contractor) Office of the National Coordinator for Health IT David Riley, CONNECT Lead (Contractor) Federal.
HIT Policy Committee NHIN Workgroup HIE Trust Framework: HIE Trust Framework: Essential Components for Trust April 21, 2010 David Lansky, Chair Farzad.
Jacques Bus Head of Unit, DG INFSO-F5 “Security” European Commission FP7 launch in the New Member States Regional on-line conference 22 January 2007 Objective.
Transforming Government Federal e-Authentication Initiative David Temoshok Director, Identity Policy and Management GSA Office of Governmentwide Policy.
Moving the National Health Information Technology Agenda Forward The Fourth Health Information Technology Summit March 28, 2007 Robert M. Kolodner, MD.
Creating an Interoperable Learning Health System for a Healthy Nation Jon White, M.D. Acting Deputy National Coordinator Office of the National Coordinator.
HIT Policy Committee Meeting Nationwide Health Information Network Governance June 25, 2010 Mary Jo Deering, PhD ONC, Office of Policy and Planning NHIN.
Don Thibeau, Executive Director, OpenID Foundation (OIDF) Drummond Reed, Executive Director, Information Card Foundation (ICF)
PHDSC Privacy, Security, and Data Sharing Committee Letter to Governors.
The State of Florida’s Advances in Supporting the Use of Health IT 2015 HIT Days State Capitol January 26, 2015 Agency for Health Care Administration Secretary.
EGI-InSPIRE RI EGI-InSPIRE EGI-InSPIRE RI Evolution of AAI for e- infrastructures Peter Solagna Senior Operations Manager.
INTRODUCTION TO IDENTITY FEDERATIONS Heather Flanagan, NSRC.
Connecting Technology: Achieving Better Health for Patients and Pharmacy Marsha K. Millonig, MBA, BSPharm Catalyst Enterprises, LLC 1 American Society.
Connecticut Ave NW, Washington, DC DirectTrust Collaborating to Build the Security and Trust Framework for Direct Exchange.
Joint Health IT Committee Meeting Precision Medicine Initiative Update March 10, 2016 P. Jon White, MD, Deputy National Coordinator for Health IT.
10/08/20041 © 2004 Pete Palmer Federated Identity Management and Regional Health Information Organizations Pete Palmer, Principal Security Analyst, Guidant.
The Federal E-Authentication Initiative David Temoshok Director, Identity Policy GSA Office of Governmentwide Policy February 12, 2004 The E-Authentication.
HIE Landscape in California
HIMSS National Conference New Orleans Convention Center
Health Information Exchange for Eligible Clinicians 2019
Presentation transcript:

1 David C. Kibbe, MD MBA DirectTrust Collaborating to Build the Security and Trust Framework for Direct Exchange June 20,

2 Office of the National Coordinator for Health Information Technology Mission and Goals – DirectTrust.org, Inc. (DirectTrust) is a voluntary, self- governing, non-profit trade alliance dedicated to the support of Directed exchange of health information, and to the growth of Directed exchange at national scale, through the establishment of policies, interoperability requirements, and business practice requirements that will enhance public confidence in privacy, security, and trust in identity. The latter, taken together, will create a Security and Trust Framework for the purpose of bridging multiple communities of trust. 2

3 Office of the National Coordinator for Health Information Technology 3 X.509 Certificate Policy Established X.509 Certificate Policy Established December 2011 X.509 Certificate Policy Established X.509 Certificate Policy Established December 2011 Accreditation Program Kick-off February 2013 Accreditation Program Kick-off February 2013 ONC Cooperative Agreement Award March 2013 ONC Cooperative Agreement Award March 2013 Trust Anchor Bundle Distribution Service Starts May 2013 Trust Anchor Bundle Distribution Service Starts May 2013 Direct exchange is PHI-containing transported over the Internet between parties that rely on one another for security and trust-in-identity. HISPs are “trusted agents” for relying parties. What is the mechanism for establishing “sufficient trust” between HISPs and their users/subscribers within a Direct PKI? More than technology is involved. Trust involves clarity, transparency, and choice as to how the technology is deployed, and assurances as to how relying parties are operating. Accreditation is one way to achieve this assurance. DirectTrust is an outgrowth of the Direct Project “Rules of the Road” Wg

More…

5 Office of the National Coordinator for Health Information Technology 5 DirectTrust Value Proposition Membership Members have an active role in setting the community’s common security and trust policies and business practices for universal exchange via Direct. Accreditation Provides assurance that HISP/CA/RAs have achieved the benchmark for security and trust-in-identity established by the community. Reduces the need to engage in one-to-one contractual agreements. Trust anchor bundle distribution Enables ‘technical trust’ for scalable cross-HISP exchange. HISPs that are accredited can add their trust anchor to the bundles, enabling them to seamlessly exchange with other HISPs who have their trust anchors in the same bundles.

6 Office of the National Coordinator for Health Information Technology Increase interoperability, decrease cost and complexity, and facilitate trust among participants using Direct for health information exchange of personal health information for health care improvements. Advance industry engagement in the Electronic Healthcare Network Accreditation Commission (EHNAC)-DirectTrust program for voluntary accreditation of HISPs, CAs, and RAs, who act as trusted agents on behalf of Direct exchange participants (DTAAP). Design, build out, and operate at scale a Trust Anchor Bundle Distribution Service, TABs, that transparently identifies attributes of anchor certificates from accredited HISPs, and distributes these anchors to the public, thereby permitting trust relationships to grow at “scale,” and removes the need for costly, time consuming, one-off contract negotiations between HISPs or their users/subscribers. 6 DirectTrust Priority Goals Under the EHIEGE Program

7 Security & Trust Framework EHNAC- DirectTrust Accreditation Program Trusted Anchor Bundle Distribution 7 The goal is to make it easy and inexpensive for trusted agents, e.g. HISPs, to voluntarily know of and follow the “ rules of the Road, ” while also easily and inexpensively knowing who else is following them. DirectTrust Approach Office of the National Coordinator for Health Information Technology

8 8 DirectTrust Approach Office of the National Coordinator for Health Information Technology Avoid this: With this!:

9 Scalable Trust is a strategy for enabling Directed exchange between a large number of endpoints, in this case HISPs and their users/subscribers. If “ scalable, ” – Trust should happen “ quickly ” and uniformly. – A “ complete ” network will be formed voluntarily. – Complexity and cost of establishing a network will decrease, while the value of the network itself will increase, as more nodes are added. – This “ network effect ” will be a by-product of making trust scalable. – Eliminates the need for one-off manual business agreements and technical connections If not “scalable,” – Parties will be forced to create one-off manual business agreements and technical connections increasing cost and complexity – Manual exchange and maintenance of trust anchors doesn’t scale beyond the smallest of numbers – N-squared problem. 9 Scalable Trust Office of the National Coordinator for Health Information Technology

10 Office of the National Coordinator for Health Information Technology If HISPs have to forge one-off contracts with each other, the cost of Directed exchange goes UP with each new user group, each new contract, and thus the value decreases. Complex. Rate limiting step. 10 Building a Network via Bi-directional Contracts is Unworkable

11 Office of the National Coordinator for Health Information Technology 11 Example of the DirectTrust Community KEY Trust relationship based on accreditation Trust relationship based on bi-directional contract Trust relationship based on participation agreement HISP BHISP A Provider A Provider B Centralized Trust Anchor Bundle Store HISP C Provider C

12 Office of the National Coordinator for Health Information Technology 12 Accredited HISP D HISP F HISP E BAA HIE 1 HIE 2 HIE 5 HIE 4 HIE 3 WSC KEY Trust relationship based on accreditation Trust relationship based on bi-directional contract Trust relationship based on participation agreement The Real World

13 Office of the National Coordinator for Health Information Technology Full Accreditation – Cerner Corporation – Informatics Corporation of America – MaxMD – Surescripts Candidate Accreditation – Covisint – Data Motion Inc. – Digicert, Inc. – Infomedtrix, L.L.C. – Inpriva, Inc. – MRO Corporation 13 Accreditation Status

14 Office of the National Coordinator for Health Information Technology Encourage your HISP vendor or HISP services providers in your state to become accredited and add their trust anchor to the trust bundle. This will enable seamless exchange across HISPs in your state. To have a seat at the table become a member or encourage your HISP vendor or HISP services providers in your state to join Public Agency Membership dues: – Serving population over 50,000: $1000 – Serving population under 50,000: $ How to Get Involved

15 Office of the National Coordinator for Health Information Technology DirectTrust Policies – Code of Ethics Code of Ethics – DirectTrust Community X.509 Digital Certificate Policy DirectTrust Community X.509 Digital Certificate Policy – Federation Agreement Federation Agreement Direct Trusted Agent Accreditation Program (DTAAP) DirectTrust Membership List 15 Resources

Feedback: Privacy Policy Feedback
Do Not Sell My Personal Information
About project: SlidePlayer Terms of Service

© 2024 SlidePlayer.com Inc. All rights reserved.