Presentation is loading. Please wait.

Presentation is loading. Please wait.

1 David C. Kibbe, MD MBA DirectTrust Collaborating to Build the Security and Trust Framework for Direct Exchange June 20, 2013.

Published byAlan Ross Modified over 8 years ago

Similar presentations

Presentation on theme: "1 David C. Kibbe, MD MBA DirectTrust Collaborating to Build the Security and Trust Framework for Direct Exchange June 20, 2013."— Presentation transcript:

1 1 David C. Kibbe, MD MBA David.Kibbe@DirectTrust.org DirectTrust Collaborating to Build the Security and Trust Framework for Direct Exchange June 20, 2013 1

2 2 Office of the National Coordinator for Health Information Technology Mission and Goals – DirectTrust.org, Inc. (DirectTrust) is a voluntary, self- governing, non-profit trade alliance dedicated to the support of Directed exchange of health information, and to the growth of Directed exchange at national scale, through the establishment of policies, interoperability requirements, and business practice requirements that will enhance public confidence in privacy, security, and trust in identity. The latter, taken together, will create a Security and Trust Framework for the purpose of bridging multiple communities of trust. 2

3 3 Office of the National Coordinator for Health Information Technology 3 X.509 Certificate Policy Established X.509 Certificate Policy Established December 2011 X.509 Certificate Policy Established X.509 Certificate Policy Established December 2011 Accreditation Program Kick-off February 2013 Accreditation Program Kick-off February 2013 ONC Cooperative Agreement Award March 2013 ONC Cooperative Agreement Award March 2013 Trust Anchor Bundle Distribution Service Starts May 2013 Trust Anchor Bundle Distribution Service Starts May 2013 Direct exchange is PHI-containing email transported over the Internet between parties that rely on one another for security and trust-in-identity. HISPs are “trusted agents” for relying parties. What is the mechanism for establishing “sufficient trust” between HISPs and their users/subscribers within a Direct PKI? More than technology is involved. Trust involves clarity, transparency, and choice as to how the technology is deployed, and assurances as to how relying parties are operating. Accreditation is one way to achieve this assurance. DirectTrust is an outgrowth of the Direct Project “Rules of the Road” Wg

4 More… www.DirectTrust.org

5 5 Office of the National Coordinator for Health Information Technology 5 DirectTrust Value Proposition Membership Members have an active role in setting the community’s common security and trust policies and business practices for universal exchange via Direct. Accreditation Provides assurance that HISP/CA/RAs have achieved the benchmark for security and trust-in-identity established by the community. Reduces the need to engage in one-to-one contractual agreements. Trust anchor bundle distribution Enables ‘technical trust’ for scalable cross-HISP exchange. HISPs that are accredited can add their trust anchor to the bundles, enabling them to seamlessly exchange with other HISPs who have their trust anchors in the same bundles.

6 6 Office of the National Coordinator for Health Information Technology Increase interoperability, decrease cost and complexity, and facilitate trust among participants using Direct for health information exchange of personal health information for health care improvements. Advance industry engagement in the Electronic Healthcare Network Accreditation Commission (EHNAC)-DirectTrust program for voluntary accreditation of HISPs, CAs, and RAs, who act as trusted agents on behalf of Direct exchange participants (DTAAP). Design, build out, and operate at scale a Trust Anchor Bundle Distribution Service, TABs, that transparently identifies attributes of anchor certificates from accredited HISPs, and distributes these anchors to the public, thereby permitting trust relationships to grow at “scale,” and removes the need for costly, time consuming, one-off contract negotiations between HISPs or their users/subscribers. 6 DirectTrust Priority Goals Under the EHIEGE Program

7 7 Security & Trust Framework EHNAC- DirectTrust Accreditation Program Trusted Anchor Bundle Distribution 7 The goal is to make it easy and inexpensive for trusted agents, e.g. HISPs, to voluntarily know of and follow the “ rules of the Road, ” while also easily and inexpensively knowing who else is following them. DirectTrust Approach Office of the National Coordinator for Health Information Technology

8 8 8 DirectTrust Approach Office of the National Coordinator for Health Information Technology Avoid this: With this!:

9 9 Scalable Trust is a strategy for enabling Directed exchange between a large number of endpoints, in this case HISPs and their users/subscribers. If “ scalable, ” – Trust should happen “ quickly ” and uniformly. – A “ complete ” network will be formed voluntarily. – Complexity and cost of establishing a network will decrease, while the value of the network itself will increase, as more nodes are added. – This “ network effect ” will be a by-product of making trust scalable. – Eliminates the need for one-off manual business agreements and technical connections If not “scalable,” – Parties will be forced to create one-off manual business agreements and technical connections increasing cost and complexity – Manual exchange and maintenance of trust anchors doesn’t scale beyond the smallest of numbers – N-squared problem. 9 Scalable Trust Office of the National Coordinator for Health Information Technology

10 10 Office of the National Coordinator for Health Information Technology If HISPs have to forge one-off contracts with each other, the cost of Directed exchange goes UP with each new user group, each new contract, and thus the value decreases. Complex. Rate limiting step. 10 Building a Network via Bi-directional Contracts is Unworkable

11 11 Office of the National Coordinator for Health Information Technology 11 Example of the DirectTrust Community KEY Trust relationship based on accreditation Trust relationship based on bi-directional contract Trust relationship based on participation agreement HISP BHISP A Provider A Provider B Centralized Trust Anchor Bundle Store HISP C Provider C

12 12 Office of the National Coordinator for Health Information Technology 12 Accredited HISP D HISP F HISP E BAA HIE 1 HIE 2 HIE 5 HIE 4 HIE 3 WSC KEY Trust relationship based on accreditation Trust relationship based on bi-directional contract Trust relationship based on participation agreement The Real World

13 13 Office of the National Coordinator for Health Information Technology Full Accreditation – Cerner Corporation – Informatics Corporation of America – MaxMD – Surescripts Candidate Accreditation – Covisint – Data Motion Inc. – Digicert, Inc. – Infomedtrix, L.L.C. – Inpriva, Inc. – MRO Corporation 13 Accreditation Status

14 14 Office of the National Coordinator for Health Information Technology Encourage your HISP vendor or HISP services providers in your state to become accredited and add their trust anchor to the trust bundle. This will enable seamless exchange across HISPs in your state. To have a seat at the table become a member or encourage your HISP vendor or HISP services providers in your state to join http://www.directtrust.org/membership-eligi/.http://www.directtrust.org/membership-eligi/ Public Agency Membership dues: – Serving population over 50,000: $1000 – Serving population under 50,000: $500 14 How to Get Involved

15 15 Office of the National Coordinator for Health Information Technology DirectTrust Policies – Code of Ethics Code of Ethics – DirectTrust Community X.509 Digital Certificate Policy DirectTrust Community X.509 Digital Certificate Policy – Federation Agreement Federation Agreement Direct Trusted Agent Accreditation Program (DTAAP) DirectTrust Membership List 15 Resources

Download ppt "1 David C. Kibbe, MD MBA DirectTrust Collaborating to Build the Security and Trust Framework for Direct Exchange June 20, 2013."

Similar presentations

#CONNECT2013 Connecting for Good Loews Coronado Bay Resort, San Diego, California David C. Kibbe, MD MBA President and CEO, DirectTrust David C. Kibbe,

#CONNECT2013 Connecting for Good Loews Coronado Bay Resort, San Diego, California David C. Kibbe, MD MBA President and CEO, DirectTrust David C. Kibbe,
The Internet2 NET+ Services Program Jerry Grochow Interim Vice President CSG January, 2012.

The Internet2 NET+ Services Program Jerry Grochow Interim Vice President CSG January, 2012.
ONC Policy and Program Update Health IT Standards Committee Meeting February 20, 2013 Jodi Daniel, Office of Policy and Planning, ONC.

ONC Policy and Program Update Health IT Standards Committee Meeting February 20, 2013 Jodi Daniel, Office of Policy and Planning, ONC.
Interoperability Roadmap Comments Sections E, F, and G Transport & Security Standards Workgroup Dixie Baker, chair Lisa Gallagher, co-chair March 11, 2015.

Interoperability Roadmap Comments Sections E, F, and G Transport & Security Standards Workgroup Dixie Baker, chair Lisa Gallagher, co-chair March 11, 2015.
Identity Federation Rules and Process Linda Elliott President, PingID Network Electronic Authentication Partnership Washington, DC February 12, 2004.

Identity Federation Rules and Process Linda Elliott President, PingID Network Electronic Authentication Partnership Washington, DC February 12, 2004.
Certificate Interoperability S&I Framework Initiative Final Report August 17, 2011.

Certificate Interoperability S&I Framework Initiative Final Report August 17, 2011.
1101 Connecticut Ave NW, Washington, DC 20036 1:00 pm EST, January 9, 2015 https://global.gotomeeting.com/meeting/join/930802605 (626)

1101 Connecticut Ave NW, Washington, DC :00 pm EST, January 9, (626)
1101 Connecticut Ave NW, Washington, DC 20036 2:00 pm ET, April 4, 2014 https://global.gotomeeting.com/meeting/join/930802605 (773)

1101 Connecticut Ave NW, Washington, DC :00 pm ET, April 4, (773)
Interoperability 1-21-2013 Kevin Schmidt Director, Clinical Network.

Interoperability Kevin Schmidt Director, Clinical Network.
Www.DirectTrust.org 1101 Connecticut Ave NW, Washington, DC 20036 Direct Exchange from Provider to Patient/Consumer ….and Back! David C. Kibbe, MD MBA.

Connecticut Ave NW, Washington, DC Direct Exchange from Provider to Patient/Consumer ….and Back! David C. Kibbe, MD MBA.
1101 Connecticut Ave NW, Washington, DC 20036 2:00 pm EDT, July 11, 2014 https://global.gotomeeting.com/meeting/join/930802605 (773)

1101 Connecticut Ave NW, Washington, DC :00 pm EDT, July 11, (773)
Www.DirectTrust.org 1101 Connecticut Ave NW, Washington, DC 20036 September 30, 2014 David C. Kibbe, MD MBA President and CEO, DirectTrust Luis Maas, MD.

Connecticut Ave NW, Washington, DC September 30, 2014 David C. Kibbe, MD MBA President and CEO, DirectTrust Luis Maas, MD.
Direct Project Scalable Trust and Trust Bundles. 12/06/10 Overview What is Scalable Trust State of Trust Trust Issues Trust Solutions Trust Bundle Demo.

Direct Project Scalable Trust and Trust Bundles. 12/06/10 Overview What is Scalable Trust State of Trust Trust Issues Trust Solutions Trust Bundle Demo.
HISP-to-HISP Discussion May 13, 2013. HISP Definition What is a HISP? An organization that provides security and transport services for directed exchange.

HISP-to-HISP Discussion May 13, HISP Definition What is a HISP? An organization that provides security and transport services for directed exchange.
Understanding and Leveraging MU2 Optional Transports Paul M. Tuten, PhD Senior Consultant, ONC Leader, Implementation Geographies Workgroup, Direct Project.

Understanding and Leveraging MU2 Optional Transports Paul M. Tuten, PhD Senior Consultant, ONC Leader, Implementation Geographies Workgroup, Direct Project.
ONC HIT Policy Committee Interoperability and HIE Workgroup Panel 3: State/Federal Perspectives August 22, 2014 Jennifer Fritz, MPH Deputy Director Office.

ONC HIT Policy Committee Interoperability and HIE Workgroup Panel 3: State/Federal Perspectives August 22, 2014 Jennifer Fritz, MPH Deputy Director Office.
1101 Connecticut Ave NW, Washington, DC 20036 2:00 pm EDT, May 2, 2014 https://global.gotomeeting.com/meeting/join/930802605 (773)

1101 Connecticut Ave NW, Washington, DC :00 pm EDT, May 2, (773)
Introduction to OIX: A Market Solution to Online Identity Trust Don Thibeau.

Introduction to OIX: A Market Solution to Online Identity Trust Don Thibeau.
Www.DirectTrust.org 1101 Connecticut Ave NW, Washington, DC 20036 Direct Exchange An Introduction for Providers Engaged in Stage 2 Meaningful Use David.

Connecticut Ave NW, Washington, DC Direct Exchange An Introduction for Providers Engaged in Stage 2 Meaningful Use David.
HIE Implementation in Michigan for Improved Health As approved by the Michigan Health Information Technology Commission on March 4, 2009.

HIE Implementation in Michigan for Improved Health As approved by the Michigan Health Information Technology Commission on March 4, 2009.

Similar presentations

Ads by Google