Presentation is loading. Please wait.

Presentation is loading. Please wait.

Www.DirectTrust.org 1101 Connecticut Ave NW, Washington, DC 20036 Direct Exchange from Provider to Patient/Consumer ….and Back! David C. Kibbe, MD MBA.

Published byAntonia Walters Modified over 9 years ago

Similar presentations

Presentation on theme: "Www.DirectTrust.org 1101 Connecticut Ave NW, Washington, DC 20036 Direct Exchange from Provider to Patient/Consumer ….and Back! David C. Kibbe, MD MBA."— Presentation transcript:

1 www.DirectTrust.org 1101 Connecticut Ave NW, Washington, DC 20036 Direct Exchange from Provider to Patient/Consumer ….and Back! David C. Kibbe, MD MBA President and CEO, DirectTrust Senior Advisor, American Academy of Family Physicians August 23, 2013

2 www.DirectTrust.org 1101 Connecticut Ave NW, Washington, DC 20036 Mission and Goals: DirectTrust 2 DirectTrust.org, Inc. (DirectTrust) is a voluntary, self-governing, non-profit trade alliance dedicated to the support of Direct exchange of health information, and to the growth of Direct exchange at national scale, through the establishment of policies, interoperability requirements, and business practice requirements that will enhance public confidence in privacy, security, and trust in identity. The latter, taken together,create a Security and Trust Framework for the purpose of bridging multiple communities of trust. DirectTrust is the recipient of an ONC Cooperative Agreement award in the amount of $280,205 as part of the Exemplar HIE Governance Program. Within this Program, DirectTrust is charged by ONC with further development of the Direct Trusted Agent Accreditation Program, and the build out of a national trust anchor bundle distribution service for Direct exchange.

3 www.DirectTrust.org 1101 Connecticut Ave NW, Washington, DC 20036 Questions/issues to address today 3 What is the DirectTrust approach to establish and scale trust between parties in Direct exchanges, and how does this support BlueButton+? The BlueButton+ use case as “outbound-only” Direct email from provider to patient/consumer. What are the limitations or gaps in this use case? What are the opportunities for bi-directional BlueButton 2+

4 www.DirectTrust.org 1101 Connecticut Ave NW, Washington, DC 20036 DirectTrust members have established a standards-based approach to trusted Direct exchange over the Internet 4 The goal is to make it easy and inexpensive for trusted agents, e.g. HISPs, CAs, and RAs to voluntarily follow the “ rules of the road ” for privacy, security, and trust-in-identity controls, while also easily and inexpensively knowing who else is following them. Security & Trust Framework EHNAC- DirectTrust Accreditation Program Trust Anchor Bundle Distribution

5 www.DirectTrust.org 1101 Connecticut Ave NW, Washington, DC 20036 55 Health Information Service Provider (HISP) Healthcare Organization (HCO) Identity vetting at a specific level of Assurance, LoA. Certificate Authority (CA) Certificate Validation Service X.509 Certificate Issuance Service Revocation Services Certificate Signing Services Registration Authority (RA) Compile/Validate Identity and Trust Documentation The CA and RA enforce the policies specified in the DirectTrust and FBCA Certificate Policy (CP). Crediential issued on the basis of RA’s Identity vetting at specific LoA.. HCO Direct Addressees Basic services for user: DNS discovery; encryption; certificate signing and validation; send/receive MDNs; provide HISP-side of edge protocol connection compliance with Direct standard, The HISP enforces the policies specified in the DirectTrust HISP Policy (HP), and MUST use accredited RA and CA. The HCO relies on HISP, CA, and RA as accredited trusted agents, and bears ultimate responsibility for HIPAA privacy and security. Three separate roles and responsibilities from “trusted agents” combine to enable Direct exchange 1. 2. 3.

6 www.DirectTrust.org 1101 Connecticut Ave NW, Washington, DC 20036 DirectTrust Anchor Bundle DirectTrust Anchor Bundle for “scaling” of trust relationships Trust Community Anchor Distribution Site Bu Trust Bundle (PKCS7) HISP B Trust Store HISP C Trust Store HISP D Trust Store HISP A Trust Store HTTP(S) As of August, 2013, there are 10 accredited HISPs’ trust anchors in the Trust Anchor Bundle, leveraging 90 separate connections between the HISPs, and linking over 1,000 health care organizations to the DirectTrust network. 6

7 www.DirectTrust.org 1101 Connecticut Ave NW, Washington, DC 20036 This technology and trust framework supports Direct exchange between providers engaged in Stage 2 Meaningful Use programs DrBob@direct.familypractice.com (has been identity vetted, has X.509 Digital certificate bound to address.) DrSusan@direct.cardiology.com (has been identity vetted, has X.509 Digital certificate bound to address.) EHR encryption identity validation 7

8 www.DirectTrust.org 1101 Connecticut Ave NW, Washington, DC 20036 All of this technology and trust framework also supports BlueButton+ but as “outbound-only” from EHR to patient’s receiving system (edge client) DrSusan@direct.cardiology.com (has been identity vetted, has X.509 Digital certificate bound to verifiable address.) JohnDoe@direct.MyPHR.net (has NOT been identity vetted, has X.509 Digital certificate bound to non-verifiable address.) EHR“PHR” encryption identity validation * MyPHR.com 8

9 www.DirectTrust.org 1101 Connecticut Ave NW, Washington, DC 20036 Gaps in BB+ Direct exchange 1.Direct address supplied by patient-HISP and used by patient/consumer is not necessarily a verifiable end point, if certificate bound to address was issued at NIST Level of Assurance 1 (control of email address, but no proof of identity, e.g. presentation of Driver’s license, is required to obtain certificate). 2.Trust is not only about identity. No verifiable assertion by patient-HISPs of privacy and security controls being in place for “trust” anchors placed in to BB+ anchor bundle creates a potential risk for inbound messages from those sources. 3.Most provider HISPs, therefore, restrict BB+ to “outbound-only” Direct exchange to patient HISPs and to patients/consumers who are addressed by those patient HISPs. 9

10 www.DirectTrust.org 1101 Connecticut Ave NW, Washington, DC 20036 Opportunities for bi-directional Direct exchange between providers and patients Several patient/consumer oriented vendors in DirectTrust are: – asserting HIPAA compliance although not CEs – offering identity verification at LoA 2 or 3 prior to issuance of Direct address certificates for patients/consumers – seeking a pathway towards EHNAC-DirectTrust accreditation as HISPs, CAs, and/or RAs New product offerings are “next generation” PHRs or “medical information homes” that feature Direct exchange Bi-directional Direct exchange expected to gain momentum during 2014 10

11 www.DirectTrust.org 1101 Connecticut Ave NW, Washington, DC 20036 Contact Information David C. Kibbe MD, President and CEO DirectTrust.org David.Kibbe@DirectTrust.org kibbedavid@mac.com 913.205.7968 11

Download ppt "Www.DirectTrust.org 1101 Connecticut Ave NW, Washington, DC 20036 Direct Exchange from Provider to Patient/Consumer ….and Back! David C. Kibbe, MD MBA."

Similar presentations

© 1998-2003 ITU Telecommunication Development Bureau (BDT) – E-Strategy Unit.. Page - 1 Seminar on Standardization and ICT Development for the Information.

© ITU Telecommunication Development Bureau (BDT) – E-Strategy Unit.. Page - 1 Seminar on Standardization and ICT Development for the Information.
Experiences with Massive PKI Deployment and Usage Daniel Kouřil, Michal Procházka Masaryk University & CESNET Security and Protection of Information 2009.

Experiences with Massive PKI Deployment and Usage Daniel Kouřil, Michal Procházka Masaryk University & CESNET Security and Protection of Information 2009.
#CONNECT2013 Connecting for Good Loews Coronado Bay Resort, San Diego, California David C. Kibbe, MD MBA President and CEO, DirectTrust David C. Kibbe,

#CONNECT2013 Connecting for Good Loews Coronado Bay Resort, San Diego, California David C. Kibbe, MD MBA President and CEO, DirectTrust David C. Kibbe,
Certificate Interoperability S&I Framework Initiative Final Report August 17, 2011.

Certificate Interoperability S&I Framework Initiative Final Report August 17, 2011.
Www.DirectTrust.org 1101 Connecticut Ave NW, Washington, DC 20036 Understanding Patient Engagement in Stage 2 MU: Direct, HIPAA, VDT, and Patient Engagement.

Connecticut Ave NW, Washington, DC Understanding Patient Engagement in Stage 2 MU: Direct, HIPAA, VDT, and Patient Engagement.
1101 Connecticut Ave NW, Washington, DC 20036 1:00 pm EST, January 9, 2015 https://global.gotomeeting.com/meeting/join/930802605 (626)

1101 Connecticut Ave NW, Washington, DC :00 pm EST, January 9, (626)
1101 Connecticut Ave NW, Washington, DC 20036 2:00 pm ET, April 4, 2014 https://global.gotomeeting.com/meeting/join/930802605 (773)

1101 Connecticut Ave NW, Washington, DC :00 pm ET, April 4, (773)
SENDING SUMMARY OF CARE RECORDS AT TRANSITIONS OF CARE REGIONAL COORDINATION & DIRECTORY DEVELOPMENT 6/6/14 UW MEDICINE.

SENDING SUMMARY OF CARE RECORDS AT TRANSITIONS OF CARE REGIONAL COORDINATION & DIRECTORY DEVELOPMENT 6/6/14 UW MEDICINE.
Interoperability 1-21-2013 Kevin Schmidt Director, Clinical Network.

Interoperability Kevin Schmidt Director, Clinical Network.
Grid Security Infrastructure Tutorial Von Welch Distributed Systems Laboratory U. Of Chicago and Argonne National Laboratory.

Grid Security Infrastructure Tutorial Von Welch Distributed Systems Laboratory U. Of Chicago and Argonne National Laboratory.
The SAFE-BioPharma Identity Proofing Process Author of Record SWG (Digital Credentials) October 3, 2012 Peter Alterman, Ph.D. Chief Operating Officer,

The SAFE-BioPharma Identity Proofing Process Author of Record SWG (Digital Credentials) October 3, 2012 Peter Alterman, Ph.D. Chief Operating Officer,
1101 Connecticut Ave NW, Washington, DC 20036 2:00 pm EDT, July 11, 2014 https://global.gotomeeting.com/meeting/join/930802605 (773)

1101 Connecticut Ave NW, Washington, DC :00 pm EDT, July 11, (773)
Www.DirectTrust.org 1101 Connecticut Ave NW, Washington, DC 20036 Direct Texting A Concept/Proposal from DirectTrust to In-Bundle HISPs and CAs Direct.

Connecticut Ave NW, Washington, DC Direct Texting A Concept/Proposal from DirectTrust to In-Bundle HISPs and CAs Direct.
Www.DirectTrust.org 1101 Connecticut Ave NW, Washington, DC 20036 September 30, 2014 David C. Kibbe, MD MBA President and CEO, DirectTrust Luis Maas, MD.

Connecticut Ave NW, Washington, DC September 30, 2014 David C. Kibbe, MD MBA President and CEO, DirectTrust Luis Maas, MD.
NHIN Direct Project Communications Work Group Message for State HIE/RECs August 30, 2010.

NHIN Direct Project Communications Work Group Message for State HIE/RECs August 30, 2010.
Direct Project Scalable Trust and Trust Bundles. 12/06/10 Overview What is Scalable Trust State of Trust Trust Issues Trust Solutions Trust Bundle Demo.

Direct Project Scalable Trust and Trust Bundles. 12/06/10 Overview What is Scalable Trust State of Trust Trust Issues Trust Solutions Trust Bundle Demo.
PKI in US Higher Education TAGPMA Meeting, March 2006 Rio De Janeiro, Brazil.

PKI in US Higher Education TAGPMA Meeting, March 2006 Rio De Janeiro, Brazil.
David L. Wasley Information Resources & Communications Office of the President University of California Directories and PKI Basic Components of Middleware.

David L. Wasley Information Resources & Communications Office of the President University of California Directories and PKI Basic Components of Middleware.
E-Procurement: Digital Signatures and Role of Certifying Authorities Jagdeep S. Kochar CEO, (n)Code Solutions.

E-Procurement: Digital Signatures and Role of Certifying Authorities Jagdeep S. Kochar CEO, (n)Code Solutions.
Introduction to PKI Seminar What is PKI? Robert Brentrup July 13, 2004.

Introduction to PKI Seminar What is PKI? Robert Brentrup July 13, 2004.

Similar presentations

Ads by Google