DirectTrust™ believes we have an important role in national-scale trusted health information exchange. Our core competencies were forged in support of Direct Secure Messaging, and the DirectTrust community has matured to a vibrant national network in its own right. Over the past four years, we have been in the process of building a generalized trust model which is applicable across the healthcare ecosystem. We have bolstered our ability in each of our community’s core competencies: policy development, technical trust and trust in identity, standards development, and as was recently announced, accreditation.
Since our beginnings, DirectTrust has had a mission of instilling trust in health information exchange with a goal of improving health and care for all people.
In regards to each of the aforementioned core competencies, this is how we see the whole picture fitting together (paraphrased from our strategic plan).
We believe that:
- Improving the care experience for all will improve health.
- Interoperability improves care experience and reduces cost.
- Interoperability relies on standards-based exchange.
- The utilization of standards facilitates information flow.
- Information flow requires exchange parties to trust one another.
- Trust requires confidence in standards and policy compliance on matters of privacy, security, and identity.
- Policy compliance and standards conformance is assured through trustworthy accreditation.
- Governance of accreditation is overseen by a community of diverse stakeholders.
For the DirectTrust network, these statements are the foundation of our mission – with a focus on interoperability through Direct Secure Messaging.
A Trust Framework is a Three-Legged Stool
The Trust Framework that enables Direct Secure Messaging has three interdependent facets:
- First, the Direct Standard® (which our community maintains) defines our technical specification that participants utilize to define both the exchange mechanism and a trust-in-identity capability. It is stipulated in federal regulation.
- Second, we set and enforce policies and maintain agreements that allow for trust to be scalable across dozens of networks, thousands of organizations, and millions of users. You might call this “technical trust.” It’s a mechanism to understand the identity of an exchange partner and what policies they adhere to.
- And last, but not least: the accreditation of the operators of our network.
Reliable standards, coherent, consensus-based policies, and rigorous accreditation work together to make information exchange trustworthy.
Speaking of Accreditation: Our Latest Move
Recently merging our organization with the Electronic Healthcare Network Accreditation Commission (EHNAC) gives DirectTrust a broad-based set of accreditation capabilities and programs that support stakeholder trust across the many different kinds of healthcare networks.
Trust is assured by independent certification. This is conducted by a team of seasoned assessors ensuring that an exchange network actor adheres to defined standards, policies and regulations as well as industry best practices. The criteria for the over 20 EHNAC programs are derived from these elements and advanced by industry experts. Then the controls are refined and approved by a consensus process that involves all the interested stakeholders.
This is all done with the goal of mitigating risk and maintaining trust. This merger extends DirectTrust’s accreditation programs across the industry.
Part of an Ongoing Growth Process
The merger with EHNAC follows two previous growth activities for DirectTrust. First, our recognition as an ANSI-accredited standards development organization to develop new technical standards for exchange and identity assurance, and second, our acquisition of SAFE Identity which allowed us to generalize our technical trust capabilities. The SAFE assets are now called DirectTrust Identity.
Our initial scope for DirectTrust Standards was to shepherd the Direct Standard® through the ANSI approval process. In May of 2021, we published our first ANSI-approved standard specification and since then have launched many additional consensus-based efforts. These efforts cover both extensions of the Direct Standard® , like our Event Notifications via the Direct Standard®, and new standards for healthcare communication and identity assurance, like Trusted Instant Messaging Plus (TIM+). New work on a national identifier and on simplified referrals for social care are our latest efforts.
DirectTrust Identity represents our efforts to generalize technical trust beyond Direct Secure Messaging and Public Key Infrastructure (PKI) to cover other exchange paradigms and document signing. The SAFE acquisition brought in new healthcare stakeholders from the pharmaceutical industry that have utilized trustworthy credentials to communicate sensitive and proprietary information. They rely on our Trust Framework to protect these communications.
As the industry begins to focus on API-based information exchange, there is a need for a Trust Framework that protects the same health data accessed using new technologies. Existing exchange mechanisms will continue, but as consumers enter this ecosystem, they represent a new and vulnerable actor in the information exchange space.
Consumers expect to use their smartphones to access their health data. New standards for exchange also provide new capabilities for business-to-business exchange. Fast Healthcare Interoperability Resources (FHIR®) is now required for Electronic Health Record (EHR) system deployments initially for consumers to use. The expectation is that FHIR will transition to the dominant mechanism for query-based exchange over the next decade. For this to happen, the industry needs a consistent mechanism for technical trust that operates both for consumers and for organizations.
Tying it All Together: 1+1=4
As an example of what our recently combined organization will be capable of, DirectTrust and EHNAC have been in a two-year collaboration with the CARIN Alliance to craft a credential policy for use by consumers in healthcare. As consensus develops around this policy, accreditation programs for Credential Service Providers that aligns with this policy will be needed.
This is how the newly expanded DirectTrust is greater than the sum of our two combined parts. Our focus on trust-in-identity, coupled with the combined strengths of two organizations in standards development, community engagement, and accreditation, provides a trustworthy platform to forge an interoperable future for all healthcare stakeholders.