DirectTrust Announces Accreditation Criteria for New Suite of Registration Authority Programs Available for Public Review

Industry feedback desired during 60-day public review period through April 24

WASHINGTON, DC – February 23, 2023 – DirectTrust™, a non-profit healthcare industry alliance created to support secure, identity-verified electronic exchanges of protected health information, today announced a 60-day public comment and review period of the draft criteria for additions to its suite of Registration Authority Programs. The program criteria for review include Registration Authority (RA) Direct Secure Messaging criteria V1, Registration Authority (RA) Federal PKI criteria V1.0 along with Registration Authority (RA) for Credential Service Provider accreditation criteria which is a new program currently in beta phase.

“DirectTrust has offered a Registration Authority accreditation program for many years. Establishing this new set of criteria for public comment as we expand our suite of Registration Authority accreditation programs signals our continued dedication to meeting the growing demand for trusted credentials across healthcare organizations,” said Scott Stuewe, DirectTrust President and CEO. “The criteria review process is an essential part of our methodology and commitment to transparency as we look to all stakeholders in helping shape standards-based accreditation within our industry.”

Organizations that carry out identity proofing as the initial step for obtaining an identity credential are referred to as “Registration Authorities” by the National Institute of Standards and Technology (NIST) and other sources. These organizations register new users and verify the information users assert about themselves. NIST SP 800-63A offers prescriptive guidance on the processes that organizations and/or service providers should follow when identity proofing individuals both in person and remotely, dividing its guidance into three increasing identity assurance levels (IAL). Although the assurance level generally accepted by healthcare is IAL2, with the Registration Authority (RA) Federal PKI Criteria V1.0, DirectTrust evaluates organizations seeking federally defined assurance levels at IAL3 – the only accreditation program of the three that offer identity proofing at that assurance level.

DirectTrust’s accreditation and certification programs are governed by the organization’s Electronic Healthcare Network Accreditation Commission. This newly established suite of Registration Authority programs demonstrates DirectTrust’s commitment to accelerating interoperability across healthcare by delivering stakeholders with programs that directly align with the Trusted Exchange Framework and Common Agreement, including the Trusted Network Accreditation Program (TNAP). Last month, DirectTrust announced the TNAP-Participant accreditation program has been revised to address the published Recognized Coordinating Entity (RCE) requirements that Participants and Subparticipants must meet to participate with a Qualified Health Information Network (QHIN).

The DirectTrust criteria for each of its accreditation programs sets the foundational requirements for measuring an organization’s ability to meet/align with federal and state healthcare reform mandates such as HIPAA/HITECH, 21^st Century Cures Act, TEFCA and other mandates and best practices like NIST SP 800-63, for healthcare organizations focusing on the areas of trust, privacy, security, cybersecurity, breach handling, confidentiality, best practices, procedures and assets.

During the 60-day public review period, all interested stakeholders are encouraged to provide DirectTrust with opinions, comments and suggestions that will prove helpful in determining the necessity, appropriateness and workability of the criteria versions proposed for adoption after being reviewed and approved by the Commission. Visit DirectTrust.org for more details or visit the Commission’s criteria page to review the latest criteria and submit feedback during this comment period.

About DirectTrust
DirectTrust™ is a non-profit, vendor-neutral alliance dedicated to instilling trust in the exchange of health data. The organization serves as a forum for a consensus-driven community focused on health communication, an American National Standards Institute (ANSI) standards development organization, an accreditation and certification body through EHNAC (the Electronic Healthcare Network Accreditation Commission), and a developer of trust frameworks and supportive services for secure information exchange like Direct Secure Messaging and trusted, compliant document submission.

The goal of DirectTrust is to develop, promote, and, as necessary, help enforce the rules and best practices necessary to maintain privacy, security, and trust for stakeholders across and beyond healthcare. In addition, DirectTrust is committed to fostering widespread public confidence in the interoperable exchange of health information while promoting quality service, innovation, cooperation, and open competition in healthcare. To learn more, visit: DirectTrust.org.