Certificate Issuance

Supporting technical trust for multiple interoperability exchange modalities

About Certificate Issuance:

Digital certificates are the foundation of trust across many of healthcare’s secure data exchange protocols. DirectTrust plays a central role in enabling and governing certificate issuance across several major areas of interoperability: Direct Secure Messaging, Query-Based Exchange, and Facilitated FHIR in TEFCA. Each has distinct technical requirements, communities, and trust frameworks supported through DirectTrust governance or operational services.

Technical Trust

Certificate issuance is a key component to supporting technical trust in interoperability. This presentation from DirectTrust at ViVE 25 offers valuable insights into how trust is built and can scale through technical trust.

Watch the Session

Certificate Issuance by Exchange Modality:

Direct Secure Messaging

Direct Secure Messaging:

DirectTrust maintains and governs the Accredited Trust Anchor Bundle (ATAB), which is a vetted collection of trust anchors from Accredited Certificate Authorities (CAs) participating in Direct Secure Messaging. These CAs issue certificates to identity-proofed organizations and individuals for use within secure healthcare workflows, such as referrals, care coordination, and transitions of care. All certificates within this trust framework conform to DirectTrust’s technical and policy standards and are interoperable across the entire DirectTrust network. The ecosystem includes dozens of accredited HISPs (Health Information Service Providers) and CAs that ensure strong identity, privacy, and security foundations for millions of Direct addresses in production use today.

Find more information about the Accredited Trust Anchor Bundle here.

Find more information about Accredited Certificate Authorities and HISPs here.

Query-Based Exchange

Query-Based Exchange:

A subset of DirectTrust Accredited Certificate Authorities (CAs) issue certificates specifically for Query-Based Exchange use cases, such as participation in eHealth Exchange and Carequality. DirectTrust coordinates the certificate issuance intake process and manages the relationships among participants, implementers, and the CAs. This coordination ensures that certificates meet the unique technical and governance requirements of these national exchange frameworks while preserving trust and interoperability.

Find more information about the Sequoia Initiatives Trust Bundle here.

Facilitated FHIR

Facilitated FHIR:

DirectTrust operates a Root Certificate Authority (CA) dedicated to Facilitated FHIR as part of a new trust infrastructure designed to support FHIR-based exchange under TEFCA (Trusted Exchange Framework and Common Agreement). This Root is purpose-built to issue intermediate certificates to DirectTrust Accredited CAs who will support scalable, standards-based API exchange between QHINs and TEFCA participants. As the TEFCA ecosystem evolves, DirectTrust is well positioned to serve participants with automated certificate issuance aligned to future FHIR exchange needs under the governance of the Recognized Coordinating Entity and applicable policies. The list of CAs that have been authorized to serve QHINs under TEFCA are listed here.

Find more information about the DirectTrust PKI (TEFCA CA Participation) Trust List here.

Direct Secure Messaging

Learn More about Direct Secure Messaging

Accreditation

Learn More about DirectTrust Accreditation