About Identity
DirectTrust Identity allows technical trust of people, organizations, devices, and patients for secure and interoperable exchange
DirectTrust’s Trust-In-Identity Belief
Our organization’s lifeblood is trust. As a non-profit that instills trust-in-identity, we enable secure health data exchange between millions of providers and provider organizations. The DirectTrust network, built with privacy and security in mind, starts by identity-proofing participants in health information exchange – even when those participants are patients.
A mechanism is needed to know and trust the identity of a person/organization sending a message or signing a document. A PKI trust framework ensures that only the intended recipient can access the data. As the market moves toward FHIR, trust-in-identity and security are still essential and DirectTrust is working to fill the trust gap in the new ecosystem.
As patients/consumers get access to apps that can connect to their healthcare data, a national fabric for identity is valuable. We’re eager to work with others in healthcare to use our knowledge to advance approaches that can work, scale, and enhance security and privacy, not undermine it.
What is a Trust Framework?
Trust Frameworks provide a common set of agreed upon standards and policies for disparate entities to establish trust. Ensuring all organizations meet the same agreements and requirements allows forgoing additional legal contracts or peer-to-peer agreements. This is often referred to as “scalable” trust, because each new connection between organizations and their users/clients grows the network of exchange participants at an exponential, rather than linear, rate. In the case of digital identity in online transactions, the Trust Framework provides policy and technical interoperability for the issuers of digital identity credentials, the individuals asserting their identities, and the organizations relying on the identity assertions linked to the digital credentials.
Learn more about the attributes of a Trust Framework below, or download our infographic.
Governance
The common set of minimum requirements (policies) for network participants, identity providers, or users. The policies are published, allowing organizations that depend on those policies to conduct business to make a determination concerning trust.
Example: DirectTrust Certificate Policy
Certification
The process of ensuring adherence to all Trust Framework requirements. DirectTrust federates trust by accrediting HISPs, Certificate Authorities, and Registration Authorities. Issuers within trust in identity environments are approved or revoked through regular audits and monitoring.
Interoperability
The ability for information or credentials to be accepted and used easily and seamlessly by using a common set of standards.
Infrastructure
The technical mechanisms of delivering a single source of truth of who/what is trusted.
Example: The DirectTrust Aggregated Directory
Legality
The minimum obligations for being in accordance with the law, and/or with verifying the validity of a human identity before binding it to a digital credential.
Technical Standards
DirectTrust Standards develops standards and specifications that when adopted enable and promote healthcare interoperability using Direct exchange and/or trust frameworks.
Examples: The Direct Standard, Trusted Instant Messaging Plus (TIM+), Event Notifications via Direct, DirectTrust Identity