About Identity

DirectTrust Identity allows technical trust of people, organizations, devices, and patients for secure and interoperable exchange

SAFE Identity is now DirectTrust Identity

DirectTrust has acquired the assets of SAFE Identity, formerly known as SAFE-BioPharma, as a means to strengthen our identity assurance capabilities and further enable the interoperable flow of health data.

SAFE Identity and DirectTrust are both vibrant consensus-driven PKI-based trust communities with complementary missions:

  • DirectTrust enables assurance in security and trust in identity for health information exchange
  • SAFE Identity enables the security and identity assurance for pharmaceutical companies and the federal agencies they need to connect to

Instilling trust in interoperable exchange starts with identity – confidently knowing and trusting the identity of a person, organization, or device.  Trust Frameworks provide the structure and foundation, including identity verification, to enable interoperability at scale.

Incorporating SAFE Identity’s assets and Trust Framework into DirectTrust allows the opportunity to advance trusted communication and identity, strengthen our PKI competency, diversify to new use cases and possibilities, as well as enable trusted exchange in new contexts and sectors.

Read on to learn more about DirectTrust Identity and Trust Frameworks, or check out our Frequently Asked Questions.

About Trust Frameworks

Learn more about Trust Frameworks

DirectTrust’s Trust-In-Identity Belief

Our organization’s lifeblood is trust. As a non-profit that instills trust-in-identity, we enable secure health data exchange between millions of providers and provider organizations. The DirectTrust network, built with privacy and security in mind, starts by identity-proofing participants in health information exchange – even when those participants are patients.

A mechanism is needed to know and trust the identity of a person/organization sending a message or signing a document.  A PKI trust framework ensures that only the intended recipient can access the data.  As the market moves toward FHIR, trust-in-identity and security are still essential and DirectTrust is working to fill the trust gap in the new ecosystem.

As patients/consumers get access to apps that can connect to their healthcare data, a national fabric for identity is valuable. We’re eager to work with others in healthcare to use our knowledge to advance approaches that can work, scale, and enhance security and privacy, not undermine it.

What is a Trust Framework?

Trust Frameworks provide a common set of agreed upon standards and policies for disparate entities to establish trust. Ensuring all organizations meet the same agreements and requirements allows forgoing additional legal contracts or peer-to-peer agreements. This is often referred to as “scalable” trust, because each new connection between organizations and their users/clients grows the network of exchange participants at an exponential, rather than linear, rate. In the case of digital identity in online transactions, the Trust Framework provides policy and technical interoperability for the issuers of digital identity credentials, the individuals asserting their identities, and the organizations relying on the identity assertions linked to the digital credentials. 

Learn more about the attributes of a Trust Framework below, or download our infographic.


The common set of minimum requirements (policies) for network participants, identity providers, or users. The policies are published, allowing organizations that depend on those policies to conduct business to make a determination concerning trust.

Example: DirectTrust Certificate Policy


The process of ensuring adherence to all Trust Framework requirements. DirectTrust federates trust by accrediting HISPs, Certificate Authorities, and Registration Authorities. Issuers within trust in identity environments are approved or revoked through regular audits and monitoring.


The ability for information or credentials to be accepted and used easily and seamlessly by using a common set of standards.


The technical mechanisms of delivering a single source of truth of who/what is trusted.

Example: The DirectTrust Aggregated Directory


The minimum obligations for being in accordance with the law, and/or with verifying the validity of a human identity before binding it to a digital credential.

Technical Standards

DirectTrust Standards develops standards and specifications that when adopted enable and promote healthcare interoperability using Direct exchange and/or trust frameworks.

Examples: The Direct Standard, Trusted Instant Messaging Plus (TIM+), Event Notifications via Direct, DirectTrust Identity