Trust Framework

Secure and trusted health information exchange is fueled by the Direct Standard™ and our robust national network

About Trust Frameworks

Trust Frameworks provide a common set of agreed upon standards for disparate entities to establish trust. Ensuring all organizations meet the same agreements and requirements allows for forgoing additional legal contracts or peer-to-peer agreements. This is often referred to as “scalable” trust, because each new connection between organizations and their users/clients grows the network of exchange participants at an exponential, rather than linear, rate.

DirectTrust Trust Bundles

Access the Trust Bundle application and member information

DirectTrust’s Trust-In-Identity Belief

Our organization’s lifeblood is trust. As a non-profit that instills trust-in-identity, we enable secure health data exchange between millions of providers and provider organizations. The DirectTrust network, built with privacy and security in mind, starts by identity-proofing participants in health information exchange – even when those participants are patients.

A sender must have confidence that a receiver is known and trusted for secure health information exchange to occur. Our PKI framework ensures the security of encrypted messages – only the intended recipient can decrypt the message. As the market moves toward FHIR, trust-in-identity and security is still essential and DirectTrust is working to fill the trust gap in the new ecosystem.

As patients/consumers get access to apps that can connect to their healthcare data, a national fabric for identity is valuable. We’re eager to work with others in healthcare to use our knowledge to advance approaches that can work, scale, and enhance security and privacy, not undermine it.

Benefits of DirectTrust Trust Framework

Risk Mitigation

DirectTrust anchor certificates assert a “gold standard” of accreditation for privacy, security and trust-in-identity has been met by HISPs, CAs, and RAs included in DirectTrust bundles. DirectTrust bundles openly and transparently define a community of service providers who are trustworthy and can be relied up to meet and uphold a high level of security and identity controls.

Convenience and Cost Savings

DirectTrust takes the cost, worry, and hassle out of managing certificate additions, refreshes, and revocation for participating HISPs and CAs. Centralized and secure “one stop” access to current, up-to-date anchor certificates mitigates the time and cost HISPs would otherwise expend gathering each other’s certificates. Having these certificates available “on demand” at all times means that HISPs can update their trust certificate stores whenever it suits them and without depending on counterparties or their schedules.

Insurance Against Service Delays and Interruptions for Customers

Meticulous attention to detail in reviewing trust anchor certificates will avoid “downstream” errors, delays, and interruptions in Direct exchange between HISPs’ and their subscribers.

Network Benefits

DirectTrust anchor certificate bundles define a “network of networks” over which Direct Secure Messages can flow without impediment or barriers. HISPs that display the DirectTrust Accredited HISP mark and have been accepted into a DirectTrust anchor bundle don’t have to worry about additional one-off connections or contracts to establish interoperability.

Trust Framework Concepts

Trust Communities

Trust Communities are formed by organizations voluntarily electing to follow a common set of standards, policies, and processes related to health information exchange. Examples of these policies include identity-proofing policies, certificate management policies, and HIPAA compliance processes. DirectTrust is one of largest trust communities for health information exchange in the country.

Trust Community Profile

A Trust Community Profile is a specific set of requirements to be followed by selected organizations that wish to voluntarily conform to them, all of which is transparent and open to public view. The DirectTrust community has agreed on a Security and Trust Framework to guide the community’s use of Direct Secure Messaging among providers and between providers and patients/consumers. Adherence to this Framework’s policies and practices is asserted when a community member’s trust anchor is accepted into a DirectTrust anchor bundle.

Trust Bundle

More on DirectTrust Trust Bundles

A Trust Bundle is a collection of trust anchors (those high-level digital certificates utilized to establish initial trust during Direct Secure Messaging exchange, as opposed to end-entity Direct certificates) that meet a common set of minimum requirements expressed in a Trust Community Profile.

The value of these Trust Bundles is that relying parties may include the trust anchors contained in the bundle into their STA implementations (trust stores) with the confidence that it is a secure source to obtain these trust anchors, along with providing a transparent view of each trust anchor’s adherence to the Trust Community Profile in order to help you make informed trust decisions.