Frequently Asked Questions (FAQ)
No. To exchange messages via Direct, you will need to partner with a HISP (health information service provider). DirectTrust Accredited HISPs have undergone a rigorous testing and audit process to show that they are in compliance with the DirectTrust Policies.
DirectTrust Accreditation Programs
“Participation in the DirectTrust Network as a HISP, CA or RA requires accreditation from DirectTrust. DirectTrust Accreditation ensures that all of the entities in the DirectTrust Network all conform to the same policies.
Any HISP that wishes to exchange messages within the DirectTrust Network MUST be DirectTrust Accredited and participate in the Accredited Trust Anchor Bundle.
Any CA that wishes to issue Certificates for use in the DirectTrust Network must be accredited by DirectTrust. Every DirectTrust Accredited CA must use a DirectTrust Accredited Registration Authority.”
Accreditation of your HISP, CA or RA by DirectTrust brings recognition that your organization operates at a very high level of privacy, security, and trust in identity, and signals to users/subscribers that you are a trustworthy agent and service provider for Direct Secure Messaging. Accreditation also means that your anchor certificates may be included in the DirectTrust Network, and for use by relying parties in Direct exchange. Distribution of trusted anchor bundles is DirectTrust members’ way of creating federated trust among the DirectTrust community, eliminating the need for most costly bi-directional contracts and time-consuming negotiations between each HISP that wishes to exchange Direct Secure Messages and attachments with other HISPs and their users/subscribers. Accreditation provides clarity, transparency, and choice as to levels of assurance of certificates issued by DirectTrust community members, and for use by relying parties in Direct exchange.
DirectTrust Accreditation is valid for two years.
Applicants have 8 months from the date their application is approved and their payment is received to complete the accreditation process. The actual elapsed time depends on the Applicant response time completing all of the Self Attestation questions and submitting the required Evidence.
How early can an Applicant submit an Accreditation Program Self Attestation Questionnaire prior to the Applicant's valid until date?
“The Accreditation Program Self Attestation Questionnaire response MUST be submitted within four (4) months of the application approval process in order to allow DirectTrust adequate time to review the Applicant HISP’s submission.
Please see the Accreditation Program Standard Operating Procedures for more information.”
To join the Accredited Trust Bundle, you will need to apply to the Trust Anchor Approval Committee, and upload your certificates and other artifacts for review by the Committee. Instructions and detailed information are available at the DirectTrust Trust Network Services website at services.directtrust.org. You will need meet the following requirements for inclusion in the Bundle:
1. The HISP and CA/RA must sign the Federated Services Agreement with DirectTrust. The FSA is a legal document that binds the Direct service provider to its terms and conditions.
2. The HISP and CA/RA must have paid its initial annual fees for use of the DirectTrust Anchor Certificate Services.
3. The HISP must be fully accredited through the DirectTrust Accreditation Program and CA/RA must be fully-accredited and audited by DirectTrust.
When these requirements are met the HISP must submit to the Approval Committee the following artifacts via the website:
1. All trust anchor file(s).
2. Sample end-entity certificate(s) chaining to each trust anchor.
3. Completed profile spreadsheet. Once your submission is complete, the Trust Anchor Approval Committee will be notified and will review your submission in a timely manner.