DirectTrust has acquired the assets of SAFE Identity, including its Trust Framework. The acquisition substantially extends DirectTrust’s capabilities and services and is expected to enable new and expanded interoperability use cases. SAFE Identity (SAFE) is an industry consortium and certification body supporting identity assurance and cryptography in healthcare. DirectTrust is a nonprofit healthcare industry alliance that supports secure, identity-verified electronic exchanges of protected health information (PHI) between provider organizations, and between providers and patients, for the purpose of improved coordination of care.
DirectTrust has created DirectTrust Identity, a new division, to house the SAFE Trust Framework. New and current members of both organizations will be able to rely on DirectTrust to manage policies and infrastructure supporting a community that issues secure and identity-assured credentials for electronic transactions in healthcare. SAFE Policy Management Authority (PMA) members will participate as members of DirectTrust Identity, which will operate the SAFE infrastructure used by multiple large pharmaceutical companies to securely interact with federal agencies (in accordance with 21 CFR Part 11) and business partners in the US and globally.
“Our acquisition of SAFE Identity’s assets is truly a groundbreaking moment for DirectTrust and the entire electronic healthcare information industry,” said Scott Stuewe, president and CEO of DirectTrust. “SAFE Identity and DirectTrust are like-minded organizations with memberships that share common goals. Since our inception, DirectTrust has focused on instilling trust in electronic health communication with the goal of improving health for individuals and populations. Both the DirectTrust and SAFE Identity trust framework communities seek to enable safe and secure transactions through the use of identity-assured credentials backed by a public key infrastructure and consensus-based policies.”
Stuewe continued, “Members will be able to interact with federal agencies for signing documents and authenticating to systems. Potential new use cases could include universally trusted healthcare credentials for consumers; identity assurance and security for the pharmaceutical supply chain (DSCSA), possibly all the way to clinical pharmacy; as well as medical device security and identification.”
DirectTrust, most recognized for Direct Secure Messaging and the Direct Standard it supports and promotes, came into existence with backing from the ONC as a public key infrastructure (PKI)-based trust framework to enable healthcare interoperability to scale. SAFE-BioPharma (predecessor to SAFE Identity) came into being when the FDA and pharmaceutical companies sought a secure and scalable mechanism to submit digitized reports to the agency. In response to a growing need for high assurance digital signatures, several large pharma companies established SAFE as a legal framework to facilitate trust and interoperability of digital identities with government bodies, including the FDA, DEA, and the European Medicines Agency. While SAFE Identity and DirectTrust have branched out to other missions since their beginnings, both credit their initial existence to collaborations with federal agencies, and retain important relationships and roles with the federal agencies.
To learn more about DirectTrust Identity, including Frequently Asked Questions, visit bit.ly/DTIfaqs.
DirectTrust announces that the U.S. Department of Veterans Affairs (VA) Direct Messaging has joined the association’s Accredited Trust Anchor Bundle, allowing VA personnel access to the full national network of 1.8 million Direct endpoints. DirectTrust is a health care industry alliance created by and for participants in the Direct exchange network used for secure, interoperable messaging of protected health information (PHI) between provider organizations, and between provider and patients, for the purpose of improved coordination of care.
Participating in DirectTrust’s trust anchor bundle means VA providers and staff will be able to seamlessly engage in interoperable Direct Messaging and exchange of patient information with thousands of their counterparts in community hospitals and clinics in all 50 states and US territories, through the use of the providers’ electronic health records (EHRs). Use of the DirectTrust trust framework enables a single trusted “on ramp” for providers exchanging health information across a network that currently connects over 1.8 million providers using over 350 certified EHRs nationally.
“Admission to the DirectTrust Accredited Trust Anchor Bundle certifies that an organization has established and upheld a superior level of trust for its stakeholders, which is a significant distinction. Kudos to VA’s commitment to maintaining the highest standards in privacy, security, and trust in identity,” said DirectTrust president and CEO Scott Stuewe.
Margaret Donahue, M.D., Director of VA’s Veterans Health Information Exchange (VHIE) Program said, “VA Direct Messaging’s participation in the DirectTrust Accredited Trust Anchor Bundle will open significant new opportunities for VA personnel to securely share Veterans’ health information through Direct Messaging in every community in the country. This is a major step to increase care coordination with community (non-VA) providers who also provide care for our Veterans.”
DirectTrust Accredited Trust Anchor Bundle has as participants Health Information Service Providers (HISPs), Certificate Authorities (CAs), and Registration Authorities (RAs) that have achieved accreditation either through the DirectTrust HISP Accreditation Program for HISPs or the DirectTrust-EHNAC Trusted Agent Accreditation Program for CA/RAs (DTAAP-CA/RA).
The key value proposition of the DirectTrust Accredited Trust Anchor Bundle is to facilitate interoperable Direct Messaging between HISPs in a uniform and scalable manner that is consistent with industry best practices for security and trust, thereby avoiding the need for further one-off negotiations between relying parties who are participants in the bundle.
DirectTrust today announced that a call for nominations for new directors has been sent to the membership by its board of directors. DirectTrust is a nonprofit healthcare industry alliance created to support secure, identity-verified electronic exchanges of personal health information (PHI) between provider organizations, and between provider and patients, for the purpose of improved coordination of care.
“The organization is also seeking a new CEO to lead through the next era following the departure of current president and CEO David C. Kibbe, MD, MBA, at year-end so this is a pivotal time for the organization. We are seeking thought leaders who can translate the breadth of DirectTrust’s value proposition among the organization’s many constituencies,” stated DirectTrust board chair Paul Uhrig, chief administrative, legal and privacy officer for Surescripts.
DirectTrust’s non-paid Directors support the work of DirectTrust with mission-based leadership and strategic governance. DirectTrust’s Board of Directors is relatively small and unusually active, working with the CEO on policy, strategy, industry relationships, technological advances, and the end-user experience, especially for consumers, their families, and their health care providers. Nominees for a three-year term commencing June 2018 must be and remain associated with members in good standing of DirectTrust. They are sought from various industry groups representative of DirectTrust’s diverse membership, including:
providers of direct exchange services
users of direct exchange services
healthcare providers or provider organizations
providers of services to healthcare providers
governmental entities
educational or scientific research organizations interested in the nationwide health
information network
patient or consumer advocates
Letters of interest with bios may be sent to Kelly Gwynn at Kelly.Gwynn@DirectTrust.org. The deadline for submissions is COB Mar. 18, 2018.
About DirectTrust DirectTrust is a five-year old, nonprofit, competitively neutral, self-regulatory entity initially created by and for participants in the Direct exchange community, including Health Internet Service Providers (HISPs), Certificate Authorities (CAs), Registration Authorities (RAs), doctors, patients and vendors. DirectTrust supports both provider-to-provider and patient-to-provider Direct exchange. In the period 2013 to 2015, DirectTrust was the recipient of a Cooperative Agreement Award from the Office of the National Coordinator for Health Information Technology (ONC) as part of the Exemplar HIE Governance Program.
DirectTrust serves as a forum and governance body for persons and entities engaged in the Direct exchange of electronic health information as part of the Nationwide Health Information Network (NwHIN). DirectTrust’s Security and Trust Framework is the basis for the voluntary accreditation of service providers implementing Direct health information exchange.
The goal of DirectTrust is to develop, promote, and, as necessary, help enforce the rules and best practices necessary to maintain security and trust within the Direct community, consistent with the HITECH Act and the governance rules for the NwHIN established by ONC. DirectTrust is committed to fostering widespread public confidence in the interoperable exchange of health information. To learn more, visit www.directtrust.org.
Testifying before the Senate Committee on Health, Education, Labor & Pensions (HELP), DirectTrust president and CEO David C. Kibbe, MD MBA, urged the federal government to take action to help overcome the problems impeding the sharing of health information between and among parties authorized to access electronic health data, commonly referred to as “information blocking.”
“While the responsibility for assuring secure interoperable exchange resides primarily with the health care provider organizations, and not with the EHR (electronic health record) vendors nor the government, I strongly believe there is a role for government to encourage and incentivize collaborative and interoperable health information exchange,” testified Dr. Kibbe, one of the nation’s foremost authorities on health information exchange security issues. Dr. Kibbe’s organization, DirectTrust, is a health care industry alliance created by and for participants in the Direct exchange network used for secure, interoperable exchange of health information.
Dr. Kibbe testified at a full Senate HELP committee hearing titled “Achieving the Promise of Health Information Technology: Information Blocking and Potential Solutions. During his testimony, Dr. Kibbe enumerated the problems with information blocking and offered suggestions to help improve upon the current situation in the near-term. Among the many actions Dr. Kibbe suggests the government take to help overcome information blocking include:
Continue to shed light on these problems, and work with trade groups, standards and policies organizations, and others to set expectations for interoperability of EHRs and other applications certified as interoperable, especially those that have been federally subsidized within the meaningful use programs.
Bring better and improved EHR certification processes forward beyond the testing laboratory so that the utility and usability of interoperability features of ONC certified EHR products in the field becomes part of the public record, and can be used in purchasing decisions. Collaboration and partnership with non-profit trade groups to achieve this goal would be advisable.
Accelerate federal agency use of and demand for open, standards-based interoperable HIE (health information exchange) with private sector providers and provider organizations, thereby removing reliance on paper-based mail, fax, e-fax and courier for these federal programs.
Examples include Veterans Health Administration referrals to and from private sector medical practices and hospitals; Veterans Benefits Administration health information exchanges with private sector medical practices and hospitals; the use by Medicare, Medicaid, and state agencies of interoperable HIE for communications with private sector providers and provider organizations for limitation of fraud, payment adjudication, claims attachments requests, and other administrative transactions now done via fax and mail.
Continue to tie more robust ONC EHR certification and use of certified EHR technology to participation in value-based purchasing programs, wherein interoperability and collaboration across multiple organizations in multiple-vendor environments is financially rewarding to providers and their health IT vendors. Demand for collaboration and interoperability is best driven by underlying business models and business cases supported by regulation and oversight.
Health IT’s most pressing issues may be so prevalent that they can’t be contained to a single post, as is obvious here, the second installment in the series detailing some of the biggest IT issues. There are differing opinions as to what the most important issues are, but there are many clear and overwhelming problems for the sector. Data, security, interoperability and compliance are some of the more obvious, according to the following experts, but those are not all, as you likely know and we’ll continue to see.
Here, we continue to offer the perspective of some of healthcare’s insiders who offer their opinions on health IT’s greatest problems and where we should be spending a good deal, if not most, of our focus. If you’d like to read the first installment in the series, go here: Health IT’s Most Pressing Issues. Also, feel free to let us know if you agree with the following, or add what you think are some of the sector’s biggest boondoggles.
Michael Fimin, CEO and co-founder, Netwrix
The largest concern of any healthcare organization is protecting patient personal data. Every year healthcare entities of all sizes become victims of data leaks, fresh examples are both Anthem and Premera Blue Cross, and lose thousands of dollars mainly because of employee misbehave or human error. Being not an easy one to prevent, human factor sets IT pros a number of challenges to cope with:
1. Insider threat. Unfortunately, privilege abuse is a primary root cause for many data breaches. No matter if an employee is breaking bad or his credentials were stolen, sensitive data is put at risk. The only way to prevent insider threats is to have visibility into the IT infrastructure and be able to track any changes made to both security configurations and data. Monitor user activity and establish rigorous control over accounts with extended privileges. Regularly review all access rights to ensure that permissions are granted adequately to employees’ business needs.
2. Security of devices. In 2014 healthcare organizations suffered from physical theft or loss of electronic devices more than any other industry, said the Verizon 2014 DBIR. Without proper identity and authentication management personal data stored on these devices can be easily accessed by adversaries, leading to financial and reputational losses. If your employees’ laptop or tablets end up in the wrong hands, encryption, two-factor authentication and ability to manage the device remotely will protect your data, or at least will make hacker’s job much harder.
3. Employees’ negligence. Deliberate or accidental mistakes pose more danger to data integrity than you might think. A simple email with confidential data sent to the wrong address may lead to a huge data leak. Make sure that your employees are familiar with the company’s security policy and are aware of what they should do to maintain security each person in the company should clearly understand that integrity of information assets is their personal responsibility.
Dr. Barry Chaiken, chief medical information officer, Infor Healthcare providers organizations invested billions of dollars purchasing and implementing electronic medical records with this investment driven by the economic incentives provided by the HITECH Act. Now that these systems are installed an up and running, organizations struggle to obtain real value from these investments. These systems were implemented with speed in mind rather than clinical transformation that improved quality and reduced costs. Now, organizations must embrace clinical transformation and change management to redo workflows and processes to effectively impact care. Organizations cannot justify their investment in EMRs unless they rework their EMR implementations to obtain true value from their deployment.”