Presentation is loading. Please wait.

Presentation is loading. Please wait.

Identity Proofing, Signatures, & Encryption in Direct esMD Author of Record Workgroup John Hall Coordinator, Direct Project June 13, 2012.

Published byMoses Wilkerson Modified over 9 years ago

Similar presentations

Presentation on theme: "Identity Proofing, Signatures, & Encryption in Direct esMD Author of Record Workgroup John Hall Coordinator, Direct Project June 13, 2012."— Presentation transcript:

1 Identity Proofing, Signatures, & Encryption in Direct esMD Author of Record Workgroup John Hall Coordinator, Direct Project June 13, 2012

2 What is the Direct Project? A project to create the set of standards and services that, with a policy framework, enable simple, directed, routed, scalable transport over the Internet to be used for secure and meaningful exchange between known participants in support of meaningful use. 1

3 Direct enables push-based transport – a sender pushes information to one or more recipients Direct Messages act as containers of health information Direct Addresses are used to route Direct Messages Digital certificates are used to protect Direct Messages in transit and to express trust relationships SMTP is used to transport Direct Messages Security/Trust Agents (STAs) such as Health Information Service Providers (HISPs) are responsible for providing the services necessary for exchange using Direct Key Concepts in Direct 2

4 Direct Addresses Direct Addresses are used to route information – Look like email addresses – Used only for health information exchange b.wells@direct.aclinic.org Direct Addresses may route to an inbox of a person, a task or workflow queue handled by one or more people, a data repository or registry, or other types of endpoints A person may have multiple Direct Addresses, one or more for each organizational affiliation Endpoint Domain Direct Address 3

5 Each Direct Address must have at least one X.509v3 digital certificate associated with it – Address-bound certificate – certificate tied to a specific Direct Address – Domain-bound certificate – certificate tied to the Domain that is part of a Direct Address (also known as organizationally-bound certificate) Digital certificates are used within Direct to secure Direct Messages in transit and to express trust relationships 4 Direct & Digital Certificates

6 Direct, Certificates, Encryption, & Signing Certificates in Direct are not intended to be used to protect data at rest or to provide legal non-repudiation through signing of content. STAs employ S/MIME and certificates to secure health information in transit Certificates in Direct are used for both encryption and signing – Encryption protects data from access by attackers and restricts access to data to receiving STA – Signing provides integrity protection and “good enough” non- repudiation for transport (signature ties sending STA to transaction) 5

7 Direct, Certificates, & Trust Communication using Direct can only occur between trusted parties. – Sender and recipient may each individually manage trust relationships. – STAs/HISPs may manage trust relationships on behalf of their participants. – Both of the above may be true in a given environment. Trust relationships are expressed using digital certificates. A party may choose to trust a specific certificate, as well as any certificate that cryptographically chains to a trust anchor. Certificates are issued only to parties that agree to abide by specified trust policies. These policies often cover: – Certificate applicability (i.e., purposes for which certificates are issued) – Identity verification of parties – Security requirements of parties Setting trust policy is outside the domain of the Direct Project. – For health information exchange, policy originates with the HITPC and ONC – Communities may further build upon those policies 6

8 Identity Proofing Direct Project does not require particular policies or processes for identity proofing – Matter of policy that is outside scope of Direct Project All states, implementing communities, and national HISPs do require entities seeking to enroll to provide identifying information. Information required is based on: – What is needed to obtain a certificate – What is needed to establish a foundation of trust between exchange participants 7 Individual In-person proofing before a Registration Authority, trusted agent, or an entity such as a notary public Requires one of: Federal Government-issued photo ID, READ ID Act compliant photo ID, or two non- federal IDs (one of which must be a photo ID Organization Requires organization name, postal address, documentation proving existence of the organization Organization must be HIPAA covered or a BA, or a healthcare-related organization that protects PHI with HIPAA-equivalent protections Also requires identity validation of the requesting organizational representative Organizations further identity proof their agents

9 Questions?

Download ppt "Identity Proofing, Signatures, & Encryption in Direct esMD Author of Record Workgroup John Hall Coordinator, Direct Project June 13, 2012."

Similar presentations

Chapter 10 Encryption: A Matter of Trust. Awad –Electronic Commerce 1/e © 2002 Prentice Hall 2 OBJECTIVES What is Encryption? Basic Cryptographic Algorithm.

Chapter 10 Encryption: A Matter of Trust. Awad –Electronic Commerce 1/e © 2002 Prentice Hall 2 OBJECTIVES What is Encryption? Basic Cryptographic Algorithm.
Directory and Trust Services (D&TS) Define an Abstract Model Purpose: Document a common terminology that the group can use between the various tracks Identify.

Directory and Trust Services (D&TS) Define an Abstract Model Purpose: Document a common terminology that the group can use between the various tracks Identify.
Public Key Infrastructure A Quick Look Inside PKI Technology Investigation Center 3/27/2002.

Public Key Infrastructure A Quick Look Inside PKI Technology Investigation Center 3/27/2002.
Web Service Security CS409 Application Services Even Semester 2007.

Web Service Security CS409 Application Services Even Semester 2007.
The Health Insurance Portability and Accountability Act of 1996– charged the Department of Health and Human Services (DHHS) with creating health information.

The Health Insurance Portability and Accountability Act of 1996– charged the Department of Health and Human Services (DHHS) with creating health information.
Electronic Submission of Medical Documentation (esMD) for Medicare FFS Presentation to HITSC Provenance Workgroup January 16, 2015.

Electronic Submission of Medical Documentation (esMD) for Medicare FFS Presentation to HITSC Provenance Workgroup January 16, 2015.
Electronic Submission of Medical Documentation (esMD) to DirectTrust.org December 3, 2014.

Electronic Submission of Medical Documentation (esMD) to DirectTrust.org December 3, 2014.
PROJECT ON DIGITAL SIGNATURE Submitted by: Submitted to: NAME: Roll no: Reg.no. :

PROJECT ON DIGITAL SIGNATURE Submitted by: Submitted to: NAME: Roll no: Reg.no. :
S&I Framework Provider Directories Initiative esMD Work Group October 19, 2011.

S&I Framework Provider Directories Initiative esMD Work Group October 19, 2011.
Lect. 18: Cryptographic Protocols. 2 1.Cryptographic Protocols 2.Special Signatures 3.Secret Sharing and Threshold Cryptography 4.Zero-knowledge Proofs.

Lect. 18: Cryptographic Protocols. 2 1.Cryptographic Protocols 2.Special Signatures 3.Secret Sharing and Threshold Cryptography 4.Zero-knowledge Proofs.
Www.DirectTrust.org 1101 Connecticut Ave NW, Washington, DC 20036 Direct Exchange from Provider to Patient/Consumer ….and Back! David C. Kibbe, MD MBA.

Connecticut Ave NW, Washington, DC Direct Exchange from Provider to Patient/Consumer ….and Back! David C. Kibbe, MD MBA.
Direct Implementation Perspective 0 Mark Bamberg, Vice President Research & Development MEDfx.

Direct Implementation Perspective 0 Mark Bamberg, Vice President Research & Development MEDfx.
HIT Standards Committee: Digital Certificate Trust – Policy Question for HIT Policy Committee March 29, 2011.

HIT Standards Committee: Digital Certificate Trust – Policy Question for HIT Policy Committee March 29, 2011.
NHIN Direct Project Communications Work Group Message for State HIE/RECs August 30, 2010.

NHIN Direct Project Communications Work Group Message for State HIE/RECs August 30, 2010.
Direct Project Scalable Trust and Trust Bundles. 12/06/10 Overview What is Scalable Trust State of Trust Trust Issues Trust Solutions Trust Bundle Demo.

Direct Project Scalable Trust and Trust Bundles. 12/06/10 Overview What is Scalable Trust State of Trust Trust Issues Trust Solutions Trust Bundle Demo.
6/1/20151 Digital Signature and Public Key Infrastructure Course:COSC513-01 Instructor:Professor Anvari Student ID:106845 Name:Xin Wen Date:11/25/00.

6/1/20151 Digital Signature and Public Key Infrastructure Course:COSC Instructor:Professor Anvari Student ID: Name:Xin Wen Date:11/25/00.
David L. Wasley Information Resources & Communications Office of the President University of California Directories and PKI Basic Components of Middleware.

David L. Wasley Information Resources & Communications Office of the President University of California Directories and PKI Basic Components of Middleware.
Centers for Disease Control and Prevention Office of the Associate Director for Communication Electronic Health Records/Meaningful Use and Public Health.

Centers for Disease Control and Prevention Office of the Associate Director for Communication Electronic Health Records/Meaningful Use and Public Health.
8-1 What is network security? Confidentiality: only sender, intended receiver should “understand” message contents m sender encrypts message m receiver.

8-1 What is network security? Confidentiality: only sender, intended receiver should “understand” message contents m sender encrypts message m receiver.
Presented by Xiaoping Yu Cryptography and PKI Cosc 513 Operating System Presentation Presented to Dr. Mort Anvari.

Presented by Xiaoping Yu Cryptography and PKI Cosc 513 Operating System Presentation Presented to Dr. Mort Anvari.

Similar presentations

Ads by Google