Security and Trust Compliance Workgroup
Date and Time of Weekly Calls:
Wednesdays at 3:00 ET
Purpose/Description of Workgroup:
- The DirectTrust Security and Trust Compliance workgroup is charged with creating a program which can be used by HISPs to voluntarily apply, qualify, and thereby be able to attest, to having met or exceeded best practices for security and trust, all within the context of and abiding by the policies and regulations as promulgated by ONC and HHS for Direct exchange, and respectful of state laws pertaining to privacy and security that may apply.
- It is important to note that the Direct Project itself does not implement Direct exchange services, nor does it specify how trust between HISPs (and between their organizational or individual subscribers) is to be established and maintained. A uniform framework for security and trust is required, however, if HISPs are to attain interoperability with one another. Thus, there is a gap in the ability of Direct exchange to scale nationally which this effort is intended to fill as a public benefit and a service to Direct exchange participants everywhere.
- The overall DirectTrust.org goal is to help assure the stability and interoperability of Direct exchange implementations nationally, and to develop, promote, and as necessary enforce the best practices necessary to maintain security and trust within the Direct Community. We seek to be a neutral party to provide a lighthouse function to the community of Direct participants, both suppliers and subscribers
- Create a program for HISP application, qualification, and accreditation) to security and trust best practices, by consolidating the best practices criteria assembled by regional and state efforts to establish national trust communities for Direct.
- Create a consistent “measuring stick” by which a HISP can measure adherence to security and trust best practices that is economically scalable and produces a high confidence in exchange.
In Progress / Under Consideration
- Evaluation Criteria for DirectTrust.org Qualified HISPs
- Accreditation Program Contents
- HISP Practices Statement Checklist
- Certification Practices Statement Checklist
- Registration Practices Statement Checklist
- Identity Verification Policy and Practices Checklist