The Office for the National Coordinator for Health IT (ONC) has issued an implementation guideline in an attempt to help providers and stakeholders properly and effectively implement Direct. Direct is a federally-developed program that has aimed to create a platform that faciliates the secure exchange of authenticated, encrypted health information directly to known, trusted recipients over the internet.
The guidelines, the ONC’s Kory Mertz said in a blog post, will help ensure Direct is “being executed in a way that will support vendor-to-vendor exchange and interoperability.” They are recommended policies for health information service providers (HISPs), trust communities and accrediting bodies. Within the guidelines, ONC recognizes that there are two distinct roles in Direct exchange organizations: Security and Trust Agents (STAs) and Regulation Authorities (RAs) to establish the identity of certificate subjects and Certificate Authorities (CA) issue certificates.
In addition, Mertz announced ONC is awarding an Exemplar Governance cooperative agreement to DirectTrust, a non-profit organization that creates policy and business processes/practices for Direct exchange. DirectTrust, he says, gives implementers of Direct “a simple way of establishing scalable technical trust via electronic trust bundle exchange,” which is a collection of anchor certificates from HISPs that “comply with a baseline set of common policies and practices.”
Through the agreement, which comes in the form of a $280,205 award, DirectTrust will promote and expand its work to establish and promote the adoption of security and trust “rules of the road.” This includes the aforementioned guidelines issued by ONC for Direct exchange, operationalized via accreditation.