Scalable Trust Community Framework
STCF
(01/07/2013)
What Issues are We Trying to Solve?
• Current Direct deployments are “islands of exchange” limited to single HISPs
or supported by HISP to HISP business agreements
• What’s the problem? Don’t know which HISPs to trust
• This is an urgent issue as the current deployment model does not support our
goals of ubiquitous directed exchange to meet stage two of meaningful use
• Common expectations about user authentication, types of certificates to be
used and mechanisms for sharing trust bundles/white lists will support
scalable trust
• Trust communities have emerged to address these issues, urge adoption of
solutions across participants and avoid the need for peer to peer agreements
• If these trust communities place different requirements on HISPs, healthcare
providers and/or their patients may still find it difficult to engage in secure,
directed health information exchange
Note: Providers and patients will still need ways to establish ad hoc trust. This
capability is needed for EHR certification and to support VDT.
-2-
Principles
• Supports ubiquitous directed exchange
• Can reach widespread implementation in 6-12 months
 Feasible with available resources
 Scalable and easy (enough) to implement
• Keep it simple
 Minimum necessary and nothing less
 Don’t let the perfect be the enemy of the good enough
 Go for 80 percent everyone can agree on
-3-
Ground Rules
• We ARE building from the policy guidance released by ONC for use by State
Health Information Exchange grantees
• Acknowledging areas of broad consensus between Direct ecosystem
participants
• Focusing conversation / energy on areas where consensus has not yet
formed
• We ARE attempting to understand how to best enable end-users to engage
in directed information exchange
• This implies striking an appropriate balance between ease of use in
enabling exchange (i.e., “establishing trust”) and ensuring adequate
privacy and security safeguards
• Other transport mechanisms will be used by providers and vendors to
support diverse health information exchange use cases and needs. This
meeting will focus on the specific opportunities and challenges around
creating scalable trust for Direct
-4-
What is Scalable Trust?
An efficient means of enabling Direct exchange between participants on disparate
HISPs. Fundamentally, it is predicated on two things:
• Common trust frameworks / policies
• Technical mechanisms to automate trust between framework participants
-5-
Scalable Trust in “Three Easy Steps”
1.
Trust Umbrella Organization defines requirements for participation
2.
Trust Umbrella Organization enrolls/accredits/certifies entities to be included
in an Trust Anchor Bundle
3.
Trust Umbrella Organization enables mechanism for electronic distribution of
Trust Anchor Bundle to all members
-6-
Example of Scalable Trust Model
Trust Organization
Centralized Trust Anchor Bundle Store
Provider B
Provider A
HISP A
HISP B
-7-
Example of Scalable Trust Model: New HISP Joins Trust Organization
Trust Organization
Centralized Trust Anchor Bundle Store
Provider B
Provider A
HISP A
HISP B
Provider C
HISP C
-8-
Example of Scalable Trust Model: Peer-to-Peer Reciprocity
Trust Organization A
Trust Organization B
Centralized Trust Anchor Bundle Store
HISP A
Centralized Trust Anchor Bundle Store
HISP B
HISP C
HISP D
This is the aim of this meeting: working toward sufficient alignment—while
allowing for differences—to enable widespread interoperability
-9-
Business Practices/Requirements That Could Reduce the Need for HISP to
HISP Agreements
• Needing peer to peer agreements between all HISPs is not a scalable
approach to support ubiquitous directed exchange
• What other business practices, requirements or policies must be addressed
to obviate the need for one-off HISP-to-HISP agreements for Direct message
exchange?
• Some examples to consider:
• Should trust communities also require common operational
characteristics for participating HISPs (e.g., service availability?)
• Should participation within a trust community imply unfettered Direct
message exchange between all members of the community (i.e., a form
of “network neutrality”)?
•
Should HISPs participating in trust communities agree not to charge fees for
basic send and receive functions from other HISPs?
- 10 -
Key Takeaways – Day 1
• HISP-to-HISP interoperability is vital, yet remains a challenge.
• Trust umbrella organizations (i.e., trust communities) represent one viable
and valuable path toward achieving ‘scalable trust’.
• LOA3 Identity Verification / FBCA Basic (or equivalent) processes are an
appropriate/acceptable baseline for certificate issuance / management.
• Implementations based on a single, HISP-wide certificate are not acceptable.
• There is general consensus around the State HIE Program’s HISP operating
guidelines. Additional detail/specification is needed in a few areas (e.g., issue
of use/re-use of data by HISPs/HIEs).
• Group should work together to conduct pilots to establish a common
mechanism for trust anchor bundle exchange.
• Defining a ‘glide path’ (interim steps) and education are important next steps.
- 11 -
Key Takeaways – Day 2
• The risk management and legal community must be educated in order to
establish any form of accreditation.
• It’s not just the wires that need agreements, it’s the disclosers that need them
as well.
• A common “package” of elements to avoid HISP-to-HISP agreements may
include:
• BAA HISP  Provider
• Dispute resolution among HISPs
• Explicit transparent accreditation
• Clarification on breach/safe harbor
• Auditing/enforcement by accrediting body
• Federated trust agreement
• Group needs to manage expectations during this process; especially,
acknowledge that everyone will not agree to participate right away.
- 12 -
STCF – Escalator
Local Policy
Requirements
HIPAA Plus States
HIPAA Only
Trusted Transport
- 13 -
Something to avoid…
- 14 -