Exchanging Medical Records Online with Direct
|
|
- Gabriel York
- 8 years ago
- Views:
Transcription
1 Exchanging Medical Records Online with Direct Scott Rea, VP GOV/EDU Relations & Sr. PKI Architect, DigiCert, Inc (801)
2 Exchanging Medical Records Online Table of Contents Slide Title 3 The Direct Project 5 Direct The Technology 9 Direct Entities 13 Direct Implementation 17 Direct Trust Framework 24 Policies and Practices 29 DirectTrust Accreditation 33 Summary 37 Questions 38 Contacts
3 What is the Direct Project? A project to create the set of standards and services that, when coupled with a policy framework, enable simple, directed, routed, scalable transport of medical records and Private Health Information (PHI) over the Internet to be used for secure and meaningful exchange between known participants in support of Electronic Healthcare Records (EHR) meaningful use. Primary goal is that solutions must be scalable, relatively inexpensive, and increase security.
4 The Purpose of Direct Direct exchange is part of a long term national strategy to transition from paper-based to electronic health care records that can be shared more easily to reduce costs and improve the quality of patient care. The Office of the National Coordinator (ONC) within the department of Health and Human Services (HHS) is the lead author and publisher of the Direct standard Direct was also designed to support the goal of health information exchange between providers using electronic health records (EHRs) engaged in Meaningful Use, the Medicare and Medicaid programs that help providers to pay for and meaningfully use EHRs. The Center for Medicare and Medicaid Services (CMS) governs the Inventive Programs for the use of EHRs Direct is also intended as a general means of secure exchange (both directions) between providers and patients.
5 Direct Technology The Direct protocol enables SMIME messages with disposition notification within dedicated healthcare domains Sender and receiver must both have SMIME certificates of which there are 2 types: Direct Address cert is traditional SMIME RFC822name in subjectaltname Direct Organization cert is like SMIME wildcard DNSname (FQDN of mail domain) in SAN
6 Direct Technology Direct Address Direct Addresses are used to route information Look like addresses Used only for health information exchange Endpoint Domain Direct Address An individual may have multiple Direct addresses
7 Direct Technology Digital Certificates Each Direct Address must have at least one X.509v3 digital certificate associated with it Address-bound certificate certificate tied to a specific Direct Address Domain-bound certificate certificate tied to the Domain that is part of a Direct Address Digital certificates are used within Direct to express trust relationships and to secure Direct Messages
8 Direct Technology Security/Trust Agents Security/Trust Agents (STAs) are responsible for securing, routing, and processing Direct Messages STA may be a system under the direct control of an exchange participant STA may be a service offered by an intermediary (i.e., HISP) acting on behalf of an exchange participant STAs employ S/MIME and digital certificates to secure health information in transit 1. Sending STA encrypts Message using recipient s certificate 2. Sending STA signs Message using private key associated with sender s certificate 3. Receiving STA verifies signature of Message using sender s certificate 4. Receiving STA decrypts Message using private key associated with recipient s certificate
9 Direct Entities Certification Authorities and Registration Authorities Registration Authority (RA) Collects information for the purpose of verifying the identity of an individual or organization (i.e., identity proofing) Produces certificate requests based on gathered attributes Certificate Authority (CA) Digitally signs certificate requests Issues digital certificate that ties a public key to the gathered attributes
10 Direct Entities How do STAs relate to RAs and CAs? STAs can relate to RAs and CAs in a number of ways. An STA may Act as RA and CA. STA identity proofs during enrollment and issues certificates as appropriate. Act as RA only. STA identity proofs during enrollment, passing necessary information to an independent CA. CA provides certificate to STA upon issuance. Act as CA only. Independent RA identity proofs during enrollment, passing necessary information to STA, which issues certificates as appropriate. Act as neither CA nor RA. Independent RA identity proofs during enrollment, passing necessary information to independent CA, which provides certificate to STA upon issuance.
11 Direct Entities Health Information Service Provider Direct introduces the concept of a Health Information Service Provider (HISP) The purpose of the HISP is to primarily operate the STA functions on behalf Direct Users The role of a HISP is to alleviate the difficulties of implementing the nuts and bolts of PKI e.g. managing private keys and publishing address to certificate bindings; and those controls required by Direct in addition to standard SMIME e.g. Message Disposition Notices (MDN) Direct can however, be used without a HISP, if an individual wishes manage their own keys and provide the appropriate MDN responses
12 Direct Entities Health Information Service Provider Duties of a HISP: provide subscribers with account and Direct addresses provide web portal or EHR/PHR integration arrange for identity verification - org and individual [RA function] arrange for digital certificate issuance, management [CA function] maintain integrity of trust and security framework stay current with federal policies and regulations
13 Direct Implementation HISP as an Endpoint Sending HISP Security/Trust Agent Server Direct (SMTP / SMIME) Receiving HISP Security/Trust Agent Server SSL/TLS Webmail Webmail SSL/TLS Sender Recipient
14 Direct Implementation HISP as a Gateway Sending HISP Security/Trust Agent Server Direct (SMTP / SMIME) Receiving HISP Security/Trust Agent Server SSL/TLS Endpoint Communication (XDR, SMTP, et al) Endpoint Communication (XDR, SMTP, et al) SSL/TLS Sending System Sender Recipient Receiving System
15 Direct Implementation Direct-Enabled Endpoint Sending System Security/Trust Agent Server Direct (SMTP / SMIME) Receiving System Security/Trust Agent Server Sender Recipient
16 Direct Implementation Direct and EHRs As CMS promotes the adoption of EHRs for better management of PHI, there is one problematic aspect that is introduced: How can the industry avoid the failure of introducing siloed EHRs that have no way of exchanging data with each other A goal of ONC is to utilize Direct to provide a national messaging standard for healthcare Direct enables the interoperability of EHRs by providing that standard Ubiquitous implementation of the Direct protocol should obsolete the use of insecure messaging technologies e.g. Fax, and improve delivery times of others e.g. Mail
17 Direct Trust Framework Security Features The Direct Applicability Statement for Secure Health Transport is the bible for implementing Direct in a standardized way /Applicability%20Statement%20for%20Secure%20Health%20Transport%20v1.1.pdf Traditional information security services involve 3 main aspects CIA: Confidentiality, Integrity, Authentication Standard Direct protocols are designed to only provide message integrity and confidentiality services.
18 Direct Trust Framework Trust governance is deliberately absent from the protocol in terms of who and only generally defined in terms of how However, there must be allowed separate trust polices for incoming vs outgoing messaging With rules governing the underlying PKI however (e.g. an appropriate CP) and a set of best practices for HISPs, it is also possible to achieve the 3 rd security service of authentication through an accreditation process
19 Direct Trust Framework Trust Governance One of the critical components of Direct that has had little definition until recently has been the Trust Governance aspect. When the Direct Project chose to focus on other technologic aspects, members of the Direct community participating in the Direct Project formed an industry consortium to address trust governance DirectTrust.org (DTO) is that consortia and is a membership based nonprofit self-regulatory entity. The goal of DTO is to develop, promote and, as necessary, help enforce the rules and best practices necessary to maintain security and trust within the Direct community, and to foster widespread public confidence in the Directed exchange of health information DTO has created a Direct Trust Agent Accreditation Program (DTAAP) which has now been endorsed by ONC through a cooperation grant for providing accreditation for Direct entities on a national basis DigiCert is a Board member and founding member of DTO
20 Direct Trust DTO DirectTrust Secures End-to-End Direct Protocol Secures HISP-to-HISP Sending HISP Security/Trust Agent Server Direct (SMTP / SMIME) Receiving HISP Security/Trust Agent Server SSL/TLS Webmail Webmail SSL/TLS Sender Recipient
21 Direct Identity, Trust, and Address Provisioning w/hisp Certificate Authority (CA) Identity/Trust Verification Certificate Validation Service Certificate Signing Services Revocation Services Assume has Digital Identity Certificate HCO Representative Healthcare Organization (HCO) 2. Request Direct Organization or Address Certificate 3. Credentials and Documentation Representative FBCA Credentials Representative Authorization Legal Entity Documents Membership/Trust Agreement HIPAA status 1. Enroll with HISP 6. Certificate Signing Request Registration Authority (RA) Compile/Validate Identity and Trust Documentation 4. Direct Organization Domain 5. CSR + Public Key 7. Direct Organization / Address Certificate 8. Direct Organization / Address Certificate Health Information Service Provider (HISP) 9. Direct Address/ Org Certificate The CA and RA enforce the policies specified in the DirectTrust.org and FBCA Certificate Policies (CPs). Domain Name System (DNS) LDAP Name System Source: DirectTrust.org February, 2012
22 DirectTrust.org Accreditation DirectTrust.org Trust Framework: Normalized HISP Operational Policy (HOP) + Certification and Accreditation against it to ensure compliance for technical, policy, practices, and legal sets of rules. HISPs: Policy: Accredited HISP Operational Policy (HOP) Practices: HISP Practices Statement (HPS) Accreditation: Verify HPS maps to HOP, Direct messaging compliance, HIPAA privacy/security attestation, Accredited CA, audit HISP CAs: Policy: Accredited Certificate Policy (CP) Practices: Certification Practices Statement (CPS) Accreditation: Verify CPS maps to Direct CP, certificate & CRL profile compliance, Accredited RA process, audit RAs: Policy: Accredited Registration Policy (RP) or Certificate Policy Practices: Registration Practices Statement (RPS) Accreditation: Verify RPS maps to CPS or RP, audit
23 DirectTrust Trust Framework DTO publishes a CP that CAs and RAs can be accredited against. The CP allows for multiple Levels of Assurance (LoA) Accredited CAs are placed in a trust bundle (the Direct equivalent of a browser certificate trust store) when accredited Direct also allows the use of self signed or non publicly trusted issuing CAs as trust anchors Direct uses a flat trust model where each issuing CA or self signed cert is included in a trust bundle This means chain validation is not required, only checking that any cert ort its issuer is in an accepted trust bundle Which trust bundles to accept is an open question. ONC only endorses DTO at this point
24 CA Policy and Practices The Certificate Policy (CP) & Certification Practice Statement (CPS) is a formal statement that describes who may have certificates, how certificates are generated and what they may be used for. The CP defines the polices that must be adhered to The CPS describes the processes and practices that are used to implement the policies An audit determines: A) Does the CPS implement the CP B) Does the CA operate in accordance with its CPS
25 RA Policy and Practices The CP defines the polices that must be adhered to The Registration Practices Statement (RPS) describes the processes and practices that are used to implement the registration or identity vetting related policies An RPS is a sub-component extract of Registrationspecific activities from the CPS if the CA is also an RA or it is mapped to the CPS if the RA is an external party An audit determines: A) Does the RPS match the CPS B) Does the RA operate in accordance with its CPS
26 HISP Policy and Practices The HISP Operating Policy (HOP) defines the polices that must be adhered to The HISP Practices Statement HPS describes the processes and practices that are used to implement the policies An audit determines: A) Does the HPS implement the HOP B) Does the HISP operate in accordance with its HPS
27 HISP CA RA Relationship Health Information Service Provider (HISP) Direct Identity Services Direct Messaging Services HIPAA Privacy & Security Compliance Direct Directory Services DirectTrust HISP Operational Policy (HOP) HISP Practices Statement DirectTrust Audit CA Agreement SLA Audit Certificate Authority (CA) Identity/Trust Verification Certificate Signing Services Certificate Validation Service Revocation Services FBCA CP Certification Practices Statement DirectTrust CP PKI Audit RA Agreement SLA Audit PKI Audit Registration Practices Statement Registration Authority (RA) Compile/Validate Identity and Trust Documentation Source: DirectTrust.org June, 2012
28 Current DirectTrust Policies DirectTrust has 2 Certificate Policy documents that have been published V1.1 of the DT CP has only a single LoA requires FBCA Medium equivalent Identity vetting processes and CA operations that are a lightweight version of the same V1.2 of the DT CP has 4 LoAs defined matching NIST SP and only requires FBCA Basic equivalent CA operations V1.3 of the DT CP is being developed DirectTrust is currently working on a HISP Operating Policy Existing HISPs are evaluated against DTAAP requirements
29 DirectTrust A National Trust Infrastructure Full Accreditation
30 DirectTrust A National Trust Infrastructure Accreditation In Process
31 DirectTrust A National Trust Infrastructure HISP Name CA Operator RA Operator CP Compliance Cert Type(s) Cerner Cerner Cerner DT CP 1.1 Org Inpriva Inpriva Inpriva DT CP 1.1 Org & Addr Inpriva Inpriva DT CP 1.1 Org & Addr DigiCert Inpriva DT CP 1.1/1.2 Org & Addr DigiCert Inpriva DT CP 1.1/1.2 Org & Addr ICA ICA ICA DT CP 1.1 Org Surescripts Surescripts Surescripts DT CP 1.2 Org MaxMD MaxMD MaxMD DT CP 1.2 Org & Addr DataMotion DigiCert DigiCert DT CP 1.1/1.2 Org & Addr EMR Direct EMR Direct EMR Direct DT CP 1.2 Addr Infomedtrix Infomedtrix Infomedtrix DT CP 1.2 Org & Addr
32 DirectTrust A National Trust Infrastructure HISP CA Name CPS URI Cerner CernerDirect Professional Community CA Inpriva ICA Inpriva Direct CE CA Rhode Island Trust Community CA Inpriva ClickID CA RITC Inpriva ClickID CA ICAPROD ICA SUB1 CA CA Surescripts Surescripts Direct Issuing CA 0Abbreviated.pdf MaxMD MaxMD CA v2.5 DataMotion DigiCert Accredited Direct Med CA EMR Direct phicert Direct Subscriber CA Infomedtrix InfomedtrixCA CPS v1.2.pdf
33 Summary
34 Summary Direct = Secure for PHI data with 3 additional features: Addresses must be in dedicated healthcare domains Message Disposition Notifications (assurance receipts) HISP to ease PKI key management in certifiable secure infrastructures
35 Summary DirectTrust = Direct with end-to-end assurance by securing the last mile (STA to user) Accreditation of HISP, CA, RA (DTAAP) Trust Anchor distribution service National Trust Infrastructure Several HISP, CA, RA entities have already been accredited and many more are in the queue from EHR, HISP, HIE, and CA entities
36 Summary CMS is using the EHR Meaningful Use program to drive adoption of the Direct protocol to interconnect electronic healthcare record systems Health Providers have incentives under MU2 to communicate electronically with their patients, other providers, and government agencies
37 Questions Q & A
38 Contact Details Links: Scott Rea: (801) ,
Direct Secure Messaging: Improving the Secure and Interoperable Exchange of Health Information
Direct Secure Messaging: Improving the Secure and Interoperable Exchange of Health Information Within the healthcare industry, the exchange of protected health information (PHI) is governed by regulations
More informationHow To Communicate In Healthcare With Direct Secure Messaging
Direct Secure Messaging Communicating in the Healthcare World Andy Nieto, Health IT Strategist, DataMotion Agenda Email and Direct in healthcare, a little history So what is Direct, really Certificates
More informationehealth Vendor Workgroup: Transitions of Care March 20, 2014 12:00 PM ET
ehealth Vendor Workgroup: Transitions of Care March 20, 2014 12:00 PM ET Topics / Agenda ToC Measure / CEHRT Review Direct: Edge Protocols Transaction counting / delivery notifications MU2 ToC Connect-A-Thon
More informationEHR Vendor Support for Meaningful Use Stage 2 Certification and Implementation Direct Basics & Transitions of Care. February 19, 2013 2:00 PM EST
EHR Vendor Support for Meaningful Use Stage 2 Certification and Implementation Direct Basics & Transitions of Care February 19, 2013 2:00 PM EST Initial Curriculum Topics Today s Session is focused on:
More informationphicert Direct Certificate Policy and Certification Practices Statement
phicert Direct Certificate Policy and Certification Practices Statement Version 1. 1 Effective Date: March 31, 2014 Copyright 2013-2014 EMR Direct. All rights reserved. [Trademark Notices] phicert is a
More informationHow To Use Direct Messaging
Demystifying Direct Messaging Orion Health Whitepaper Author: Paul de Bazin, Integration Portfolio Manager Table of Contents 1! Introduction... 3! 2! Background... 3! 2.1! Standard Use Cases... 3! 3! Direct
More informationCertification Practice Statement
FernUniversität in Hagen: Certification Authority (CA) Certification Practice Statement VERSION 1.1 Ralph Knoche 18.12.2009 Contents 1. Introduction... 4 1.1. Overview... 4 1.2. Scope of the Certification
More informationDe-Mail. A reliable and secure online communication platform. Armin Wappenschmidt (secunet) More information: www.de-mail.de
De-Mail A reliable and secure online communication platform Armin Wappenschmidt (secunet) More information: www.de-mail.de 1 Agenda Overview of De-Mail Implementation aspects Current status and outlook
More informationPractical Guidance to Implement Meaningful Use Stage 2. Secure Health Transport for Certification and Meaningful Use
Practical Guidance to Implement Meaningful Use Stage 2 1. Introduction Association Standards and Interoperability Workgroup Meaningful Use (MU) Stage 2 introduces three transport standards for use in healthcare
More informationBugzilla ID: Bugzilla Summary:
Bugzilla ID: Bugzilla Summary: CAs wishing to have their certificates included in Mozilla products must 1) Comply with the requirements of the Mozilla CA certificate policy (http://www.mozilla.org/projects/security/certs/policy/)
More informationThe DoD Public Key Infrastructure And Public Key-Enabling Frequently Asked Questions
The DoD Public Key Infrastructure And Public Key-Enabling Frequently Asked Questions May 3, 2004 TABLE OF CONTENTS GENERAL PKI QUESTIONS... 1 1. What is PKI?...1 2. What functionality is provided by a
More informationBrocade Engineering. PKI Tutorial. Jim Kleinsteiber. February 6, 2002. Page 1
PKI Tutorial Jim Kleinsteiber February 6, 2002 Page 1 Outline Public Key Cryptography Refresher Course Public / Private Key Pair Public-Key Is it really yours? Digital Certificate Certificate Authority
More informationTELSTRA RSS CA Subscriber Agreement (SA)
TELSTRA RSS CA Subscriber Agreement (SA) Last Revision Date: December 16, 2009 Version: Published By: Telstra Corporation Ltd Copyright 2009 by Telstra Corporation All rights reserved. No part of this
More informationDirect Messaging. February 28, 2014
Direct Messaging February 28, 2014 2 Agenda Direct 101 (p. 3) o o o o o o Definition Safeguarding PHI Identifying the need for Direct Solution to achieving MU2 Measures Direct Use Cases Basic Direct workflow
More informationDigiCert: Trusted Business for the Enterprise and Its Customers
DigiCert: Trusted Business for the Enterprise and Its Customers A leading online trust provider, DigiCert offers multiple products to suit the security needs of enterprises within the finance, healthcare,
More informationPKI: Public Key Infrastructure
PKI: Public Key Infrastructure What is it, and why should I care? Conference on Higher Education Computing in Kansas June 3, 2004 Wes Hubert Information Services The University of Kansas Why? PKI adoption
More informationDIRECT Messaging: The Future of Communication Between Healthcare Providers. Presented by: Greg Anderson, CEO
DIRECT Messaging: The Future of Communication Between Healthcare Providers Presented by: Greg Anderson, CEO Agenda What is DIRECT and why do I care? You ve convinced me. How do I enroll? How do I set up
More informationI. Purpose. Applicability of Policies. NATE-Policy #3.c.1
Subject: NATE-QE Eligibility Criteria for: Policy #: 3.c.1 Provider to Provider for Treatment Trust Profile (P2P4Tx) Status: Approved Approved/Authorized By: NATE Board of Directors Date Approved: 10/29/2013
More informationCMS Illinois Department of Central Management Services
CMS Illinois Department of Central Management Services State of Illinois Public Key Infrastructure Certification Practices Statement For Digital Signature And Encryption Applications Version 3.3 (IETF
More informationNorth Dakota Health Information Network. Health Information Exchange Implementation
North Dakota Health Information Network Health Information Exchange Implementation Phased Implementation Phase 1 Implement Direct Project Phase 2 Implement more robust exchange of data in a test environment
More informationThe Direct Project Reference Implementation Architecture
The Direct Project Reference Implementation Architecture 1 NwHIN Direct Approach Develop specifications for a secure, scalable, standardsbased way to establish universal health addressing and transport
More informationBEYOND MEANINGFUL USE
BEYOND MEANINGFUL USE The Business Case for Using Directed Exchange for Release of Information YOUR HIM EDGE WHITEPAPER YOUR HIM EDGE Abstract. For the most part, prevailing healthcare data exchange discussion
More informationESnet SSL CA service Certificate Policy And Certification Practice Statement Version 1.0
ESnet SSL CA service Certificate Policy And Certification Practice Statement Version 1.0 June 30, 2004 Table of Contents Table of Contents...2 1 Introduction...3 1.1 Overview...3 1.1.1 General Definitions...4
More informationEricsson Group Certificate Value Statement - 2013
COMPANY INFO 1 (23) Ericsson Group Certificate Value Statement - 2013 COMPANY INFO 2 (23) Contents 1 Ericsson Certificate Value Statement... 3 2 Introduction... 3 2.1 Overview... 3 3 Contact information...
More information<your organization logo> Make the Connection to <your organization name>
Make the Connection to The problem: Electronic health information exchange is challenging Local Care Community HIEs/HISPs No EHR Acute EHR Long term/post
More informationUnderstanding the differences in PIV, PIV-I, PIV-C August 23, 2010
Federal CIO Council Information Security and Identity Management Committee Identity, Credential, and Access Management Understanding the differences in PIV, PIV-I, PIV-C August 23, 2010 Tim Baldridge AWG
More informationArizona Health Information Exchange Marketplace. Requirements and Specifications Health Information Service Provider (HISP)
Arizona Health Information Exchange Marketplace Requirements and Specifications Health Information Service Provider (HISP) Table of Contents Table of Contents... 1 Introduction... 2 Purpose... 3 Scope...
More informationSwissSign Certificate Policy and Certification Practice Statement for Gold Certificates
SwissSign Certificate Policy and Certification Practice Statement for Gold Certificates Version March 2004 Version 2004-03 SwissSign Gold CP/CPS Page 1 of 66 Table of Contents 1. INTRODUCTION...9 1.1 Overview...
More informationTABLE OF CONTENTS INTRODUCTION USE CASES FOR CONVERSION BETWEEN DIRECT AND XDR DATAMOTION XDR IMPLEMENTATION GLOSSARY OF TERMS
TABLE OF CONTENTS INTRODUCTION USE CASES FOR CONVERSION BETWEEN DIRECT AND XDR Conversion from Direct SMTP+S/MIME Messages to XDR Conversion from XDR to SMTP+S/MIME Data Transmission between two EHRS that
More informationSYMANTEC NON-FEDERAL SHARED SERVICE PROVIDER PKI SERVICE DESCRIPTION
SYMANTEC NON-FEDERAL SHARED SERVICE PROVIDER PKI SERVICE DESCRIPTION I. DEFINITIONS For the purpose of this Service Description, capitalized terms have the meaning defined herein. All other capitalized
More informationuently Asked NextGen Questions Share Frequently Asked uently Asked Questions Frequently Asked FAQ Pre-General Release (April-June 2014)
uestions Frequently Asked Questions Fre uestions Frequently Asked Questions Fre uestions FAQ Frequently Asked Questions Fre uestions Frequently Asked Questions Fre uestions Frequently Asked Questions Fre
More informationInternal Server Names and IP Address Requirements for SSL:
Internal Server Names and IP Address Requirements for SSL: Guidance on the Deprecation of Internal Server Names and Reserved IP Addresses provided by the CA/Browser Forum June 2012, Version 1.0 Introduction
More informationWelcome to the AHRQ Medicaid and CHIP TA Webinar Tuesday, May 15, 2012, 3:00 4:30 p.m. Eastern
Welcome to the AHRQ Medicaid and CHIP TA Webinar Tuesday, May 15, 2012, 3:00 4:30 p.m. Eastern Medicaid and Health Information Exchange: The potential role of Direct Exchange Presented by: John Hall, Krysora,
More informationConcept of Electronic Approvals
E-Lock Technologies Contact info@elock.com Table of Contents 1 INTRODUCTION 3 2 WHAT ARE ELECTRONIC APPROVALS? 3 3 HOW DO INDIVIDUALS IDENTIFY THEMSELVES IN THE ELECTRONIC WORLD? 3 4 WHAT IS THE TECHNOLOGY
More informationDr. Cunsheng DING HKUST, Hong Kong. Security Protocols. Security Protocols. Cunsheng Ding, HKUST COMP685C
Cunsheng Ding, HKUST Lecture 06: Public-Key Infrastructure Main Topics of this Lecture 1. Digital certificate 2. Certificate authority (CA) 3. Public key infrastructure (PKI) Page 1 Part I: Digital Certificates
More informationThe basic groups of components are described below. Fig X- 1 shows the relationship between components on a network.
Elements of Email Email Components There are a number of software components used to produce, send and transfer email. These components can be broken down as clients or servers, although some components
More informationExpanded Support for Medicaid Health Information Exchanges
Expanded Support for Medicaid Health Information Exchanges Joint Public Health Forum & CDC Nationwide Webinar April 21, 2016 CDC EHR Meaningful Use Webpage-Joint Public Health Forum & CDC Nationwide Webinars
More informationBusiness and Technical Description of Commercial Systems The scope of the technical solution is further described below.
Introduction MaxMD is pleased to provide the Pennsylvania ehealth Partnership Authority (Authority) the Business and Technical Requirements report under the Lab Grant pilot project. We have demonstrated
More informationSSL Overview for Resellers
Web Security Enterprise Security Identity Verification Services Signing Services SSL Overview for Resellers What We ll Cover Understanding SSL SSL Handshake 101 Market Opportunity for SSL Obtaining an
More informationTHE RSA ROOT SIGNING SERVICE Certification Practice Statement For RSA Certificate Authorities (CAs) Published By: RSA Security Inc.
THE RSA ROOT SIGNING SERVICE Certification Practice Statement For RSA Certificate Authorities (CAs) Last Revision Date: June 28, 2007 Version: 3.0 Published By: RSA Security Inc. Copyright 2002-2007 by
More informationSecure Email & File Transfer Practices in Healthcare 2014 / Sponsored by DataMotion
In late 2014, DataMotion conducted its annual survey of more than 700 IT and business professionals across the United States to gain insight into corporate email and file transfer policies. This report
More informationHKUST CA. Certification Practice Statement
HKUST CA Certification Practice Statement IN SUPPORT OF HKUST CA CERTIFICATION SERVICES Version : 2.1 Date : 12 November 2003 Prepared by : Information Technology Services Center Hong Kong University of
More information- X.509 PKI EMAIL SECURITY GATEWAY. Certificate Policy (CP) & Certification Practice Statement (CPS) Edition 1.1
- X.509 PKI EMAIL SECURITY GATEWAY Certificate Policy (CP) & Certification Practice Statement (CPS) Edition 1.1 Commerzbank AG - Page 1 Document control: Title: Description : RFC Schema: Authors: Commerzbank
More informationTHE WALT DISNEY COMPANY PUBLIC KEY INFRASTRUCTURE CERTIFICATE POLICY. July 2011 Version 2.0. Copyright 2006-2011, The Walt Disney Company
THE WALT DISNEY COMPANY PUBLIC KEY INFRASTRUCTURE CERTIFICATE POLICY July 2011 Version 2.0 Copyright 2006-2011, The Walt Disney Company Version Control Version Revision Date Revision Description Revised
More informationDirect Messaging and Individual s Right of Access through Their Personal Health Record
January 30, 2015 To: cc: Re: Ms. Jocelyn Samuels, Director Office for Civil Rights U.S. Department of Health & Human Services 200 Independence Avenue, S.W. Room 509F HHH Bldg. Washington, D.C. 20201 Dr.
More informationDerived credentials. NIST SP 800-63-1 ( 5.3.5) provides for long term derived credentials
Daon your trusted Identity Partner Derived Credentials A Use Case Cathy Tilton Daon 1 February 2012 Derived credentials NIST SP 800-63-1 ( 5.3.5) provides for long term derived credentials Derived credential
More informationVisa Public Key Infrastructure Certificate Policy (CP)
Visa Public Key Infrastructure Certificate Policy (CP) Version 1.7 Effective: 24 January 2013 2010-2013 Visa. All Rights Reserved. Visa Public Important Note on Confidentiality and Copyright The Visa Confidential
More informationFTA Computer Security Workshop. Secure Email
FTA Computer Security Workshop Secure Email March 8, 2007 Stan Wiechert, KDOR IS Security Officer Outline of Presentation The Risks associated with Email Business Constraints Secure Email Features Some
More informationNavigating the Trends in Health Care Today. MEDITECH Solutions for Meaningful Use and Interoperability
Navigating the Trends in Health Care Today MEDITECH Solutions for Meaningful Use and Interoperability Certification Update EHRs Meeting ONC 2014 Standards "There is no such thing as being 'Stage 1 Certified'
More informationHEALTH INFORMATION TECHNOLOGY EXCHANGE OF CONNECTICUT
HEALTH INFORMATION TECHNOLOGY EXCHANGE OF CONNECTICUT POLICY AND PROCEDURE 5 10 15 20 25 30 35 40 Policy Name/Subject: Policy Number: POLICY V1.0 2 Approval Date: 11-21-2011 Effective Date: 11-21- 2011
More informationTeliaSonera Server Certificate Policy and Certification Practice Statement
TeliaSonera Server Certificate Policy and Certification Practice Statement v.1.4 TeliaSonera Server Certificate Policy and Certification Practice Statement CA name Validation OID TeliaSonera Server CA
More informationL@Wtrust Class 3 Registration Authority Charter
Class 3 Registration Authority Charter Version 1.0 applicable from 09 November 2010 Building A, Cambridge Park, 5 Bauhinia Street, Highveld Park, South Africa, 0046 Phone +27 (0)12 676 9240 Fax +27 (0)12
More informationCertificate Policy for. SSL Client & S/MIME Certificates
Certificate Policy for SSL Client & S/MIME Certificates OID: 1.3.159.1.11.1 Copyright Actalis S.p.A. All rights reserved. Via dell Aprica 18 20158 Milano Tel +39-02-68825.1 Fax +39-02-68825.223 www.actalis.it
More informationAlternatives and Enhancements to CAs for a Secure Web
Alternatives and Enhancements to CAs for a Secure Web Ben Wilson Digicert, Inc. - CA/Browser Forum Eran Messeri Google Session Classification: Intermediate Current Web PKI System OS / Browsers have Managed
More informationSymantec Trust Network (STN) Certificate Policy
Symantec Trust Network (STN) Certificate Policy Version 2.8.5 Effective Date: September 8, 2011 Symantec Corporation 350 Ellis Street Mountain View, CA 94043 USA +1 650.527.8000 http//:www.symantec.com
More informationRegistration Practices Statement. Grid Registration Authority Approved December, 2011 Version 1.00
Registration Practices Statement Grid Registration Authority Approved December, 2011 Version 1.00 i TABLE OF CONTENTS 1. Introduction... 1 1.1. Overview... 1 1.2. Document name and Identification... 1
More informationDigiCert. Certificate Policy. DigiCert, Inc. Version 4.03 May 3, 2011
DigiCert Certificate Policy DigiCert, Inc. Version 4.03 May 3, 2011 Suite 200 Canopy Building II 355 South 520 West Lindon, UT 84042 USA Tel: 1 801 877 2100 Fax: 1 801 705 0481 www.digicert.com TABLE OF
More informationSunday March 30, 2014, 9am noon HCCA Conference, San Diego
Meaningful Use as it Relates to HIPAA Compliance Sunday March 30, 2014, 9am noon HCCA Conference, San Diego CLAconnect.com Objectives and Agenda Understand the statutory and regulatory background and purpose
More informationGlob@lCerts. HIPAA: Briefing for Healthcare IT Security Personnel. Market Overview: HIPAA: Privacy Security and Electronic Transaction Standards
Glob@lCerts Market Overview: HIPAA: Briefing for Healthcare IT Security Personnel HIPAA: Privacy Security and Electronic Transaction Standards Introduction: The HIPAA (Healthcare Insurance Portability
More informationThe Direct Project Overview
The Direct Project Overview October 11, 2010 Abstract: The Direct Project specifies a simple, secure, scalable, standards-based way for participants to send authenticated, encrypted health information
More informationAllSeen Summit 2015: IoT: Taking PKI Where No PKI Has Gone Before Presented by: Scott Rea DigiCert Sr. PKI Architect ALLSEEN ALLIANCE
AllSeen Summit 2015: IoT: Taking PKI Where No PKI Has Gone Before Presented by: Scott Rea DigiCert Sr. PKI Architect Agenda Slide Title 3 Trust and PKI 9 Web Security - PKI example 26 Traditional PKI Principles
More informationContents. Identity Assurance (Scott Rea Dartmouth College) IdM Workshop, Brisbane Australia, August 19, 2008
Identity Assurance (Scott Rea Dartmouth College) IdM Workshop, Brisbane Australia, August 19, 2008 Contents Authentication and Identity Assurance The Identity Assurance continuum Plain Password Authentication
More informationNumber of relevant issues
Electronic signature Lecture 8 Number of relevant issues cryptography itself algorithms for signing documents key management generating keys, distribution, key revocation security policy certificates may
More informationWhat s it all about? SAFE-BioPharma Association
What s it all about? SAFE-BioPharma Association Topics! ONC HIT Standards Committee! ASTM Standards 2 SAFE-BioPharma Association ONC HIT Standards Committee! Oct 21 st meeting Security & Privacy Consumer
More informationComodo Certification Practice Statement
Comodo Certification Practice Statement Notice: This CPS should be read in conjunction with the following documents:- * LiteSSL addendum to the Certificate Practice Statement * Proposed Amendments to the
More informationCertificate Policy and Certification Practice Statement CNRS/CNRS-Projets/Datagrid-fr
Certificate Policy and Certification Practice Statement CNRS/CNRS-Projets/Datagrid-fr Version 0.3 August 2002 Online : http://www.urec.cnrs.fr/igc/doc/datagrid-fr.policy.pdf Old versions Version 0.2 :
More informationDirect Project. March 2011
Direct Project March 2011 Agenda» What is Direct?» Why is Direct needed?» How does Direct fit in with other types of exchange?» What are the key issues to think about?» What is needed to implement Direct?»
More informationEntrust Managed Services PKI
Entrust Managed Services PKI Entrust Managed Services PKI Windows Smart Card Logon Configuration Guide Using Web-based applications Document issue: 1.0 Date of Issue: June 2009 Copyright 2009 Entrust.
More informationPublic Key Infrastructure. A Brief Overview by Tim Sigmon
Public Key Infrastructure A Brief Overview by Tim Sigmon May, 2000 Fundamental Security Requirements (all addressed by PKI) X Authentication - verify identity of communicating parties X Access Control
More informationDigital certificates and SSL
Digital certificates and SSL 20 out of 33 rated this helpful Applies to: Exchange Server 2013 Topic Last Modified: 2013-08-26 Secure Sockets Layer (SSL) is a method for securing communications between
More informationRequest for Applications for CareAccord s Electronic Health Record (EHR) Direct Secure Messaging Integration Pilot
Request for Applications for CareAccord s Electronic Health Record (EHR) Direct Secure Messaging Integration Pilot Key Applicant Dates: June 30: Request for Application Release Date July 7: Informational
More informationEquens Certificate Policy
Equens Certificate Policy WebServices and Connectivity Final H.C. van der Wijck 11 March 2015 Classification: Open Version 3.0 Version history Version no. Version date Status Edited by Most important edit(s)
More informationING Public Key Infrastructure Technical Certificate Policy
ING Public Key Infrastructure Technical Certificate Policy Version 5.1 - May 2010 Commissioned by ING PKI Policy Approval Authority (PAA) Additional copies Of this document can be obtained via the ING
More informationMaking Information Exchange Meaningful
Making Information Exchange Meaningful Arizona Rural & Critical Access Hospitals HIT/Quality Workshop Jim Karolewicz Vice President Objectives Provide overview of Cerner s approach to two aspects of stage
More informationEntrust Managed Services PKI. Configuring secure LDAP with Domain Controller digital certificates
Entrust Managed Services Entrust Managed Services PKI Configuring secure LDAP with Domain Controller digital certificates Document issue: 1.0 Date of issue: October 2009 Copyright 2009 Entrust. All rights
More informationThe InCommon Certificate Service FAQ This document subject to change as elements of the program are refined.
The InCommon Certificate Service FAQ InCommon is an LLC of Internet2 October 13, 2010 This document subject to change as elements of the program are refined. 1. What is the InCommon Certificate Program?
More informationFord Motor Company CA Certification Practice Statement
Certification Practice Statement Date: February 21, 2008 Version: 1.0.1 Table of Contents Document History... 1 Acknowledgments... 1 1. Introduction... 2 1.1 Overview... 3 1.2 Ford Motor Company Certificate
More informationDigiCert Certification Practice Statement
DigiCert Certification Practice Statement DigiCert, Inc. Version 2.22 June 01, 2005 333 South 520 West Orem, UT 84042 USA Tel: 1-801-805-1620 Fax: 1-801-705-0481 www.digicert.com 1 General...7 1.1 DigiCert,
More informationElectronic Submission of Medical Documentation (esmd) CDA Digital Signatures. January 8, 2013
Electronic Submission of Medical Documentation (esmd) CDA Digital Signatures January 8, 2013 Wet Signatures Standards and legal standing Standards are based on legal precedence Non-repudiation inherent
More informationehealth Ontario PKI Certification Policy Manual
ehealth Ontario PKI Certification Policy Manual Part One: Concept of Operations Part Two: Certification Policies Version: 1.1 2005 January 25 Document Control Document Identification Title Location: Maintained
More informationIdentity: The Key to the Future of Healthcare
Identity: The Key to the Future of Healthcare Chief Medical Officer Anakam Identity Services July 14, 2011 Why is Health Information Technology Critical? Avoids medical errors. Up to 98,000 avoidable hospital
More informationEskom Registration Authority Charter
REGISTRATION WWW..CO.ZA Eskom Registration Authority Charter Version 2.0 applicable from 20 November 2009 Megawatt Park Maxwell Drive Sunninghill, SOUTH AFRICA, 2157 Phone +27 (0)11 800 8111 Fax +27 (0)11
More informationDjigzo email encryption. Djigzo white paper
Djigzo email encryption Djigzo white paper Copyright 2009-2011, djigzo.com. Introduction Most email is sent as plain text. This means that anyone who can intercept email messages, either in transit or
More informationRSA SECURE WEB ACCESS FOR HEALTHCARE ENVIRONMENTS
RSA SECURE WEB ACCESS FOR HEALTHCARE ENVIRONMENTS Security solutions for patient and provider access AT A GLANCE Healthcare organizations of all sizes are responding to the demands of patients, physicians,
More informationTrustCor Systems S. de R.L. Certification Practice Statement
TrustCor Systems S. de R.L. Certification Practice Statement Version: 1.2.2 This document is PUBLIC Generated on January 25, 2016 at 17:04 UTC. 1 Contents 1. INTRODUCTION 1.1 Overview 1.2 Document name
More informationCenters for Disease Control and Prevention, Public Health Information Network Messaging System (PHINMS)
1 ebxml Case Study 2 3 4 5 Centers for Disease Control and Prevention, Public Health Information Network Messaging System (PHINMS) 4 October 2003 6 7 8 9 10 11 12 13 14 15 16 17 Document identifier: (Word)
More informationPurpose of PKI PUBLIC KEY INFRASTRUCTURE (PKI) Terminology in PKIs. Chain of Certificates
Purpose of PKI PUBLIC KEY INFRASTRUCTURE (PKI) Purpose, Methods, Revocation, PKIX To distribute public keys securely Requires - Certificates and Certification Authorities - Method for retrieving certificates
More informationHow To Understand And Understand The Security Of A Key Infrastructure
Security+ Guide to Network Security Fundamentals, Third Edition Chapter 12 Applying Cryptography Objectives Define digital certificates List the various types of digital certificates and how they are used
More informationCertificate Policy for the United States Patent and Trademark Office November 26, 2013 Version 2.5
Certificate Policy for the United States Patent and Trademark Office November 26, 2013 Prepared by: United States Patent and Trademark Office Public Key Infrastructure Policy Authority This page is intentionally
More informationElectronic Health Record (EHR) Incentive Program. Health Information Technology (HIT) Executive Update
Office of Medical Assistance Programs Electronic Health Record (EHR) Incentive Program Health Information Technology (HIT) Executive Update Medical Assistance HIT Initiative 1 Office of Medical Assistance
More informationPart III-a. Universität Klagenfurt - IWAS Multimedia Kommunikation (VK) M. Euchner; Mai 2001. Siemens AG 2001, ICN M NT
Part III-a Contents Part III-a Public-Key Infrastructure (PKI) Definition of a PKI and PKI components PKI Trust Models Digital Certificate, X.509 Certificate Management and Life Cycle Public Key Infrastructure
More informationDJIGZO EMAIL ENCRYPTION. Djigzo white paper
DJIGZO EMAIL ENCRYPTION Djigzo white paper Copyright 2009-2011, djigzo.com. Introduction Most email is sent as plain text. This means that anyone who can intercept email messages, either in transit or
More informationSecurity Digital Certificate Manager
System i Security Digital Certificate Manager Version 5 Release 4 System i Security Digital Certificate Manager Version 5 Release 4 Note Before using this information and the product it supports, be sure
More informationesign Online Digital Signature Service
esign Online Digital Signature Service Government of India Ministry of Communications and Information Technology Department of Electronics and Information Technology Controller of Certifying Authorities
More informationSecurity Digital Certificate Manager
IBM i Security Digital Certificate Manager 7.1 IBM i Security Digital Certificate Manager 7.1 Note Before using this information and the product it supports, be sure to read the information in Notices,
More informationImplementing Secure Email Solutions for PHI. Ann Geyer Tunitas Group ageyer@tunitas.com 209-754-9130
Implementing Secure Email Solutions for PHI Ann Geyer Tunitas Group ageyer@tunitas.com 209-754-9130 First Observation Secure email infrastructure software deployed to healthcare Early California adopters
More informationTR-GRID CERTIFICATION AUTHORITY
TR-GRID CERTIFICATION AUTHORITY CERTIFICATE POLICY AND CERTIFICATION PRACTICE STATEMENT Version 2.3 May 15, 2014 Table of Contents TABLE OF CONTENTS:... 2 1. INTRODUCTION... 7 1.1 OVERVIEW... 7 1.2 DOCUMENT
More informationAdopting, Implementing or Upgrading to Certified Electronic Health Record Technology & Becoming a Vendor with the State of Idaho
Adopting, Implementing or Upgrading to Certified Electronic Health Record Technology & Becoming a Vendor with the State of Idaho Michele Turbert Program Research and Development Specialist, Division of
More informatione-mudhra CPS e-mudhra CERTIFICATION PRACTICE STATEMENT VERSION 2.1 (emcsl/e-mudhra/doc/cps/2.1) Date of Publication: 11 February 2013
e-mudhra CPS e-mudhra CERTIFICATION PRACTICE STATEMENT VERSION 2.1 (emcsl/e-mudhra/doc/cps/2.1) Date of Publication: 11 February 2013 e-mudhra emudhra Consumer Services Ltd., 3rd Floor, Sai Arcade, Outer
More information