1 Exchanging Medical Records Online with Direct Scott Rea, VP GOV/EDU Relations & Sr. PKI Architect, DigiCert, Inc. +1 (801)
2 Exchanging Medical Records Online Table of Contents Slide Title 3 The Direct Project 5 Direct The Technology 9 Direct Entities 13 Direct Implementation 17 Direct Trust Framework 24 Policies and Practices 29 DirectTrust Accreditation 33 Summary 37 Questions 38 Contacts
3 What is the Direct Project? A project to create the set of standards and services that, when coupled with a policy framework, enable simple, directed, routed, scalable transport of medical records and Private Health Information (PHI) over the Internet to be used for secure and meaningful exchange between known participants in support of Electronic Healthcare Records (EHR) meaningful use. Primary goal is that solutions must be scalable, relatively inexpensive, and increase security.
4 The Purpose of Direct Direct exchange is part of a long term national strategy to transition from paper-based to electronic health care records that can be shared more easily to reduce costs and improve the quality of patient care. The Office of the National Coordinator (ONC) within the department of Health and Human Services (HHS) is the lead author and publisher of the Direct standard Direct was also designed to support the goal of health information exchange between providers using electronic health records (EHRs) engaged in Meaningful Use, the Medicare and Medicaid programs that help providers to pay for and meaningfully use EHRs. The Center for Medicare and Medicaid Services (CMS) governs the Inventive Programs for the use of EHRs Direct is also intended as a general means of secure exchange (both directions) between providers and patients.
5 Direct Technology The Direct protocol enables SMIME messages with disposition notification within dedicated healthcare domains Sender and receiver must both have SMIME certificates of which there are 2 types: Direct Address cert is traditional SMIME RFC822name in subjectaltname Direct Organization cert is like SMIME wildcard DNSname (FQDN of mail domain) in SAN
6 Direct Technology Direct Address Direct Addresses are used to route information Look like addresses Used only for health information exchange Endpoint Domain Direct Address An individual may have multiple Direct addresses
7 Direct Technology Digital Certificates Each Direct Address must have at least one X.509v3 digital certificate associated with it Address-bound certificate certificate tied to a specific Direct Address Domain-bound certificate certificate tied to the Domain that is part of a Direct Address Digital certificates are used within Direct to express trust relationships and to secure Direct Messages
8 Direct Technology Security/Trust Agents Security/Trust Agents (STAs) are responsible for securing, routing, and processing Direct Messages STA may be a system under the direct control of an exchange participant STA may be a service offered by an intermediary (i.e., HISP) acting on behalf of an exchange participant STAs employ S/MIME and digital certificates to secure health information in transit 1. Sending STA encrypts Message using recipient s certificate 2. Sending STA signs Message using private key associated with sender s certificate 3. Receiving STA verifies signature of Message using sender s certificate 4. Receiving STA decrypts Message using private key associated with recipient s certificate
9 Direct Entities Certification Authorities and Registration Authorities Registration Authority (RA) Collects information for the purpose of verifying the identity of an individual or organization (i.e., identity proofing) Produces certificate requests based on gathered attributes Certificate Authority (CA) Digitally signs certificate requests Issues digital certificate that ties a public key to the gathered attributes
10 Direct Entities How do STAs relate to RAs and CAs? STAs can relate to RAs and CAs in a number of ways. An STA may Act as RA and CA. STA identity proofs during enrollment and issues certificates as appropriate. Act as RA only. STA identity proofs during enrollment, passing necessary information to an independent CA. CA provides certificate to STA upon issuance. Act as CA only. Independent RA identity proofs during enrollment, passing necessary information to STA, which issues certificates as appropriate. Act as neither CA nor RA. Independent RA identity proofs during enrollment, passing necessary information to independent CA, which provides certificate to STA upon issuance.
11 Direct Entities Health Information Service Provider Direct introduces the concept of a Health Information Service Provider (HISP) The purpose of the HISP is to primarily operate the STA functions on behalf Direct Users The role of a HISP is to alleviate the difficulties of implementing the nuts and bolts of PKI e.g. managing private keys and publishing address to certificate bindings; and those controls required by Direct in addition to standard SMIME e.g. Message Disposition Notices (MDN) Direct can however, be used without a HISP, if an individual wishes manage their own keys and provide the appropriate MDN responses
12 Direct Entities Health Information Service Provider Duties of a HISP: provide subscribers with account and Direct addresses provide web portal or EHR/PHR integration arrange for identity verification - org and individual [RA function] arrange for digital certificate issuance, management [CA function] maintain integrity of trust and security framework stay current with federal policies and regulations
13 Direct Implementation HISP as an Endpoint Sending HISP Security/Trust Agent Server Direct (SMTP / SMIME) Receiving HISP Security/Trust Agent Server SSL/TLS Webmail Webmail SSL/TLS Sender Recipient
14 Direct Implementation HISP as a Gateway Sending HISP Security/Trust Agent Server Direct (SMTP / SMIME) Receiving HISP Security/Trust Agent Server SSL/TLS Endpoint Communication (XDR, SMTP, et al) Endpoint Communication (XDR, SMTP, et al) SSL/TLS Sending System Sender Recipient Receiving System
15 Direct Implementation Direct-Enabled Endpoint Sending System Security/Trust Agent Server Direct (SMTP / SMIME) Receiving System Security/Trust Agent Server Sender Recipient
16 Direct Implementation Direct and EHRs As CMS promotes the adoption of EHRs for better management of PHI, there is one problematic aspect that is introduced: How can the industry avoid the failure of introducing siloed EHRs that have no way of exchanging data with each other A goal of ONC is to utilize Direct to provide a national messaging standard for healthcare Direct enables the interoperability of EHRs by providing that standard Ubiquitous implementation of the Direct protocol should obsolete the use of insecure messaging technologies e.g. Fax, and improve delivery times of others e.g. Mail
17 Direct Trust Framework Security Features The Direct Applicability Statement for Secure Health Transport is the bible for implementing Direct in a standardized way /Applicability%20Statement%20for%20Secure%20Health%20Transport%20v1.1.pdf Traditional information security services involve 3 main aspects CIA: Confidentiality, Integrity, Authentication Standard Direct protocols are designed to only provide message integrity and confidentiality services.
18 Direct Trust Framework Trust governance is deliberately absent from the protocol in terms of who and only generally defined in terms of how However, there must be allowed separate trust polices for incoming vs outgoing messaging With rules governing the underlying PKI however (e.g. an appropriate CP) and a set of best practices for HISPs, it is also possible to achieve the 3 rd security service of authentication through an accreditation process
19 Direct Trust Framework Trust Governance One of the critical components of Direct that has had little definition until recently has been the Trust Governance aspect. When the Direct Project chose to focus on other technologic aspects, members of the Direct community participating in the Direct Project formed an industry consortium to address trust governance DirectTrust.org (DTO) is that consortia and is a membership based nonprofit self-regulatory entity. The goal of DTO is to develop, promote and, as necessary, help enforce the rules and best practices necessary to maintain security and trust within the Direct community, and to foster widespread public confidence in the Directed exchange of health information DTO has created a Direct Trust Agent Accreditation Program (DTAAP) which has now been endorsed by ONC through a cooperation grant for providing accreditation for Direct entities on a national basis DigiCert is a Board member and founding member of DTO
20 Direct Trust DTO DirectTrust Secures End-to-End Direct Protocol Secures HISP-to-HISP Sending HISP Security/Trust Agent Server Direct (SMTP / SMIME) Receiving HISP Security/Trust Agent Server SSL/TLS Webmail Webmail SSL/TLS Sender Recipient
21 Direct Identity, Trust, and Address Provisioning w/hisp Certificate Authority (CA) Identity/Trust Verification Certificate Validation Service Certificate Signing Services Revocation Services Assume has Digital Identity Certificate HCO Representative Healthcare Organization (HCO) 2. Request Direct Organization or Address Certificate 3. Credentials and Documentation Representative FBCA Credentials Representative Authorization Legal Entity Documents Membership/Trust Agreement HIPAA status 1. Enroll with HISP 6. Certificate Signing Request Registration Authority (RA) Compile/Validate Identity and Trust Documentation 4. Direct Organization Domain 5. CSR + Public Key 7. Direct Organization / Address Certificate 8. Direct Organization / Address Certificate Health Information Service Provider (HISP) 9. Direct Address/ Org Certificate The CA and RA enforce the policies specified in the DirectTrust.org and FBCA Certificate Policies (CPs). Domain Name System (DNS) LDAP Name System Source: DirectTrust.org February, 2012
22 DirectTrust.org Accreditation DirectTrust.org Trust Framework: Normalized HISP Operational Policy (HOP) + Certification and Accreditation against it to ensure compliance for technical, policy, practices, and legal sets of rules. HISPs: Policy: Accredited HISP Operational Policy (HOP) Practices: HISP Practices Statement (HPS) Accreditation: Verify HPS maps to HOP, Direct messaging compliance, HIPAA privacy/security attestation, Accredited CA, audit HISP CAs: Policy: Accredited Certificate Policy (CP) Practices: Certification Practices Statement (CPS) Accreditation: Verify CPS maps to Direct CP, certificate & CRL profile compliance, Accredited RA process, audit RAs: Policy: Accredited Registration Policy (RP) or Certificate Policy Practices: Registration Practices Statement (RPS) Accreditation: Verify RPS maps to CPS or RP, audit
23 DirectTrust Trust Framework DTO publishes a CP that CAs and RAs can be accredited against. The CP allows for multiple Levels of Assurance (LoA) Accredited CAs are placed in a trust bundle (the Direct equivalent of a browser certificate trust store) when accredited Direct also allows the use of self signed or non publicly trusted issuing CAs as trust anchors Direct uses a flat trust model where each issuing CA or self signed cert is included in a trust bundle This means chain validation is not required, only checking that any cert ort its issuer is in an accepted trust bundle Which trust bundles to accept is an open question. ONC only endorses DTO at this point
24 CA Policy and Practices The Certificate Policy (CP) & Certification Practice Statement (CPS) is a formal statement that describes who may have certificates, how certificates are generated and what they may be used for. The CP defines the polices that must be adhered to The CPS describes the processes and practices that are used to implement the policies An audit determines: A) Does the CPS implement the CP B) Does the CA operate in accordance with its CPS
25 RA Policy and Practices The CP defines the polices that must be adhered to The Registration Practices Statement (RPS) describes the processes and practices that are used to implement the registration or identity vetting related policies An RPS is a sub-component extract of Registrationspecific activities from the CPS if the CA is also an RA or it is mapped to the CPS if the RA is an external party An audit determines: A) Does the RPS match the CPS B) Does the RA operate in accordance with its CPS
26 HISP Policy and Practices The HISP Operating Policy (HOP) defines the polices that must be adhered to The HISP Practices Statement HPS describes the processes and practices that are used to implement the policies An audit determines: A) Does the HPS implement the HOP B) Does the HISP operate in accordance with its HPS
27 HISP CA RA Relationship Health Information Service Provider (HISP) Direct Identity Services Direct Messaging Services HIPAA Privacy & Security Compliance Direct Directory Services DirectTrust HISP Operational Policy (HOP) HISP Practices Statement DirectTrust Audit CA Agreement SLA Audit Certificate Authority (CA) Identity/Trust Verification Certificate Signing Services Certificate Validation Service Revocation Services FBCA CP Certification Practices Statement DirectTrust CP PKI Audit RA Agreement SLA Audit PKI Audit Registration Practices Statement Registration Authority (RA) Compile/Validate Identity and Trust Documentation Source: DirectTrust.org June, 2012
28 Current DirectTrust Policies DirectTrust has 2 Certificate Policy documents that have been published V1.1 of the DT CP has only a single LoA requires FBCA Medium equivalent Identity vetting processes and CA operations that are a lightweight version of the same V1.2 of the DT CP has 4 LoAs defined matching NIST SP and only requires FBCA Basic equivalent CA operations V1.3 of the DT CP is being developed DirectTrust is currently working on a HISP Operating Policy Existing HISPs are evaluated against DTAAP requirements
29 DirectTrust A National Trust Infrastructure Full Accreditation
30 DirectTrust A National Trust Infrastructure Accreditation In Process
32 DirectTrust A National Trust Infrastructure HISP CA Name CPS URI Cerner CernerDirect Professional Community CA Inpriva ICA Inpriva Direct CE CA Rhode Island Trust Community CA Inpriva ClickID CA https://www.digicert.com/cps RITC Inpriva ClickID CA https://www.digicert.com/cps ICAPROD ICA SUB1 CA CA https://direct.icainformatics.com/resources/ica_cps.pdf Surescripts Surescripts Direct Issuing CA 0Abbreviated.pdf MaxMD MaxMD CA v2.5 DataMotion DigiCert Accredited Direct Med CA https://www.digicert.com/cps EMR Direct phicert Direct Subscriber CA https://www.phicert.com/cps Infomedtrix InfomedtrixCA CPS v1.2.pdf
34 Summary Direct = Secure for PHI data with 3 additional features: Addresses must be in dedicated healthcare domains Message Disposition Notifications (assurance receipts) HISP to ease PKI key management in certifiable secure infrastructures
35 Summary DirectTrust = Direct with end-to-end assurance by securing the last mile (STA to user) Accreditation of HISP, CA, RA (DTAAP) Trust Anchor distribution service National Trust Infrastructure Several HISP, CA, RA entities have already been accredited and many more are in the queue from EHR, HISP, HIE, and CA entities
36 Summary CMS is using the EHR Meaningful Use program to drive adoption of the Direct protocol to interconnect electronic healthcare record systems Health Providers have incentives under MU2 to communicate electronically with their patients, other providers, and government agencies
Direct Secure Messaging: Improving the Secure and Interoperable Exchange of Health Information Within the healthcare industry, the exchange of protected health information (PHI) is governed by regulations
Direct Secure Messaging Communicating in the Healthcare World Andy Nieto, Health IT Strategist, DataMotion Agenda Email and Direct in healthcare, a little history So what is Direct, really Certificates
phicert Direct Certificate Policy and Certification Practices Statement Version 1. 1 Effective Date: March 31, 2014 Copyright 2013-2014 EMR Direct. All rights reserved. [Trademark Notices] phicert is a
EHR Vendor Support for Meaningful Use Stage 2 Certification and Implementation Direct Basics & Transitions of Care February 19, 2013 2:00 PM EST Initial Curriculum Topics Today s Session is focused on:
FernUniversität in Hagen: Certification Authority (CA) Certification Practice Statement VERSION 1.1 Ralph Knoche 18.12.2009 Contents 1. Introduction... 4 1.1. Overview... 4 1.2. Scope of the Certification
Demystifying Direct Messaging Orion Health Whitepaper Author: Paul de Bazin, Integration Portfolio Manager Table of Contents 1! Introduction... 3! 2! Background... 3! 2.1! Standard Use Cases... 3! 3! Direct
De-Mail A reliable and secure online communication platform Armin Wappenschmidt (secunet) More information: www.de-mail.de 1 Agenda Overview of De-Mail Implementation aspects Current status and outlook
Practical Guidance to Implement Meaningful Use Stage 2 1. Introduction Association Standards and Interoperability Workgroup Meaningful Use (MU) Stage 2 introduces three transport standards for use in healthcare
Bugzilla ID: Bugzilla Summary: CAs wishing to have their certificates included in Mozilla products must 1) Comply with the requirements of the Mozilla CA certificate policy (http://www.mozilla.org/projects/security/certs/policy/)
PKI Tutorial Jim Kleinsteiber February 6, 2002 Page 1 Outline Public Key Cryptography Refresher Course Public / Private Key Pair Public-Key Is it really yours? Digital Certificate Certificate Authority
DIRECT Messaging: The Future of Communication Between Healthcare Providers Presented by: Greg Anderson, CEO Agenda What is DIRECT and why do I care? You ve convinced me. How do I enroll? How do I set up
The Direct Project Reference Implementation Architecture 1 NwHIN Direct Approach Develop specifications for a secure, scalable, standardsbased way to establish universal health addressing and transport
Arizona Health Information Exchange Marketplace Requirements and Specifications Health Information Service Provider (HISP) Table of Contents Table of Contents... 1 Introduction... 2 Purpose... 3 Scope...
BEYOND MEANINGFUL USE The Business Case for Using Directed Exchange for Release of Information YOUR HIM EDGE WHITEPAPER YOUR HIM EDGE Abstract. For the most part, prevailing healthcare data exchange discussion
Federal CIO Council Information Security and Identity Management Committee Identity, Credential, and Access Management Understanding the differences in PIV, PIV-I, PIV-C August 23, 2010 Tim Baldridge AWG
Direct Messaging February 28, 2014 2 Agenda Direct 101 (p. 3) o o o o o o Definition Safeguarding PHI Identifying the need for Direct Solution to achieving MU2 Measures Direct Use Cases Basic Direct workflow
Motivation: Public Key Infrastructure 1. Numerous people buy/sell over the internet hard to manage security of all possible pairs of connections with secret keys 2. US government subject to the Government
COMPANY INFO 1 (23) Ericsson Group Certificate Value Statement - 2013 COMPANY INFO 2 (23) Contents 1 Ericsson Certificate Value Statement... 3 2 Introduction... 3 2.1 Overview... 3 3 Contact information...
TABLE OF CONTENTS INTRODUCTION USE CASES FOR CONVERSION BETWEEN DIRECT AND XDR Conversion from Direct SMTP+S/MIME Messages to XDR Conversion from XDR to SMTP+S/MIME Data Transmission between two EHRS that
DigiCert: Trusted Business for the Enterprise and Its Customers A leading online trust provider, DigiCert offers multiple products to suit the security needs of enterprises within the finance, healthcare,
SYMANTEC NON-FEDERAL SHARED SERVICE PROVIDER PKI SERVICE DESCRIPTION I. DEFINITIONS For the purpose of this Service Description, capitalized terms have the meaning defined herein. All other capitalized
PKI: Public Key Infrastructure What is it, and why should I care? Conference on Higher Education Computing in Kansas June 3, 2004 Wes Hubert Information Services The University of Kansas Why? PKI adoption
ESnet SSL CA service Certificate Policy And Certification Practice Statement Version 1.0 June 30, 2004 Table of Contents Table of Contents...2 1 Introduction...3 1.1 Overview...3 1.1.1 General Definitions...4
Expanded Support for Medicaid Health Information Exchanges Joint Public Health Forum & CDC Nationwide Webinar April 21, 2016 CDC EHR Meaningful Use Webpage-Joint Public Health Forum & CDC Nationwide Webinars
Daon your trusted Identity Partner Derived Credentials A Use Case Cathy Tilton Daon 1 February 2012 Derived credentials NIST SP 800-63-1 ( 5.3.5) provides for long term derived credentials Derived credential
North Dakota Health Information Network Health Information Exchange Implementation Phased Implementation Phase 1 Implement Direct Project Phase 2 Implement more robust exchange of data in a test environment
SwissSign Certificate Policy and Certification Practice Statement for Gold Certificates Version March 2004 Version 2004-03 SwissSign Gold CP/CPS Page 1 of 66 Table of Contents 1. INTRODUCTION...9 1.1 Overview...
In late 2014, DataMotion conducted its annual survey of more than 700 IT and business professionals across the United States to gain insight into corporate email and file transfer policies. This report
January 30, 2015 To: cc: Re: Ms. Jocelyn Samuels, Director Office for Civil Rights U.S. Department of Health & Human Services 200 Independence Avenue, S.W. Room 509F HHH Bldg. Washington, D.C. 20201 Dr.
Internal Server Names and IP Address Requirements for SSL: Guidance on the Deprecation of Internal Server Names and Reserved IP Addresses provided by the CA/Browser Forum June 2012, Version 1.0 Introduction
HKUST CA Certification Practice Statement IN SUPPORT OF HKUST CA CERTIFICATION SERVICES Version : 2.1 Date : 12 November 2003 Prepared by : Information Technology Services Center Hong Kong University of
Cunsheng Ding, HKUST Lecture 06: Public-Key Infrastructure Main Topics of this Lecture 1. Digital certificate 2. Certificate authority (CA) 3. Public key infrastructure (PKI) Page 1 Part I: Digital Certificates
Welcome to the AHRQ Medicaid and CHIP TA Webinar Tuesday, May 15, 2012, 3:00 4:30 p.m. Eastern Medicaid and Health Information Exchange: The potential role of Direct Exchange Presented by: John Hall, Krysora,
Introduction MaxMD is pleased to provide the Pennsylvania ehealth Partnership Authority (Authority) the Business and Technical Requirements report under the Lab Grant pilot project. We have demonstrated
Navigating the Trends in Health Care Today MEDITECH Solutions for Meaningful Use and Interoperability Certification Update EHRs Meeting ONC 2014 Standards "There is no such thing as being 'Stage 1 Certified'
Meaningful Use as it Relates to HIPAA Compliance Sunday March 30, 2014, 9am noon HCCA Conference, San Diego CLAconnect.com Objectives and Agenda Understand the statutory and regulatory background and purpose
Visa Public Key Infrastructure Certificate Policy (CP) Version 1.7 Effective: 24 January 2013 2010-2013 Visa. All Rights Reserved. Visa Public Important Note on Confidentiality and Copyright The Visa Confidential
THE RSA ROOT SIGNING SERVICE Certification Practice Statement For RSA Certificate Authorities (CAs) Last Revision Date: June 28, 2007 Version: 3.0 Published By: RSA Security Inc. Copyright 2002-2007 by
Making Information Exchange Meaningful Arizona Rural & Critical Access Hospitals HIT/Quality Workshop Jim Karolewicz Vice President Objectives Provide overview of Cerner s approach to two aspects of stage
Certificate Policy for SSL Client & S/MIME Certificates OID: 22.214.171.124.11.1 Copyright Actalis S.p.A. All rights reserved. Via dell Aprica 18 20158 Milano Tel +39-02-68825.1 Fax +39-02-68825.223 www.actalis.it
E-Lock Technologies Contact email@example.com Table of Contents 1 INTRODUCTION 3 2 WHAT ARE ELECTRONIC APPROVALS? 3 3 HOW DO INDIVIDUALS IDENTIFY THEMSELVES IN THE ELECTRONIC WORLD? 3 4 WHAT IS THE TECHNOLOGY
THE WALT DISNEY COMPANY PUBLIC KEY INFRASTRUCTURE CERTIFICATE POLICY July 2011 Version 2.0 Copyright 2006-2011, The Walt Disney Company Version Control Version Revision Date Revision Description Revised
Elements of Email Email Components There are a number of software components used to produce, send and transfer email. These components can be broken down as clients or servers, although some components
Electronic Submission of Medical Documentation (esmd) CDA Digital Signatures January 8, 2013 Wet Signatures Standards and legal standing Standards are based on legal precedence Non-repudiation inherent
Class 3 Registration Authority Charter Version 1.0 applicable from 09 November 2010 Building A, Cambridge Park, 5 Bauhinia Street, Highveld Park, South Africa, 0046 Phone +27 (0)12 676 9240 Fax +27 (0)12
RSA SECURE WEB ACCESS FOR HEALTHCARE ENVIRONMENTS Security solutions for patient and provider access AT A GLANCE Healthcare organizations of all sizes are responding to the demands of patients, physicians,
Alternatives and Enhancements to CAs for a Secure Web Ben Wilson Digicert, Inc. - CA/Browser Forum Eran Messeri Google Session Classification: Intermediate Current Web PKI System OS / Browsers have Managed
FTA Computer Security Workshop Secure Email March 8, 2007 Stan Wiechert, KDOR IS Security Officer Outline of Presentation The Risks associated with Email Business Constraints Secure Email Features Some
Identity: The Key to the Future of Healthcare Chief Medical Officer Anakam Identity Services July 14, 2011 Why is Health Information Technology Critical? Avoids medical errors. Up to 98,000 avoidable hospital
DigiCert Certificate Policy DigiCert, Inc. Version 4.03 May 3, 2011 Suite 200 Canopy Building II 355 South 520 West Lindon, UT 84042 USA Tel: 1 801 877 2100 Fax: 1 801 705 0481 www.digicert.com TABLE OF
Comodo Certification Practice Statement Notice: This CPS should be read in conjunction with the following documents:- * LiteSSL addendum to the Certificate Practice Statement * Proposed Amendments to the
What s it all about? SAFE-BioPharma Association Topics! ONC HIT Standards Committee! ASTM Standards 2 SAFE-BioPharma Association ONC HIT Standards Committee! Oct 21 st meeting Security & Privacy Consumer
Ohio Health Information Partnership/CliniSync HIE Cathy Costello, JD Regional Extension Center/MU firstname.lastname@example.org Andrea Perry, MPA Privacy Officer email@example.com 63 Ohio s HIE Landscape
Public Key Infrastructure Overview Dr. Arjan Durresi Louisiana State University Baton Rouge, LA 70810 Durresi@csc.lsu.Edu These slides are available at: http://www.csc.lsu.edu/~durresi/csc4601-07/ Public
ehealth Ontario PKI Certification Policy Manual Part One: Concept of Operations Part Two: Certification Policies Version: 1.1 2005 January 25 Document Control Document Identification Title Location: Maintained
Equens Certificate Policy WebServices and Connectivity Final H.C. van der Wijck 11 March 2015 Classification: Open Version 3.0 Version history Version no. Version date Status Edited by Most important edit(s)
AllSeen Summit 2015: IoT: Taking PKI Where No PKI Has Gone Before Presented by: Scott Rea DigiCert Sr. PKI Architect Agenda Slide Title 3 Trust and PKI 9 Web Security - PKI example 26 Traditional PKI Principles
NATIONAL HEALTH POLICY FORUM January 2010 TAKE 1: OVERY ACT FUNDING FLOWS Funding Source Program Distribution Agency Funding Use Fund Recipients / Beneficiaries Entitlement Funds Appropriated Funds Medicare
Expanded Support for Medicaid Health Information Exchanges Thomas Novak Medicaid Interoperability Lead Office of Policy Office of the National Coordinator for Health IT Medicaid Data & Systems Group Centers
Request for Applications for CareAccord s Electronic Health Record (EHR) Direct Secure Messaging Integration Pilot Key Applicant Dates: June 30: Request for Application Release Date July 7: Informational
esign Online Digital Signature Service Government of India Ministry of Communications and Information Technology Department of Electronics and Information Technology Controller of Certifying Authorities
Certification Practice Statement Date: February 21, 2008 Version: 1.0.1 Table of Contents Document History... 1 Acknowledgments... 1 1. Introduction... 2 1.1 Overview... 3 1.2 Ford Motor Company Certificate
Office of Medical Assistance Programs Electronic Health Record (EHR) Incentive Program Health Information Technology (HIT) Executive Update Medical Assistance HIT Initiative 1 Office of Medical Assistance
Direct Project March 2011 Agenda» What is Direct?» Why is Direct needed?» How does Direct fit in with other types of exchange?» What are the key issues to think about?» What is needed to implement Direct?»
Certificate Policy for the United States Patent and Trademark Office November 26, 2013 Prepared by: United States Patent and Trademark Office Public Key Infrastructure Policy Authority This page is intentionally
National Identity Exchange Federation (NIEF) Trustmark Signing Certificate Policy Version 1.1 February 2, 2016 Copyright 2016, Georgia Tech Research Institute Table of Contents TABLE OF CONTENTS I 1 INTRODUCTION
Click to edit Master title style Decrypting the Security Risk Assessment (SRA) Requirement for Meaningful Use Andy Petrovich, MHSA, MPH M-CEITA / Altarum Institute April 8, 2015 4/8/2015 1 1 Who is M-CEITA?
The Direct Project Implementation Guide for Direct Project Trust Bundle Distribution Version 1.0 14 March 2013 Version 1.0, 14 March 2013 Page 1 of 14 Contents Change Control... 3 Status of this Guide...
Document history Version Date Remarks 1.0 19-05-2011 finalized 1.01 15-11-2012 URL updated after web page restructuring. 2 Table of Contents 1. Introduction... 4 2. Policy administration... 4 2.1 Overview...
DigiCert Certification Practice Statement DigiCert, Inc. Version 2.22 June 01, 2005 333 South 520 West Orem, UT 84042 USA Tel: 1-801-805-1620 Fax: 1-801-705-0481 www.digicert.com 1 General...7 1.1 DigiCert,
Adopting, Implementing or Upgrading to Certified Electronic Health Record Technology & Becoming a Vendor with the State of Idaho Michele Turbert Program Research and Development Specialist, Division of
Security+ Guide to Network Security Fundamentals, Third Edition Chapter 12 Applying Cryptography Objectives Define digital certificates List the various types of digital certificates and how they are used
REGISTRATION AUTHORITY (RA) POLICY Registration Authority (RA) Fulfillment Characteristics SECURITY DATA SEGURIDAD EN DATOS Y FIRMA DIGITAL, S.A. INDEX Contenido 1. LEGAL FRAMEWORK... 4 1.1. Legal Base...
VeriSign Trust Network Certificate Policies Version 2.8.1 Effective Date: February 1, 2009 VeriSign, Inc. 487 E. Middlefield Road Mountain View, CA 94043 USA +1 650.961.7500 http//:www.verisign.com - 1-