Scalable Trust Community Framework STCF

(01/07/2013)

What Issues are We Trying to Solve?

• Current Direct deployments are “islands of exchange” limited to single HISPs or supported by HISP to HISP business agreements

• What’s the problem? Don’t know which HISPs to trust

• This is an urgent issue as the current deployment model does not support our goals of ubiquitous directed exchange to meet stage two of meaningful use

• Common expectations about user authentication, types of certificates to be used and mechanisms for sharing trust bundles/white lists will support scalable trust

• Trust communities have emerged to address these issues, urge adoption of solutions across participants and avoid the need for peer to peer agreements

• If these trust communities place different requirements on HISPs, healthcare providers and/or their patients may still find it difficult to engage in secure, directed health information exchange

Note: Providers and patients will still need ways to establish ad hoc trust. This capability is needed for EHR certification and to support VDT.

- 2 -

Principles

• Supports ubiquitous directed exchange

• Can reach widespread implementation in 6-12 months Feasible with available resources Scalable and easy (enough) to implement

• Keep it simple Minimum necessary and nothing less Don’t let the perfect be the enemy of the good enough Go for 80 percent everyone can agree on

- 3 -

Ground Rules

• We ARE building from the policy guidance released by ONC for use by State Health Information Exchange grantees

• Acknowledging areas of broad consensus between Direct ecosystem participants

• Focusing conversation / energy on areas where consensus has not yet formed

• We ARE attempting to understand how to best enable end-users to engage in directed information exchange

• This implies striking an appropriate balance between ease of use in enabling exchange (i.e., “establishing trust”) and ensuring adequate privacy and security safeguards

• Other transport mechanisms will be used by providers and vendors to

support diverse health information exchange use cases and needs. This meeting will focus on the specific opportunities and challenges around creating scalable trust for Direct

- 4 -

What is Scalable Trust?

An efficient means of enabling Direct exchange between participants on disparate HISPs. Fundamentally, it is predicated on two things:

• Common trust frameworks / policies

• Technical mechanisms to automate trust between framework participants

- 5 -

Scalable Trust in “Three Easy Steps”

1. Trust Umbrella Organization defines requirements for participation

2. Trust Umbrella Organization enrolls/accredits/certifies entities to be included in an Trust Anchor Bundle

3. Trust Umbrella Organization enables mechanism for electronic distribution of Trust Anchor Bundle to all members

- 6 -

Example of Scalable Trust Model

Trust Organization

HISP BHISP AProvider AProvider B

Centralized Trust Anchor Bundle Store

- 7 -

Example of Scalable Trust Model: New HISP Joins Trust Organization

HISP BHISP AProvider AProvider B

Centralized Trust Anchor Bundle Store

HISP CProvider C

- 8 -

Trust Organization

Example of Scalable Trust Model: Peer-to-Peer Reciprocity

Trust Organization A

HISP BHISP A

Centralized Trust Anchor Bundle Store

Trust Organization B

HISP DHISP C

Centralized Trust Anchor Bundle Store

- 9 -

This is the aim of this meeting: working toward sufficient alignment—while allowing for differences—to enable widespread interoperability

Business Practices/Requirements That Could Reduce the Need for HISP to HISP Agreements

- 10 -

• Needing peer to peer agreements between all HISPs is not a scalable approach to support ubiquitous directed exchange

• What other business practices, requirements or policies must be addressed to obviate the need for one-off HISP-to-HISP agreements for Direct message exchange?

• Some examples to consider:

• Should trust communities also require common operational characteristics for participating HISPs (e.g., service availability?)

• Should participation within a trust community imply unfettered Direct message exchange between all members of the community (i.e., a form of “network neutrality”)?

• Should HISPs participating in trust communities agree not to charge fees for basic send and receive functions from other HISPs?

Key Takeaways – Day 1

• HISP-to-HISP interoperability is vital, yet remains a challenge.

• Trust umbrella organizations (i.e., trust communities) represent one viable and valuable path toward achieving ‘scalable trust’.

• LOA3 Identity Verification / FBCA Basic (or equivalent) processes are an appropriate/acceptable baseline for certificate issuance / management.

• Implementations based on a single, HISP-wide certificate are not acceptable.

• There is general consensus around the State HIE Program’s HISP operating guidelines. Additional detail/specification is needed in a few areas (e.g., issue of use/re-use of data by HISPs/HIEs).

• Group should work together to conduct pilots to establish a common mechanism for trust anchor bundle exchange.

• Defining a ‘glide path’ (interim steps) and education are important next steps.

- 11 -

Key Takeaways – Day 2

• The risk management and legal community must be educated in order to establish any form of accreditation.

• It’s not just the wires that need agreements, it’s the disclosers that need them as well.

• A common “package” of elements to avoid HISP-to-HISP agreements may include:

• BAA HISP Provider• Dispute resolution among HISPs• Explicit transparent accreditation • Clarification on breach/safe harbor• Auditing/enforcement by accrediting body• Federated trust agreement

• Group needs to manage expectations during this process; especially, acknowledge that everyone will not agree to participate right away.

- 12 -

STCF – Escalator

- 13 -

Trusted Transport

HIPAA Only

HIPAA Plus States

Local Policy Requirements

Something to avoid…

- 14 -