A federal standards work group on privacy and security of health information is recommending that the government develop a set of policies on how to certify organizations that will issue “digital certificates” to identify users of the federally developed Direct Project exchange profile.
Policies on digital certificates urged
The federally chartered Health Information Technology Standards Committee's privacy and security work group presented the recommendation to the committee this morning in the form of a letter to Dr. Farzad Mostashari, head of the Office of the National Coordinator for Health Information Technology at HHS. Mostashari is chairman of the Health IT Policy Committee. Both committees were created by the American Recovery and Reinvestment Act of 2009 to advise the ONC in their respective areas of expertise.
The work group envisions that organizations called Certificate Authorities will issue digital certificates to identify providers and other participants in health information exchange but noted the “current lack of policy and governance around establishing the trustworthiness of CAs that issue digital certificates for direct exchanges.” Such policy, according to the work group, “should define a minimum level of trustworthiness for CAs.”
The Direct Project is a collaboration between the government and the private sector to develop a way to facilitate electronic peer-to-peer communications, such as the sending of a referral letter from a primary-care physician to a specialist.
Send us a letter
Have an opinion about this story? Click here to submit a Letter to the Editor, and we may publish it in print.