New Direct Implementation Guide Will Support Interoperability
Today, ONC is releasing Direct Implementation Guidelines for Assuring Security and Interoperability, recommending a common set of policies and practices to ensure Direct is being implemented in a way that will support vendor-to-vendor exchange and interoperability across geographic, organizational and vendor-related boundaries.
The Direct Project specifications offer a universal exchange mechanism for Meaningful Use Stage 2 to support care coordination among providers and with patients.
The new guidelines reflect the results of consensus reached by Direct Project community participants at an open forum we held last November. Alignment with these guidelines will help Direct implementers across the country overcome policy and implementation differences that have limited cross-vendor and cross-community exchange to date.
ONC Guidelines identify a consensus policy and business practices for Direct implementers
More specifically, the guidelines provide direction to developers in areas such as:
- Using NIST Level of Assurance 3 requirements to verify the identity of organizations and/or individuals before issuing Direct addresses
- Following Federal Bridge Certification Authority (FBCA) Basic (or equivalent) policies and practices for all certificate issuance and management matters beyond identity verification
- Following the Implementation Guide for Direct Project Trust Bundle Distribution v1.0, which provides a common and automated mechanism for exchanging trust anchors between HISPs
- Authentication and encryption of edge protocols
We encourage all Direct implementers to adopt these guidelines. The guidelines will give providers and their data trading partners confidence that Direct is being implemented in a manner that supports privacy, security and interoperability. The guidelines complement, but do not change, the Direct technical specification.
DirectTrust will incorporate ONC’s Direct implementation guidelines into accreditation process
Last month, ONC awarded an Exemplar Governance cooperative agreement to DirectTrust, a governance organization that creates policy and business processes and practices for Direct exchange. DirectTrust will incorporate these guidelines into their accreditation process, assuring a common policy baseline and reducing the need for peer-to-peer agreements among Direct implementers.
Are you implementing Direct?
If you implement Direct or supporting systems:
- Follow the policies and implementation guidance in the Direct Implementation Guidelines for Assuring Security and Interoperability.
- Get accredited by DirectTrust and add your trust anchor to its trust bundle to ensure the providers using your services are able to exchange information when and where needed, including across HISP, vendor and organizational boundaries.
- Participate in the Direct Project community to stay involved in developments related to the Direct technical specification and engage in Direct implementation discussion with the broad community.
If you are using Direct to exchange with other providers:
- Ask that your vendor or service provider adopt the guidelines and participate in DirectTrust accreditation.
Please leave any comments or questions about Direct implementation below.