The SAFE Identity consortium has released a new set of technical standards for digital identities in the healthcare industry. The Certificate Policy was ratified by the Policy Management Authority to advance broader interoperability initiatives.
In that regard, the Certificate Policy will inform the SAFE Identity Trust Framework accreditation program. Once certified, organizations can do business with other accredited organizations knowing that their partners will be observing the same digital identity guidelines. The Framework will reduce risk and administrative costs, since healthcare organizations will no longer need to conduct an exhaustive evaluation of every potential partner.
“People need the ability to own their credential and use their credential between multiple organizations,” explained SAFE Identity Managing Director Kyle Neuman. “Issuing credentials to all entities outside of the enterprise boundary is expensive and does not scale. Assuming an external party is issuing secure credentials to its employees is a misconception that has resulted in numerous compromises. These considerations have gone into the new Trust Framework that can prevent vendor lock, increase credential re-use and increase the adoption of cryptography throughout healthcare.”
SAFE will also be launching several new services to support its Trusted Framework. Most notably, the organization will be lab-testing digital identity applications to make sure those applications meet the necessary technical specifications. Meanwhile, the Bridge Certification Authority and the new directory will help connect identity providers with other organizations that have received SAFE certification.
The Trusted Framework will enable the use of digital identities for digital signatures and identity-based encryption in addition to authentication. It will also inform the development of medical devices, with the Policy Management Authority revealing that it is planning to develop policy guidelines that will allow manufacturers to ship products that are certified out of the box.
The SAFE news comes shortly after Imprivata released its own Digital Identity Framework for healthcare organizations. Before that, an independent auditor determined that Yoti’s digital credentials meet HIPAA’s security and privacy requirements.