Direct Scalable Trust Forum Agenda
October 31 – November 1, 2012
Convened by Deloitte Consulting on Behalf of the Office of the National Coordinator for Health IT
Problem Statement




In Stage 2 of Meaningful Use, providers will use Certified Electronic Health Record Technology
(CEHRT) to send and receive Direct messages to support transitions in care and sharing
information with patients.
While there may be multiple ways to “establish trust” between senders and receivers of Direct
messages in the future, current practice has focused on giving Direct users access to bundles of
trust anchors or white lists to ease implementation burdens and improve the workflow of using
Direct.
Because this approach requires trust bundles/white lists to be shared across HISPs in order for
users to exchange messages beyond a single Direct implementation, stakeholders have
formed—and continue to form—trust communities that seek to ensure common standards and
practices across participating entities, thereby facilitating the sharing of trust bundles/white
lists while avoiding the need for peer to peer agreements.
Yet, as these different trust communities may place different and (potentially) incompatible
requirements on HISPs, healthcare providers and/or their patients may still find it difficult to
engage in secure, directed health information exchange with one another.
Meeting Purpose


Encourage the adoption of common policies and practices that, to the extent possible, can be
adopted across trust communities to facilitate secure, directed exchange.
Encourage the adoption of a common technical mechanism for distributing trust anchors within
and, to the extent possible, between trust communities.
Framing for Meeting



We’re not re-litigating the Direct specification.
o Single certificate to be used for signing and encrypting in the transport of data
o Address-bound and domain-bound certificates are equally valid
We’re not re-litigating architectures / deployment models for Direct.
o Locally or remotely hosted STAs (and any associated infrastructure) are equally valid
o Provider or 3rd party managed STAs (and any associated infrastructure) are equally
valid.
We are building from the policy guidance released by ONC for use by State Health Information
Exchange grantees.
1

We are attempting to understand how to best enable end-users to engage in directed
information exchange.
o This implies striking an appropriate balance between ease of use in enabling exchange
(i.e., “establishing trust”) and ensuring adequate privacy and security safeguards.
o Other transport mechanisms will be used by providers and vendors to support diverse
health information exchange use cases and needs. This meeting will focus on the
specific opportunities and challenges around creating scalable trust for Direct.
2
Day #1 Agenda
Day 1 – October 31, 2012 9:00 AM – 5:30 PM
9:00 AM – 9:15 AM
Welcome
Farzad Mostashari, National Coordinator for Health Information Technology
9:15 AM – 9:30 AM
Putting “Scalable Trust without Governance” in Context
Claudia Williams, State HIE Program Director
9:15 AM – 9:30 AM
Agenda, Ground Rules, and “What Do We Mean By Scalable Trust?”
Paul Tuten, Senior Consultant, Contractor to State HIE Program
9:30 AM – 10:30 AM
Overview of Direct-focused Trust Frameworks / Efforts



10:30 AM – 10:45 AM
10:45 AM – 12:15 PM
12:15 PM – 1:30 PM
1:30 PM – 3:30 PM
3:30 PM – 3:45 PM
3:45 PM – 5:15 PM
5:15 PM – 5:30 PM
6:30 PM
DirectTrust – David Kibbe, President & CEO, DirectTrust.org
Western States – Aaron Seib, Founder & President, 2311
NSTIC Pilot (Gorge Health Connect / San Diego Beacon) – Brian Ahier, President
Gorge Health Connect, Inc.
Break
HISP Privacy & Security Safeguards / Operating Policies
Paul Tuten and John Feikema, S&I Framework Coordinator
Break for Lunch
Identity Verification and Certificate Issuance
John Hall, Direct Project Coordinator and Debbie Bucci, Security Adviser, ONC
Break
Trust Anchor Distribution Mechanisms
Paul Tuten and John Hall
Closing Remarks for the Day
**OPTIONAL**
Social Event – Location TBD
Day #2 Agenda
Day 2 – November 1, 2012 8:00 AM – 12:00 PM
On Day 2, participants are invited to discuss Direct trust-related topics that are most relevant and critical to their
communities and stakeholders. Topics can build on those discussed on Day 1, or participants can introduce new
topics. Several selected topics will be convened simultaneously, with each session lasting 50 minutes.
8:00 AM – 8:15 AM
“Open Space” Meeting Set up and Ground Rules Discussion
Erica Galvez, State HIE Community of Practice Director, ONC
8:15 AM – 9:05 AM
Breakout Session # 1
9:05 AM – 9:55 AM
Breakout Session # 2
9:55 AM – 10:10 AM
Break
10:10 AM – 11:00 AM Breakout Session # 3
11:00 AM – 12:00 PM
Recap, Next Steps, and Concluding Remarks
Claudia Williams
12:00 PM – 5:00 PM
**OPTIONAL**
Room 800 has been reserved until 5 PM ET to host any additional conversations participants
want to have with their peers. We encourage you to use this valuable in-person time to
continue discussions from the last 1.5 days or start new conversations with each other.
3