The Office of the National Coordinator for Health IT (ONC) is seeking input into its deliberations about how to enable healthcare providers and other healthcare entities to obtain digital certificates that are compatible with the federal government's security infrastructure.
U.S. government agencies participate in a "federal bridge" that ties together their public key authorities into a single unit. What ONC aims to do is to create digital certificates for private entities that are cross-certified with the federal bridge.
According to CMIO, ONC is soliciting comments on these issues:
- What burdens will providers face to obtain and manage these digital certificates both at an individual and organizational level? How can these burdens be minimized?
- Is there sufficient competition in the marketplace to ensure that providers will have access to best pricing and service?
- What role can health information exchange (HIE) and health information service providers (HISPs) have in providing and maintaining digital certificates for providers and organizations?
- Among the options listed, what are the costs and time requirements for each?
- What is the incremental cost to become a cross-certified certificate authority compared to the cost to become a WebTrust/European Telecommunications Standards Institute-certified Certificate Authority? What factors contribute to the increased cost?
The creation of standard digital certificates is important to the HISPs that will send Direct messages containing clinical data from one healthcare provider to another. Such a certificate would establish the identities of the sender and the receiver.
The Standards & Interoperability Framework and the Certificate Authority Task Force of ONC have done an analysis of the digital certificate issue. That report, along with a security assessment by the "tiger team" of the Health IT Advisory Committee, is available on the S&I Framework wiki.