RESTON, V.a. – Nov. 10, 2020 – SAFE Identity and its healthcare industry-led Policy Management Authority (PMA) have achieved a major milestone in their effort to enable a standards-based, interoperable Trust Framework for digital identities across all stakeholders in the highly distributed healthcare industry.
Today, the healthcare industry consortium and certification body announced it has published the new SAFE Identity Certificate Policy. Carefully curated and ratified by industry consensus through the PMA, the Certificate Policy is a set of technical specifications, interoperability criteria, compliance guidelines and liability rules that govern the SAFE Identity Trust Framework.
A Strategy for the Future of Digital Identity
The SAFE Identity Trust Framework is an accreditation program for identity providers and offers healthcare organizations a strategy for collaborating with vendors and partners externally, where each vendor or partner uses credentials that have been certified under the Trust Framework. Healthcare organizations can rely on the accreditation programs that the SAFE Identity Trust Framework offers, thereby eliminating the need for configuring system-to-system federations with external parties and mitigating many of the risks and costs inherent in relying on external identity credentials.
SAFE offers an open, standards-only and product-agnostic approach to relying on external identity credentials without requiring a healthcare organization to take on the burden of evaluating the issuance practices of each external identity provider themselves. SAFE Identity is also developing procurement guidance that helps healthcare organizations implement the Trust Framework within their supply chains.
“We’ve re-envisioned the way identity will work between organizations in the future by learning from the lessons of our past,” said Kyle Neuman, managing director of SAFE Identity. “We know that people and devices need the ability to own their credential and use their credential between multiple organizations. We know that issuing credentials to all entities outside of the enterprise boundary is expensive and does not scale. We know that assuming an external party is issuing secure credentials to its employees due to the party’s own interest in securing their systems is a misconception that has resulted in numerous compromises. Lastly, we know that federating identities was last decade’s achievement, and that federating trust will be the challenge to overcome this decade. All of these considerations have gone into designing the new SAFE Identity Trust Framework that any organization can rely on to prevent vendor lock, increase credential re-use and increase the adoption of cryptography throughout healthcare.”
Services that Move the Needle
To help support SAFE’s approach to federating trust behind identity credentials, the certification body is bringing to bear a number of services to help enable the Trust Framework and make it easier for healthcare organizations to rely on. These services include lab-testing of applications to ensure conformance and interoperability with the most common standards in cryptography, a Bridge Certification Authority which cryptographically connects commercial and enterprise identity providers together as part of a global ecosystem, and a directory to enable encryption between organizations using SAFE Certified digital certificates.
To round out the strategy healthcare organizations can leverage, the Trust Framework supports the consolidation of identity use cases across the industry. When many organizations hear the term “identity” they naturally think “authentication.” While authentication is a very common use case for identity, it only makes up 33% of the ways in which a digital identity can be employed. The SAFE Identity Trust Framework supports all identity use cases to include authentication as well as legally binding digital signatures and identity-based encryption. This consolidated approach offers healthcare organizations the ability to use the same uniform standards in identity across all vectors of collaboration with external parties thereby ensuring a consistent level of measurable risk for all use cases.
The industry-led Policy Management Authority and associated working groups will soon start modernizing the SAFE Certificate policy around device identities with the goal of enabling medical device manufacturers the ability to ship medical devices with “birth certificates” on the device from the factory. The goal is for medical device manufacturer birth certificates to be relied upon out of the box by healthcare providers, labs, research centers and other consumers of medical devices.
Putting the SAFE Trust Framework to Work in Healthcare
To help healthcare organizations, their partners and technology providers better understand some of the most important ways to put the SAFE Identity Trust Framework to work, SAFE created a series of executive briefs that are available online.
- Securing the Healthcare Supply Chain – Explores how SAFE Certified Credentials can establish trust in the supply chain in a secure, cost-effective, cryptographically backed way.
- Cross-Certifying with SAFE Identity – Describes the benefits of cross-certifying with the SAFE Bridge, demonstrated by common use cases supported by federating trust between healthcare participants.
- The SAFE Qualified Products List (QPL): Buy Smart, Buy SAFE – Outlines how to use the SAFE QPL to purchase digital signature software, single sign-on gateways and other identity related systems and products that are secure, lab-tested and satisfy meaningful business cases in support of external collaboration.
- The SAFE Qualified Products List (QPL): Access to the Healthcare Market – Designed to help vendors better understand the SAFE QPL, the advantages to applying for listing and how testing is conducted.
More information about SAFE Identity is available at makeidentitysafe.com.
About SAFE Identity
SAFE Identity is an industry consortium and certification body that provides an ecosystem for identity assurance in the healthcare sector to enable trust, security and user convenience. It reduces risk and assures the integrity of identities and data in virtual clinical trials, medical devices and trusted data exchange in healthcare supply chains.