With a high concentration of sensitive personal data that is digitally transferred between doctors, insurance providers, pharmacies and more, the healthcare industry is one area of opportunity for the effective implementation of new digital identity solutions in order to ensure end-to-end security.

Earlier this week, healthcare industry consortium and certification body SAFE Identity announced the publication of the SAFE Identity Certificate Policy, a new policy detailing a set of technical specifications, interoperability criteria, compliance guidelines and liability rules that govern the SAFE Identity Trust Framework. This release marks a major standards milestone for the company as they participate in a cross-industry effort to complete interoperable trust frameworks for the implementation of digital identity in the healthcare sector.

This milestone was achieved in partnership with the Policy Management Authority (PMA), a committee of technology and healthcare providers including members from healthcare organizations that rely on SAFE Certified Credentials, organizations that purchase SAFE Certified Credentials and SAFE Certified Credential Providers. The PMA defines the policies needed to create and use globally interoperable digital identity credentials and governs the SAFE Identity global ecosystem.

About SAFE Identity

SAFE Identity provides an ecosystem for identity assurance in the healthcare sector to enable trust, security and user convenience. The company offers an open, standards-only and product-agnostic approach to relying on external identity credentials without requiring a healthcare organization to take on the burden of evaluating issuance practices of external identity providers. In application, SAFE Identity reduces risk and assures the integrity of identities and data in virtual clinical trials, medical devices and trusted data exchange in healthcare supply chains.

In particular, SAFE Identity offers three main services to preserve the integrity of digital credentials and help healthcare organizations harness digital identity. These include SAFE Identity’s Trust Framework, Qualified Products List, and Global Encryption Directory.

The SAFE Identity Trust Framework

In order to aid healthcare organizations in collaborating with vendors and partners externally, SAFE Identity developed their SAFE Identity Trust Framework, which defines the policies and rules needed to create and use globally interoperable digital identity credentials. The framework serves as an accreditation program for identity providers, and allows for vendors and partners to use credentials that have been certified under the Trust Framework. This eliminates the need for healthcare organizations to configure system-to-system federations with external parties, and mitigates many of the risks and costs associated with reliance on external identity credentials. Overall, the use of SAFE Certified credentials allows for health companies to streamline processes, protect intellectual property and reduce costs.

More specifically, the SAFE Identity standard allows for the application of legally-binding digital signatures to electronic documents, encryption data and application logins. SAFE Identity ensures that SAFE Certified credentials have a verified signer identity and a cryptographically-secured digitally signed document. SAFE Identity and SAFE Certified credentials can also be used for identity management, such as for employee access, eternal partner authentication and email encryption.

“We know that people and devices need the ability to own their credential and use their credential between multiple organizations,” said Kyle Neuman, managing director of SAFE Identity. “We know that issuing credentials to all entities outside of the enterprise boundary is expensive and does not scale. We know that assuming an external party is issuing secure credentials to its employees due to the party’s own interest in securing their systems is a misconception that has resulted in numerous compromises. Lastly, we know that federating identities was last decade’s achievement, and that federating trust will be the challenge to overcome this decade.”

With these considerations in mind, SAFE Identity ultimately aims to ensure that organizations can rely on their Trust Framework to prevent vendor lock, increase credential re-use and increase the adoption of cryptography throughout healthcare.

Tools for Digital Identity in Healthcare

In conjunction with the SAFE Identity Insurance Policy and the SAFE Identity Trust Framework, SAFE Identity has also introduced additional services to help enable the Trust Framework and increase its utility. These services include lab-testing of applications to ensure conformance and interoperability with the common cryptography standards, and a directory to enable encryption between organizations using SAFE Certified digital certificates. They also include a Bridge Certification Authority which cryptographically connects commercial and enterprise identity providers together as part of a global ecosystem.

SAFE Identity has also emphasized the consolidation of identity use cases across the industry in their Trust Framework to offer the ability for healthcare organizations to use the same identity standards across all vectors of collaboration with external parties. Specifically, the Trust Framework supports all identity use cases to include authentication, legally binding digital signatures and identity-based encryption. This approach ensures a consistent level of measurable risk for all use cases.

Fully Utilizing the SAFE Identity Trust Framework

SAFE Identity also published a series of executive briefs to help healthcare organizations, their partners and technology providers to better understand how to best utilize the SAFE Identity Trust Network. These include:

• Securing the Healthcare Supply Chain – Explores how SAFE Certified Credentials can establish trust in the supply chain in a secure, cost-effective, cryptographically backed way. 
• Cross-Certifying with SAFE Identity – Describes the benefits of cross-certifying with the SAFE Bridge, demonstrated by common use cases supported by federating trust between healthcare participants.
• The SAFE Qualified Products List (QPL): Outlines how to use the SAFE QPL to purchase digital signature software, single sign-on gateways and other identity related systems and products that are secure, lab-tested and satisfy meaningful business cases in support of external collaboration. 
• The SAFE Qualified Products List (QPL): Designed to help vendors better understand the SAFE QPL, the advantages to applying for listing and how testing is conducted.

“We’ve re-envisioned the way identity will work between organizations in the future by learning from the lessons of our past,” said Neuman. SAFE Identity’s Security Policy bringing the SAFE Identity Trust Network closer to completion marks a notable contribution to the implementation of digital identity in healthcare.

ABOUT THE WRITER

Serena He is a Tech Innovation Fellow from the University of Southern California who is interested in AI and the intersection of design and technology. She enjoys covering news across the digital identity and tech space.