New policy for digital identity trust framework integrates NIST, PKI frameworks

The CARIN Alliance has announced the publication of what it says is the nation’s first unified digital identity credential trust framework policy. A release from the organization, a multi-sector health alliance enabling the easy exchange of digital health data, says the policy, which was developed in partnership with DirectTrust and Kantara Initiative, “integrates and harmonizes” three major trust framework policies.

These are the National Institute of Standards and Technology (NIST) 800-53 special publication, which governs security and privacy; the NIST 800-63  Digital Identity Guidelines; and Request for Comments (RFC) 3647, “the framework for X.509 public key infrastructure (PKI) credentials that underpins the Internet.”

The goal is interoperable digital credentials that can be consistently recognized and exchanged across systems and organizations, making digital identity more reliable for patients and healthcare providers.

“This policy demonstrates what’s possible when stakeholders come together to align on a common approach to digital identity,” says Ryan Howells, Leavitt Partners principal and program manager of the CARIN Alliance. “By harmonizing requirements across several trust frameworks, we’ve created a foundation that can support interoperability not only in healthcare, but in any industry that relies on trusted digital identity exchange. Ultimately, this will reduce fragmentation, lower barriers to patient access, and enable a more seamless digital experience for everyone.”

The policy also enables digital credentials from both DirectTrust and Kantara Initiative to be broadly accepted by the Trusted Exchange Framework and Common Agreement (TEFCA) and other entities.

Scott Stuewe, president and CEO of DirectTrust, says “CARIN’s new policy allows for the assessment of equivalence between frameworks without needing to directly compare the controls, and forges a unique and necessary new asset. We are excited to advance a future envisioned by the Centers for Medicare & Medicaid Services (CMS) Interoperability Framework, and we look forward to what’s to come.”

Leavitt Equity Partners, which “convenes” the CARIN Alliance, is also invested in b.well Connected Health, for which Ryan Howells serves on the board.

Article Topics

CARIN Alliance  |  digital identity  |  Kantara  |  NIST  |  NIST Special Publication 800-63-3  |  trust framework