DirectTrust Acquisition Aims to Boost Data Exchange, Interoperability

DirectTrust has acquired the assets of health IT consortium and certification body SAFE Identity, including its Trust Framework, in an effort to expand interoperability use cases for secure health data exchange.

DirectTrust has created a new division, DirectTrust Identity, to house the SAFE Identity’s Trust Framework which supports healthcare identity assurance and cryptography.

New and current members of both organizations will rely on DirectTrust to manage policies and infrastructure supporting secure data exchange.

“Our acquisition of SAFE Identity’s assets is truly a groundbreaking moment for DirectTrust and the entire electronic healthcare information industry,” Scott Stuewe, president and CEO of DirectTrust, said in a press release. “SAFE Identity and DirectTrust are like-minded organizations with memberships that share common goals.”

“Both the DirectTrust and SAFE Identity trust framework communities seek to enable safe and secure transactions through the use of identity-assured credentials backed by a public key infrastructure and consensus-based policies,” Stuewe continued.

DirectTrust’s expanded ecosystem will widen the breadth of healthcare stakeholders the organization serves while allowing the opportunity for new use cases where the two groups connect, Stuewe said.

For example, he noted that members will now be able to interact with federal agencies for signing documents and system authentication. Potential use cases could include medical device security and identification, universally trusted consumer healthcare credentials, and identity assurance and security for the pharmaceutical supply chain (DSCSA), Stuewe suggested.

“SAFE sustained a pedigree in the digital identity assurance and government interoperability spaces by maintaining one of the longest-standing Trust Frameworks in healthcare,” said Kyle Neuman, managing director at SAFE Identity and incoming director of Trust Framework development at DirectTrust.

“With its incorporation into DirectTrust, the SAFE community is about to embark on a new chapter to remain in lockstep with the progress being made in the realm of digital identity across healthcare,” Neuman continued.

Neuman will continue in his role as chief information security officer at Zeva Incorporated.

“I’m excited to help DirectTrust facilitate better communication and better data sharing within a particular industry—such as biopharmaceuticals or healthcare delivery, as was the case in the past—and perhaps more profoundly, between all of the industries that make up healthcare,” Neuman said.

The goal of DirectTrust’s expanded ecosystem is to support modern identity challenges such as patient matching, clinical research, medical IoT, and meeting the requirements of the Drug Supply Chain Security Act, Neuman noted.

Both organizations credit their initial existence to federal collaborations and retain important relationships and roles with the federal agencies. 

DirectTrust came into existence with support from the ONC as a public key infrastructure (PKI)-based trust framework for healthcare interoperability to scale.

Similarly, SAFE-BioPharma (predecessor to SAFE Identity) came into being when the FDA and pharmaceutical companies sought a secure way to send electronic reports to the agency.

Several large pharma companies established SAFE as a legal framework to facilitate trust and interoperability of digital identities with government bodies like the FDA, DEA, and the European Medicines Agency due to a growing need for digital signatures.

“DirectTrust’s acquisition will return SAFE Identity to its roots as a not-for-profit trade association,” said Stuewe.

“We welcome SAFE Identity’s members to the DirectTrust community and invite biopharma companies, certificate authorities, medical device manufacturers, and identity providers that want to transform how identity is managed and assured in the highly-regulated and sensitive healthcare industry to come work with us at DirectTrust,” he continued.

Last month, the DirectTrust consensus body for Trusted Instant Messaging Plus (TIM+) launched a draft standard to finalize the process of becoming an American National Standards Institute (ANSI)-approved national health IT standard.

TIM+ is the first industry standard to enable real-time healthcare communication that integrates trust network concepts to ensure secure transmissions between trusted entities. The healthcare messaging platform determines the presence of trusted endpoints and supports text-based communication as well as file transfers.

The comment period deadline for the draft standard is September 14, 2021.