The proposal to supply a Trust Registry API for the HHS ONC is awaiting action. It provides a trust registry similar to that used in the NIST SP 800-63-3 Trust Registry with two new features:
- Kantara FIRE will complete a specification (the MAAS) for the acceptability of smartphone applications to protect patient health data, which is protected by HIPPA in covered entities. This specification will then be converted to software assessment criteria in the same way that the NIST specs were used to create an SAC for Credential Service Providers. The MAAS specification is now posted as an implementer’s report.
- The Trust Registry can be queried by a json API which will allows certified apps to be immediately acceptable to download patient data which has a strict time limit in the final rule for the 21st Century Cures Act. There is no place where a trust logo can be displayed in a fully automated system.
The proposal is for ONC to fund the development of both features and start to onboard a few initial test sites over the first year of operation. It is expected that the continuing support for the program will come from fees on the application developers and the relying parties.
The team’s mobile driver’s license criteria have been contributed to the Kantara effort to respond to the DHS Request for Comment on ISO 18013-5 which is also the subject of the PImDL report that is expected from that discussion group very soon.
The WG is supporting https://trustregistry.org with additional details about the goals and work behind the proposal.
Further info on the WG is found on both our Kantara wiki
The Draft MAAS can be found here:
and the legacy IDESG wiki which the work group has continued to leverage, for example this page on mobile drivers’ licenses