VhDir Implementation Guide CI Build: STU2 Ballot

This page is part of the Validated Healthcare Directory FHIR IG (v0.2.0: STU 1 Ballot 2) based on FHIR v3.5.0. . For a full list of available versions, see the Directory of published versions

CodeSystem: codesystem-digitalcertificate

VhDir Digital Certificate Code System

Public key infrastructure (PKI) refers to the architecture, organizations, techniques, practices, and procedures that collectively support the implementation and operation of a certificate-based public key cryptographic system. A certificate is a set of data that uniquely identifies a key pair and an owner that is authorized to use the key pair. The certificate contains the owner’s public key and other information, and is digitally signed by a Certification Authority (i.e., a trusted party), thereby binding the public key to the owner. This code system includes terms describing various aspects of a certificate-based public key cryptographic system, such as applicable standards, types of certificates, uses of certificates, and associated trust frameworks.

This code system http://hl7.org/fhir/uv/vhdir/CodeSystem/codesystem-digitalcertificate defines the following codes:

CodeDisplayDefinition
TLS/SSL TLS/SSLA certificate for a device such as a server or router, used to authenticate the device and establish secure communications between the device and a client.
device DeviceA certificate used to verify the identity of a device.
grp GroupA certificate for a collection of individual subscribers acting in a shared capacity, such as an organization.
ind IndividualA certificate for a single person.
role Role basedA certificate for a specific role on behalf of which a subscriber is authorized to act, such as a Chief Information Officer.
signing SigningA certificate issued for the purpose of digitally signing information to confirm the author and guarantee that the content has not been altered or corrupted since it was signed by use of a cryptographic hash.
encrypt EncryptionA certificate containing a public key that can encrypt or decrypt electronic messages, files, documents, or data transmissions, or establish or exchange a session key for these same purposes.
auth AuthenticationA certificate which can be used to obtain assurance of the accuracy of the claimed identity of an entity.
x.509v3 x.509v3A standard published by the International Telecommunication Union’s Telecommunication Standardization Sector (ITU-T) that defines a framework for public-key certificates, including specification of data objects used to represent the certificates themselves.
direct DirectTrustDirectTrust is a non-profit health care industry alliance that has established and maintains rules, standards, and policies associated with the operation of the security and trust-in-identity layer for Direct exchange.
FPKI Federal Public Key Infrastructure (FPKI)/Federal Trust FrameworkThe Federal Public Key Infrastructure (FPKI) Program provides the government with a trust framework and infrastructure to administer digital certificates and public-private key pairs. FPKI consists of a network of Certification Authorities (CAs) that issue Personal Identity Verification (PIV) credentials and person identity certificates, PIV-interoperable credentials and person identity certificates, other person identity certificates, and enterprise device identity certificates.
SAFEBioP SAFE-BioPharmaThe SAFE-BioPharma Association develops and maintains policies and practices used by identity credential issuers. SAFE-BioPharma examines and certifies that the identity proofing, credential issuance, and credential management policies and practices of electronic identity credential issuers are comparable to Federal Identity, Credential, and Access Management (FICAM) requirements.
ONCTEF ONC Trusted Exchange Framework (TEF)The TEF outlines a common set of principles for trusted exchange and minimum terms and conditions for trusted exchange to bridge the gap between providers’ and patients’ information systems and enable interoperability across disparate health information networks (HINs).
NATE National Association for Trusted Exchange (NATE)NATE Blue Button for Consumers (NBB4C) Trust Bundle contains trust anchors of consumer-facing applications (CFAs) that utilize Direct to securely move data from one application to another. Participation in the NBB4C Trust Bundle facilitates secure exchange of health information from provider-controlled applications to consumer-controlled applications such as personal health records (PHRs) using Direct secure messaging protocols.
other otherA trust framework other than DirectTrust, FPKI/Federal Trust Framework, SAFE-BioPharma, NATE Blue Button for Consumers Trust Bundle, or ONC Trusted Exchange Framework.