Difference between revisions of "DirectTrust Activation"

From Updox API
Jump to: navigation, search
(AKA "Vetting")
Line 2: Line 2:
  
 
== Description ==
 
== Description ==
In order for a practice/site to become part of the DirectTrust trust bundle, at least one user per practice/site must successfully go through vetting process as defined by DirectTrust.org.
+
A key security component of Direct messaging exchange is to verify a sender is “who they say they are”. Updox performs this function by verifying the personal identity of your customers. As an Updox partner, your organization chose the type of Direct certificates to use in your integration(domain bound or address bound).
  
The verification is broken into 4 sections on our self service verification page:
+
Domain bound certificates are assigned to the practice as a whole; Updox will verify the personal identity of an authorized representative of the practice. That representative, in turn, is responsible for verifying the identity of employees of the practice who are issued a Direct address.
  
* Identity Verification
+
Address bound certificates are assigned to each Direct messaging user at the practice; Updox will verify the personal identity of each of these users.
* Government Verification
+
* Financial Verification
+
* Voice Verification
+
  
The identity section is populated with general information about the person undergoing the verification like name, address, and dob.
+
During your integration you will determine the work flow for directing your customers to the Updox DirectTrust Activation process.
  
The government verification today can be done using the provider's unique National Provider Identifier (NPI) number or their Social Security Number.
+
Updox uses credit bureaus to accomplish these verifications. These are soft inquiries and do not affect a person’s credit report. Updox does not see the credit report details and does not store personal financial information.  
  
The financial verification can be verified by personal phone number, credit card number, or knowledge based questions related to financial history.
+
== Testing ==
 +
In order to support testing and development, we have enabled access to two QA-only features. The first feature is a set of test data that will allow you to step through the DirectTrust activation process and obtain realistic results. The second feature is an API call that will allow you to directly toggle the setting that indicates if the vetting was successful for your practices/accounts. By combining these two features, you should be able to test your workflow end-to-end in a production-similar manner.
  
The voice verification is an automated phone call that will ask the receiving part to identify themselves and the entity they are representing and attest that they are HIPAA compliant.
 
 
Updox partners with Equifax and Experian to accomplish these verifications and do not in any obtain an actual credit report for the person verifying, nor will it negatively impact a person's credit score.
 
 
== Testing ==
 
In order to support testing and development, we have enabled access to two QA-only features. The first feature is a set of test data that will allow you to step through the DirectTrust activation process and obtain realistic results.  The second feature is an API call that will allow you to directly toggle the Vetted value for any of your practices/accounts.  By combining these two features, you should be able to test your workflow end-to-end in a production-similar manner. 
 
  
 +
== Additional Information ==
  
 
[[DirectTrust Activation Walkthrough]]
 
[[DirectTrust Activation Walkthrough]]

Revision as of 10:28, 1 November 2017

Contents

AKA "Vetting" Process

Description

A key security component of Direct messaging exchange is to verify a sender is “who they say they are”. Updox performs this function by verifying the personal identity of your customers. As an Updox partner, your organization chose the type of Direct certificates to use in your integration(domain bound or address bound).

Domain bound certificates are assigned to the practice as a whole; Updox will verify the personal identity of an authorized representative of the practice. That representative, in turn, is responsible for verifying the identity of employees of the practice who are issued a Direct address.

Address bound certificates are assigned to each Direct messaging user at the practice; Updox will verify the personal identity of each of these users.

During your integration you will determine the work flow for directing your customers to the Updox DirectTrust Activation process.

Updox uses credit bureaus to accomplish these verifications. These are soft inquiries and do not affect a person’s credit report. Updox does not see the credit report details and does not store personal financial information.

Testing

In order to support testing and development, we have enabled access to two QA-only features. The first feature is a set of test data that will allow you to step through the DirectTrust activation process and obtain realistic results. The second feature is an API call that will allow you to directly toggle the setting that indicates if the vetting was successful for your practices/accounts. By combining these two features, you should be able to test your workflow end-to-end in a production-similar manner.


Additional Information

DirectTrust Activation Walkthrough

DirectTrust Activation Test Cases

API page for the PracticeVettedToggle API method

Samples and examples using the PracticeVettedToggle API method

DirectTrust Address Bound Certificate Activation Information

DirectTrust Domain Bound Certificate Activation Information