Trusted Dynamic Registration and Authentication

Trusted Dynamic Registration and Authentication

As of March 2024, this program has been split into the Health App, UDAP, and CARIN Code of Conduct programs.  Please see those pages for more information. 

The TDRAAP program is the industry’s first Trusted Dynamic Registration & Authentication Accreditation program, designed to help healthcare organizations demonstrate their ability to use trusted digital certificates for endpoint identity, registration, authentication, and attribute discovery for electronic healthcare transactions in real-time. With the release of the final Office of the National Coordinator’s Cures Act & related CMS Interoperability & Patient Access Rules, it is clear the ability to efficiently register and authenticate endpoints is a core component of interoperability throughout the healthcare information highway.

The program is designed for the specific technical and operational needs of:

  • API-economy-based organizations
  • Healthcare providers
  • Healthcare payers
  • EHR system vendors
  • Health Information Exchanges (HIEs)
  • Clearinghouses and other intermediaries
  • Business associates
  • Security vendors
  • Cloud vendors
  • Identity providers (including social media, eCommerce and other traditionally “non-healthcare” organizations)
  • Financial institutions and credit bureaus
  • Defense contractors
  • ONC/CMS and other regulatory agencies
  • Record locator services

TDRAAP and UDAP

The Unified Data Access Profiles, tested within the certification/accreditation process, are open standards that are free for any API ecosystem participant to implement and use, and extend OAuth and OpenID Connect to leverage trusted digital certificates. UDAP workflows eliminate the need for every FHIR endpoint to independently vet and manually register every client application and enable the reuse of OpenID credentials or digital certificates in JWT-based authentication. This solves the problem of having to generate and manage single-system credentials for each trio of client application, payer or provider data source, and consumer or other data requestor–a scalability challenge left unsolved by OAuth and OpenID as they stand. By using the UDAP extensions to these standards along with trusted digital certificates instead of client secrets, participants who successfully complete this program signal enhanced security and confidence in their systems as app operators, identity providers, and FHIR servers—which is essential to Da Vinci use cases and in FHIR exchange more generally – while also supporting real-time discovery of verified information about counter parties during dynamic (automated) client registration and authentication. See UDAP.org for information on Unified Data Access Profiles, enrollment for testing, educational materials and more.

Demonstrate Trust with TDRAAP

TDRAAP participants who successfully complete this program signal enhanced security and confidence in their systems as app operators, identity providers and FHIR servers essential to Da Vinci use cases and in FHIR exchange. The achievement also supports real-time discovery of verified information about counter parties during dynamic (automated) client registration and authentication.

The value of providing support for UDAP workflows, completing privacy and security accreditation, and enabling certificate-based trust is recognized throughout the healthcare IT industry, and the benefits of UDAP are referenced in HL7® materials; CARIN, Carequality, and Da Vinci implementation guides; and in the FHIR at Scale Taskforce (FAST) Security Tiger Team’s solution to the question of how to manage permissions and security at scale across millions of patients, payers and providers.

Ready to move forward?

Apply for Accreditation

Accredited Organizations