DirectTrust Acquires Assets of SAFE Identity

SAFE Identity Trust Framework to become part of DirectTrust, creating new opportunities to transform the identity landscape for secure healthcare interoperability.

August 31, 2021

5 Min Read


WASHINGTON, DC, August 31, 2021 – DirectTrust today announced it has acquired the assets of SAFE Identity, including its Trust Framework. The acquisition substantially extends DirectTrust's capabilities and services and is expected to enable new and expanded interoperability use cases. SAFE Identity (SAFE) is an industry consortium and certification body supporting identity assurance and cryptography in healthcare. DirectTrust is a non-profit healthcare industry alliance that supports secure, identity-verified electronic exchanges of protected health information (PHI) between provider organizations, and between providers and patients, for the purpose of improved coordination of care.

DirectTrust has created DirectTrust Identity, a new division, to house the SAFE Trust Framework. New and current members of both organizations will be able to rely on DirectTrust to manage policies and infrastructure supporting a community that issues secure and identity-assured credentials for electronic transactions in healthcare. SAFE Policy Management Authority (PMA) members will participate as members of DirectTrust Identity, which will operate the SAFE infrastructure used by multiple large pharmaceutical companies to securely interact with federal agencies (in accordance with 21 CFR Part 11) and business partners in the US and globally.

"Our acquisition of SAFE Identity's assets is truly a groundbreaking moment for DirectTrust and the entire electronic healthcare information industry," said Scott Stuewe, President and CEO of DirectTrust. "SAFE Identity and DirectTrust are like-minded organizations with memberships that share common goals. Since our inception, DirectTrust has focused on instilling trust in electronic health communication with the goal of improving health for individuals and populations. Both the DirectTrust and SAFE Identity trust framework communities seek to enable safe and secure transactions through the use of identity-assured credentials backed by a public key infrastructure and consensus-based policies."

Stuewe continued, "Further, the newly expanded DirectTrust ecosystem will extend the breadth of healthcare stakeholders it serves and enable additional capabilities, as well as exciting new use cases where the two groups of stakeholders connect. For example, members will be able to interact with federal agencies for signing documents and authenticating to systems. Potential new use cases could include universally trusted healthcare credentials for consumers; identity assurance and security for the pharmaceutical supply chain (DSCSA), possibly all the way to clinical pharmacy; as well as medical device security and identification."

"SAFE sustained a pedigree in the digital identity assurance and government interoperability spaces by maintaining one of the longest-standing Trust Frameworks in healthcare," said Kyle Neuman, incoming Director of Trust Framework Development at DirectTrust. "With its incorporation into DirectTrust, the SAFE community is about to embark on a new chapter to remain in lockstep with the progress being made in the realm of digital identity across healthcare." Neuman is currently Managing Director at SAFE Identity and will continue in his role as Chief Information Security Officer at Zeva Incorporated.

"I'm excited to help DirectTrust facilitate better communication and better data sharing within a particular industry—such as biopharmaceuticals or healthcare delivery, as was the case in the past—and perhaps more profoundly, between all of the industries that make up healthcare. With DirectTrust carrying the torch into the future, our goal is to support modern identity challenges, including meeting the requirements of the Drug Supply Chain Security Act, clinical research, medical IoT, and patient matching," Neuman concluded.

DirectTrust, most recognized for Direct Secure Messaging and the Direct Standard™ it supports and promotes, came into existence with backing from the ONC as a public key infrastructure (PKI)-based trust framework to enable healthcare interoperability to scale. SAFE-BioPharma (predecessor to SAFE Identity) came into being when the FDA and pharmaceutical companies sought a secure and scalable mechanism to submit digitized reports to the agency. In response to a growing need for high assurance digital signatures, several large pharma companies established SAFE as a legal framework to facilitate trust and interoperability of digital identities with government bodies, including the FDA, DEA, and the European Medicines Agency. While SAFE Identity and DirectTrust have branched out to other missions since their beginnings, both credit their initial existence to collaborations with federal agencies, and retain important relationships and roles with the federal agencies.

"DirectTrust's acquisition will return SAFE Identity to its roots as a not-for-profit trade association. We welcome SAFE Identity's members to the DirectTrust community and invite biopharma companies, certificate authorities, medical device manufacturers, and identity providers that want to transform how identity is managed and assured in the highly-regulated and sensitive healthcare industry to come work with us at DirectTrust," concluded Stuewe.

DirectTrust will hold an information session about DirectTrust Identity on Wednesday, September 29, 2021, at 11:00am EDT. This session is open to all stakeholders interested in learning more about DirectTrust Identity. To register, visit

To learn more about DirectTrust Identity, including Frequently Asked Questions, visit

About DirectTrust

DirectTrust™ is a non-profit, vendor-neutral alliance initially created by and for participants in the Direct community, including Health Information Service Providers (HISPs), Certificate Authorities (CAs), Registration Authorities (RAs), healthcare providers, consumers/patients, and Health IT vendors. DirectTrust serves as a governance forum, trust community, standards organization, and accreditation body for persons and entities engaged in exchange utilizing the Direct Standard™, supported by DirectTrust's robust security and trust framework. The goal of DirectTrust is to develop, promote, and, as necessary, help enforce the rules and best practices necessary to maintain security and trust within the Direct Secure Messaging community. DirectTrust is committed to fostering widespread public confidence in the interoperable exchange of health information. To learn more, visit

Keep up with the latest cybersecurity threats, newly discovered vulnerabilities, data breach information, and emerging trends. Delivered daily or weekly right to your email inbox.

You May Also Like

More Insights