The Health and Human Services Department announced it is preparing to award a sole-source contract to Verisign for managed public-key infrastructure services and digital certificates on the Nationwide Health Information Network.
The Health and Human Serv ices Department intends to award a sole-source contract to Verisign Inc. to provide managed public-key infrastructure and digital certificate services for the Nationwide Health Information Network (NHIN).
Verisign is the only provider deemed capable of supplying all the required services for secure, encrypted transmission of electronic medical data on the network, states a notice posted Sept. 17 on the Federal Business Opportunities Web site. Vendors and other interested parties that wish to comment or submit alternative proposals may do so until 5 p.m. EST today.
The NHIN is a pilot project run by HHS’ Office of the National Coordinator for Health Information Technology. It is a network that allows the secure transfer of digital health records between doctors, hospitals, health information exchanges, federal agencies and other entities. To ensure security on the network, HHS said it is necessary to select a certificate authority that is trusted in the field of certificate issuance and secure information transfer.
The certificate authority must be recognized and trusted, be a provider of a full array of services, have a large corporate presence for scalability over time and have a prominent PKI infrastructure, the notice stated.
Under the contract, Verisign will provide the PKI infrastructure and digital certificate services for a year, with two one-year options. The notice lists 17 capabilities and services to be demonstrated by the service provider, including:
- Availability of specialized hardware with certificates that are recognized by the Federal PKI Bridge.
- Dedicated support team.
- Ability to issue certificates rapidly.
- Full reporting and audit trails.
- Ability to support multiple organizations participating in the NHIN.
- Assurance of no errors introduced into the certificate system by the certificate service provider.
“Verisign Inc. is the only known entity which possesses all of the above capabilities, and therefore is considered uniquely capable of satisfying this requirement within the available budget,” the public notice states.
Budget information was not published.
PKI services are becoming more popular with federal agencies. The Defense Department last year authorized broader use of digital certificates and PKI for the purpose of ensuring secure identification on its networks.