The Applicability Statement for Secure Health Transport is intended to provide constrained conformance guidance on the interoperable use of a set of RFCs describing methods for achieving security, privacy, data integrity, authentication of sender and receiver, and confirmation of delivery consistent with the data transport needs for health information exchange.

The document describes how to use SMTP, S/MIME, and X.509 certificates to securely transport health information over the Internet. Participants in exchange are identified using standard e-mail addresses associated with X.509 certificates.The data is packaged using standard MIME content types. Authentication and privacy are obtained by using Cryptographic Message Syntax (S/MIME), and confirmation delivery is accomplished using encrypted and signed Message Disposition Notification. Optionally, certificate discovery of endpoints is accomplished through the use of the DNS. Advice is given for specific processing for ensuring security and trust validation on behalf of the ultimate message originator or receiver.

Working Version

To view or edit the current wiki-text working version of the document, click here.


For finalized, citable versions of the text, please see the table below.
Version #
Version 1.0
Applicability Statement for Secure Health Transport
Download (PDF)