Healthcare providers are required to undergo rigorous background checks by both federal and state laws to ensure the safety and protection of patients and protected health information (PHI). DSM users share PHI across healthcare organizational boundaries. The documents required to use DSM help to provide assurances for AeHN participants that all organizations using AeHN services have been properly vetted and are qualified to send and receive PHI in compliance with applicable laws.
While not every DSM user is a healthcare provider, organizations using DSM are only allowed to add users for healthcare treatment and billing purposes. In order to ensure that these users are properly vetted by the organization for their roles in healthcare data transmission, the identity security standard for PHI is applied to both the organization and the organization’s authorized representative by the health information service provider.
The notarization of the documents ensures (as much as is possible) that the authorized representative is “who they say they are”. The remaining responsibility for end users being “healthcare qualified” falls on the authorized representative. The Participation Agreement with AeHN identifies the policies and procedures that the organization and the authorized representative must adhere to when handling protected health information. The authorized representative is responsible for making sure its end users follow these policies and procedures.
The Declaration of Identity (DoID) form is used by the certifying body (Digicert) to ensure that your organization is in good standing and has an authorized representative who is in good standing.
The Healthcare Organization (HCO) form is used to classify the role and person who will be the DIRECT administrator for your company. Administrators are responsible for approving/rejecting account requests, resetting passwords, and disabling user accounts within your organization.
Instructions for completion of the Declaration of Identity (DoID) and Healthcare Organization (HCO) forms:
HCO – Page 1 (Required Fields)
1. Organization Name – agency/organization name
2. HIPAA Compliance – select HIPAA type
3. Address – agency/organization address
4. Telephone – agency/organization contact number
5. Preferred Direct Email Domain – Leave blank, AeHN will assign the Direct domain
6. HCO Representative – must be an authorized organizational representative who is legally responsible for the organization (usually a CEO or COO)
7. Representative email – your work email address, cannot be a shared email address
HCO – Page 2 (Required Field)
1. HCO Admin – Name of person(s) within your organization who will be responsible for adding, changing, and disabling DIRECT accounts
DoID – Page 1
1. Service Provider – Pre-populated
2. Organization – All Fields Are Required
- Organization: required
- Address: required
- HIPPA Compliance
- Telephone: required
3. Applicant (all fields are required)
- Home address
- Date of birth
- Email personal or work
4. Sign (required)
DoID – Page 2
1. Identification #1 – Provide valid driver’s license, active passport, military ID, permanent resident card, or similar document
2. Identification #2 – Membership card, voter card, social security card, birth certificate or school/work ID
**Show copy of ID to notary. Do not send copies of IDs to Alaska eHealth Network**
Notarial Acknowledgment – A Notary must verify your signature with two forms of ID.