Why UDAP Certificates are Important for Participation in the FHIR Ecosystem

A UDAP certificate is used to express verified attributes about a client application or FHIR server operator. After obtaining a UDAP certificate via manual registration, EMR Direct and other relying parties can validate that the certificate is trusted, allowing its holder to immediately participate in the applicable FHIR ecosystem. With a UDAP certificate, an app's or server's attributes become automatically discoverable by counterparties such as FHIR servers (if the app associated with the certificate has not yet been registered), FHIR clients (as they interact with the server associated with the certificate), or Identity Services seeking the same scalable security. This saves client apps from having to obtain a different client id for every different FHIR server, reducing the number of contexts in which the app needs to be approved, and allows trusted clients and servers to be recognized as such, bringing confidence and scalability to FHIR transactions.

The UDAP certificate can be used in registering at new FHIR servers' registration endpoints, signing token requests for those FHIR servers’ authorization endpoints, and to validate FHIR server identity. A certificate-signed software statement is used to request a client_id and client assertion JWT is used to request an access token at an authorization endpoint.

A UDAP certificate is therefore a critical part of a FHIR endpoint or Identity Service's digital identity which allows that software to sign JWTs needed to successfully interact with counter parties, to validate the identity of a community participant. Obtaining a UDAP certificate is an important way to seamlessly participate in the FHIR ecosystem. A UDAP Ecosystem certificate can be reused in the context of any EMR system leveraging EMR Direct's FHIR services or by other FHIR network participants that may also choose to trust UDAP Ecosystem certificates.

To request a UDAP certificate from EMR Direct, email support@emrdirect.com to use an existing account on the EMR Direct Administrative Site or Register as a Developer.


Did this article answer your question? If not, please contact us.