How Our Strong Identity Verification Processes Keep You Secure.
careMESH is a closed user group for healthcare professionals with industry-leading security controls.
To achieve this, we have designed a rigorous, but user-friendly identity-proofing process to ensure that all active careMESH users have had their identity validated according to current NIST 800-63 standards. All user have their identity level verified at either Level of Assurance 2 (LoA 2) or LoA 3 depending on the type of user:
- Users verified at LoA 3 are eligible for a Direct address and can invite others to join careMESH. To be verified as an LoA 3 user, they must be identity verified by a “trusted authority” who confirms that their identity has been checked against a government issued ID following the NIST 800 standards.
- Users verified at LoA 2 are issued with a restricted careMESH account that allows them to send and receive messages with other careMESH users but are not eligible for a Direct address and are not able to invite others to join the network. To be verified at an LoA 2 level, a user must be invited by a careMESH user with an LoA 3 identity and already be listed in the careMESH National Directory, which is assembled from a variety of official sources. S/he must then pass a social security and date of birth check and provide and validate their mobile phone number.
The above guidelines apply for all active careMESH users, both individuals and each user in a client enterprise directory.