By Mark Scrimshire, Chief Interoperability Officer, Onyx
In a recent article on Healthcare IT Today, I described the missing trust layer in CMS-0057 compliance. The problem is clear: payers and providers need to establish thousands of new API connections, but current trust establishment methods—spreadsheets, attestation forms, manual verification calls—don’t scale.
Today I want to explain how we solve this: by making connectedness itself a verifiable trust signal.
The Core Insight: Trust Travels
Here’s a scenario every healthcare IT professional recognizes: Provider Organization A wants to connect to Payer B’s API. Payer B needs to verify that Provider A is legitimate, authorized, and trustworthy. This takes two to six weeks and costs hundreds or thousands of dollars in staff time.
Now consider this: Provider A already has authorized connections with Payers C, D, and E. Those payers have already verified Provider A’s identity, credentials, and good standing. Why can’t that verification travel with Provider A to the new relationship?
With verifiable credentials, it can.
How It Works: Portable Authorization Credentials
The mechanism is straightforward. When a payer authorizes a provider for API access, they issue a cryptographically signed credential attesting to that authorization. This credential contains the payer’s verifiable identity (via vLEI – verifiable Legal Entity Identifier), the provider’s identity, the scope of authorization, and an issuance timestamp.
The provider publishes these credentials to a standard location—their .well-known directory on their public web site — where any potential partner can discover them. When Provider A approaches Payer B, they present not just their own identity credential, but their portfolio of existing authorizations.
Payer B can now make a trust decision informed by verifiable evidence: “This provider has been vetted and authorized by three payers I recognize and respect. That significantly reduces my verification burden.”
The Trust Inference Model
This creates a simple but powerful trust inference: If trusted entities have verified connections with Entity X, then Entity X merits consideration for trust by other network participants.
This isn’t blind trust—it’s informed trust. Each organization still makes its own authorization decision. But that decision is now supported by cryptographic evidence of the organization’s track record, not just their attestations.
Importantly, the model also surfaces negative trust signals. When a payer revokes a provider’s authorization, that revocation is recorded in a public transaction log. Multiple revocations from different payers create a pattern that new partners can evaluate. Bad actors become visible through their credential history.
Discovery via .well-known
The .well-known URI pattern is already established in healthcare interoperability. UDAP uses it for server metadata discovery. SMART on FHIR uses it for configuration. We extend this pattern for credential discovery. A provider’s credential portfolio might be discovered at:
https://provider.example.com/.well-known/vlei/acdc/authorizations
Each credential file is self-verifying through cryptographic addressing. The credential’s identifier is derived from its content, making tampering immediately detectable. Verification requires no trusted third party—just the cryptographic primitives built into the credential itself.
Network Effects and the Bootstrap Problem
Every network technology faces the bootstrap problem: the network isn’t valuable until it has participants, but participants won’t join until the network is valuable. Verifiable connectedness solves this elegantly.
Start with a small cohort of organizations that already trust each other—perhaps three to five payers and providers with existing business relationships. They issue credentials to each other, creating a trusted seed network. When new organizations join, they can present credentials from this seed network, and receive credentials in return. The network grows organically, with each new participant increasing value for all existing members.
This creates powerful first-mover dynamics. Organizations that establish credentials early accumulate connection portfolios that late entrants must build from scratch. The competitive advantage compounds over time.
What This Enables
When trust becomes portable and verifiable, several things become possible. Onboarding accelerates from weeks to minutes for organizations with established credential portfolios. Manual verification costs drop by 70-90%. Trust decisions become auditable—you can demonstrate why you authorized a particular connection. And the foundation exists for automated, machine-to-machine trust establishment that scales to meet CMS-0057 requirements.
Most importantly, we create a path to scalable national interoperability that doesn’t depend on a single centralized authority, but emerges from the network itself.
Getting Involved
We’re assembling a pilot cohort to demonstrate this approach in production. If you’re a payer, provider, or health information exchange interested in being part of the solution, I’d welcome a conversation. Please reach to me at mark.scrimshire@onyxhealth.io
In the next article in this series, I’ll discuss the practical steps for getting started and the ROI case for early adoption.