Certificate Revocation. CP shall disable any digital certificates it provides to connect and access any services of the P3N, or connection to other CPs of the trust community, in the event of any security issue, policy violation, certificate expiration, or termination of business relations. CP shall ensure that any registry entries of revoked digital certificates are updated or corrected. CP may utilize Online Certificate Status Protocol (OCSP) transactions in conjunction with or in lieu of publishing a Certificate Revocation List (CRL). Entities requesting the trust status of disabled certificates shall be notified by PA eHealth of the certificates’ status. If the CP uses a CRL to maintain disabled certificates, the CP shall make the status of disabled/untrustworthy certificates discoverable by P3N entities. CRLs shall be published and maintained by Certificate Authorities on a periodic basis of no less than once every 24 hours. CRLs shall have a defined lifespan of no more than 24 hours for which they are valid. CRLs shall list information sufficient to identify all disabled certificates which are no longer trustworthy. Digital certificates listed on a CRL shall have status indicators of either “Revoked” (irreversibly disabled) or “Hold” (reversibly disabled). 7.1 P3N hosts a Provider Directory (PD) that is accessible from the P3N system portal. 7.2 CP may provide access to the P3N PD to users, which may include clinicians, support staff, and administrative staff. 7.3 The P3N PD hosts provider information on both individual providers as well as organizations. 7.4 CP may submit both individual and organizational Health Care Provider Data to PA eHealth to be included in the P3N PD.
Appears in 2 contracts
Sources: Technical Requirements, Technical Requirements