262 ◾ Information Security Management Handbook
2. Individuals engaged in an electronic transaction
3. Subjects of the transaction
4. Identity providers responsible for establishing, maintaining, and securing the subject’s
identity
In an HIE, the trust-marked organizations are the HIOs that have complied with the overarch-
ing set of interoperability standards, risk models, privacy and liability policies, requirements, and
accountability mechanisms of the HIE (Baker, 2011). e individuals are the participating HIO’s
HIE users (e.g., physicians) and the subjects are the patients who have consented to participate in
the HIE. e voluntary UPI (VUPI) is the digital identity assigned by the HIE’s identity provider.
An identity provider would be re ...