The term “Health Information Services Provider (HISP)” is thrown around fairly often when discussing health information exchange (HIE) and Direct transport. But the ins and outs of HISP communication, which includes issuing security certificates, can be glossed over at times. To help clear up some potential misconceptions and further HISP education in the healthcare industry, Micky Tripathi, Co-Chair of the Tiger Team and CEO of the Massachusetts eHealth Collaborative (MAeHC), recently wrote a HISP FAQ.
Tripathi answered questions about HISPs on both a broad, national level and as they relate to the Mass HIway, as Micky has done a lot of work with the Massachusetts exchange. The FAQ began by explaining a HISP’s key functions: (1) Issue security certificates – In defining policies for network participation, a HISP is able to issue security certificates and enforce these policies through a HISP anchor certificate; (2) Issue direct addresses – In line with the Direct standard, HISPs issue direct addresses tied to the HISP anchor certificate.
Next, he debunked the idea that healthcare organizations must use certified HISPs to attest for Meaningful Use Stage 2, saying “… there is no such thing as a certified HISP. Meaningful Use certification applies to technology, not to organizations,” he said in the FAQ. ”In order to attest for Meaningful Use Stage 2, you need perform certain activities using certified EHR technology (CEHRT).” Moreover, Tripathi explained, organizations don’t need a HISP in order to create Direct-compliant messages, but they do need to be connected to a HISP in order to send and receive Direct messages with other parties. ”A HISP provides specialized network services that connect your EHR to other EHRs that are also using the Direct standard for communications,” he said.
Specific to the Mass HIway, Tripathi detailed its role as a HISP. He said that the MA HIway is a “trust community that issues security certificates and Direct addresses to eligible participants and provides Direct-compliant message transport services for its participants.” And the Mass HIway is actively connecting with the major HISPs operating in Massachusetts. Once connected to the MassHIway, an organization’s local HISP will configure your system to enable access to the Mass HIway network. Then the local HISP would provide the organization with a security certificate and Direct address, but it will be able to send and receive messages over the Mass HIway network, according to Tripathi.
This was a helpful reference document from Tripathi, as HISP communication standards and how they fit into meaningful use isn’t always clear. Tripathi is well-versed on HIE standards and privacy considerations, as you can read his conversation with HealthITSecurity.com about the Tiger Team’s 2014 plans here.