Posts Tagged :


Doctor holding phone with an icon of a doctor on it
What Exactly is a HISP? 1024 403 Team DataMotion

What Exactly is a HISP?

The term “HISP” is often used when discussing Direct Secure Messaging, but what exactly is a HISP?

A Health Information Service Provider, or HISP, is an accredited network service operator that enables nationwide clinical data exchange using Direct Secure Messaging (aka Direct, Direct Messaging and the Direct Project). Direct is a HIPAA compliant and interoperable transport method promoted by the Office of the National Coordinator of Health IT of the US Department of Health and Human Services (ONC/HHS). HISPs and Direct are regulated and monitored by the, a governance organization empowered by HHS.

HISPs offer healthcare organizations (hospitals, physicians, health plans, health information exchanges) and consumers an onramp to the Direct Secure Messaging network where trading partners can exchange protected health information (PHI), in a structured and unstructured format, across the internet with maximum security and privacy.  Exchange partners can easily discover each other’s address on the DirectTrust network through a healthcare provider directory (HPD). The addresses are compiled, shared, and published by HISPs participating in the DirectTrust HPD program.

The nationwide messaging service delivered by HISPs and overseen by DirectTrust represents a modern, affordable, and standards-based alternative to sharing clinical data by fax, virtual private networks, and proprietary interfaces. The latter exchange methods are costly and increasingly outmoded as healthcare embraces digital communications with the economies, scale, and ubiquity of the internet.  Operationally, HISP-delivered Direct Secure Messaging services are most closely related to fax in that both methods “push” data between senders and recipients and return a delivery notification upon completion.

Hand touching honeycomb hologram design

Collectively, HISPs are the communications backbone of the DirectTrust health information exchange.  Individually, they are access points to the DirectTrust Network and referred to as DirectTrust network service providers or Direct Trusted Agents.  Direct Secure Messaging, Direct exchange, ONC Direct, and HISP services are the terms generally used to describe the clinical data exchange service HISPs provide.

Because the electronic medical record message attachments (HL7 C-CDAs or CDA) processed by HISPs meet Health IT interoperability standards, PHI exchanged via Direct Secure Messaging can be sent and received from EHR workflows.  The same standard allows data sharing among any EHR and any software solution connected to a HISP.  To use email as an analogy, you may have Microsoft Outlook installed on your computer, but if it isn’t connected to an email network, your emails can’t go anywhere, and none can get to you.  Similarly, your EHR can send and receive Direct-compliant messages, but those messages won’t go anywhere unless you and those who you are communicating with have valid HISP service, addresses and Direct Trust certificates.

For Health IT developers seeking ONC/EHR Certification, HISPs are important partners.  HISPs provide certification requirements related to Direct Secure Messaging that are out of scope for most developers, enabling them to meet and satisfy Certification requirements.

Some HISPs are end-user facing with recognizable brand names and user interfaces while others operate behind the scenes as an integrated module of an EHR or similar health IT solution.  Those that tightly integrate with EHRs or HIEs are sometimes owned and operated by the solution vendor and provide a captive service tailored to the solution.  Independent (aka: pure-play) HISPs are typically full-service providers offering a range of connectivity and service options to suit the needs of a range of end-user requirements.

Share Protected Health Information Easily and Securely

Reach out to our team of experts to learn more about DataMotion’s clinical data exchange services.

HISPs provide multiple sub-services underlying the Direct Secure Messaging service, including:

  • Direct Secure Messaging Addresses
    • Direct addresses are similar to typical email addresses with the exception that they operate exclusively on the DirectTrust network.  The specialized digital certificate affixed to a Domain/Direct Address is recognized by DirectTrust network operators and can only be issued by an accredited DirectTrust HISP. The digital passport represented by the certificate makes Direct addresses unique from Gmail, Outlook, Yahoo, and similar addresses that operate on standard email.  The Certificate also encrypts messages and confirms the identity of the sender and receiver, resulting in non-repudiation.
  • DirectTrust Onramp Connectivity Options
    • Edge protocols (eg: XDR or S/MIME)
    • Web-based mail portal with accessibility support
    • Protocol transformation and routing: SMIME/SMTP, IHE XDR, web services
  • Digital Certificate Issuance and Live Cycle Management
    • The DirectTrust-authorized digital certificates provisioned by HISPs require specialized management and sharing capabilities that only HISPs are qualified to provide.
    • Participation in the DirectTrust Accredited bundle
    • Certificate issuance and registration authority
  • Identity Authentication (aka: identity proofing)
    • To keep the DirectTrust network clean of bad actors (e.g: spammers), HISPs are required to confirm the true identity of participants in Direct Messaging prior to provisioning a Direct Address
  • Message Delivery Notification
    • Message completion acknowledgements collected and reported out by HISPs are considered to be irrevocable proof of message delivery and thus have important weight in legal and CMS reporting
  • Direct Secure Messaging Service Support
    • Online and phone support for onboarding, connectivity issues and outages, and other service needs
    • High-availability and disaster recovery
  • Healthcare Provider Directory (HPD)
    • Publish Direct Addresses to DirectTrust HPD
  • Enforcing DirectTrust Rules of the Road
    • Maintain accreditation attesting to trust relations
    • Security and Trust Framework

Now that you know everything about HISPs, be sure to read our blogs to learn everything you need to know about Direct and the Healthcare Provider Directory. DataMotion is an accredited HISP of Direct Secure Messaging.

Doctor typing on a laptop
Direct Secure Messaging 1024 403 Team DataMotion

Direct Secure Messaging

If you work in the healthcare industry, then you may have heard the terms “Direct” or “Direct Secure Messaging” several times. Whether you consider yourself to know everything about the subject or you are just starting to get familiar with the terms, now is as good a time as any to brush up on what Direct is, who uses it, why it’s important, how it’s used, and more. So, let’s begin, what is Direct?

What is Direct Secure Messaging?

Developed in 2010 under a part of a federal project for standards-based communications, Direct is a national encryption standard for securely exchanging clinical healthcare data via the Internet. Also known as the Direct Project, Direct Exchange and Direct Secure Messaging, it specifies the secure, scalable and standards-based method for the exchange of Protected Health Information (PHI).

As a part of qualifying for incentive payments under the Meaningful Use Stage 2 criteria issued by the Office of the National Coordinator for Health IT (ONC), healthcare organizations and providers must meet data transfer requirements using Direct Messaging. These requirements can be demonstrated with Electronic Health Records (EHRs) that comply with the ONC’s 2014 Edition EHR Certification Criteria which specifies electronic exchange of transition of care records with Direct Messaging.

Who uses Direct?

  • Hospitals
  • Providers/Clinicians
  • Care Team Members
  • Patients
  • Laboratories
  • Pharmacies
  • Long Term Care
  • Skilled Nursing
  • Specialists
  • Dental

Why should you care?

Direct helps to cut costs and deliver improved quality of care.

On the clinical side, Direct Secure Messaging addresses gaps in transitions of care which have been identified as a significant patient safety issue. Incomplete exchange of patient health information among providers when transitioning from one care environment to another is a point of vulnerability that can compromise the overall quality of care a patient receives.

On the business side, Direct Messaging can reduce or eliminate the costs associated with fax workflows by transitioning relatively expensive fax communication to less expensive email workflows.

There are many additional benefits to Direct Messaging, including:

  • Strong security and privacy protection of PHI
  • One unified standard that all systems can leverage
  • Improved communications between providers
  • Easily sent and received referral information
  • Efficient report exchange
  • Ease of sharing patient information
  • Improved practice workflow

How is Direct used?

Here are some of the ways Direct can be used to communicate or share private health information:

  • Transitions of care (CCD, CCD-A documents)
  • Physician consult requests
  • Admit-Discharge-Transfer Requests (ADT)
  • Medication reconciliation
  • Lab/Test results
  • Patient communication
  • Order submission
  • Report distribution
  • Peer to peer collaboration

How does Direct work?

Direct can be incorporated into a variety of user interfaces such as an email client, a mobile device, healthcare IT system portals or as an automated data delivery feed. Any of these interfaces are capable of sending or receiving Direct messages. But in order to participate, both sender and recipient users will need a specific Direct email address provided by their HISP. Healthcare IT systems can integrate Direct in multiple ways depending on the desired workflow.

Where can you get Direct?

Direct messaging services are provided by Health Information Service Providers or HISPs, such as DataMotion, and the DataMotion Direct messaging service. To learn more about HISPs click here.

So, do you know everything about Direct now?

Contact us to learn more about our Direct Secure Messaging service.

Contact Us