What Exactly is a HISP?

The term “HISP” is often used when discussing Direct Secure Messaging, but what exactly is a HISP?

A Health Information Service Provider, or HISP, is an accredited network service operator that enables nationwide clinical data exchange using Direct Secure Messaging (aka Direct, Direct Messaging and the Direct Project). Direct is a HIPAA compliant and interoperable transport method promoted by the Office of the National Coordinator of Health IT of the US Department of Health and Human Services (ONC/HHS). HISPs and Direct are regulated and monitored by the DirectTrust.org, a governance organization empowered by HHS.

HISPs offer healthcare organizations (hospitals, physicians, health plans, health information exchanges) and consumers an onramp to the Direct Secure Messaging network where trading partners can exchange protected health information (PHI), in a structured and unstructured format, across the internet with maximum security and privacy.  Exchange partners can easily discover each other’s address on the DirectTrust network through a healthcare provider directory (HPD). The addresses are compiled, shared, and published by HISPs participating in the DirectTrust HPD program.

The nationwide messaging service delivered by HISPs and overseen by DirectTrust represents a modern, affordable, and standards-based alternative to sharing clinical data by fax, virtual private networks, and proprietary interfaces. The latter exchange methods are costly and increasingly outmoded as healthcare embraces digital communications with the economies, scale, and ubiquity of the internet.  Operationally, HISP-delivered Direct Secure Messaging services are most closely related to fax in that both methods “push” data between senders and recipients and return a delivery notification upon completion.

Collectively, HISPs are the communications backbone of the DirectTrust health information exchange.  Individually, they are access points to the DirectTrust Network and referred to as DirectTrust network service providers or Direct Trusted Agents.  Direct Secure Messaging, Direct exchange, ONC Direct, and HISP services are the terms generally used to describe the clinical data exchange service HISPs provide.

Because the electronic medical record message attachments (HL7 C-CDAs or CDA) processed by HISPs meet Health IT interoperability standards, PHI exchanged via Direct Secure Messaging can be sent and received from EHR workflows.  The same standard allows data sharing among any EHR and any software solution connected to a HISP.  To use email as an analogy, you may have Microsoft Outlook installed on your computer, but if it isn’t connected to an email network, your emails can’t go anywhere, and none can get to you.  Similarly, your EHR can send and receive Direct-compliant messages, but those messages won’t go anywhere unless you and those who you are communicating with have valid HISP service, addresses and Direct Trust certificates.

For Health IT developers seeking ONC/EHR Certification, HISPs are important partners.  HISPs provide certification requirements related to Direct Secure Messaging that are out of scope for most developers, enabling them to meet and satisfy Certification requirements.

Some HISPs are end-user facing with recognizable brand names and user interfaces while others operate behind the scenes as an integrated module of an EHR or similar health IT solution.  Those that tightly integrate with EHRs or HIEs are sometimes owned and operated by the solution vendor and provide a captive service tailored to the solution.  Independent (aka: pure-play) HISPs are typically full-service providers offering a range of connectivity and service options to suit the needs of a range of end-user requirements.