There are a ton of acronyms and terms used in healthcare IT when talking about interoperability. In this video I will provide a basic overview of what a Health Information Service Provider (HISP) is and how it relates to the DirectTrust.
Hi there I'm Drae. The host and founder of the Draegan Network. An online, member-based community where health IT professionals can share ideas, discuss experiences, and collaborate with one another on all things related to health IT. Each week on the YouTube channel, I take some of the discussions and conversations that we're having inside that network and I bring them here to you to help make sense of this health IT world. For this week's video I'd like to talk about a term that is common in the health information exchange (HIE) world and that is a HISP.
[00:28] HISP stands for health information service provider. To explain what HISPs are I need to go a little bit into the background. So in 2010 there was a project that was initiated in the U.S. called the direct project. It was a public private partnership … focused on trying to create an effective low-cost method for exchanging protected health information (PHI) between entities. The result of that project was a standard that we now call the Direct Standard™… an exchange protocol that was incorporated into the Meaningful Use legislation in the subsequent years. Once it was incorporated into Meaningful Use in 2012, there was a realization that there needed to be some sort of framework or governance around the management of these direct exchanges.
[01:19] A group called the DirectTrust was established to oversee the “rules of the road” if you will. This DirectTrust group, which I will link to in the description below, is a membership-based community that looks after a couple things. They are an ANSI accredited standard organization. So they do look after the standards that are part of the direct messaging framework. They also are an accredited body so different entities and organizations can actually confirm and validate that they are following the rules of the road with their exchange between other partners. The accreditation process with DirectTrust involves a series of steps and once you're accredited, the organization maintains that accreditation for two years. It does need to be renewed and you do need to keep going with that. It isn't a one-time and finished deal.
[02:10] The Direct Standard™ is really a framework for exchanging C-CDAs and CDAs. (Which contain primarily structured but some unstructured data between organizations.) The standards dictate how the messages can be sent. How the messages will be received. What the wrappers and security protocols are going to look like when they're in transport. Everything around certification between the bodies to make sure that their certificates align - so that the sender and the receiver know who each other is. All that kind of stuff is actually governed by that group.
[02:40] So, what a HISP does is ... provide the exchange platform for you to send messages back and forth on. The easiest way to think about this is if you're thinking about email. If you buy a new mac laptop you will have the Apple mail program installed on it already. That is sitting there.That is waiting. Everything is great. It has a set of parameters around it and everything is good. However, you won't be able to actually send or receive any emails unless you have an account with an email exchange provider. You can draft an email all you want but it's not going to go anywhere. Unless it's attached to an actual service provider and you have email addresses to send to, you have one to receive with, and you have someone that's managing the transport of that message. A HISP is something similar. It is going to manage the transport of those direct, secure messages between health organizations.
[03:38] Another thing that the HISPs typically do is they have a directory of all the participants in their HISP. Organizations, health entities, hospitals, provider groups will sign up for an account with a HISP and will receive a direct address. Or will be given a direct address which actually does look like an email address. The biggest difference between the addresses that you'll notice is instead of just one dot after the @ (so if you look at info.draegan.com), you're going to have two dots after that. And one is actually going to refer to the HISP provider. So you would have info@HISP.draegan.com… Most HISPs will provide a directory of all of the addresses that they have. So that you can easily exchange information between other members of that HSP. Again the information that we're exchanging are C-CDAs and CDAs. So they are patient records, summary records, visit records, discharge summaries. Those types of things that are specifically related to a patient that are being sent from one care provider to another for the purpose of continuity of care.
[04:42] As you can imagine, with multiple different HISPs out there, there are some choices that everyone needs to make. Similar to the email programs. You can get an Apple account. You can get a Google gmail account. You can get a microsoft exchange account. There's a whole bunch of different HISPs that you can have as options. Now some HISPs do have direct relationship contractual relationships with others. So if we look at that email example … let's just say that Apple enters into an agreement with Google so all of the @me.com and @mac.com individuals could send to the @gmail.com individuals. You can have agreements like that. Where they would exchange their health provider directories as well as make sure connectivity is up and running and following the standard for those groups.
[05:30] The other thing that they can do is they can become accredited with the DirectTrust. If a HISP becomes accredited with the DirectTrust, if they follow that accreditation standard to prove they're going to abide by all of the rules of the road, they will enter into what's called a trust bundle. Where any other HISP that joins that trust bundle can now exchange information between all others in the group. There doesn't need to be any direct contractual relationships from HISP to HISP ... the HISP just needs to have an accreditation and be connected as part of the bundle. They have to abide by the rules of the road. Their directory would then be incorporated into the trust bundle and you can go about exchanging that way.
[06:17] That trust bundle has been around for quite some time now and is definitely something that was utilized quite heavily with Meaningful Use. There were certainly HSIP to HISP connections and contractual obligations that were set up. But as more and more people started exchanging C-CDAs, more and more organizations started joining this trust bundle and that's really where a lot of them are connected right now. In 2019, the DirectTrust actually passed the milestone where more than one billion records have been exchanged through those HISPs that are connected to the trust bundle.
[06:53] I realized this video was just a high-level overview. I'm hoping that now when you hear the term HISP you'll understand a little bit more about what it means and how it factors into the whole Direct Standard™ and to the DirectTrust. (What that bundle really looks like.) If you do have questions go ahead and put them in the comments and let me know. I'll also put some links down in the description, as I mentioned before so you can check out a little bit more information on this. I hope that you have a great day. I will see you again soon.