The Massachusetts State government offers low cost HIE services including Direct transport to all the stakeholders of the Commonwealth. Recently. Micky Tripathi wrote this FAQ which is so good that I wanted to share it on my blog. Feel free to use it with your stakeholders.
1. What is a HISP?
A Health Information Services Provider (HISP) is an organization that manages security and transport for health information exchange among health care entities or individuals using the Direct standard for transport. There is no specific legal designation for a HISP, nor are HISPs specifically regulated by Meaningful Use certification rules. The term HISP was coined to describe specific message transport functions that need to be performed to support scaled deployment of the Direct standard in the market. HISP functions can be performed by existing organizations (such as EHR vendors or hospitals or HIE organizations) or by standalone organizations specializing in HISP services.
HISPs perform two key functions that support scalability of exchange using the Direct standard.
a. Issue security certificates. HISPs establish trust networks by defining policies for network participation and issuing security certificates tied to a HISP anchor certificate to enforce such policies
b. Issue direct addresses. HISPs issue direct addresses tied to the HISP anchor certificate in accordance with conventions defined by the Direct standard
2. Do I need to use a certified HISP to attest for Meaningful Use Stage 2?
No, because there is no such thing as a certified HISP. Meaningful Use certification applies to technology, not to organizations. In order to attest for Meaningful Use Stage 2, you need perform certain activities using certified EHR technology (CEHRT). For most EHR users, their EHR is certified for all of the functions that they need. If it is not, you will need to incorporate specific additional certified technology solutions to fill the remaining gaps. It doesn’t matter whether that additional technology comes from an EHR company or a HISP company – the only thing that matters is that the technology is certified.
3. Doesn’t DirectTrust certify HISPs?
DirectTrust is a private, non-profit organization that voluntarily certifies HISPs through its EHNAC DTAAP program. This private, voluntary certification often gets confused with Federal Meaningful Use certification. DirectTrust is NOT a Federal certification entity, and its EHNAC DTAAP certification process is purely private and voluntary and has no relationship with Meaningful Use Stage 2 attestation or certification requirements.
4. What role does a HISP play in Meaningful Use Stage 2?
A HISP provides specialized network services that connect your EHR to other EHRs that are also using the Direct standard for communications. You don’t need a HISP in order to create Direct-compliant messages, but you do need to be connected to a HISP in order to send and receive Direct messages with other parties. Using an email analogy, you may have Microsoft Outlook installed on your computer, but if it isn’t connected to an email network, your …read more
