Overview#A Health Information Services Provider (HISP) is an organization that manages security and transport for Health Information Exchange among health care entities or individuals using the Direct standard for transport. There is no specific legal designation for a HISP, nor are HISPs specifically regulated by Meaningful Use certification rules.
The term Health Information Services Provider was coined to describe specific message transport functions that need to be performed to support scaled deployment of the Direct standard in the market. HISP functions can be performed by existing organizations (such as Electronic Health Record vendors or hospitals or HIE organizations) or by standalone organizations specializing in HISP services.
Health Information Services Providers perform two key functions that support scalability of exchange using the Direct standard:
- Issue security certificates. Health Information Services Providers establish trust networks by defining policies for network participation and issuing security certificates tied to a Health Information Services Provider anchor certificate to enforce such policies
- Issue direct addresses. Health Information Services Providers issue direct addresses tied to the HISP anchor certificate in accordance with conventions defined by the Direct standard