So what is HISP? According to one of my favorite sources of information, (The Life as a Healthcare CIO), “a Health Information Services Provider (HISP) is an organization that manages security and transport for health information exchange among health care entities or individuals using the Direct standard for transport.
HISPs issue security certificates and establish trust networks by defining policities and protocols for network participation and issuing security certificates and also issue direct addresses that are tied to what is called a HISP “anchor certificate” in accordance with conventions defined by what is called the “Direct Standard”.
A key goal of the Direct Standard was to have what is called a federated, scalable trust whereby each HISP maintains trust through contracts within the HISP, and doesn’t need further trust between HISPs. I call it “Ma Bell” for the 21st Healthcare Provider network.
In doing some research from documents that I discovered from Massachusetts online, we need to make sure that Core HISP capabilities should be well understood and transparent to all; inter HISP trust isn’t required due to encryption on both ends of the connection. The network relies on end-users’ trust across HISPs. It’s a trust network that is established point to point. Services integration (provider directory, certificate exchange, etc) does not require complex business and technical agreements from what I understand, though that may change possibly through legislation of some sort in the future.