Presentation is loading. Please wait.

Presentation is loading. Please wait.

HISP-to-HISP Discussion May 13, 2013. HISP Definition What is a HISP? An organization that provides security and transport services for directed exchange.

Published byAbigail Wiggins Modified over 8 years ago

Similar presentations

Presentation on theme: "HISP-to-HISP Discussion May 13, 2013. HISP Definition What is a HISP? An organization that provides security and transport services for directed exchange."— Presentation transcript:

1 HISP-to-HISP Discussion May 13, 2013

2 HISP Definition What is a HISP? An organization that provides security and transport services for directed exchange based on the Direct protocol The term HISP does not have any authoritative meaning outside of the directed exchange protocol described in the Applicability Statement for Secure Health Transport (July 2012)Applicability Statement for Secure Health Transport (July 2012) 2014 Certification Standards cover EHRs, not HISPs What does a HISP do? Assurance -Provide assurance of identity of participant (entities and individuals) and justification for participation in the trust community -Issue and maintain Direct email addresses to participants (entities and individuals) Security -Associate each email address with at least one security certificate and assure Direct-compliant payload encryption as specified by each addressee -Maintain a keystore of public keys discoverable to other HISPs through industry-standard protocols (e.g., DNS, LDAP, other) Standards -Process Direct-compliant messages to and from assigned addressees using SMTP/SMIME (and optionally, XDR/SOAP), signed and encrypted using X509 certificates

3 Breakdown in the HISP model A key goal of the Direct Project was to have federated, scalable trust whereby each HISP maintains a trust fabric through contracts within the HISP, but requires no further trust fabric formalities between HISPs: Core HISP functions should be well-understood and transparent Inter-HISP trust not needed due to end-to-end encryption Applies only to directed exchange functions – not defined for other functions such as query Relies on end-users’ trust across HISPs (i.e., end-users in one HISP accept trust established to end- users in other HISPs) Services integration (provider directory, certificate exchange, etc) does not require complex business and technical agreements Yet, in reality, we have encountered a number of operational issues that weren’t fully recognized at the time that Direct was specified There is no statutory or regulatory oversight of HISPs – standards apply to EHRs, NOT to HISPs Wide variety of models claiming to be HISPs – non-compliance with Direct specifications as well as allowable variations within the Direct-project specification Inconsistent trust fabric requirements – wide variety of within-HISP trust models that at a minimum require diligence before enabling cross-HISP exchange Scope of HISP activities – some HISPs perform more functions than just directed exchange, such as query-based transactions Technical integration – provider directory integration is not standardized, requiring detailed and ad hoc integration approaches

4 The original HIway HISP concept drsmith@direct.atrius.masshiway.net trust integration HISP drbrown@direct.entity.otherhisp.com trust integration trust integration Massachusetts providers connecting directly through their EHRs Other Regional and State HISPs National-level HISPs (eg, Healtheway)

5 Need for HISP-to-HISP policies Original HISP concept envisioned HISPs as facilitators that would not require any type of HISP-to-HISP contracts “there should be no need for HISPs to require contractual relationships as a precondition for exchange using Direct Project compliant implementations” In practice, HISP-to-HISP contracts are proliferating The proliferation of HISP models wouldn’t be as big an issue EXCEPT for the fact that many Massachusetts providers may only be able to connect to the HIway via HISP-HISP arrangements Some will be forced to by their EHR vendors (eg, eCW, Cerner) Others may choose to through local HIEs and nationwide networks (eg, Surescripts) This adds policy, contract, and technical complexity to the HIway model Trust/assurance approach Revenue model Service model (e.g., provider directory robustness and completeness, uniform Direct address domains, etc)

6 Need to define policy and technical approaches to variety of HISP models that exist in the market HIway trust HIway integration HIway trust HIway integration HISP HISP trust HISP integration HISP-HISP trust HISP-HISP integration Vendor Integrators HIway Participants Non-HIway HISP participants HIway HISP Participants HIway integration

7 Many types of organizations that HIway needs to consider

8 Key areas to address in policy, contract, and technical requirements

Download ppt "HISP-to-HISP Discussion May 13, 2013. HISP Definition What is a HISP? An organization that provides security and transport services for directed exchange."

Similar presentations

Georgia Department of Community Health

Georgia Department of Community Health
California Trust Framework Pilot Request for Funding Informational Webinar 24 June 2013.

California Trust Framework Pilot Request for Funding Informational Webinar 24 June 2013.
Contracting for HISP Services Session 7 April 13, 2010.

Contracting for HISP Services Session 7 April 13, 2010.
Proposed Technical Architecture for California HIE Services Walter Sujansky Sujansky & Associates, LLC Presentation to NHIN-Direct Security and Trust Work.

Proposed Technical Architecture for California HIE Services Walter Sujansky Sujansky & Associates, LLC Presentation to NHIN-Direct Security and Trust Work.
New Hampshire Health Information Organization Healthcare Provider Directory Please note that all participants are MUTED upon entry to the audio portion.

New Hampshire Health Information Organization Healthcare Provider Directory Please note that all participants are MUTED upon entry to the audio portion.
Interoperability 1-21-2013 Kevin Schmidt Director, Clinical Network.

Interoperability Kevin Schmidt Director, Clinical Network.
S&I Framework Provider Directories Initiative esMD Work Group October 19, 2011.

S&I Framework Provider Directories Initiative esMD Work Group October 19, 2011.
Www.DirectTrust.org 1101 Connecticut Ave NW, Washington, DC 20036 Direct Exchange from Provider to Patient/Consumer ….and Back! David C. Kibbe, MD MBA.

Connecticut Ave NW, Washington, DC Direct Exchange from Provider to Patient/Consumer ….and Back! David C. Kibbe, MD MBA.
HITPC Information Exchange Workgroup Discussion of Governance RFI May 16, 2012 0.

HITPC Information Exchange Workgroup Discussion of Governance RFI May 16,
What IHE Delivers 1 Business models - sustainability IHE Australia Worhshop – July 2011 Peter MacIsaac & Paul Clarke.

What IHE Delivers 1 Business models - sustainability IHE Australia Worhshop – July 2011 Peter MacIsaac & Paul Clarke.
Discussion on the Western States Consortium and Inter-State Exchange Robert Cothren, California Health eQuality Institute for Population Health Improvement.

Discussion on the Western States Consortium and Inter-State Exchange Robert Cothren, California Health eQuality Institute for Population Health Improvement.
Direct Project Scalable Trust and Trust Bundles. 12/06/10 Overview What is Scalable Trust State of Trust Trust Issues Trust Solutions Trust Bundle Demo.

Direct Project Scalable Trust and Trust Bundles. 12/06/10 Overview What is Scalable Trust State of Trust Trust Issues Trust Solutions Trust Bundle Demo.
OASIS Reference Model for Service Oriented Architecture 1.0

OASIS Reference Model for Service Oriented Architecture 1.0
David L. Wasley Information Resources & Communications Office of the President University of California Directories and PKI Basic Components of Middleware.

David L. Wasley Information Resources & Communications Office of the President University of California Directories and PKI Basic Components of Middleware.
Centers for Disease Control and Prevention Office of the Associate Director for Communication Electronic Health Records/Meaningful Use and Public Health.

Centers for Disease Control and Prevention Office of the Associate Director for Communication Electronic Health Records/Meaningful Use and Public Health.
CS 268: Future Internet Architectures Ion Stoica May 1, 2006.

CS 268: Future Internet Architectures Ion Stoica May 1, 2006.
Cross Domain Patient Identity Management Eric Heflin Dir of Standards and Interoperability/Medicity.

Cross Domain Patient Identity Management Eric Heflin Dir of Standards and Interoperability/Medicity.
Understanding and Leveraging MU2 Optional Transports Paul M. Tuten, PhD Senior Consultant, ONC Leader, Implementation Geographies Workgroup, Direct Project.

Understanding and Leveraging MU2 Optional Transports Paul M. Tuten, PhD Senior Consultant, ONC Leader, Implementation Geographies Workgroup, Direct Project.
Meaningful Use Personal Pace Education Module: Transitions of Care.

Meaningful Use Personal Pace Education Module: Transitions of Care.
ONC HIT Policy Committee Interoperability and HIE Workgroup Panel 3: State/Federal Perspectives August 22, 2014 Jennifer Fritz, MPH Deputy Director Office.

ONC HIT Policy Committee Interoperability and HIE Workgroup Panel 3: State/Federal Perspectives August 22, 2014 Jennifer Fritz, MPH Deputy Director Office.

Similar presentations

Ads by Google