HISPs evolve to facilitate Direct messaging with low government interference


The advent of the Direct Project protocol for secure clinical messaging already has spawned a new type of connectivity service and a new acronym: HISP, which stands for health information service provider. HISPs are necessary because health information exchanges (HIEs) still are not well-developed, yet physicians must exchange data to show they're meaningful users of EHRs. That need was the catalyst for the Direct Project, although physicians who don't have EHRs also can use the protocol.

At the recent HIMSS conference in Orlando, Fla., potential HISP vendors were much in evidence. They ranged from EHR companies such as Allscripts, which debuted a "referral network" for its users; to e-prescribing vendor Surescripts, which recently launched a new clinical messaging network; to established connectivity vendors such as RelayHealth, Axolotl, Medicity, and Kryptiq (Surescripts' partner). The Office of the National Coordinator of Health IT (ONC) also is working with several HIEs that want to use Direct messaging.

In addition, there are less obvious contenders, such as MedPlus, a subsidiary of Quest Diagnostics that exchanges online lab and prescribing information and other data through its Care360 EHR; Microsoft, which has a deal with MedPlus to transfer clinical data to willing patients on HealthVault; and Ability Network (formerly VisionShare), which was the first HISP to use Direct to send clinical data to a public health agency. (Ability's main business is giving providers online access to the back-end systems of health plans.) Emdeon, one of the largest clearinghouses in the country, also is interested in becoming a HISP, but isn't sure what the business model is yet.

Neither MedPlus nor Microsoft plan to charge anything for the Direct service itself, and RelayHealth sees its sub fee as covering much more than Direct messaging. In contrast, Surescripts is charging $15 per month to physicians who use the Physician Direct service it created in partnership with the American Academy of Family Physicians. Most observers believe that Direct messaging will be free or low-cost, although it may be combined with other services that cost more.

More problematic is the structure of the future national Direct network. (This is not the same as the National Health Information Network, although it may become part of the NHIN.) It's not yet clear how HISPs will communicate with one another, although they all have to use the same protocol to send messages and provide security. Moreover, there's no official entity that certifies HISPs.

Doug Fridsma, director of the office of interoperability and standards at ONC, tells FierceHealthIT that the HITECH Act gives ONC the authority to certify HISPs as part of its mandate to govern the NHIN. But the government hasn't yet decided to do so, partly because it doesn't want to hamper the evolution of HISPs in response to market demand.

Fridsma recognizes that some organizations that already have connections with many providers will try to grow their market share and become the dominant HISP. But he says ONC opposes any effort to impose a proprietary system of Direct messaging that requires people to join a particular network.

"We want to encourage people to provide services that will make it easy for physicians to exchange information," he says. "What we don't want is for people to be locked into a walled garden or a solution that doesn't allow them to communicate outside of that."

While Fridsma acknowledges that different HISPs might use various authentication protocols, he says they shouldn't compete on interoperability, or on the ability to connect with people in their network. "What we want is to create a level playing field for that connectivity, and to have people say, 'We can provide better service as a HISP-faster speeds, better authentication, more security, or cheaper standard interfaces.'" - Ken

Suggested Articles

Epic CEO Judy Faulkner has big concerns about two federal interoperability rules, primarily that the rules undermine patient privacy.

Banner Health has agreed to pay up to $6 million to victims of a 2016 data breach as part of a proposed settlement, according to court documents.

Fitness tracker company Fitbit is teaming up with a Medicaid plan in Georgia to encourage beneficiaries to better manage their chronic conditions.