Healthcare Information Security

Cybersecurity News

Securing and managing HISP-to-HISP communication

By Patrick Ouellette

- The healthcare industry is making necessary progress in securing and certifying Health information service provider (HISP)-to-HISP communication in health information exchanges (HIEs). DigiCert and DataMotion announced a partnership this week in which DataMotion, a HISP will issue certificates to healthcare customers using DigiCert, a certificate authority (CA), as part of the DirectTrust Transitional Trust Anchor Bundle. Rather than HISPs exchanging certificates between each other each time the engage in communication, accredited certification is in the process of being standardized for HISPs.

While the agreement between DigiCert and DataMotion is noteworthy for their customers and business interests, these Direct trust bundle agreements will be significant for the healthcare industry as a whole because of impending Stage 2 Meaningful Use requirements. Healthcare organizations are going to have to embrace the Direct model and being settled on certificate management with their EHR vendor early on by using the DirectTrust Transitional Trust Anchor Bundle will make the process much easier. Like email filtering before it, DirectTrust wants its bundle to be the common protocol among communicating HISPs.

DigiCert Senior public-key infrastructure (PKI) architect (and Board of Directors member for DirectTrust) Scott Rea said that all having a trust agreement already in place will simplify HISP-to-HISP communication.

If I’m a provider using HISP A who’s talking to another provider using HISP B, each side needs to be able to trust the set of credentials or the roots they’re using to sign the credentials. And there needs to be a legal agreement in place that determines the course of action if an incident were to occur. Once you have an accreditation program that standardizes individual accreditations, that barrier would be removed.

The two companies said that DigiCert’s role as a dual-mode CA for both the commercial healthcare and federal healthcare spaces will help DataMotion use a DigiCert certificate as a DirectTrust Transitional Trust Anchor Bundle anchor certificate. With those anchor certificates in place, DataMotion healthcare customers will be able to send and receive secure messages without worrying about certificate management, whether or not it’s communicating with a federal organization and security measures for the patient information. This is an important step, according to Bob Janacek, co founder and CTO of DataMotion.

By issuing our certificates from a certificate authority, in this case DigiCert, that is compatible with the commercial world along with the federal world that are participating in the Direct Project, it removes communication barriers involved with accessing a patient’s record in a timely way during their visit to a healthcare provider. Crossing the commercial and federal worlds results in delays and complexities. This partnership removes those delays and allows organizations to have scalable and secure EHR communication.

In addition to this announcement, there will be other trust anchors included in the DirectTrust trust bundle. The idea behind the trust bundle, according to Rea, is to be transparent toward those that have been through the certification process which HISPs can be relied upon to follow standard protocols. For those participating in Stage 2 Meaningful Use and are wading through different HISPs to use, this is an important development. Because as we know, having different HISP protocols makes life difficult.


SIGN UP and gain free access to articles, white papers, webcasts and exclusive interviews on

HIPAA Compliance
Data Breaches

Our privacy policy

no, thanks