What is a Contracted Service Provider (CSP)
A contracted service provider (CSP) in the My Health Record system is an organisation that provides technology services or health information management services relating to the My Health Record system to a healthcare provider organisation, under contract to that organisation.

If you offer an instance of software for one or more healthcare providers to access the My Health Record, then you need to register as a CSP, and your software will need to be CSP Software.

Follow this link to find out the difference between a Clinical Information System (CIS) and a CSP Software.

More information about CSPs can be found at:

Differences between a CIS and CSP software

The table below highlights the key differences between a CIS and CSP software:

CIS and CSP SoftwareCISCSP software

Used by Healthcare Provider Organisations


Used by a CSP (organisation) who operates on behalf of Healthcare Provider Organisation(s)
Interactions with the HI Service and/or the My Health Record systemHealthcare Provider Organisations interact directly with their HI and/or NASH certificatesCSP interacts on behalf of the Healthcare Provider Organisation with the CSP’s HI and/or NASH certificates
RegistrationHealthcare organisations apply for their own HPI-O and certificates

CSP applies for their CSP number, CSP HI and/or NASH certificates.

Healthcare organisations apply for their own HPI-O and certificates
Link their HPI-O to the CSP number via Health Professional Online Services (HPOS)

Certificates managementHealthcare Provider Organisations manage their own certificatesCSP manage their own certificates

The table below highlights the differences in the HI SOAP request:

HI SOAP requestCISCSP software
CertificateHPI-O HI certificateCSP HI certificate
HPI-O in SOAP headerSHALL NOT include the <hpio> element.

SHALL include the <hpio> element. The HPI-O included SHALL be linked to the CSP number via HPOS.

Below is an example of the extra bit in a CSP Software request:

<h:hpio xmlns:xsd="http://www.w3.org/2001/XMLSchema"

The table below highlights the differences in the MHR SOAP request:

MHR SOAP requestCISCSP software
CertificateHPI-O NASH certificateCSP NASH certificate
System Type in SOAP header

<clientSystemType> SHALL be CIS.




<clientSystemType> SHALL be CSP.





HPI-O in SOAP headerHPI-O included in the SOAP header matches the HPI-O encrypted in the HPI-O NASH certificate.HPI-O included in the SOAP header is linked to the CSP number encrypted in the CSP NASH certificate via HPOS.

Whether you are developing a CIS, or CSP Software, or both, you will be required to undergo Notice of Connection (NOC) and Conformance Compliance Accreditation (CCA) for the HI Service, and NOC and Conformance Compliance Declaration (CCD) for the My Health Record system. The conformance requirements are the same for both a CIS and CSP software.

For more information: