A Distribution Network using PKI or PGP and Architecture Barriers Presented by: Jared Davison B. Inf Tech (QUT), B. Eng (QUT), M. IEEE, GradIEAust, AACS. Software Engineer Buderim GE Centre Buderim Gastroenterology Centre
Small privately owned day surgery 3 Specialists, 17 Staff Catchment area ~250,000 Established 12 years EHR Active HL7 R&D program since 1999. HL7 USA member since 1999 HL7 Australia member since inception
Electronic Records Developed HL7 system 35,000 patients 190,000 reports 250 GPs in the local area.
w/copies 244,000 individual recipients 1.3 copies per document Pathology dating to the start of PIT distribution by QML & S&N path.
All outgoing clinical letters since 1991 HL7 format for storage for all this = 750 MB Report Distribution Trial Real-time HL7 Transmission of Specialist reports GP referrals > 12 months
240 connected doctors 22 specialists Sunshine Coast Division Allied Health Nursing Home 40,000 reports delivered (including copies to other recipients doctors) Report Distribution Trial
Integrated with existing practice software GP computer systems Specialist computer systems Report delivery into GP software is an unattended operation All transmission in HL7 format, encrypted & signed PIT conversion performed as necessary Imported by GP computer system same as pathology import Transmission Specialist report
creation Word Processor integration HL7 based custom reporting clients Transmission GP referrals Captured from clinical practice software Digitally signed HESA PKI USB key
Encrypted with PKI certificates Encrypted provider lookup Zero configuration install Reports are delivered real-time GP Referral Digital Signature Block
Architectural & Technical Barriers to distribution network implementation Transport Recipient/Provider Addressing Delivery & Acknowledgment Protocols
Security & Authentication Routing Use of standards HL7 Transport Internet access assumed Consideration of OSI Layer 6 protocols HL7 over Email HL7 over HTTP HL7 Lower Level Protocol Transport - Email Advantages
Technical Simplicity Widely accessible Asynchronous (recipient need not be online when sending) Disadvantages No acknowledgement of delivery No guaranteed order of delivery Spam filters / Spam Backup Mail Servers No sender authentication No control over infrastructure quality Blacklists
HL7 over HTTP Advantages HL7 standard acknowledgement possible Ability to reject connections Industry standard Ease of interoperability for 3rd parties Connectionless scalable URL & Headers available for protocol variations
Eg. Http1.1 keep alive, content types Disadvantages Need for full time internet presence Chosen Transport HL7 over HTTP HL7 Lower Level Protocol Email supported for compatibility & interoperability Provider Addressing Issues HIC Provider Numbers
Advantages Specified by Australian HL7 Standard Ideal for doctors in private practice Check digit scheme Location Specific Virtually always obtained (billing) Provider Addressing Issues HIC Provider Numbers Disadvantages Not universal Not all health care providers/facilities have HIC provider numbers
Public hospital doctors Nursing homes Allied health Nursing staff Only some sections of medical community have access to Provider number lists
An Addressing Solution A mixed solution HIC provider numbers used where available Proprietary identifiers used if no provider number Disadvantage: some software only accepts provider numbers PKI key common name used for Author identification Address/Recipient Lookup HL7 2.3 Master files Defines messages for maintenance & query
for providers using the STF segment CH 8.3.3 Solution: Master files implemented HL7 Master Files Query HL7 for Mere Mortals Protocol Standard HL7 Delivery Protocol Message Acknowledgement Eg. ORU ACK, REF ACK (messages)
Assumes Internet server availability Push model as new reports are sent unsolicited (ORU) Retry sending if ACK not received Protocol Problems Many clients DO NOT or CAN NOT open their networks (inadequate knowledge/skills) have persistent internet connectivity
Some clients need to poll Polling protocol Non-HL7 standard QRY.Z02 ORU.R01 (report downloads) ACK.R01 OK But the payload is HL7 standard! Security & Authentication
Encryption used for security Digital signatures used for all authentication 1024 bit public keys only Encryption Mechanisms: X.509 HeSA Certificates & HIC PKI Native PGP compatible (explicit trust model only) No usernames / passwords (weak security) Routing
Enable communication between practices and doctors running independent systems. Manual configuration of connections between every practice is not feasible Because the number of direct path configurations required is n(n-1)/2 (where n is the number of independent systems) Internet enables virtual/potential connections Routing
Solution: use HL7 Master File messages to enable dynamic discovery of newly connected users Allow existing users to change their address without manual reconfiguration being required Centralised vs. Distributed nets. Centralised (Star network) Each node communicates with each other node via central point Issues
Service availability Network connections Limited Processing capacity Redundancy required Serial communication DDoS (distributed denial of service) attacks on hub Vulnerability of stored/transit data (all eggs in one basket) Natural disaster Eg. earthquake
Centralised vs. Distributed nets. Distributed network (fully connected mesh) Every node is able to communicate directly with any other node Fewer points of failure in transit Very powerful Load sharing possibilities Parallel communication Very Fast DDoS can at worst case affect limited nodes only
Robust to natural disasters HL7 Support Workable delivery format at this time is HL7 ORU messages. This is all we have delivered at this stage to GPs Minor modifications to messages are required depending on target application. Satisfying import assumptions of software No change to report payload. REF message have potential in future
No support in practice software at present HL7 Support By sticking to published standards we have had few compatibility problems Moral: Stick to Standards! Putting it together The Software Medical Objects Currently undergoing beta testing Participants welcome
[email protected] HL7 Servers Servers Message encoding supported HL7 v2.x (Classic & XML), PIT Win32 platform Multi-tier architecture SQL database tier (Linux or Windows) Application server tier
Replication supported (over HL7) Standalone Service IIS (ISAPI) or Apache (module) run locally or in Application Service Provider (ASP) mode Persists 10,000+ messages per hour (Athlon 1.5GHz, 7200 RPM, 512 RAM)
Serves queries many-many times more!!! Server Types Lightweight GP receive only (file based db) Gateway
Distribution Practice Provider Directory Terminology Routing GP Solutions Receiving Specialist Messages GP Reception Server Acks messages and saves as files Win 32 platform (95, 98, ME, NT4, 2000, XP, 2003) Polling Client (works with Distribution Service)
Win 32 platform (95, 98, ME, NT4, 2000, XP, 2003) Tray Icon service NT service
Linux Mac OS X Any future HIC PKI Supported platform Integrated PIT conversion Acknowledged delivery Simple download setup 4.2MB Easy install no reboots or downtime GP Solutions Sending Referrals Win32 (98, ME, 2000, XP, 2003) PKI Signed referrals
HIC PKI Rainbow iKey required Setup: 2.7MB internet download Zero configuration easy install no reboots or downtime Specialist Solution Sending Reports Word Processor integration Word 97, 2000, XP, 2003 Word Perfect 10 PKI signing possible
Setup 3 MB download Easy & quick install No reboots Medical Objects Network Today [email protected]
