A Distribution Network using PKI or PGP and
A Distribution Network using PKI or PGP and Architecture Barriers Presented by: Jared Davison B. Inf Tech (QUT), B. Eng (QUT), M. IEEE, Grad. IEAust, AACS. Software Engineer Buderim GE Centre
Buderim Gastroenterology Centre • • Small privately owned day surgery 3 Specialists, 17 Staff Catchment area ~250, 000 Established 12 years EHR • Active HL 7 R&D program since 1999. • HL 7 USA member since 1999 • HL 7 Australia member sinception
Electronic Records • Developed HL 7 system • 35, 000 patients • 190, 000 reports • 250 GPs in the local area. • w/copies 244, 000 individual recipients • 1. 3 copies per document • Pathology dating to the start of PIT distribution by QML & S&N path. • All outgoing clinical letters since 1991 • HL 7 format for storage for all this = 750 MB
Report Distribution Trial • Real-time HL 7 Transmission of – Specialist reports – GP referrals • > 12 months • • 240 connected doctors 22 specialists Sunshine Coast Division Allied Health Nursing Home • 40, 000 reports delivered (including copies to other recipients doctors)
Report Distribution Trial • Integrated with existing practice software – GP computer systems – Specialist computer systems • Report delivery into GP software is an unattended operation • All transmission in HL 7 format, encrypted & signed • PIT conversion performed as necessary • Imported by GP computer system – same as pathology import
Transmission • Specialist report creation – Word Processor integration – HL 7 based custom reporting clients
Transmission • GP referrals – Captured from clinical practice software – Digitally signed HESA PKI USB key – Encrypted with PKI certificates – Encrypted provider lookup – Zero configuration install • Reports are delivered real-time
GP Referral Digital Signature Block
Architectural & Technical Barriers to distribution network implementation • • • Transport Recipient/Provider Addressing Delivery & Acknowledgment Protocols Security & Authentication Routing Use of standards – HL 7
Transport • Internet access assumed • Consideration of OSI Layer 6 protocols – HL 7 over Email – HL 7 over HTTP – HL 7 Lower Level Protocol
Transport - Email • Advantages – Technical Simplicity – Widely accessible – Asynchronous (recipient need not be online when sending) • Disadvantages – No acknowledgement of delivery – No guaranteed order of delivery – Spam filters / Spam – Backup Mail Servers – No sender authentication – No control over infrastructure quality – Blacklists
HL 7 over HTTP • Advantages – HL 7 standard acknowledgement possible – Ability to reject connections – – Industry standard Ease of interoperability for 3 rd parties Connectionless scalable URL & Headers available for protocol variations • Eg. Http 1. 1 keep alive, content types • Disadvantages – Need for full time internet presence
Chosen Transport ü HL 7 over HTTP ü HL 7 Lower Level Protocol • Email supported – for compatibility & interoperability
Provider Addressing Issues HIC Provider Numbers • Advantages – Specified by Australian HL 7 Standard – Ideal for doctors in private practice – Check digit scheme – Location Specific – Virtually always obtained (billing)
Provider Addressing Issues HIC Provider Numbers • Disadvantages – Not universal – Not all health care providers/facilities have HIC provider numbers • • Public hospital doctors Nursing homes Allied health Nursing staff – Only some sections of medical community have access to Provider number lists
An Addressing Solution • A mixed solution • HIC provider numbers used where available • Proprietary identifiers used if no provider number – Disadvantage: some software only accepts provider numbers • PKI key common name used for Author identification
Address/Recipient Lookup • HL 7 2. 3 Master files – Defines messages for maintenance & query for providers using the STF segment – CH 8. 3. 3 • Solution: Master files implemented
HL 7 Master Files Query
HL 7 for Mere Mortals
Protocol • Standard HL 7 Delivery Protocol • Message Acknowledgement • Eg. ORU – ACK, REF – ACK (messages) • Assumes – Internet server availability – Push model as new reports are sent unsolicited (ORU) • Retry sending if ACK not received
Protocol • Problems – Many clients DO NOT or CAN NOT • open their networks (inadequate knowledge/skills) • have persistent internet connectivity Some clients need to poll
Polling protocol • Non-HL 7 standard • QRY. Z 02 ORU. R 01 (report downloads) • ACK. R 01 OK • But the payload is HL 7 standard!
Security & Authentication • • Encryption used for security Digital signatures used for all authentication 1024 bit public keys only Encryption Mechanisms: – X. 509 He. SA Certificates & HIC PKI – Native PGP compatible (explicit trust model only) • No usernames / passwords – (weak security)
Routing • Enable communication between practices and doctors running independent systems. • Manual configuration of connections between every practice is not feasible – Because the number of direct path configurations required is • n(n-1)/2 (where n is the number of independent systems) • Internet enables virtual/potential connections
Routing • Solution: use HL 7 Master File messages to enable dynamic discovery of newly connected users • Allow existing users to change their address without manual reconfiguration being required
Centralised vs. Distributed nets. • Centralised (Star network) – Each node communicates with each other node via central point – Issues • Service availability – Network connections – Limited Processing capacity • Redundancy required • Serial communication • DDo. S (distributed denial of service) attacks on hub • Vulnerability of stored/transit data (all eggs in one basket) • Natural disaster – Eg. earthquake
Centralised vs. Distributed nets. • Distributed network (fully connected mesh) – Every node is able to communicate directly with any other node – Fewer points of failure in transit – Very powerful • Load sharing possibilities – Parallel communication – Very Fast – DDo. S can at worst case affect limited nodes only – Robust to natural disasters
HL 7 Support • Workable delivery format at this time is HL 7 ORU messages. – This is all we have delivered at this stage to GPs • Minor modifications to messages are required depending on target application. – Satisfying import assumptions of software – No change to report payload. • REF message have potential in future – No support in practice software at present
HL 7 Support • By sticking to published standards we have had few compatibility problems • Moral: Stick to Standards!
Putting it together • The Software “Medical Objects” • Currently undergoing beta testing • Participants welcome info@medical-objects. com. au
HL 7 Servers • Servers – Message encoding supported • HL 7 v 2. x (Classic & XML), PIT – Win 32 platform – Multi-tier architecture • SQL database tier (Linux or Windows) • Application server tier – – – • Replication supported (over HL 7) Standalone Service IIS (ISAPI) or Apache (module) run locally or in Application Service Provider (ASP) mode Persists 10, 000+ messages per hour (Athlon 1. 5 GHz, 7200 RPM, 512 RAM) Serves queries many-many times more!!! Server Types – – – – Lightweight GP receive only (file based db) Gateway Distribution Practice Provider Directory Terminology Routing
GP Solutions • Receiving Specialist Messages – GP Reception Server • Acks messages and saves as files • Win 32 platform (95, 98, ME, NT 4, 2000, XP, 2003) – Polling Client (works with Distribution Service) • Win 32 platform (95, 98, ME, NT 4, 2000, XP, 2003) – – • • • Tray Icon service NT service Linux Mac OS X Any future HIC PKI Supported platform Integrated PIT conversion Acknowledged delivery • Simple download setup 4. 2 MB • Easy install – no reboots or downtime
GP Solutions • Sending Referrals – Win 32 (98, ME, 2000, XP, 2003) – PKI Signed referrals – HIC PKI Rainbow i. Key required – Setup: • 2. 7 MB internet download • Zero configuration easy install • no reboots or downtime
Specialist Solution • Sending Reports – Word Processor integration • Word 97, 2000, XP, 2003 • Word Perfect 10 – PKI signing possible – Setup • 3 MB download • Easy & quick install • No reboots
Medical Objects Network Today Info@medical-objects. com. au
- Slides: 35
