Friday, October 7, 2011

Cool Technology of the Week

As the discussion of the functionality to be included in a Nationwide Health Information Network (NwHIN) continues, there are 3 different secure transports being evaluated:

Exchange:  “NHIN Messaging Platform Specification”, which uses SOAP for transport and WS-I Basic Security Profile for security (TLS + XML signature + WSDL + AES + X.509 + SAML)

Direct:  “Applicability Statement for Secure Health Transport”, which uses SMTP for transport and S/MIME for security (AES + X.509)

Secured REST:  specification to be done, but will use HTTP for transport; candidates for security include TLS, X.509, and OAuth.

Each has different characteristics and different strengths.   The barrier to RESTful implementation is lack of a consistent implementation guide.

The folks at MITRE have implemented project hData  noting that "Current electronic health data standards are complex, hard to implement, and difficult to manage”.

hData separates transport and packaging from content – something the HIT Standards Committee has supported.   This FAQ provides more details.  Clearly hData is still in development and not yet adopted, but I do think they are pursing an appropriately simple approach to transport.

The hData content format has been balloted by HL7 and a Draft Standard for Trial Use (DTSU) is expected this month.  The hData transport format (RESTBinding) is in the Open Management Group comment resolution phase.

A RESTful implementation guide for healthcare that separates content and transport, providing easy to implement,  secure transport.    That's cool.

No comments: