a distribution network using pki or pgp and architecture barriers presented by: jared davison b. inf...
TRANSCRIPT
A Distribution Network using PKI or PGP and
Architecture Barriers Presented by:Jared Davison
B. Inf Tech (QUT), B. Eng (QUT), M. IEEE, GradIEAust, AACS.
Software Engineer Buderim GE Centre
Buderim Gastroenterology Centre• Small privately owned day surgery• 3 Specialists, 17 Staff• Catchment area ~250,000• Established 12 years
EHR• Active HL7 R&D program since 1999.• HL7 USA member since 1999• HL7 Australia member since inception
Electronic Records• Developed HL7 system
• 35,000 patients• 190,000 reports • 250 GPs in the local area.
• w/copies 244,000 individual recipients• 1.3 copies per document
• Pathology dating to the start of PIT distribution by QML & S&N path.
• All outgoing clinical letters since 1991
• HL7 format for storage for all this = 750 MB
Report Distribution Trial• Real-time HL7 Transmission of
– Specialist reports– GP referrals
• > 12 months
• 240 connected doctors• 22 specialists• Sunshine Coast Division Allied Health • Nursing Home
• 40,000 reports delivered (including copies to other recipients doctors)
Report Distribution Trial• Integrated with existing practice software
– GP computer systems– Specialist computer systems
• Report delivery into GP software is an unattended operation
• All transmission in HL7 format, encrypted & signed
• PIT conversion performed as necessary
• Imported by GP computer system – same as pathology import
Transmission• Specialist report
creation– Word Processor
integration– HL7 based
custom reporting clients
Transmission• GP referrals
– Captured from clinical practice software
– Digitally signed HESA PKI USB key
– Encrypted with PKI certificates
– Encrypted provider lookup– Zero configuration install
• Reports are delivered real-time
GP Referral
DigitalSignatureBlock
Architectural & Technical Barriers to distribution network implementation
• Transport
• Recipient/Provider Addressing
• Delivery & Acknowledgment Protocols
• Security & Authentication
• Routing
• Use of standards – HL7
Transport• Internet access assumed
• Consideration of OSI Layer 6 protocols– HL7 over Email– HL7 over HTTP – HL7 Lower Level Protocol
Transport - Email• Advantages
– Technical Simplicity– Widely accessible– Asynchronous (recipient need not be online when sending)
• Disadvantages– No acknowledgement of delivery– No guaranteed order of delivery
– Spam filters / Spam– Backup Mail Servers
– No sender authentication– No control over infrastructure quality– Blacklists
HL7 over HTTP• Advantages
– HL7 standard acknowledgement possible– Ability to reject connections
– Industry standard– Ease of interoperability for 3rd parties– Connectionless scalable– URL & Headers available for protocol variations
• Eg. Http1.1 keep alive, content types
• Disadvantages– Need for full time internet presence
Chosen TransportHL7 over HTTP
HL7 Lower Level Protocol
• Email supported – for compatibility & interoperability
Provider Addressing IssuesHIC Provider Numbers
• Advantages– Specified by Australian HL7 Standard– Ideal for doctors in private practice– Check digit scheme– Location Specific– Virtually always obtained (billing)
Provider Addressing IssuesHIC Provider Numbers
• Disadvantages– Not universal– Not all health care providers/facilities have
HIC provider numbers• Public hospital doctors• Nursing homes• Allied health• Nursing staff
– Only some sections of medical community have access to Provider number lists
An Addressing Solution• A mixed solution
• HIC provider numbers used where available
• Proprietary identifiers used if no provider number– Disadvantage: some software only accepts provider
numbers
• PKI key common name used for Author identification
Address/Recipient Lookup• HL7 2.3 Master files
– Defines messages for maintenance & query for providers using the STF segment
– CH 8.3.3
• Solution: Master files implemented
HL7 Master Files Query
HL7 for Mere Mortals
Protocol• Standard HL7 Delivery Protocol
• Message Acknowledgement
• Eg. ORU – ACK, REF – ACK (messages)
• Assumes – Internet server availability– Push model as new reports are sent
unsolicited (ORU)
• Retry sending if ACK not received
Protocol• Problems
– Many clients DO NOT or CAN NOT• open their networks (inadequate knowledge/skills)• have persistent internet connectivity
Some clients need to poll
Polling protocol• Non-HL7 standard
• QRY.Z02 ORU.R01 (report downloads)
• ACK.R01 OK
• But the payload is HL7 standard!
Security & Authentication• Encryption used for security• Digital signatures used for all authentication• 1024 bit public keys only• Encryption Mechanisms:
– X.509 HeSA Certificates & HIC PKI– Native PGP compatible (explicit trust model only)
• No usernames / passwords – (weak security)
Routing• Enable communication between practices
and doctors running independent systems.
• Manual configuration of connections between every practice is not feasible– Because the number of direct path
configurations required is• n(n-1)/2 (where n is the number of independent
systems)
• Internet enables virtual/potential connections
Routing• Solution: use HL7 Master File messages
to enable dynamic discovery of newly connected users
• Allow existing users to change their address without manual reconfiguration being required
Centralised vs. Distributed nets.• Centralised (Star network)
– Each node communicates with each other node via central point
– Issues• Service availability
– Network connections– Limited Processing capacity
• Redundancy required• Serial communication• DDoS (distributed denial of
service) attacks on hub• Vulnerability of stored/transit
data (all eggs in one basket)
• Natural disaster– Eg. earthquake
Centralised vs. Distributed nets.• Distributed network (fully connected mesh)
– Every node is able to communicate directly with any other node
– Fewer points of failure in transit– Very powerful
• Load sharing possibilities
– Parallel communication– Very Fast– DDoS can at worst case affect
limited nodes only– Robust to natural disasters
HL7 Support• Workable delivery format at this time is HL7
ORU messages.– This is all we have delivered at this stage to GPs
• Minor modifications to messages are required depending on target application.– Satisfying import assumptions of software– No change to report payload.
• REF message have potential in future– No support in practice software at present
HL7 Support• By sticking to published standards we
have had few compatibility problems
• Moral: Stick to Standards!
Putting it together• The Software “Medical Objects”
• Currently undergoing beta testing
• Participants welcome
HL7 Servers• Servers
– Message encoding supported• HL7 v2.x (Classic & XML), PIT
– Win32 platform– Multi-tier architecture
• SQL database tier (Linux or Windows)• Application server tier
– Replication supported (over HL7)– Standalone Service IIS (ISAPI) or Apache (module)– run locally or in Application Service Provider (ASP) mode– Persists 10,000+ messages per hour (Athlon 1.5GHz, 7200 RPM, 512 RAM)– Serves queries many-many times more!!!
• Server Types– Lightweight GP receive only (file based db)– Gateway– Distribution– Practice– Provider Directory– Terminology– Routing
GP Solutions• Receiving Specialist Messages
– GP Reception Server• Acks messages and saves as files• Win 32 platform (95, 98, ME, NT4, 2000, XP, 2003)
– Polling Client (works with Distribution Service)• Win 32 platform (95, 98, ME, NT4, 2000, XP, 2003)
– Tray Icon service– NT service
• Linux• Mac OS X• Any future HIC PKI Supported platform• Integrated PIT conversion• Acknowledged delivery
• Simple download setup 4.2MB• Easy install – no reboots or downtime
GP Solutions• Sending Referrals
– Win32 (98, ME, 2000, XP, 2003)– PKI Signed referrals– HIC PKI Rainbow iKey required
– Setup: • 2.7MB internet download • Zero configuration easy install• no reboots or downtime
Specialist Solution• Sending Reports
– Word Processor integration• Word 97, 2000, XP, 2003• Word Perfect 10
– PKI signing possible
– Setup• 3 MB download• Easy & quick install• No reboots
Medical Objects Network Today