planning the future of cdc secure public health transactions and public health information network...
TRANSCRIPT
Planning the Future of CDC Secure Public Health Transactions and Public Health Information Network Messaging System (PHINMS)
Jennifer McGehee, Tim Morris, Charlie Peng, John W. Loonsk
The findings and conclusions in this presentation are those of the authors and do not necessarily represent the views of the Centers for Disease Control and Prevention.
Value of Public Health Shared, Secure Transaction Standards and Tools
• Ensure that all public health participants have the ability to exchange secure transactions
• Minimize integration costs of non-standard transaction approaches
– Technical integration and security costs
– Identity proofing management
– Authentication management
• Opportunity to leverage clinical care efforts and other public health program efforts to share maintenance, advance robust security, and minimize costs
Public Health Information Network Messaging System (PHINMS)
• Effort begun in 2002 to advance standards-based, secure, reliable data messaging among public health agencies and trading partners
• CDC-produced PHINMS software as an implementation of the standards the agency defined around public health transactions
• A related digital certificate authority and service was established to support encryption and non-repudiation
• Support for “route not read” and “behind the firewall” services
• Led to commercial product implementations
PHINMS at CDC – Payloads Received
PHINMS at CDC – Message Size
PHINMS State Example – Georgia*
• Supporting the Georgia Registry of Immunization Transactions and Services (GRITS) state internal system
• Currently 262 installations in hospitals and the Health Department
• ~22,500 transactions per day• ~450,000 transactions per month
*Source: André K. Wilson, HP Enterprise Services, Contractor to the State of Georgia
National Secure Transactions Landscape
• Over 22 billion dollars invested in Electronic Health Records (EHRs)– New focus on EHR connectivity– Opportunity for public health to leverage this investment
• Nationwide Health Information Network– Exchange – SOAP (Simple Object Access Protocol)– CONNECT Federal government-developed software solution
• DIRECT initiative– Mostly SMTP (Simple Mail Transfer Protocol, i.e., email)
• RESTful web services– Identified as future direction in S & I Framework, Health IT Standards
Committee
Public Health Transaction Needs
• Multiple transaction types– Push (e.g. lab result reporting to health department)
– Pull (e.g. query of HD for immunization decision support)
– Pull / query of EHR (e.g. public health investigation)
– Publish / subscribe (e.g. code set distribution)
• Reliable messaging
• Synchronous and store-and-forward
• Each approach involves multiple standards applied together, which we refer to as a “stack”
The PHINMS Standards Stack
• ebXML is fading
• Not aligned with ONC efforts
• Only supports "push"
CommonName PHINMS
Major Standards SOAP, WS Stack, ebXML
Transactions Push, Store and Forward
Synchronous No
Vocabulary andCode Sets Agnostic
Query / ContentStructure
Typically HL7 messages
ReliableMessaging Yes
Queuing Included
SecurityHTTPS, two-factor
authentication(digital certificates)
The NwHIN Exchange Standards Stack
• Advanced by HealtheWay and Care Connectivity Consortium
• No longer supported by ONC
• SOAP still strong in health care
CommonName NwHIN / SOAP
Major Standards SOAP, WS Stack
Transactions Push, Pull, Pub/Sub, Store and Forward
Synchronous Yes
Vocabulary andCode Sets Agnostic
Query / ContentStructure Focus on CCD
ReliableMessaging Possible
Queuing Not included
Security HTTPS, SAML, XACML
The DIRECT Standards Stack
• Major push by previous National Coordinator
• “Push” only and store-and-forward
• Immunization Information Systems report did not recommend
CommonName DIRECT
Major Standards SMTP
Transactions Push, Store and Forward
Synchronous No
Vocabulary andCode Sets Agnostic
Query / ContentStructure
Typically HL7 messages
ReliableMessaging No
Queuing Mail server-based
Security S/MIME
The SFTP Standards Stack
• Mostly used for manual data transfer vs. system to system exchange
• Does not support multi-factor authentication
CommonName SFTP
Major Standards SFTP
Transactions Upload/Download
Synchronous Yes
Vocabulary andCode Sets Agnostic
Query / ContentStructure No structure
ReliableMessaging No
Queuing Not included
Security X-FTP
The RESTful Standards Stack
• Identified as future direction by HIT Standards Committee and S & I Framework
• Limited health care implementation, but strong Internet use
• Supports HL7 FHIR initiative
CommonName REST
Major Standards RESTful, oAuth, OpenID
Transactions Push, Pull, Pub/Sub, Store and Forward
Synchronous Both
Vocabulary andCode Sets Agnostic
Query / ContentStructure
Typically HL7 messages
ReliableMessaging Yes
Queuing Included
Security HTTPS, two factor (dig certs)
Conclusions• A multi-protocol public health and clinical care transaction world will
be the reality for some time
• PHINMS legacy standards and system should be updated to take advantage of new and emerging standards, but with time and coordination
• Alignment with standards being utilized in health care could potentially allow CDC to reduce support costs for software development and improve transactions between clinical care and health departments
• DIRECT transactions are not suitable to fully support public health needs, but they will need to be supported and handled in some contexts
• REST can offer a suitable and improved public health transaction platform in time
Recommendations
• CDC should plan, communicate, and pursue a path forward for secure transactions
• Public health should engage in stack specification for REST development
• CDC should consider enabling transport translation and routing services
Questions and Comments?
