180 likes | 300 Views
Norwegian e-health infrastructure based on XML, ebXML and PKI. Øyvind Gjørven Rikstrygdeverket (RTV)/ National Insurance Administration.
E N D
Norwegian e-health infrastructure based on XML, ebXML and PKI Øyvind Gjørven Rikstrygdeverket (RTV)/ National Insurance Administration
The presentation will give an overall technical solution and share our experiences after two years of operation between National Insurance Administration (RTV) and general practitioners, pharmacies and hospitals.The focus will be on how sensitive information safely can be distributed over open networks by means of end-to-end security solutions based on XML, ebXML and PKI.
National Insurance Administration’s communication partners • Citizens in general • Companies in general • Hospitals • Pharmacies • Private labs • General practitioners • Government • EU • In total RTV is paying 230 billion NOK (30 billion EURO) to its communication partners (1/3 of the total Norwegian Government budget) • The communication solution covers 10% of the total amount
History • For 10 – 15 years the standardised communication solutions have been based on EDIFACT, X.400 and ”proprietary PKI” • Three years ago it was decided to upgrade the architecture: • Existing EDIFACT messages will continue until they are replaced with new message formats • All new messages will be based on XML format • ebXML Messaging Service specification (ebMS) will be used as the enveloping standard • X.400 will be replaced by SMTP • RTV will be connected to the new National Health Network (NHN) in Norway by use of SMTP • A new frame agreement on PKI will be established
What we get by using PKI and ebXML • Authentication – secure identification of the sender • Integrity – a message can not be changed from sender to receiver • Confidensiality – unauthorised people can not read the content in the message • Non-repudiation – sender can not deny having signed and sent a message • Sender gets response message when receiver gets the message • Resending until response message is received (the resending module in ebXML defines the number of resendings and the time interval)
New architecture • Strategy: RTV shall get products from the market for the central modules in the architecture, if possible. Products from market leaders will be preferred: • ebXML: Xenos Group – GoXML MS • PKI: RSA Security – RSA BSAFE • Application server: IBM – Websphere • Message handling: IBM – MQ Series • Trusted Third Party (TTP): Ergo Group – National Service Provider • Control system: Fair Isaac - Blaze Advisor • Archive system: Ergo Group – ePhorte • Insurance Administration system: Inhouse development • Platforms: Windows, HP-UX, zOS
Applications using the new architecture • Medical sertificate • 750 doctors at 300 offices (total numer is 1850) are using the system today • The total number of messages are 3.5 million a year • Doctors request for payment • 500 doctors at 200 offices are using the system today • Pharmacies request for payment • All the 550 pharmacies are using the system • 10 billions NOK (1.3 billions EURO) are payed to the pharmacies a year • EHIC (European health insurance card) • 1.4 million cards have been delivered
Experiences with the new architecture • Use of open standards • Many products available in the market • More flexible interface • Better error detection (by checking in other products) • A national standardisation body keeps the messages updated and available on the Internet • ebXML • Better message identification • Flexible response messages • Automatic resending of messages • Message routing based on envelope information • Easier to operate the information about communication partners • Better tracing and monitoring of the messages
Experiences with the new architecture (continue) • XML • Better message specification • Better validation functionalities in XML • Easier to automatically validate by sending and receiving messages • PKI • The open standards for PKI exist today • Products which handle authentication, integrity, confidensiality and non-repudiation are available in the market today • Service providers which handle certification authority (CA) and registration authority (RA) are established • Real-time verification of certificates using LDAP • A TTP/PKI frame agreement for the whole health- and social sector has been in place for 2 years
Next activities • Extend our use of ebXML • today we send EDIFACT over X.400 • Automate Collaboration Protocol Profile (CPP) and Collaboration Protocol Agreement (CPA) handling • from manual handling of CPP/CPA information to automated handling • Upscale the communication solution • Increase the number of communication partners • Increase the number of messages • Increase the number of applications • The next big e-health project in Norway will be ePrescription (17 million messages a year). Developing begins early 2006.