200 likes | 402 Views
HTH975: Connecting Providers and Payers Secure Exchange of Healthcare Data over the Internet. Mike Woods President – Pentelar Inc. Mike.Woods@Pentelar.com Aisha El-Zorba Senior Product Manager aishael@sybase.com August 15-19, 2004. Current Exchange of Healthcare Data.
E N D
HTH975: Connecting Providers and Payers Secure Exchange of Healthcare Data over the Internet Mike Woods President – Pentelar Inc. Mike.Woods@Pentelar.com Aisha El-Zorba Senior Product Manager aishael@sybase.com August 15-19, 2004
Current Exchange of Healthcare Data • Direct Connects from providers to payers • Asynchronous communications • FTP • TCP/IP • VPN • Clearinghouses
Secure Exchange of Healthcare Data over the Internet • Internet • Secure • Reliable • Standard Protocols • EDIINT AS1 • EDIINT AS2 • RosettaNet • ebXML
EDIINT AS1 • EDI over the INTernet Applicability Statement 1 • AS1 is an RFC standard (RFC 3335) by which applications communicate EDI (EDIFACT or X12) or XML data over the SMTP transport (email). • S/MIME encryption and digital signatures • S/MIME encryption and digital signatures provide confidentiality and content-integrity of the data being transported. • Compression • significantly reduces in file sizes. • In order to provide protection to their networks, company mail servers are often very restrictive of the messages that are received. Combined with anti-virus software, which is often loaded on these servers, the email messages processed by the mail servers are often altered or even blocked. This can pose a serious problem with AS1 messages because this alteration can corrupt the security applied to the transaction.
EDIINT AS2 • EDI over the INTernet Applicability Statement 2 • Exchange structured business data securely using HTTP transfer for XML, Binary, Electronic Data Interchange, (EDI - either the American Standards Committee X12 or UN/EDIFACT, Electronic Data Interchange for Administration, Commerce and Transport) or other data describable in MIME used for business to business data interchange. • The data is packaged using standard MIME content-types. • Authentication and privacy are obtained by using Cryptographic Message Syntax (S/MIME) security body parts. • Authenticated acknowledgements make use of multipart/signed replies to the original HTTP message. • Adoption in the US • Gas Industry - GISB • Retail
RosettaNet • Is designed to harness the imminent, exponential growth of electronic commerce across the IT supply chain by developing, promoting, and leading the adoption of both open content and open transaction standards, along with the necessary metrics to measure the business impact of these standards on members of the supply chain. • Industries • Electronics • Adoption • US • Europe • China • Japan • Korea • Malaysia • Singapore • Tiawan
ebXML - Technology Definitions • What is a Web Service: • Self contained module that allows a business entity to “interact” with one or more external entities using Web technologies (e.g. over the internet). • What is ebXML (Electronic Business using eXtensible Markup Language): • Provides reliable and secure messaging (transmission of information) between two or more business entities • Automates ad hoc business collaborations (transactions) • Is the only finalized, industry-standard specification for collaborative B2B based Web services
Web Services Key Enablers • eXtensible Markup Language (XML) • Self describing document language • Simple Object Access Protocol (SOAP) • Define and access structure\protocol for OPEN messaging • Web Services Descriptor Language (WSDL) • Describe the capabilities of a service • Universal Description, Discovery and Integration (UDDI) • Registry of WHAT is out there • ebXML • ALL of that… plus what is missing. • Stay tuned.
Why ebXML? • Security • Encryption • Digital Signatures • Transport (HTTPS) • Reliability (Guaranteed Delivery) • Open Standard • OASIS • Proven • V2.0 currently more than 1 year old • V3.0 ready to be released
More. More. More. • ebXML Extends SOAP • SOAP with Attachments • Adds Security (including PKI with Digital Certificates) • Authentication • Authorization • Non-repudiation • Message / payload level encryption • Transport level encryption (HTTPS) • Digital signatures • Adds reliability – guaranteed delivery
Drummond Group • Interoperability Testing Experts • Vendor Neutral Third Party to Test Commercial Software • ebXML cross certification • 11 Companies that passed ebMS v1.0 compatibility • 7 companies that passed ebMS v2.0 compatibility • Sybase passed both! • www.drummondgroup.com
Sybase’s Offering (ebXML) • Web Services Integrator (WSI) • EAServer or Weblogic Server 7.x or later • Process Server • To support Business Process Specification Schema (BPSS) • Integration Orchestrator (IO) • Business Process Integration Suite (BPI Suite)
Overseas • Europe • eBES (e-business Board for European Standardization) • Asia • Korean Banking • China Banking • KIEC - Korea Institute for Electronic Commerce
Auto Industry • STAR • Standards for Technology in Automotive Retail • Chose ebXML because Open Standard • Started implementation • Reynolds & Reynolds • 70 year old, billion dollar company • Middle “broker” in automotive retail. • Sybase and Pentelar recently created a Proof-Of-Concept demo for them to communicate with Volkswagen.
Government of Canada • Pentelar worked with the Government of Canada - Canadian Passport Office - to analyze, design, develop, test and implement a Document Verification system. • Identity documents are verified with the issuing agency in real time. • Pathfinder project for Secure/Reliable communications with external agencies and the Government of Canada.
Health Care • HIPAA - Health Insurance Portability and Accountability Act • ebMS directly addresses HIPAA Security, Electronic Signature, Privacy and transaction requirements related to data being transmitted between partners. • HL7 – Health Level 7 • ANSI accredited • Clinical and Administrative data domain • April 27, 2004 – announced ebXML support (Draft standard for trial use) in V3 Messaging Standard.
Demo…. • Health Care Scenario • Verification of Eligibility for Service
Web Services Integrator TPM EDIINT AS2 Business to Business Transport (B2B) Data Security Human Resources Applications A d a p t e r s Integration Business Trading Partner Management (TPM) RosettaNet Financial Applications Process Srv Trading Partners Logistics Applications Business Process Monitoring (BPM) BTSM ebXML Other Legacy Applications Business Process Modeling and Control (BPM) J2EE Server Web Browsing Customer, or Partner