1 / 35

A Distribution Network using PKI or PGP and Architecture Barriers

A Distribution Network using PKI or PGP and Architecture Barriers. Presented by: Jared Davison B. Inf Tech (QUT), B. Eng (QUT), M. IEEE, GradIEAust, AACS. Software Engineer Buderim GE Centre. Buderim Gastroenterology Centre. Small privately owned day surgery 3 Specialists, 17 Staff

hart
Download Presentation

A Distribution Network using PKI or PGP and Architecture Barriers

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript

  1. A Distribution Network using PKI or PGP and Architecture Barriers Presented by: Jared Davison B. Inf Tech (QUT), B. Eng (QUT), M. IEEE, GradIEAust, AACS. Software Engineer Buderim GE Centre

  2. Buderim Gastroenterology Centre • Small privately owned day surgery • 3 Specialists, 17 Staff • Catchment area ~250,000 • Established 12 years EHR • Active HL7 R&D program since 1999. • HL7 USA member since 1999 • HL7 Australia member since inception

  3. Electronic Records • Developed HL7 system • 35,000 patients • 190,000 reports • 250 GPs in the local area. • w/copies 244,000 individual recipients • 1.3 copies per document • Pathology dating to the start of PIT distribution by QML & S&N path. • All outgoing clinical letters since 1991 • HL7 format for storage for all this = 750 MB

  4. Report Distribution Trial • Real-time HL7 Transmission of • Specialist reports • GP referrals • > 12 months • 240 connected doctors • 22 specialists • Sunshine Coast Division Allied Health • Nursing Home • 40,000 reports delivered (including copies to other recipients doctors)

  5. Report Distribution Trial • Integrated with existing practice software • GP computer systems • Specialist computer systems • Report delivery into GP software is an unattended operation • All transmission in HL7 format, encrypted & signed • PIT conversion performed as necessary • Imported by GP computer system • same as pathology import

  6. Transmission • Specialist report creation • Word Processor integration • HL7 based custom reporting clients

  7. Transmission • GP referrals • Captured from clinical practice software • Digitally signed HESA PKI USB key • Encrypted with PKI certificates • Encrypted provider lookup • Zero configuration install • Reports are delivered real-time

  8. GP Referral Digital Signature Block

  9. Architectural & Technical Barriers to distribution network implementation • Transport • Recipient/Provider Addressing • Delivery & Acknowledgment Protocols • Security & Authentication • Routing • Use of standards – HL7

  10. Transport • Internet access assumed • Consideration of OSI Layer 6 protocols • HL7 over Email • HL7 over HTTP • HL7 Lower Level Protocol

  11. Transport - Email • Advantages • Technical Simplicity • Widely accessible • Asynchronous (recipient need not be online when sending) • Disadvantages • No acknowledgement of delivery • No guaranteed order of delivery • Spam filters / Spam • Backup Mail Servers • No sender authentication • No control over infrastructure quality • Blacklists

  12. HL7 over HTTP • Advantages • HL7 standard acknowledgement possible • Ability to reject connections • Industry standard • Ease of interoperability for 3rd parties • Connectionless  scalable • URL & Headers available for protocol variations • Eg. Http1.1 keep alive, content types • Disadvantages • Need for full time internet presence

  13. Chosen Transport • HL7 over HTTP • HL7 Lower Level Protocol • Email supported • for compatibility & interoperability

  14. Provider Addressing Issues HIC Provider Numbers • Advantages • Specified by Australian HL7 Standard • Ideal for doctors in private practice • Check digit scheme • Location Specific • Virtually always obtained (billing)

  15. Provider Addressing Issues HIC Provider Numbers • Disadvantages • Not universal • Not all health care providers/facilities have HIC provider numbers • Public hospital doctors • Nursing homes • Allied health • Nursing staff • Only some sections of medical community have access to Provider number lists

  16. An Addressing Solution • A mixed solution • HIC provider numbers used where available • Proprietary identifiers used if no provider number • Disadvantage: some software only accepts provider numbers • PKI key common name used for Author identification

  17. Address/Recipient Lookup • HL7 2.3 Master files • Defines messages for maintenance & query for providers using the STF segment • CH 8.3.3 • Solution: Master files implemented

  18. HL7 Master Files Query

  19. HL7 for Mere Mortals

  20. Protocol • Standard HL7 Delivery Protocol • Message Acknowledgement • Eg. ORU – ACK, REF – ACK (messages) • Assumes • Internet server availability • Push model as new reports are sent unsolicited (ORU) • Retry sending if ACK not received

  21. Protocol • Problems • Many clients DO NOT or CAN NOT • open their networks (inadequate knowledge/skills) • have persistent internet connectivity  Some clients need to poll

  22. Polling protocol • Non-HL7 standard • QRY.Z02  ORU.R01 (report downloads) • ACK.R01  OK • But the payload is HL7 standard!

  23. Security & Authentication • Encryption used for security • Digital signatures used for all authentication • 1024 bit public keys only • Encryption Mechanisms: • X.509 HeSA Certificates & HIC PKI • Native PGP compatible (explicit trust model only) • No usernames / passwords • (weak security)

  24. Routing • Enable communication between practices and doctors running independent systems. • Manual configuration of connections between every practice is not feasible • Because the number of direct path configurations required is • n(n-1)/2 (where n is the number of independent systems) • Internet enables virtual/potential connections

  25. Routing • Solution: use HL7 Master File messages to enable dynamic discovery of newly connected users • Allow existing users to change their address without manual reconfiguration being required

  26. Centralised vs. Distributed nets. • Centralised (Star network) • Each node communicates with each other node via central point • Issues • Service availability • Network connections • Limited Processing capacity • Redundancy required • Serial communication • DDoS (distributed denial of service) attacks on hub • Vulnerability of stored/transit data (all eggs in one basket) • Natural disaster • Eg. earthquake

  27. Centralised vs. Distributed nets. • Distributed network (fully connected mesh) • Every node is able to communicate directly with any other node • Fewer points of failure in transit • Very powerful • Load sharing possibilities • Parallel communication • Very Fast • DDoS can at worst case affect limited nodes only • Robust to natural disasters

  28. HL7 Support • Workable delivery format at this time is HL7 ORU messages. • This is all we have delivered at this stage to GPs • Minor modifications to messages are required depending on target application. • Satisfying import assumptions of software • No change to report payload. • REF message have potential in future • No support in practice software at present

  29. HL7 Support • By sticking to published standards we have had few compatibility problems • Moral: Stick to Standards!

  30. Putting it together • The Software “Medical Objects” • Currently undergoing beta testing • Participants welcome info@medical-objects.com.au

  31. HL7 Servers • Servers • Message encoding supported • HL7 v2.x (Classic & XML), PIT • Win32 platform • Multi-tier architecture • SQL database tier (Linux or Windows) • Application server tier • Replication supported (over HL7) • Standalone Service IIS (ISAPI) or Apache (module) • run locally or in Application Service Provider (ASP) mode • Persists 10,000+ messages per hour (Athlon 1.5GHz, 7200 RPM, 512 RAM) • Serves queries many-many times more!!! • Server Types • Lightweight GP receive only (file based db) • Gateway • Distribution • Practice • Provider Directory • Terminology • Routing

  32. GP Solutions • Receiving Specialist Messages • GP Reception Server • Acks messages and saves as files • Win 32 platform (95, 98, ME, NT4, 2000, XP, 2003) • Polling Client (works with Distribution Service) • Win 32 platform (95, 98, ME, NT4, 2000, XP, 2003) • Tray Icon service • NT service • Linux • Mac OS X • Any future HIC PKI Supported platform • Integrated PIT conversion • Acknowledged delivery • Simple download setup 4.2MB • Easy install – no reboots or downtime

  33. GP Solutions • Sending Referrals • Win32 (98, ME, 2000, XP, 2003) • PKI Signed referrals • HIC PKI Rainbow iKey required • Setup: • 2.7MB internet download • Zero configuration easy install • no reboots or downtime

  34. Specialist Solution • Sending Reports • Word Processor integration • Word 97, 2000, XP, 2003 • Word Perfect 10 • PKI signing possible • Setup • 3 MB download • Easy & quick install • No reboots

  35. Medical Objects Network Today Info@medical-objects.com.au

More Related