An Unsolicited “Push” of Clinical Health Information to a Known Destination Between Systems

Type	Standard / Implementation Specification	Standards Process Maturity	Implementation Maturity	Federally required	Cost	Test Tool Availability
Standard	SOAP-Based Secure Transport Requirements Traceability Matrix (RTM) version 1.0 specification	Final	Production	Yes	Free	Yes
Standard	Direct (Applicability Statement for Secure Health Transport v1.2)	Final	Production	Yes	Free	Yes
Standard	HL7® FHIR® DSTU 2	Balloted Draft	Pilot	No	Free	No
Standard	HL7® FHIR® R4	Final	Production	No	Free	No
Implementation Specification	eHealth Exchange Specification: Messaging Platform	Final	Production	No	Free	Yes
Implementation Specification	eHealth Exchange Specification: Authorization Framework	Final	Production	No	Free	Yes
Implementation Specification	eHealth Exchange Specification: Document Submission	Final	Production	No	Free	Yes
Implementation Specification	IHE-XDR (Cross-Enterprise Document Reliable Interchange)	Final	Production	No	Free	Yes
Implementation Specification	NCPDP SCRIPT Standard, Implementation Guide, Version 2017071	Final	Production	No	$	Yes
Implementation Specification	NCPDP SCRIPT Standard, Implementation Guide, Version 2019071	Final	Pilot	No	$	Yes

Limitations, Dependencies, and Preconditions for Consideration	Applicable Security Patterns for Consideration
The IHE-XDR implementation specification is based upon the underlying standards: SOAP v2, and OASIS ebXML Registry Services 3.0 The NwHIN Specification: Authorization Framework implementation specification is based upon the underlying standards: SAML v1.2, XSPAv1.0, and WS-1.1. “The Direct Standard”(TM) is based upon the underlying standard: Simple Mail Transfer Protocol (SMTP) RFC 5321 and for security uses Secure/Multipurpose Internet Mail Extensions (S/MIME) Version 3.2 Message Specification, RFC 5751. For Direct, interoperability may be dependent on the establishment of “trust” between two parties and may vary based on the trust community(ies) to which parties belong. The leading trust communities to enable communication amongst the most users include DirectTrust (for provider messaging and consumer-mediated exchange) and NATE (for consumer-mediated exchange). The reference to FHIR for this interoperability need is in relation to the transport services that are conformant to the “RESTful FHIR API” See Direct, FHIR, and IHE projects in the Interoperability Proving Ground.	Secure Communication – create a secure channel for client-to-server and server-to-server communication. Secure Message Router – securely route and enforce policy on inbound and outbound messages without interruption of delivery. Authentication Enforcer – centralized authentication processes. Authorization Enforcer – specifies access control policies . Credential Tokenizer – encapsulate credentials as a security token for reuse (e.g., – SAML, Kerberos). Assertion Builder – define processing logic for identity, authorization and attribute statements. User Role – identifies the role asserted by the individual initiating the transaction. Security Labeling – the health information is labeled with security metadata necessary for access control by the end user. Purpose of Use - Identifies the purpose for the transaction.

Limitations, Dependencies, and Preconditions for Consideration

Applicable Security Patterns for Consideration

The IHE-XDR implementation specification is based upon the underlying standards: SOAP v2, and OASIS ebXML Registry Services 3.0
The NwHIN Specification: Authorization Framework implementation specification is based upon the underlying standards: SAML v1.2, XSPAv1.0, and WS-1.1.
“The Direct Standard”(TM) is based upon the underlying standard: Simple Mail Transfer Protocol (SMTP) RFC 5321 and for security uses Secure/Multipurpose Internet Mail Extensions (S/MIME) Version 3.2 Message Specification, RFC 5751.
For Direct, interoperability may be dependent on the establishment of “trust” between two parties and may vary based on the trust community(ies) to which parties belong. The leading trust communities to enable communication amongst the most users include DirectTrust (for provider messaging and consumer-mediated exchange) and NATE (for consumer-mediated exchange).
The reference to FHIR for this interoperability need is in relation to the transport services that are conformant to the “RESTful FHIR API”
See Direct, FHIR, and IHE projects in the Interoperability Proving Ground.

Secure Communication – create a secure channel for client-to-server and server-to-server communication.
Secure Message Router – securely route and enforce policy on inbound and outbound messages without interruption of delivery.
Authentication Enforcer – centralized authentication processes.
Authorization Enforcer – specifies access control policies .
Credential Tokenizer – encapsulate credentials as a security token for reuse (e.g., – SAML, Kerberos).
Assertion Builder – define processing logic for identity, authorization and attribute statements.
User Role – identifies the role asserted by the individual initiating the transaction.
Security Labeling – the health information is labeled with security metadata necessary for access control by the end user.
Purpose of Use - Identifies the purpose for the transaction.

Comment

Submitted by pwilson@ncpdp.org on 2019-09-24

NCPDP Comment

Add the following:

Type-Implementation Specification Standard Implementation/Specification- NCPDP SCRIPT Standard, Implementation Guide, Version 2017071 Standards Process Maturity – Final Implementation Maturity- Production Adoption Level – N/A Federally Required – No Cost – $ Test Tool Availability – Yes Test Tool Link: https://tools.ncpdp.org/erx/#/home

Add the following:

Type-Implementation Specification Standard Implementation/Specification- NCPDP SCRIPT Standard, Implementation Guide, Version 2019071 Standards Process Maturity – Final Implementation Maturity- N/A Adoption Level – N/A Federally Required – No Cost – $ Test Tool Availability – Yes Test Tool Link: https://tools.ncpdp.org/erx/#/home

MedicationList is a new transaction available in NCPDP SCRIPT Standard, Implementation Guide, Version 2019071 for transmission of dispensed medication data from dispensing entities to an HIE or HIE-like entity.