1. HealthIT.gov
  • Print

Interoperability Need: An Unsolicited “Push” of Clinical Health Information to a Known Destination Between Systems


Interoperability Need: An Unsolicited “Push” of Clinical Health Information to a Known Destination Between Systems

Interoperability Need: An Unsolicited “Push” of Clinical Health Information to a Known Destination Between Systems

Type

Standard/Implementation Specification

Standards Process Maturity

Implementation Maturity

Adoption Level

Federally Required

Cost

Test Tool Availability
1- Standard SOAP-Based Secure Transport Requirements Traceability Matrix (RTM) version 1.0 specification Final Production rating 3 Yes Free Yes
1- Standard Applicability Statement for Secure Health Transport v1.1 (“Direct”) Final Production rating 5 Yes Free Yes
2 - Emerging Standard Applicability Statement for Secure Health Transport v1.2 Final Production rating 3 Yes Free Yes
2- Implementation   Specification IHE-XDR (Cross-Enterprise Document Reliable Interchange) Final Production rating 4 No Free Yes
1 - Implementation Specification NwHIN Specification: Messaging Platform Final Production rating 3 No Free No
1- Implementation Specification NwHIN Specification: Authorization Framework Final Production rating 3 No Free No
Limitations, Dependencies, and Preconditions for Consideration: Applicable Security Patterns for Consideration:
  • The IHE-XDR implementation specification is based upon the underlying standards: SOAP v2, and OASIS ebXML Registry Services 3.0
  • The NwHIN Specification: Authorization Framework implementation specification is based upon the underlying standards: SAML v1.2, XSPAv1.0, and WS-1.1.
  • “Direct” standard is based upon the underlying standard: Simple Mail Transfer Protocol (SMTP) RFC 5321 and for security uses Secure/Multipurpose Internet Mail Extensions (S/MIME) Version 3.2 Message Specification, RFC 5751.
  • For Direct, interoperability may be dependent on the establishment of “trust” between two parties and may vary based on the trust community(ies) to which parties belong. The leading trust communities to enable communication amongst the most users include DirectTrust (for provider messaging and consumer-mediated exchange) and NATE (for consumer-mediated exchange).
  • See Direct and IHE projects in the Interoperability Proving Ground.
  • Secure Communication – create a secure channel for client-to- serve and server-to-server communication.
  • Secure Message Router – securely route and enforce policy on inbound and outbound messages without interruption of delivery.
  • Authentication Enforcer – centralized authentication processes.
  • Authorization Enforcer – specified policies access control.
  • Credential Tokenizer – encapsulate credentials as a security token for reuse  (e.g., – SAML, Kerberos).
  • Assertion Builder – define processing logic for identity, authorization and attribute statements.
  •  User Role – identifies the role asserted by the individual initiating the transaction.
  • Purpose of Use - Identifies the purpose for the transaction.
No comments have been posted yet.