A Distribution Network using PKI or PGP and Architecture Barriers Presented by: Jared Davison B. Inf Tech (QUT), B. Eng (QUT), M. IEEE, GradIEAust, AACS. Software Engineer Buderim GE Centre

Buderim Gastroenterology Centre Small privately owned day surgery 3 Specialists, 17 Staff Catchment area ~250,000 Established 12 years EHR Active HL7 R&D program since HL7 USA member since 1999 HL7 Australia member since inception

Electronic Records Developed HL7 system 35,000 patients 190,000 reports 250 GPs in the local area. w/copies 244,000 individual recipients 1.3 copies per document Pathology dating to the start of PIT distribution by QML & S&N path. All outgoing clinical letters since 1991 HL7 format for storage for all this = 750 MB

Report Distribution Trial Real-time HL7 Transmission of –Specialist reports –GP referrals > 12 months 240 connected doctors 22 specialists Sunshine Coast Division Allied Health Nursing Home 40,000 reports delivered (including copies to other recipients doctors)

Report Distribution Trial Integrated with existing practice software –GP computer systems –Specialist computer systems Report delivery into GP software is an unattended operation All transmission in HL7 format, encrypted & signed PIT conversion performed as necessary Imported by GP computer system –same as pathology import

Transmission Specialist report creation –Word Processor integration –HL7 based custom reporting clients

Transmission GP referrals –Captured from clinical practice software –Digitally signed HESA PKI USB key –Encrypted with PKI certificates –Encrypted provider lookup –Zero configuration install Reports are delivered real-time

GP Referral Digital Signature Block

Architectural & Technical Barriers to distribution network implementation Transport Recipient/Provider Addressing Delivery & Acknowledgment Protocols Security & Authentication Routing Use of standards – HL7

Transport Internet access assumed Consideration of OSI Layer 6 protocols –HL7 over –HL7 over HTTP –HL7 Lower Level Protocol

Transport - Advantages –Technical Simplicity –Widely accessible –Asynchronous (recipient need not be online when sending) Disadvantages –No acknowledgement of delivery –No guaranteed order of delivery –Spam filters / Spam –Backup Mail Servers –No sender authentication –No control over infrastructure quality –Blacklists

HL7 over HTTP Advantages –HL7 standard acknowledgement possible –Ability to reject connections –Industry standard –Ease of interoperability for 3 rd parties –Connectionless scalable –URL & Headers available for protocol variations Eg. Http1.1 keep alive, content types Disadvantages –Need for full time internet presence

Chosen Transport HL7 over HTTP HL7 Lower Level Protocol supported –for compatibility & interoperability

Provider Addressing Issues HIC Provider Numbers Advantages –Specified by Australian HL7 Standard –Ideal for doctors in private practice –Check digit scheme –Location Specific –Virtually always obtained (billing)

Provider Addressing Issues HIC Provider Numbers Disadvantages –Not universal –Not all health care providers/facilities have HIC provider numbers Public hospital doctors Nursing homes Allied health Nursing staff –Only some sections of medical community have access to Provider number lists

An Addressing Solution A mixed solution HIC provider numbers used where available Proprietary identifiers used if no provider number –Disadvantage: some software only accepts provider numbers PKI key common name used for Author identification

Address/Recipient Lookup HL7 2.3 Master files –Defines messages for maintenance & query for providers using the STF segment –CH Solution: Master files implemented

HL7 Master Files Query

HL7 for Mere Mortals

Protocol Standard HL7 Delivery Protocol Message Acknowledgement Eg. ORU – ACK, REF – ACK (messages) Assumes –Internet server availability –Push model as new reports are sent unsolicited (ORU) Retry sending if ACK not received

Protocol Problems –Many clients DO NOT or CAN NOT open their networks (inadequate knowledge/skills) have persistent internet connectivity Some clients need to poll

Polling protocol Non-HL7 standard QRY.Z02 ORU.R01 (report downloads) ACK.R01 OK But the payload is HL7 standard!

Security & Authentication Encryption used for security Digital signatures used for all authentication 1024 bit public keys only Encryption Mechanisms: –X.509 HeSA Certificates & HIC PKI –Native PGP compatible (explicit trust model only) No usernames / passwords –(weak security)

Routing Enable communication between practices and doctors running independent systems. Manual configuration of connections between every practice is not feasible –Because the number of direct path configurations required is n(n-1)/2 (where n is the number of independent systems) Internet enables virtual/potential connections

Routing Solution: use HL7 Master File messages to enable dynamic discovery of newly connected users Allow existing users to change their address without manual reconfiguration being required

Centralised vs. Distributed nets. Centralised (Star network) –Each node communicates with each other node via central point –Issues Service availability –Network connections –Limited Processing capacity Redundancy required Serial communication DDoS (distributed denial of service) attacks on hub Vulnerability of stored/transit data (all eggs in one basket) Natural disaster –Eg. earthquake

Centralised vs. Distributed nets. Distributed network (fully connected mesh) –Every node is able to communicate directly with any other node –Fewer points of failure in transit –Very powerful Load sharing possibilities –Parallel communication –Very Fast –DDoS can at worst case affect limited nodes only –Robust to natural disasters

HL7 Support Workable delivery format at this time is HL7 ORU messages. –This is all we have delivered at this stage to GPs Minor modifications to messages are required depending on target application. –Satisfying import assumptions of software –No change to report payload. REF message have potential in future –No support in practice software at present

HL7 Support By sticking to published standards we have had few compatibility problems Moral: Stick to Standards!

Putting it together The Software Medical Objects Currently undergoing beta testing Participants welcome

HL7 Servers Servers –Message encoding supported HL7 v2.x (Classic & XML), PIT –Win32 platform –Multi-tier architecture SQL database tier (Linux or Windows) Application server tier –Replication supported (over HL7) –Standalone Service IIS (ISAPI) or Apache (module) –run locally or in Application Service Provider (ASP) mode –Persists 10,000+ messages per hour (Athlon 1.5GHz, 7200 RPM, 512 RAM) –Serves queries many-many times more!!! Server Types –Lightweight GP receive only (file based db) –Gateway –Distribution –Practice –Provider Directory –Terminology –Routing

GP Solutions Receiving Specialist Messages –GP Reception Server Acks messages and saves as files Win 32 platform (95, 98, ME, NT4, 2000, XP, 2003) –Polling Client (works with Distribution Service) Win 32 platform (95, 98, ME, NT4, 2000, XP, 2003) –Tray Icon service –NT service Linux Mac OS X Any future HIC PKI Supported platform Integrated PIT conversion Acknowledged delivery Simple download setup 4.2MB Easy install – no reboots or downtime

GP Solutions Sending Referrals –Win32 (98, ME, 2000, XP, 2003) –PKI Signed referrals –HIC PKI Rainbow iKey required –Setup: 2.7MB internet download Zero configuration easy install no reboots or downtime

Specialist Solution Sending Reports –Word Processor integration Word 97, 2000, XP, 2003 Word Perfect 10 –PKI signing possible –Setup 3 MB download Easy & quick install No reboots

Medical Objects Network Today