We are working on data exchange with different software vendors and try to avoid costly and questionably secure solutions. In short we are looking into using trusted and proven open source solutions such as SSL, XMPP (jabber) , GPG and more to make data exchange happen. Since we are implementing open standards and generic interfaces (GNUmed framework) this solution should be easy to implement by open and closed source vendors.
This solution must pass and even surpass security evaluations by Germany's TÜV since there is another vendor who supposedly has passed the test. By the way the exact specification is only available under a non disclosure agreement. From what we have seen it does not ask for a password or passphrase and there certainly is no way of knowing who you send the data to. Traffic seems to run over the company's server and little is known if the information is stored on the server or not. We can do better. We use ejabberd. This is an open source jabber (xmpp) server. Communication happens exclusively over SSL. We have to decide if we will allow storage and forwarding messages for offline users. Traffic can be encrypted by OpenPGP but this has not yet been implemented. Code has been checked into the GNUmed repository. Karsten is working on the export framework. Ideally the transporting code is content agnostic. We will most likely implement export of xDT format (German exchange format), raw sql. Maybe someone with HL7 experience chips in. We will be able to transport anything from lab data to patient information and patient documents. GNUmed will store this information in the inbox. We will then implement a handler part that knows how to import the different data formats into GNUmed or another EMR. One issue related to datae exchange in general is the question of how to tell the true identity of the receiver. We will be able to solve this by using GPG and encrypting the messages. Authentification will most likely happen against a trusted third party in cases when you don't know the receiver personally (key signing). -- Sebastian Hilbert Leipzig / Germany [www.gnumed.de] -> PGP welcome, HTML ->/dev/null _______________________________________________ Gnumed-devel mailing list [email protected] http://lists.gnu.org/mailman/listinfo/gnumed-devel
