Planning the Future of CDC Secure Public Health Transactions and

advertisement
Planning the Future of CDC Secure Public Health
Transactions and Public Health Information
Network Messaging System (PHINMS)
Jennifer McGehee, Tim Morris, Charlie Peng,
John W. Loonsk
The findings and conclusions in this presentation are
those of the authors and do not necessarily represent
the views of the Centers for Disease Control and
Prevention.
Value of Public Health Shared, Secure
Transaction Standards and Tools
• Ensure that all public health participants have the
ability to exchange secure transactions
• Minimize integration costs of non-standard transaction
approaches
– Technical integration and security costs
– Identity proofing management
– Authentication management
• Opportunity to leverage clinical care efforts and other
public health program efforts to share maintenance,
advance robust security, and minimize costs
Public Health Information Network Messaging
System (PHINMS)
• Effort begun in 2002 to advance standards-based,
secure, reliable data messaging among public health
agencies and trading partners
• CDC-produced PHINMS software as an implementation
of the standards the agency defined around public
health transactions
• A related digital certificate authority and service was
established to support encryption and non-repudiation
• Support for “route not read” and “behind the firewall”
services
• Led to commercial product implementations
PHINMS at CDC – Payloads Received
1200000
Number of Payloads
1000000
800000
600000
400000
200000
0
2010
2011
2012
Fiscal Year
2013
PHINMS at CDC – Message Size
50000
Megabytes
40000
30000
20000
10000
0
2010
2011
2012
Fiscal Year
2013
PHINMS State Example – Georgia*
• Supporting the Georgia Registry of
Immunization Transactions and Services
(GRITS) state internal system
• Currently 262 installations in hospitals and
the Health Department
• ~22,500 transactions per day
• ~450,000 transactions per month
*Source: André K. Wilson, HP Enterprise Services, Contractor to the State of Georgia
National Secure Transactions Landscape
• Over 22 billion dollars invested in Electronic Health Records
(EHRs)
– New focus on EHR connectivity
– Opportunity for public health to leverage this investment
• Nationwide Health Information Network
– Exchange – SOAP (Simple Object Access Protocol)
– CONNECT Federal government-developed software solution
• DIRECT initiative
– Mostly SMTP (Simple Mail Transfer Protocol, i.e., email)
• RESTful web services
– Identified as future direction in S & I Framework, Health IT Standards
Committee
Public Health Transaction Needs
• Multiple transaction types
– Push (e.g. lab result reporting to health department)
– Pull (e.g. query of HD for immunization decision support)
– Pull / query of EHR (e.g. public health investigation)
– Publish / subscribe (e.g. code set distribution)
• Reliable messaging
• Synchronous and store-and-forward
• Each approach involves multiple standards applied
together, which we refer to as a “stack”
The PHINMS Standards Stack
Common
Name
PHINMS
Major Standards
SOAP, WS Stack,
ebXML
Transactions
Push, Store and
Forward
Synchronous
No
Vocabulary and
Code Sets
Agnostic
Query / Content
Structure
Typically HL7
messages
Reliable
Messaging
Yes
Queuing
Included
Security
HTTPS, two-factor
authentication
(digital certificates)
• ebXML is fading
• Not aligned with
ONC efforts
• Only supports
"push"
The NwHIN Exchange Standards Stack
Common
Name
NwHIN / SOAP
Major Standards
SOAP, WS Stack
Transactions
Push, Pull, Pub/Sub,
Store and Forward
Synchronous
Yes
Vocabulary and
Code Sets
Agnostic
Query / Content
Structure
Focus on CCD
Reliable
Messaging
Possible
Queuing
Not included
Security
HTTPS, SAML, XACML
• Advanced by
HealtheWay and Care
Connectivity
Consortium
• No longer supported
by ONC
• SOAP still strong in
health care
The DIRECT Standards Stack
Common
Name
DIRECT
Major Standards
SMTP
Transactions
Push, Store and
Forward
Synchronous
No
Vocabulary and
Code Sets
Agnostic
Query / Content
Structure
Typically HL7
messages
Reliable
Messaging
No
Queuing
Mail server-based
Security
S/MIME
• Major push by
previous National
Coordinator
• “Push” only and
store-and-forward
• Immunization
Information Systems
report did not
recommend
The SFTP Standards Stack
Common
Name
SFTP
Major Standards
SFTP
Transactions
Upload/Download
Synchronous
Yes
Vocabulary and
Code Sets
Agnostic
Query / Content
Structure
No structure
Reliable
Messaging
No
Queuing
Not included
Security
X-FTP
• Mostly used for
manual data
transfer vs. system
to system exchange
• Does not support
multi-factor
authentication
The RESTful Standards Stack
Common
Name
REST
Major Standards
RESTful, oAuth,
OpenID
Transactions
Push, Pull, Pub/Sub,
Store and Forward
Synchronous
Both
Vocabulary and
Code Sets
Agnostic
Query / Content
Structure
Typically HL7
messages
Reliable
Messaging
Yes
Queuing
Included
Security
HTTPS, two factor (dig
certs)
• Identified as future
direction by HIT
Standards Committee
and S & I Framework
• Limited health care
implementation, but
strong Internet use
• Supports HL7 FHIR
initiative
Conclusions
• A multi-protocol public health and clinical care transaction world
will be the reality for some time
• PHINMS legacy standards and system should be updated to take
advantage of new and emerging standards, but with time and
coordination
• Alignment with standards being utilized in health care could
potentially allow CDC to reduce support costs for software
development and improve transactions between clinical care and
health departments
• DIRECT transactions are not suitable to fully support public
health needs, but they will need to be supported and handled in
some contexts
• REST can offer a suitable and improved public health transaction
platform in time
Recommendations
• CDC should plan, communicate, and pursue a
path forward for secure transactions
• Public health should engage in stack specification
for REST development
• CDC should consider enabling transport
translation and routing services
Questions and Comments?
Contact
Jennifer McGehee
PHINMS CDC Project Lead
ake0@cdc.gov
(404) 498-2411
Download