Archive for October, 2009

MEDNET, Bostech Corporation Partner for Strategic NHIN Solutions for Healthcare

Tuesday, October 27th, 2009

MEDNETWorld.com (MEDNET), a leader in Nationwide Health Information Network (NHIN) connectivity and Health Information Exchange (HIE) solutions and Bostech, the healthcare interoperability experts behind ChainBuilder Connect, today announced a managed service HIE solution for Nationwide Health Information Network, or NHIN, connectivity.

The joint product offering, called the Managed Service NHIN Gateway, is a comprehensive managed service that enables Health Information Exchange (HIE) building, clinical data interoperability, and NHIN connectivity. Previously, healthcare providers had limited choices for off-the-shelf HIE-NHIN connectivity and interoperability solutions. With the MEDNET – Bostech Managed Service NHIN Gateway, providers enjoy complete data interoperability, along with Health Information Exchange (HIE) and NHIN connectivity, as a managed service with premium service and support.

“Healthcare customers looking for off-the-shelf, ready to go, interoperable NHIN solutions can now simply pick up the phone and call us.” MEDNET’s CEO John Fraser said in announcing the strategic partnership. “HIEs can now focus on mission critical work, relying on our experience to manage their interoperability and connectivity needs,” Fraser continued.

“This important partnership will make it easy for healthcare providers to access an advanced, integrated HIE and NHIN solution,” said Brad Bostic, Bostech’s CEO. “This alliance enables our healthcare customers to quickly and efficiently form HIE communities that connect to the NHIN.”

Tags: , , , , ,
Posted in Uncategorized | Comments Off

Why NHIN and an Interconnected Healthcare Infrastructure Matters

Tuesday, October 13th, 2009

- By Chris Smith

As more and more Health Information Exchanges (HIEs) pop up, become funded, and grow each day, the importance of utilizing the NHIN backbone for interoperability and HIE to HIE connectivity grows as well.

In previous newsletters, we spoke about the importance of planning for HIE to HIE connectivity and communication, as well as the impact NHIN, the Nationwide Health Information Network (backed by the Federal Government) has on the healthcare marketplace.

From a purely global perspective, the potential for a physician in Florida to electronically search and find clinical information on thier patient, who happens to be  visiting from California, is really exciting!  Imaging the improved care, improvements in workflow, and cost savings that could be realized with the ability to search, find, and utilize patient clinical information from anywhere in the country (or the world).

NHIN enables this type of workflow and clinical data exchange, offering a whole new way to streamline care and produce financial improvements in the healthcare industry.  With NHIN, healthcare data can now flow between HIEs, care providers, and physicians, all while remaining encrypted, protected, and secured.

With so much emphasis being placed on healthcare reform, an interconnected healthcare model, utilizing the NHIN backbone, saves time, money, and lives…and make the future of an interconnected, interoperable healthcare marketplace a reality today!

If you would like to learn more about the impact of NHIN, HIE’s and HIE building, and privacy and security in a healthcare environment, please contact us or register for our FREE Webinar at www.mednetworld.com

Tags: , , , , , ,
Posted in Uncategorized | Comments Off

Security and Federated Identity Management in the Healthcare Enterprise

Tuesday, October 13th, 2009

- By Jesse Erdmann

Last month, Jesse Erdmann, CISSP, introduced the concept of Federated Identity Management (FIM) and this month we will describe the details behind how it works. Public Key Infrastructure (PKI) is a central concept in FIM, specifically digital signatures. For more information on these concepts please review a resource like Wikipedia’s PKI page.

While there are many ways to establish a federation, for the sake of simplicity, the method described below refers to the software and standards used by MEDNET for simplicities sake. This description will cover most FIM models, but some of the terminology may not be immediately recognizable between implementations.

The first step is for two or more organizations to agree to establish a federation, and determining what information needs to be shared. Each organization will need at least one identity provider and at least one service provider. The two organizations will also need at least one discovery service. The two organizations exchange public keys, the names of their identity providers, and the user information to be shared (which can be determined in the agreement). In general, most will simply need a list of valid roles and a description of what that role means within the home organization.

The organizations then need to configure service provider(s) to accept user information from the other organization’s identity provider(s), direct unauthenticated users to the discovery service and determine what access is to be granted to users with each role from other organizations. The discovery service(s) also need to be configured with the information about the identity providers.

When an unauthenticated user tries to access a federated service, the service provider will redirect the user to the discover service. The discover service presents the user with the configured list of identity providers. The user selects their home organization’s identity provider. For example, if a web site accepts Facebook, OpenID and Google users, the user would be presented with these three options and possibly a fourth belonging to the organization itself. The user then chooses which account they want to sign in with.

Once the user chooses an identity provider, the identity provider asks them to log in. As mentioned in last months article, there should be a strong preference if not a requirement for each user to be issued their own cryptographic key pair. After the user successfully authenticates to their identity provider at their home organization, the identity provider digitally signs the users’ credentials, for instance their username and role(s), to send to the originating service provider.

As the user returns to the service they were originally seeking, the service provider now knows whom the user is, which organization they are from and any other information provided by the identity provider including how the user was authenticated. If necessary, the service provider can alter the information from the identity provider to meet the needs of the service. The service itself then can determine what level of access to allow the user. For instance, a doctor from within the same organization as the service might be able to search broadly and edit information whereas a doctor from outside might only be able to do very narrow searches and read only a limited set of information.

FIM is a powerful tool that can be customized quite a lot to fit the needs of a federation, but the less customization required the easier the federation is to expand and potentially interoperate with other federations. The focus of setting up a federation is on the operational needs of the participating organizations. The organizations don’t need to exchange a full list of users or set up accounts for users in other organizations. The only information that might need to be updated on an ongoing basis is certificates for identity providers as they expire, new identity providers and any information like roles that the organizations agree to exchange about users. Balancing between thoroughness and ease of administration is key. The recommendation is that role information should be enough.

Tags: , , , , , ,
Posted in Uncategorized | Comments Off

The Challenges of Sharing Clinical Data in Healthcare – Healthcare Interoperability

Tuesday, October 13th, 2009

- By John Fraser

How does a hospital know that a request for medical information from another hospital is a valid request, and not a forgery? How do healthcare providers electronically transmit messages to each other in a secure, encrypted format?

In the past, there has been little need to electronically connect hospitals and clinics together as most medical records were paper based. As healthcare as a whole moves to electronic medical records, the sharing of medical records becomes a critical part of modern healthcare practice. Health Information Exchanges (HIEs) are focused on helping groups of providers connect to share electronic medical information. But what is being shared, how is it being shared, and is it secure?

Most HIEs and individual providers use simple messaging, such as HL7 messaging for clinical information, NCPDP messages for eprescribing, and ANSI X12 messages for the HIPAA transactions for medical records and billing information. These healthcare messages are simple text files with very rigid formats, so different systems can send and received said messages and understand the message contents (The messages, or text files, are not encrypted when produced, however).

To ensure privacy and security, a provider could utilize a VPN (Virtual Private Network) or secure web connections (HTTPS), usually over the Internet, to secure and encrypt this healthcare messaging. VPNs and HTTPS connections provide good security, but scaling these connections isn’t popular due to the cost and the complexity of supporting up to hundreds of individual connections. Note: this scaling problem is the often called the “N squared” problem. This means that, roughly speaking, if you need to connect 10 hospitals, all 10 will need 9 connections to the others, or roughly 10 x 10 = 100 connections. With 100 participants, you would need over 5,000 connections!

As medical information becomes computerized, most message sharing still uses the VPN technologies described above. Although considered secure, the growing number of VPNs, the difficultly managing multiple connections, and the lack of any authentication between VPN infrastructures seems unlikely to scale to a national network level. Poorly configured systems, or mis-configured VPN systems can negatively impact patient privacy, allowing unencrypted communications to accidently flow over the Internet. In addition, VPNs encourage a centralized approach to connecting large numbers of players given the N/Squared problem. This can lead to centralized databases drawing the attention of hackers, or a centralized switching system that could be hacked and the messages intercepted.

The solution to this problem is NHIN, the Federally backed, standards based Nationwide Health Information Network. NHIN has taken a more global approach for connectivity and security, and a better design for connecting all of healthcare.

Be sure to read next month’s article as we continue this discussion and cover the topics of security and scalability of NHIN vs. VPNs and other connectivity methodologies!

Tags: , , , , , , , , , ,
Posted in Uncategorized | Comments Off

MEDNET in Minneapolis Star Tribune Newspaper

Monday, October 5th, 2009

John Fraser, MEDNET CEO, recently spoke at the 23rd Annual Venture Capital Conference in Minneapolis.

Mr. Fraser was also mentioned in the Minneapolis Star Tribune as “…the veteran computer scientist who for 10 years has been building software systems to securely share electronic medical records, has gotten traction with three-year-old Mednetworld.com.”

Read more about MEDNET and the Venture and Finance Conference at www.startribune.com or simply click here.

Tags: , , , , ,
Posted in Uncategorized | Comments Off