[Top][All Lists]
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
[Gnumed-devel] EMR data exchange
|
From: |
Sebastian Hilbert |
|
Subject: |
[Gnumed-devel] EMR data exchange |
|
Date: |
Sat, 7 Apr 2007 23:52:48 +0200 |
|
User-agent: |
KMail/1.9.5 |
We are working on data exchange with different software vendors and try to
avoid costly and questionably secure solutions. In short we are looking into
using trusted and proven open source solutions such as SSL, XMPP (jabber) ,
GPG and more to make data exchange happen. Since we are implementing open
standards and generic interfaces (GNUmed framework) this solution should be
easy to implement by open and closed source vendors.
This solution must pass and even surpass security evaluations by Germany's TÜV
since there is another vendor who supposedly has passed the test. By the way
the exact specification is only available under a non disclosure agreement.
From what we have seen it does not ask for a password or passphrase and there
certainly is no way of knowing who you send the data to. Traffic seems to run
over the company's server and little is known if the information is stored on
the server or not.
We can do better. We use ejabberd. This is an open source jabber (xmpp)
server. Communication happens exclusively over SSL. We have to decide if we
will allow storage and forwarding messages for offline users. Traffic can be
encrypted by OpenPGP but this has not yet been implemented. Code has been
checked into the GNUmed repository.
Karsten is working on the export framework. Ideally the transporting code is
content agnostic. We will most likely implement export of xDT format (German
exchange format), raw sql. Maybe someone with HL7 experience chips in. We
will be able to transport anything from lab data to patient information and
patient documents.
GNUmed will store this information in the inbox. We will then implement a
handler part that knows how to import the different data formats into GNUmed
or another EMR.
One issue related to datae exchange in general is the question of how to tell
the true identity of the receiver. We will be able to solve this by using GPG
and encrypting the messages. Authentification will most likely happen against
a trusted third party in cases when you don't know the receiver personally
(key signing).
--
Sebastian Hilbert
Leipzig / Germany
[www.gnumed.de] -> PGP welcome, HTML ->/dev/null
- [Gnumed-devel] EMR data exchange,
Sebastian Hilbert <=