[Top][All Lists]

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

[Gnumed-devel] EMR data exchange

From: Sebastian Hilbert
Subject: [Gnumed-devel] EMR data exchange
Date: Sat, 7 Apr 2007 23:52:48 +0200
User-agent: KMail/1.9.5

We are working on data exchange with different software vendors and try to 
avoid costly and questionably secure solutions. In short we are looking into 
using trusted and proven open source solutions such as SSL, XMPP (jabber) , 
GPG and more to make data exchange happen. Since we are implementing open 
standards and generic interfaces (GNUmed framework) this solution should be 
easy to implement by open and closed source vendors.

This solution must pass and even surpass security evaluations by Germany's TÜV 
since there is another vendor who supposedly has passed the test. By the way 
the exact specification is only available under a non disclosure agreement. 
From what we have seen it does not ask for a password or passphrase and there 
certainly is no way of knowing who you send the data to. Traffic seems to run 
over the company's server and little is known if the information is stored on 
the server or not.

We can do better. We use ejabberd. This is an open source jabber (xmpp) 
server. Communication happens exclusively over SSL. We have to decide if we 
will allow storage and forwarding messages for offline users. Traffic can be 
encrypted by OpenPGP but this has not yet been implemented. Code has been 
checked into the GNUmed repository.

Karsten is working on the export framework. Ideally the transporting code is 
content agnostic. We will most likely implement export of xDT format (German 
exchange format), raw sql. Maybe someone with HL7 experience chips in. We 
will be able to transport anything from lab data to patient information and 
patient documents.

GNUmed will store this information in the inbox. We will then implement a 
handler part that knows how to import the different data formats into GNUmed 
or another EMR.

One issue related to datae exchange in general is the question of how to tell 
the true identity of the receiver. We will be able to solve this by using GPG 
and encrypting the messages. Authentification will most likely happen against 
a trusted third party in cases when you don't know the receiver personally 
(key signing).
Sebastian Hilbert 
Leipzig / Germany
[]  -> PGP welcome, HTML ->/dev/null

reply via email to

[Prev in Thread] Current Thread [Next in Thread]