This is becoming a very important topic for many solution providers that are hosting their solutions in central data centers. Don’t worry – many other people have tackled this same problem.
There are two ways to provide secure transport of HL7 messages using FTP (File Transfer Protocol): SFTP and FTPS.
SFTP (SSH File Transfer Protocol) is an extension of the SSH protocol, and provides secure file transfer, access and management capabilities for any data stream. FTPS (FTP Secure) provides support for the TLS (Transport Layer Security) and SSL (Secure Socket Layer) protocols. SFTP and FTPS are incompatible. Either SFTP or FTPS works well, even for some real-time feeds, if your counterparty is able to support it.
If you want your counterparty to send files to you using either of these protocols, the best solution is to use a proper FTP server to receive the data, and then use Iguana to read in files that have been uploaded to the FTP server. Iguana is able to act as an SFTP or FTPS client. For details on how to use Iguana to read files from an FTP server, see the From File FTP Options (for FTP server download settings). For information on how to upload files to an FTP server, see the To File FTP Options (for FTP server upload settings).
SSH tunnelling is similar in concept to using a VPN connection. Here, an SSH server is used to securely tunnel the LLP traffic between Iguana and the counterparty. Every Linux distribution has a built-in SSH server, if your organization is comfortable with Linux. OS X also has a built-in SSH server.
If your organization is purely a Windows shop, you might want to consider using a product called VShell for Windows.
LLP over TLS/SSL
In theory, LLP with the TLS (Transport Layer Security) or SSL (Secure Socket Layer) cryptographic protocol is a standard supported by the IHE organization. Iguana has native support for it built into the LLP channels. In practice, it doesn’t seem to be used often. Most integration engines have yet to support this standard.
A user agent is probably the most complicated solution, since it involves placing software at the counterparty’s location. To implement the user agent method, you can easily install a pre-configured copy of Iguana at the customer site. The Iguana instance can be configured to do a simple pass through of data using LLP over TLS/SSL, HTTPS or SFTP/FTPS. (TLS/SSL and SFTP/FTPS are described above. For information on how to send data through Iguana using HTTPS, see From HTTPS or To HTTPS.)
This introduces an additional point of failure in the whole system. If the machine that is running the user agent has an issue, it can stop the data flow.
Several of our partners have solved the user agent problem by making a custom install of Iguana which stores and forwards data via HTTPS.
PHINMS (Public Health Information Network Messaging System) is open-source Java-based software that can be obtained from the CDC in the US. You should only consider this option if you have to communicate with another PHINMS instance. See this documentation.