Secure Protocols for HL7

This is becoming a very important topic for many solution providers that are hosting their solutions in central data centers. Don’t worry – many other people have tackled this same problem.

There are a number of common solutions out there. Let’s look at each of the common solutions and see what the pros and cons are.
VPN tunnel
A Virtual Private Network (VPN) is a private network that uses the Internet to link remote sites together:
Data is transferred over the Internet using secure cryptography to ensure that it cannot be read by unauthorized users. A VPN tunnel is a very popular way to solve the HL7 encryption problem.
To use a VPN, just route the data via LLP over VPN. Since many common cloud platforms, such as the Amazon Elastic Compute service, provide VPN connections as part of their platform, this is an easy solution. For many vendors though concerns about controlling physical access to patient health information (PHI) often requires setting up physical servers in a data center with additional physical security.

SFTP/FTPS

There are two ways to provide secure transport of HL7 messages using FTP (File Transfer Protocol): SFTP and FTPS.

SFTP (SSH File Transfer Protocol) is an extension of the SSH protocol, and provides secure file transfer, access and management capabilities for any data stream. FTPS (FTP Secure) provides support for the TLS (Transport Layer Security) and SSL (Secure Socket Layer) protocols. SFTP and FTPS are incompatible. Either SFTP or FTPS works well, even for some real-time feeds, if your counterparty is able to support it.

If you want your counterparty to send files to you using either of these protocols, the best solution is to use a proper FTP server to receive the data, and then use Iguana to read in files that have been uploaded to the FTP server. Iguana is able to act as an SFTP or FTPS client. For details on how to use Iguana to read files from an FTP server, see the From File FTP Options (for FTP server download settings). For information on how to upload files to an FTP server, see the To File FTP Options (for FTP server upload settings).

SSH Tunnelling

SSH tunnelling is similar in concept to using a VPN connection. Here, an SSH server is used to securely tunnel the LLP traffic between Iguana and the counterparty. Every Linux distribution has a built-in SSH server, if your organization is comfortable with Linux. OS X also has a built-in SSH server.

If your organization is purely a Windows shop, you might want to consider using a product called VShell for Windows.

LLP over TLS/SSL

In theory, LLP with the TLS (Transport Layer Security) or SSL (Secure Socket Layer) cryptographic protocol is a standard supported by the IHE organization. Iguana has native support for it built into the LLP channels. In practice, it doesn’t seem to be used often. Most integration engines have yet to support this standard.

For details on how to use SSL with Iguana channels, see the LLP Listener or the LLP Client SSL Settings (scroll down to the section that describes the “Use SSL” check box).

User Agent

A user agent is probably the most complicated solution, since it involves placing software at the counterparty’s location. To implement the user agent method, you can easily install a pre-configured copy of Iguana at the customer site. The Iguana instance can be configured to do a simple pass through of data using LLP over TLS/SSL, HTTPS or SFTP/FTPS. (TLS/SSL and SFTP/FTPS are described above. For information on how to send data through Iguana using HTTPS, see From HTTPS or To HTTPS.)

This introduces an additional point of failure in the whole system. If the machine that is running the user agent has an issue, it can stop the data flow.

Several of our partners have solved the user agent problem by making a custom install of Iguana which stores and forwards data via HTTPS.

PHINMS

PHINMS (Public Health Information Network Messaging System) is open-source Java-based software that can be obtained from the CDC in the US. You should only consider this option if you have to communicate with another PHINMS instance. See this documentation.

Tagged: