Title: Title: Arial 28pt'
1HTH975 Connecting Providers and Payers Secure
Exchange of Healthcare Data over the Internet
Mike Woods President Pentelar
Inc. Mike.Woods_at_Pentelar.com Aisha
El-Zorba Senior Product Manager aishael_at_sybase.com
August 15-19, 2004
2Current Exchange of Healthcare Data
- Direct Connects from providers to payers
- Asynchronous communications
- FTP
- TCP/IP
- VPN
- Clearinghouses
3Secure Exchange of Healthcare Data over the
Internet
- Internet
- Secure
- Reliable
- Standard Protocols
- EDIINT AS1
- EDIINT AS2
- RosettaNet
- ebXML
4EDIINT AS1
- EDI over the INTernet Applicability Statement 1
- AS1 is an RFC standard (RFC 3335) by which
applications communicate EDI (EDIFACT or X12) or
XML data over the SMTP transport (email). - S/MIME encryption and digital signatures
- S/MIME encryption and digital signatures provide
confidentiality and content-integrity of the data
being transported. - Compression
- significantly reduces in file sizes.
- In order to provide protection to their networks,
company mail servers are often very restrictive
of the messages that are received. Combined with
anti-virus software, which is often loaded on
these servers, the email messages processed by
the mail servers are often altered or even
blocked. This can pose a serious problem with AS1
messages because this alteration can corrupt the
security applied to the transaction.
5EDIINT AS2
- EDI over the INTernet Applicability Statement 2
- Exchange structured business data securely using
HTTP transfer for XML, Binary, Electronic Data
Interchange, (EDI - either the American Standards
Committee X12 or UN/EDIFACT, Electronic Data
Interchange for Administration, Commerce and
Transport) or other data describable in MIME used
for business to business data interchange. - The data is packaged using standard MIME
content-types. - Authentication and privacy are obtained by using
Cryptographic Message Syntax (S/MIME) security
body parts. - Authenticated acknowledgements make use of
multipart/signed replies to the original HTTP
message. - Adoption in the US
- Gas Industry - GISB
- Retail
6RosettaNet
- Is designed to harness the imminent, exponential
growth of electronic commerce across the IT
supply chain by developing, promoting, and
leading the adoption of both open content and
open transaction standards, along with the
necessary metrics to measure the business impact
of these standards on members of the supply
chain. - Industries
- Electronics
- Adoption
- US
- Europe
- China
- Japan
- Korea
- Malaysia
- Singapore
- Tiawan
7ebXML - Technology Definitions
- What is a Web Service
- Self contained module that allows a business
entity to interact with one or more external
entities using Web technologies (e.g. over the
internet). - What is ebXML (Electronic Business using
eXtensible Markup Language) - Provides reliable and secure messaging
(transmission of information) between two or more
business entities - Automates ad hoc business collaborations
(transactions) - Is the only finalized, industry-standard
specification for collaborative B2B based Web
services
8Web Services Key Enablers
- eXtensible Markup Language (XML)
- Self describing document language
- Simple Object Access Protocol (SOAP)
- Define and access structure\protocol for OPEN
messaging - Web Services Descriptor Language (WSDL)
- Describe the capabilities of a service
- Universal Description, Discovery and Integration
(UDDI) - Registry of WHAT is out there
- ebXML
- ALL of that plus what is missing.
- Stay tuned.
9Synchronous Messaging
10Asynchronous Messaging
11Why ebXML?
- Security
- Encryption
- Digital Signatures
- Transport (HTTPS)
- Reliability (Guaranteed Delivery)
- Open Standard
- OASIS
- Proven
- V2.0 currently more than 1 year old
- V3.0 ready to be released
12More. More. More.
- ebXML Extends SOAP
- SOAP with Attachments
- Adds Security (including PKI with Digital
Certificates) - Authentication
- Authorization
- Non-repudiation
- Message / payload level encryption
- Transport level encryption (HTTPS)
- Digital signatures
- Adds reliability guaranteed delivery
13Drummond Group
- Interoperability Testing Experts
- Vendor Neutral Third Party to Test Commercial
Software - ebXML cross certification
- 11 Companies that passed ebMS v1.0 compatibility
- 7 companies that passed ebMS v2.0 compatibility
- Sybase passed both!
- www.drummondgroup.com
14Sybases Offering (ebXML)
- Web Services Integrator (WSI)
- EAServer or Weblogic Server 7.x or later
- Process Server
- To support Business Process Specification Schema
(BPSS) - Integration Orchestrator (IO)
- Business Process Integration Suite (BPI Suite)
15Overseas
- Europe
- eBES (e-business Board for European
Standardization) - Asia
- Korean Banking
- China Banking
- KIEC - Korea Institute for Electronic Commerce
16Auto Industry
- STAR
- Standards for Technology in Automotive Retail
- Chose ebXML because Open Standard
- Started implementation
- Reynolds Reynolds
- 70 year old, billion dollar company
- Middle broker in automotive retail.
- Sybase and Pentelar recently created a
Proof-Of-Concept demo for them to communicate
with Volkswagen.
17Government of Canada
- Pentelar worked with the Government of Canada -
Canadian Passport Office - to analyze, design,
develop, test and implement a Document
Verification system. - Identity documents are verified with the issuing
agency in real time. - Pathfinder project for Secure/Reliable
communications with external agencies and the
Government of Canada.
18Health Care
- HIPAA - Health Insurance Portability and
Accountability Act - ebMS directly addresses HIPAA Security,
Electronic Signature, Privacy and transaction
requirements related to data being transmitted
between partners. - HL7 Health Level 7
- ANSI accredited
- Clinical and Administrative data domain
- April 27, 2004 announced ebXML support (Draft
standard for trial use) in V3 Messaging Standard.
19Demo.
- Health Care Scenario
- Verification of Eligibility for Service
20Web Services Integrator
TPM
EDIINT AS2
Business to Business Transport (B2B)
Data Security
Human Resources Applications
Integration
A d a p t e r s
Business Trading Partner Management (TPM)
RosettaNet
Financial Applications
Process Srv
Trading Partners
Logistics Applications
Business Process Monitoring (BPM)
BTSM
ebXML
Other Legacy Applications
Business Process Modeling and Control (BPM)
J2EE Server
Web Browsing Customer, or Partner