Title: Arial 28pt'

1
HTH975 Connecting Providers and Payers Secure
Exchange of Healthcare Data over the Internet
Mike Woods President Pentelar
Inc. Mike.Woods_at_Pentelar.com Aisha
El-Zorba Senior Product Manager aishael_at_sybase.com
August 15-19, 2004
2
Current Exchange of Healthcare Data

• Direct Connects from providers to payers
• Asynchronous communications
• FTP
• TCP/IP
• VPN
• Clearinghouses

3
Secure Exchange of Healthcare Data over the
Internet

• Internet
• Secure
• Reliable
• Standard Protocols
• EDIINT AS1
• EDIINT AS2
• RosettaNet
• ebXML

4
EDIINT AS1

• EDI over the INTernet Applicability Statement 1
• AS1 is an RFC standard (RFC 3335) by which
  applications communicate EDI (EDIFACT or X12) or
  XML data over the SMTP transport (email).
• S/MIME encryption and digital signatures
• S/MIME encryption and digital signatures provide
  confidentiality and content-integrity of the data
  being transported.
• Compression
• significantly reduces in file sizes.
• In order to provide protection to their networks,
  company mail servers are often very restrictive
  of the messages that are received. Combined with
  anti-virus software, which is often loaded on
  these servers, the email messages processed by
  the mail servers are often altered or even
  blocked. This can pose a serious problem with AS1
  messages because this alteration can corrupt the
  security applied to the transaction.

5
EDIINT AS2

• EDI over the INTernet Applicability Statement 2
• Exchange structured business data securely using
  HTTP transfer for XML, Binary, Electronic Data
  Interchange, (EDI - either the American Standards
  Committee X12 or UN/EDIFACT, Electronic Data
  Interchange for Administration, Commerce and
  Transport) or other data describable in MIME used
  for business to business data interchange.
• The data is packaged using standard MIME
  content-types.
• Authentication and privacy are obtained by using
  Cryptographic Message Syntax (S/MIME) security
  body parts.
• Authenticated acknowledgements make use of
  multipart/signed replies to the original HTTP
  message.
• Adoption in the US
• Gas Industry - GISB
• Retail

6
RosettaNet

• Is designed to harness the imminent, exponential
  growth of electronic commerce across the IT
  supply chain by developing, promoting, and
  leading the adoption of both open content and
  open transaction standards, along with the
  necessary metrics to measure the business impact
  of these standards on members of the supply
  chain.
• Industries
• Electronics
• Adoption
• US
• Europe
• China
• Japan
• Korea
• Malaysia
• Singapore
• Tiawan

7
ebXML - Technology Definitions

• What is a Web Service
• Self contained module that allows a business
  entity to interact with one or more external
  entities using Web technologies (e.g. over the
  internet).
• What is ebXML (Electronic Business using
  eXtensible Markup Language)
• Provides reliable and secure messaging
  (transmission of information) between two or more
  business entities
• Automates ad hoc business collaborations
  (transactions)
• Is the only finalized, industry-standard
  specification for collaborative B2B based Web
  services

8
Web Services Key Enablers

• eXtensible Markup Language (XML)
• Self describing document language
• Simple Object Access Protocol (SOAP)
• Define and access structure\protocol for OPEN
  messaging
• Web Services Descriptor Language (WSDL)
• Describe the capabilities of a service
• Universal Description, Discovery and Integration
  (UDDI)
• Registry of WHAT is out there
• ebXML
• ALL of that plus what is missing.
• Stay tuned.

9
Synchronous Messaging
10
Asynchronous Messaging
11
Why ebXML?

• Security
• Encryption
• Digital Signatures
• Transport (HTTPS)
• Reliability (Guaranteed Delivery)
• Open Standard
• OASIS
• Proven
• V2.0 currently more than 1 year old
• V3.0 ready to be released

12
More. More. More.

• ebXML Extends SOAP
• SOAP with Attachments
• Adds Security (including PKI with Digital
  Certificates)
• Authentication
• Authorization
• Non-repudiation
• Message / payload level encryption
• Transport level encryption (HTTPS)
• Digital signatures
• Adds reliability guaranteed delivery

13
Drummond Group

• Interoperability Testing Experts
• Vendor Neutral Third Party to Test Commercial
  Software
• ebXML cross certification
• 11 Companies that passed ebMS v1.0 compatibility
• 7 companies that passed ebMS v2.0 compatibility
• Sybase passed both!
• www.drummondgroup.com

14
Sybases Offering (ebXML)

• Web Services Integrator (WSI)
• EAServer or Weblogic Server 7.x or later
• Process Server
• To support Business Process Specification Schema
  (BPSS)
• Integration Orchestrator (IO)
• Business Process Integration Suite (BPI Suite)

15
Overseas

• Europe
• eBES (e-business Board for European
  Standardization)
• Asia
• Korean Banking
• China Banking
• KIEC - Korea Institute for Electronic Commerce

16
Auto Industry

• STAR
• Standards for Technology in Automotive Retail
• Chose ebXML because Open Standard
• Started implementation
• Reynolds Reynolds
• 70 year old, billion dollar company
• Middle broker in automotive retail.
• Sybase and Pentelar recently created a
  Proof-Of-Concept demo for them to communicate
  with Volkswagen.

17
Government of Canada

• Pentelar worked with the Government of Canada -
  Canadian Passport Office - to analyze, design,
  develop, test and implement a Document
  Verification system.
• Identity documents are verified with the issuing
  agency in real time.
• Pathfinder project for Secure/Reliable
  communications with external agencies and the
  Government of Canada.

18
Health Care

• HIPAA - Health Insurance Portability and
  Accountability Act
• ebMS directly addresses HIPAA Security,
  Electronic Signature, Privacy and transaction
  requirements related to data being transmitted
  between partners.
• HL7 Health Level 7
• ANSI accredited
• Clinical and Administrative data domain
• April 27, 2004 announced ebXML support (Draft
  standard for trial use) in V3 Messaging Standard.

19
Demo.

• Health Care Scenario
• Verification of Eligibility for Service

20
Web Services Integrator
TPM
EDIINT AS2
Business to Business Transport (B2B)
Data Security
Human Resources Applications
Integration
A d a p t e r s
Business Trading Partner Management (TPM)
RosettaNet
Financial Applications
Process Srv
Trading Partners
Logistics Applications
Business Process Monitoring (BPM)
BTSM
ebXML
Other Legacy Applications
Business Process Modeling and Control (BPM)
J2EE Server
Web Browsing Customer, or Partner