Presentation is loading. Please wait.

Presentation is loading. Please wait.

De Zorg digitaliseren met XML, HL7v3 en Web Services

Similar presentations


Presentation on theme: "De Zorg digitaliseren met XML, HL7v3 en Web Services"— Presentation transcript:

1 De Zorg digitaliseren met XML, HL7v3 en Web Services
Marc de Graauw Informatieketens in de Zorg XL User Group Holland / Zorg & ICT Beurs 18 maart 2009 Marc de Graauw

2 What we’ll (try to) cover
Standardisation: AORTA, the Dutch Healthcare Infrastructure HL7v3, Vocabulary, Identification, Schema’s Web Services: SOAP, WSDL, WS-Security Truth, Trust and Belief: Authentication Digital Signatures Versioning Marc de Graauw

3 AORTA the Dutch Healthcare Infrastructure
Marc de Graauw

4 Healthcare Information HIB System Messa- BSN (“Burger ging Service
Nummer”) Registry Messa- ging Services Healthcare Information System Patient Registry Healthcare Information System Provider Registry UZI (PKI) Registry Healthcare Information System Act Registry Marc de Graauw

5 The Netherlands “AORTA” is the national backbone
Healthcare Information Systems at institutions and GP’s will be online 24x7 No clinical data at backbone, only an index of where clinical information resides Clinical data stays at the source Only possible with dense infrastructure Patient, provider registries et cetera Marc de Graauw

6 NICTIZ (Dutch EHR Standards Organization) Timeline 2003: start
Medication File Primary Care Summary 2003: start 2006: Healthcare Information Broker delivered 2006/7: First HIS qualifications 2009: General availability Marc de Graauw

7 NICTIZ & Dutch Healthcare
Communication between: Healthcare Provider (GP, hospital etc.) Healthcare Information Broker (HIB) HIB provides: index of which parties have patient data no patient data itself messaging services aggregation services Health Level Seven version 3 (HL7v3) Marc de Graauw

8 Ministry of Healthcare
NICTIZ National Institute for ICT in Care CIBG Healthcare Professionals Authority Healthcare Information Broker SBV-Z Unique Person Id Registry Provider UZI-Register Healthcare Provider Registry Gov Market Hospitals GP’s Pharmacists Others Healthcare System Suppliers Healthcare Access Providers Regional Facilities Marc de Graauw

9 Healthcare Information HIB System Messa- BSN (“Burger ging Service
Nummer”) Registry Messa- ging Services Healthcare Information System Patient Registry Healthcare Information System Provider Registry UZI (PKI) Registry Healthcare Information System Act Registry Marc de Graauw

10 Healthcare Information HIB System Messa- BSN (“Burger ging Service
Nummer”) Registry Messa- ging Services Healthcare Information System Patient Registry Healthcare Information System Provider Registry UZI (PKI) Registry Healthcare Information System Act Registry Marc de Graauw

11 AORTA all messages go through healthcare information broker
three basic patterns: HIS sends message to other HIS, HIB just routes HIS sends message to HIB (mainly for registry updates and queries) HIS queries several other HISses, HIB does registry lookups, accumulates data Marc de Graauw

12 HIB Healthcare Information System Message to HIS Message to HIB Act
Registry Healthcare Information System Query (to multiple HIS) Act Registry Healthcare Information System Marc de Graauw

13 Healthcare Information HIB System Messa- BSN (“Burger ging Service
Nummer”) Registry Messa- ging Services Healthcare Information System Patient Registry Healthcare Information System Provider Registry UZI (PKI) Registry Healthcare Information System Act Registry Marc de Graauw

14 UZI Registry provide Dutch healthcare PKI standards
provide and distribute smartcards with private keys to all authorized healthcare institutions to all authorized healthcare personnel provide smartcard readers, and necessary software publish and maintain certificate revocation lists also provides authentication forwarding software Marc de Graauw

15 Healthcare Information HIB System Messa- BSN (“Burger ging Service
Nummer”) Registry Messa- ging Services Healthcare Information System Patient Registry Healthcare Information System Provider Registry UZI (PKI) Registry Healthcare Information System Act Registry Marc de Graauw

16 “Burger Service Nummer”
Unique Id for every Dutch person Based on social security number Law is amended to permit use in care Maintain BSN Registry Provide access to registry query for BSN based on name, address, birthdate query for name, address, birthdate based on BSN Web Service direct and through HIB / HL7v3 Marc de Graauw

17 Healthcare Information HIB System Messa- BSN (“Burger ging Service
Nummer”) Registry Messa- ging Services Healthcare Information System Patient Registry Healthcare Information System Provider Registry UZI (PKI) Registry Healthcare Information System Act Registry Marc de Graauw

18 HIB (Healthcare Information Broker)
Routing of messages between HIS’s Act Registry: which HIS has information on which patient for which kind of data add/change/delete Act Information Patient Registry (partly gateway to BSN) Provider Registry (partly gateway to UZI) Collection of query data Logging, access control VPN based, TCP/IP, HTTP network Marc de Graauw

19 Healthcare Information HIB System Messa- BSN (“Burger ging Service
Nummer”) Registry Messa- ging Services Healthcare Information System Patient Registry Healthcare Information System Provider Registry UZI (PKI) Registry Healthcare Information System Act Registry Marc de Graauw

20 Infrastructure example
Marc de Graauw

21 Actually, it’s not that simple...
Marc de Graauw

22 Healthcare Information Systems
Must qualify “Well Maintained HIS” performance, security, maintenance, uptime etc. Implement National Guidelines Do logging Do local authorizations Marc de Graauw

23 HL7v3, the vocabulary Marc de Graauw

24 Just enough HL7 HL7 version 2 : currently used HL7v3:
XML based Reference Information Model HL7v3 Message contains: medical payload Trigger Event Wrappers (Query Control etc.) Transmission Wrapper Marc de Graauw

25 HL7 Transmission Wrapper
HL7v3 Layered Model HTTP, SSL SOAP / Web Services HL7 Transmission Wrapper HL7 Query Control Wrapper HL7 Medical Data TCP lower protocol layers Marc de Graauw

26 HL7 Development Framework (HDF)
Information Model Determine classes, attributes & associations Determine scope Storyboards Class Diagram Determine parties and processes Spec Storyboard Restrict domains State Diagram Write storyboards Determine state transitions Determine trigger events Message Design Interaction Model Develop R-MIM TYPE MPSLOC CONTAINS { id[id].TYPE IID nm[name].TYPE ST ad[addr].TYPE XAD ph[phon].TYPE XTN _address [emlAdr].TYPE XTN } 2-nd Order 1 choice of 0-n Drug 0-1 Nursing Determine interactions Specificy HMDs Determine application roles Interaction Diagram Determine conformance claims Marc de Graauw

27 Storyboard Mevrouw Jansen komt langs bij apotheek ‘De Gulle Gaper’ met een handgeschreven recept van haar huisarts Dr. van Beek. Het recept is voor 2x daags 1 tablet Diazepam 250 mg, gedurende 4 weken. De apotheker van de Gulle Gaper, Dr. Poeder, pakt een een doosje met 5 strips van 10 tabletten en voegt daar een 6e strip van tabletten aan toe. Het geheel van 60 tabletten Diazepam 250 mg wordt overhandigd aan mevr. Jansen, inclusief een bijsluiter en met het gebruiksvoorschrift (van de huisarts) op de verpakking. Marc de Graauw

28 RIM (Reference Information Model)
Marc de Graauw

29 RIM (Reference Information Model) Backbone
Act Relationship 1 0..* Entity Role Participation Act 1 0..* 0..* 1 Referral Transportation Supply Procedure Condition Node Consent Observation Medication Act complex Financial act Organization Living Subject Material Place Health Chart Patient Guarantor Healthcare provider Insurer Practitioner Marc de Graauw

30 Medication D-MIM Marc de Graauw

31 Interaction diagram Marc de Graauw

32 Refinement through ‘Constraints’
Marc de Graauw

33 XML fragment Marc de Graauw

34 Person Healthcare Marc de Graauw

35 Marc de Graauw

36 Person Healthcare PSN (Person) Een persoon (mens) classCode
De klasse Person heeft de volgende attributen: classCode PSN (Person) Een persoon (mens) determinerCode INSTANCE Een specifiek persoon (individu) id Persoonsnummer name Naam administrativeGenderCode Geslacht birthTime Geboortedatum (en evt. –tijd) deceasedInd Overlijdensindicatie deceasedTime Overlijdensdatum (en evt. –tijd) multipleBirthInd Meerlingindicatie multipleBirthOrderNumber Meerlingvolgnummer maritalStatusCode Burgerlijke staat educationLevelCode Opleidingsniveau Marc de Graauw

37 Person Healthcare De klasse Person heeft de volgende associaties: 0..1
0..1 Employment Beroep 0..* ContactParty Contactpers(o)n(en) PatientOfOtherProvider Relatie met de huisarts Birthplace Geboorteplaats CoveredParty Zorgverzekering(en) Marc de Graauw

38 Identification Marc de Graauw

39 RIM (Reference Information Model)
Act Relationship 1 0..* Entity Role Participation Act 1 0..* 0..* 1 Referral Transportation Supply Procedure Condition Node Consent Observation Medication Act complex Financial act Organization Living Subject Material Place Health Chart Patient Guarantor Healthcare provider Insurer Practitioner Marc de Graauw

40 RIM Entities (Person, Organization, Medication)
Roles (Registered Nurse, Anesthesia Resident) Participations (provider, recipient) Acts (administer, prescribe) Marc de Graauw

41 Identification in HL7 HL7v3 datatype Instance Identifier
<patientID> <value extension=" " root=" "/> </patientID> roots are OID’s (Object IDentifier) ITU-T ASN.1 hierarchy extension is local identification system – in this case, BSN (social security number) Marc de Graauw

42 HL7 in the OID tree Marc de Graauw

43 A root OID HL7.org HL7 international affiliates HL7 Netherlands external id’s AORTA application-id’s root node app in hospital X prescription number within PIS Marc de Graauw

44 Identification in HL7 Marc de Graauw

45 Identification in HL7 Marc de Graauw

46 Schema Issues Marc de Graauw

47 Schema's serve multiple masters
Schema’s serve more than one purpose design validation contract code generation those purposes often need different Schema’s Marc de Graauw

48 Schema's serve multiple masters
design + reuseability, composability, simplicity - performance validation + performance, strictness, error messages, completeness - reuseability, composability, simplicity, readability contract + readability, strictness, completeness code generation + simplicity, readability - reuseability, composability Marc de Graauw

49 The HL7v3 Schema’s Let’s look at an example
Get Person Demographics Query Send in person id Get name, address, birthdate et cetera Marc de Graauw

50 The HL7v3 Schema’s Marc de Graauw

51 The HL7v3 Schema’s Marc de Graauw

52 The HL7v3 Schema’s QUPA_101102_V01 MCCI_MT000300UV01 MFMI_MT700711
COCT_MT040203UV01 COCT_MT150003UV03 COCT_MT030203UV02 MFMI_MT700711 COCT_MT090300UV01 COCT_MT150000UV02 COCT_MT070000UV01 COCT_MT710000UV01 COCT_MT090100 COCT_MT090003 MCAI_MT900001 QUPA_MT101102_V01 QUPA_MT101101_V01 Marc de Graauw

53 The HL7v3 Schema’s The XML document, though abbreviated, isn’t difficult (SOAP omitted here...) Transmission Wrapper: message-id, creation date Act Wrapper: query issuer etc. Payload: person-id The Schema is very simple 5 includes and 1 element but not very readable! the schema inclusion tree is very complex Marc de Graauw

54 The HL7v3 Schema’s Schema’s should be readable
tools can solve this but they make you dependent on the tool Therefore: flatten the Schema’s remove all includes put included schema’s where they belong For readability: make the Schema resemble the instance Readable Schema’s generate readable code! Marc de Graauw

55 Flatten the Schema’s Marc de Graauw

56 The HL7v3 Schema’s Marc de Graauw

57 The HL7v3 Schema’s HL7 datatypes Translate to XSD
TS: Point in Time CS: Simple Coded Value ST: Character String Translate to XSD datetime, string HL7 datatypes predate XSD datatypes With a lot of HL7 datatypes, nothing happens except translation to XSD datatypes Do this in the source, generates much more readable code Marc de Graauw

58 Simplify the Schema’s Marc de Graauw

59 Layering Marc de Graauw

60 Responding Application Initiating Application
Medical Layer Medical Layer Control Query Layer Control Query Layer Transmission Layer Transmission Layer Web Services Layer Web Services Layer HTTP Layer Marc de Graauw

61 HL7 Medical Application
HL7v3 Medical Content HL7 Control Query Processing Application HL7v3 Acts HL7 Transmission Wrapper Adapter HL7v3 Messages HL7 web services Messaging Adapter SOAP Messages HTTP Client / Server Marc de Graauw

62 The HL7v3 Schema’s layer the Schema’s anonimyze with xs:any
<xs:any namespace="##any" processContents="skip" minOccurs="0" maxOccurs="unbounded"/> SOAP Headers, soap:Body anon HL7 Transmission Wrapper, Act anon HL7 Act Wrapper, medical payload anon Marc de Graauw

63 SOAP Transmission Wrapper Control Wrapper Medical Data Marc de Graauw

64 SOAP Transmission Wrapper Control Wrapper Medical Data ANY ANY ANY
Marc de Graauw

65 Layer the Schema’s Marc de Graauw

66 The HL7v3 Schema’s flatten simplify layer Marc de Graauw

67 The HL7v3 Schema’s Not very readable Generated from database
without Schema editor not practically feasible Generated from database Fix them with XSLT or other: Flatten the Schema’s Remove unneeded datatype hierarchies Layer the Schema’s Makes the Schema’s much more readable Generates simpler code New ITS (HL7 Schemaset) is coming, but the approach sketched here will probably remain valid Marc de Graauw

68 The HL7v3 Schema’s James Clark:
“validity is a relationship between a document and a schema, not a property of a document” Marc de Graauw

69 The HL7v3 Schema’s schema’s can be equivalent:
when two schema’s consider the same set of documents valid the schema’s are equivalent Marc de Graauw

70 don’t think of THE schema,
The HL7v3 Schema’s don’t think of THE schema, but the SCHEMAS Marc de Graauw

71 The HL7v3 Schema’s VARIANTS V1b V1a TIME V3 V1 V2 Marc de Graauw
V3 V1 V2

72 Truth, Trust and Belief Marc de Graauw

73 Authentication Marc de Graauw

74 Authentication Smartcard (UZI pass) with: PKI-Government Personal pass
private key (RSA) X.509 certificate (includes public key) PKI-Government Personal pass guard safely no sharing PIN protected Marc de Graauw

75 OK Sender Receiver “Hello world” “Hello world” SHA-1 hash: Public key:
5llABaWYz xCrKIdjS... Public key: MIICHzCCAY ygAwIBAgI..... OK Private key: shhhh..... RSA sig value: c9fVK7vYAdv s2DRZVtS... RSA sig value: c9fVK7vYAdv s2DRZVtS... Marc de Graauw

76 Marc de Graauw

77 Security Services (X.800) Authentication Authorization
Data Confidentiality Data Integrity Non-repudiation Marc de Graauw

78 Secure connection Marc de Graauw

79 Secure data Marc de Graauw

80 Security services Secure connection Authentication Token Digital
Signature Authentication Authorization Confidentiality Integrity Non-repudiation Marc de Graauw

81 Authentication with SSL
Marc de Graauw

82 Marc de Graauw

83 Marc de Graauw

84 Marc de Graauw

85 Security with SSL Works well only in simple scenario’s
There is no HL7v3 XML at the client The client is (relatively) unsecure SSL lays an impenatrable tunnel across the instution’s secure zone SSL from server to server is fine, but: provides no care provider authentication Marc de Graauw

86 Context: clients all hospitals, GP’s, pharmacists, other healthcare pros clients: any kind of client latest .NET / Java older dev environments (Delphi, BV, etc.) thin client/browser XSLT heavy XML / no XML WS-* / no WS-* HL7v3 / no HL7v3 Marc de Graauw

87 Context: HL7v3 no HL7v3 at client (HL7v2, OZIS, other)
not all data at client Act.id medication codes patient id (BSN) not yet, is reasonable demand destination not always known at client either: require all data available at client or: sign subset of data Marc de Graauw

88 ‘Lightweight’ authentication token
X.509 style message id nonce provides unique identification of message (if duplicate removal has already taken place) time to live security semantics can expire time to store & check nonce addressedParty replay against other receivers Marc de Graauw

89 SSL security premises: assertion: assumption: weakness: measures:
healthcare pro keeps smartcard + pin safe software to establish SSL tunnel not corrupted PKI, RSA etc. not broken assertion: healthcare pro sets up SSL tunnel assumption: messages going over SSL tunnel come from healthcare pro weakness: insertion of fake messages in SSL tunnel measures: abort SSL tunnel after period of inactivity, refresh regularly Marc de Graauw

90 Lightweight token security
premises: healthcare pro keeps smartcard + pin safe software to sign token not corrupted PKI, RSA etc. not broken assertion: healthcare pro signed auth token assumption: message and auth token belong together weakness: fake message attached to valid token Marc de Graauw

91 Lightweight token security
signedData: message id notBefore / notAfter addressedParty coSignedData patient id (BSN) message type (HL7 trigger event id) only possible to retrieve same kind of data for same patient at same time from same destination weakness: tampering with other message parameters for queries: acceptable (privacy not much more broken) for prescription: use full digital signature Marc de Graauw

92 Hospital workflow doctor makes round 360 seconds per patient
nurse has file ready retrieval times are not acceptable pre-signing tokens and pre-fetching data just in time possible with auth tokens, not (so much) with SSL Marc de Graauw

93 Authentication alternatives
SOAP Envelope SOAP Header Auth Token SOAP Body HL7 payload Marc de Graauw

94 Authentication alternatives
SOAP Envelope SOAP Header Auth Token Auth Token Auth Token SOAP Body HL7 payload HL7 payload HL7 payload Marc de Graauw

95 HL7 Medical Application
HL7v3 Medical Content HL7 Control Query Processing Application HL7v3 Acts HL7 Transmission Wrapper Adapter HL7v3 Messages HL7 Web Services Messaging Adapter SOAP Messages HTTP Client / Server Marc de Graauw

96 Authentication alternatives
Authentication tokens in SOAP Headers separate them from the content HL7 sometimes allows multiple payloads, making this problem worse The token has to travel across layers with the paylaod This violates layering principles Marc de Graauw

97 WS-* WS-* is confused about whether it is a document format or a message format document: relevant to the end user message: relevant to the mailman keep metadata with the document putting document metadata in SOAP headers violates layering design principles Marc de Graauw

98 Digital Signatures Marc de Graauw

99 Some philosophy “The President of the United States is John McCain”
“Karen believes ‘the President of the United States is John McCain’ ” “John says that ‘the President of the United States is John McCain’ ” “Dr. Jones says: ‘Mr. Smith has the flu’ ” Marc de Graauw

100 Signed Data Marc de Graauw

101 <code code=”27” codeSystem=”2.16.840.1.113883.2.4.4.5” />
"Dissolve in water" Marc de Graauw

102 XML fragment Marc de Graauw

103 Digitally signed token
Marc de Graauw

104 What You See Is What You Sign
Marc de Graauw

105 Token & XML Signature Componenten XML Signature Met WSS
In SOAP Headers SOAP envelope <ws:SecToken> headers Certificate <ws:SecToken> Certificate <ds:Signature> <ds:SignedInfo> <ds:KeyInfo> <ds:Signature> <ds:SignedInfo> <ds:KeyInfo> <ds:Signature> <ds:SignedInfo> <ds:KeyInfo> Sig value Sig value Sig value Sig value Digest Digest Digest Digest Certificate Certificate Reference Reference Getekende gegevens Getekende gegevens Getekende gegevens body HL7v3 bericht Getekende gegevens HL7v3 bericht HL7v3 bericht HL7v3 bericht Prescription1 Prescription 1 Prescription 1 Prescription 1 Marc de Graauw

106 Meerdere Signatures, 1 certificaat
Bericht + handtekening Certificate A <Signature1> <SignedInfo> Certificate Sig value 1 Digest 1 <Signature2> <ds:SignedInfo> Signature Sig value 2 persisteren Digest 2 Getekende gegevens Getekende gegevens 1 Getekende gegevens 2 HL7v3 bericht HL7v3 Prescription Prescription 1 Prescription 2 Marc de Graauw

107 Versioning Marc de Graauw

108 Backward Compatibility
App v. 1.0 App v. 1.1 App v. 2.0 Doc 1.0 Doc 1.1 Doc 2.0 Marc de Graauw

109 Forward Compatibility
App v. 2.0 App v. 1.1 App v. 1.0 Doc 2.0 Doc 1.1 Marc de Graauw

110 Classical... 1.0 1.1 2.0 tijd Marc de Graauw

111 In message chain... 1.0 1.0 2.0 2.0 1.1 1.1 1.1 1.0 2.0 Marc de Graauw

112 Recap: Backward, not forward
App v. 1 App v. 2 writes can read writes Country {NL, BE} Country {NL, BE, DE} Marc de Graauw

113 Recap: Forward, not backward
App v. 1 App v. 2 writes can read writes Country {NL, BE, DE} Country {NL, BE} Marc de Graauw

114 Backward, not forward compatible
Sender v. 1 Receiver v. 1 Country {NL, BE} Sender v. 2 Receiver v. 2 Country {NL, BE, DE} Problems for new Sender and old Receiver Marc de Graauw

115 Forward, not backward compatible
Sender v. 1 Receiver v. 1 Country {NL, BE, DE} Sender v. 2 Receiver v. 2 Country {NL, BE} Problems for old Sender and new Receiver Marc de Graauw

116 Strategies Support v1 and v2 at all nodes
Up-/downgrade at central broker Schema’s with <xs:any> XSLT with 2.0 to prune 2.x instances (UBL) Prune in code Separate sender and receiver Schema’s XSLT with 2.x to downgrade to 2.0 Marc de Graauw

117 Version identifier version identifier profileId
year + month, i.e. 705 (May 2007) indicates a particular release of the entire specification of Dutch Healthcare Exchange Marc de Graauw

118 HIB Messa- ging Services Healthcare Information System 80x Healthcare
Patient Registry Provider Registry stylesheet 80x-to-70x reference 80x document Act Registry 80x document XSLT 80x to 70x 70x document Marc de Graauw

119 Stylesheet reference soap Header with version identifier and stylesheet reference stylesheet published with 80x specification stylesheet published at National Broker broker may not touch medical payload Marc de Graauw

120 Marc de Graauw marc@marcdegraauw.com document collect profileId's yes
supported? yes process stylesheets available? apply no reject Marc de Graauw

121 What we’ve (tried to) cover
Standardisation: AORTA, the Dutch Healthcare Infrastructure HL7v3, Vocabulary, Identification, Schema’s Web Services: SOAP, WSDL, WS-Security Truth, Trust and Belief: Authentication Digital Signatures Versioning Marc de Graauw

122 Marc de Graauw


Download ppt "De Zorg digitaliseren met XML, HL7v3 en Web Services"

Similar presentations


Ads by Google