Presentation is loading. Please wait.

Presentation is loading. Please wait.

Marc de Graauw De Zorg digitaliseren met XML, HL7v3 en Web Services Marc de Graauw Informatieketens in de Zorg XL User Group Holland.

Similar presentations


Presentation on theme: "Marc de Graauw De Zorg digitaliseren met XML, HL7v3 en Web Services Marc de Graauw Informatieketens in de Zorg XL User Group Holland."— Presentation transcript:

1 Marc de Graauw De Zorg digitaliseren met XML, HL7v3 en Web Services Marc de Graauw Informatieketens in de Zorg XL User Group Holland / Zorg & ICT Beurs 18 maart 2009

2 Marc de Graauw What well (try to) cover Standardisation: –AORTA, the Dutch Healthcare Infrastructure –HL7v3, Vocabulary, Identification, Schemas –Web Services: SOAP, WSDL, WS-Security Truth, Trust and Belief: –Authentication –Digital Signatures Versioning

3 Marc de Graauw AORTA the Dutch Healthcare Infrastructure

4 Marc de Graauw HIB BSN (Burger Service Nummer) Registry Healthcare Information System Healthcare Information System Healthcare Information System Healthcare Information System Patient Registry Messa- ging Services Provider Registry Act Registry UZI (PKI) Registry

5 Marc de Graauw The Netherlands AORTA is the national backbone Healthcare Information Systems at institutions and GPs will be online 24x7 No clinical data at backbone, only an index of where clinical information resides Clinical data stays at the source Only possible with dense infrastructure Patient, provider registries et cetera

6 Marc de Graauw NICTIZ (Dutch EHR Standards Organization) Timeline –Medication File –Primary Care Summary 2003: start 2006: Healthcare Information Broker delivered 2006/7: First HIS qualifications 2009: General availability

7 Marc de Graauw NICTIZ & Dutch Healthcare Communication between: –Healthcare Provider (GP, hospital etc.) –Healthcare Information Broker (HIB) HIB provides: –index of which parties have patient data –no patient data itself –messaging services –aggregation services Health Level Seven version 3 (HL7v3)

8 Marc de Graauw Ministry of Healthcare NICTIZ National Institute for ICT in Care CIBG Healthcare Professionals Authority UZI-Register Healthcare Provider Registry SBV-Z Unique Person Id Registry Provider Healthcare Information Broker HospitalsOthersPharmacistsGPs Healthcare System Suppliers Healthcare Access Providers Regional Facilities Gov Market

9 Marc de Graauw HIB BSN (Burger Service Nummer) Registry Healthcare Information System Healthcare Information System Healthcare Information System Healthcare Information System Patient Registry Messa- ging Services Provider Registry Act Registry UZI (PKI) Registry

10 Marc de Graauw HIB BSN (Burger Service Nummer) Registry Healthcare Information System Healthcare Information System Healthcare Information System Healthcare Information System Patient Registry Messa- ging Services Provider Registry Act Registry UZI (PKI) Registry

11 Marc de Graauw AORTA all messages go through healthcare information broker three basic patterns: –HIS sends message to other HIS, HIB just routes –HIS sends message to HIB (mainly for registry updates and queries) –HIS queries several other HISses, HIB does registry lookups, accumulates data

12 Marc de Graauw Message to HIB HIB Healthcare Information System Healthcare Information System Healthcare Information System Query (to multiple HIS) Message to HIS Act Registry Act Registry

13 Marc de Graauw HIB BSN (Burger Service Nummer) Registry Healthcare Information System Healthcare Information System Healthcare Information System Healthcare Information System Patient Registry Messa- ging Services Provider Registry Act Registry UZI (PKI) Registry

14 Marc de Graauw UZI Registry provide Dutch healthcare PKI standards provide and distribute smartcards with private keys –to all authorized healthcare institutions –to all authorized healthcare personnel provide smartcard readers, and necessary software publish and maintain certificate revocation lists also provides authentication forwarding software

15 Marc de Graauw HIB BSN (Burger Service Nummer) Registry Healthcare Information System Healthcare Information System Healthcare Information System Healthcare Information System Patient Registry Messa- ging Services Provider Registry Act Registry UZI (PKI) Registry

16 Marc de Graauw Burger Service Nummer Unique Id for every Dutch person Based on social security number Law is amended to permit use in care Maintain BSN Registry Provide access to registry –query for BSN based on name, address, birthdate –query for name, address, birthdate based on BSN –Web Service direct and through HIB / HL7v3

17 Marc de Graauw HIB BSN (Burger Service Nummer) Registry Healthcare Information System Healthcare Information System Healthcare Information System Healthcare Information System Patient Registry Messa- ging Services Provider Registry Act Registry UZI (PKI) Registry

18 Marc de Graauw HIB (Healthcare Information Broker) Routing of messages between HISs Act Registry: which HIS has information on which patient for which kind of data –add/change/delete Act Information Patient Registry (partly gateway to BSN) Provider Registry (partly gateway to UZI) Collection of query data Logging, access control VPN based, TCP/IP, HTTP network

19 Marc de Graauw HIB BSN (Burger Service Nummer) Registry Healthcare Information System Healthcare Information System Healthcare Information System Healthcare Information System Patient Registry Messa- ging Services Provider Registry Act Registry UZI (PKI) Registry

20 Marc de Graauw Infrastructure example

21 Marc de Graauw Actually, its not that simple...

22 Marc de Graauw Healthcare Information Systems Must qualify Well Maintained HIS –performance, security, maintenance, uptime etc. Implement National Guidelines Do logging Do local authorizations

23 Marc de Graauw HL7v3, the vocabulary

24 Marc de Graauw Just enough HL7 HL7 version 2 : currently used HL7v3: –XML based –Reference Information Model HL7v3 Message contains: –medical payload –Trigger Event Wrappers (Query Control etc.) –Transmission Wrapper

25 Marc de Graauw TCP HTTP, SSL SOAP / Web Services HL7 Transmission Wrapper HL7 Query Control Wrapper lower protocol layers HL7v3 Layered Model HL7 Medical Data

26 Marc de Graauw StoryboardsStoryboards Spec Storyboard Information Model State Diagram Class Diagram Message Design 2-nd Order 1 choice of 0-n Drug 0-1 Nursing Interaction Model Interaction Diagram HL7 Development Framework (HDF) Write storyboards Determine scope Determine parties and processes Restrict domains Determine state transitions Determine classes, attributes & associations Determine application roles Determine interactions Determine conformance claims Develop R-MIM Specificy HMDs Determine trigger events TYPE MPSLOC CONTAINS { id[id].TYPE IID nm[name].TYPE ST ad[addr].TYPE XAD ph[phon].TYPE XTN _address [emlAdr].TYPE XTN } TYPE MPSLOC CONTAINS { id[id].TYPE IID nm[name].TYPE ST ad[addr].TYPE XAD ph[phon].TYPE XTN _address [emlAdr].TYPE XTN }

27 Marc de Graauw Storyboard Mevrouw Jansen komt langs bij apotheek De Gulle Gaper met een handgeschreven recept van haar huisarts Dr. van Beek. Het recept is voor 2x daags 1 tablet Diazepam 250 mg, gedurende 4 weken. De apotheker van de Gulle Gaper, Dr. Poeder, pakt een een doosje met 5 strips van 10 tabletten en voegt daar een 6e strip van tabletten aan toe. Het geheel van 60 tabletten Diazepam 250 mg wordt overhandigd aan mevr. Jansen, inclusief een bijsluiter en met het gebruiksvoorschrift (van de huisarts) op de verpakking.

28 Marc de Graauw RIM (Reference Information Model)

29 Marc de Graauw 0..* 1 1 RIM (Reference Information Model) Backbone EntityParticipationAct ActRelationship * Referral Transportation Supply Procedure Condition Node Consent Observation Medication Act complex Financial act Organization Living Subject Material Place Health Chart Patient Guarantor Healthcare provider Insurer Practitioner Role 1 0..*

30 Marc de Graauw Medication D-MIM

31 Marc de Graauw Interaction diagram

32 Marc de Graauw Refinement through Constraints

33 Marc de Graauw XML fragment

34 Marc de Graauw Person Healthcare

35 Marc de Graauw

36 Marc de Graauw Person Healthcare De klasse Person heeft de volgende attributen: classCode PSN (Person) Een persoon (mens) determinerCode INSTANCE Een specifiek persoon (individu) id Persoonsnummer name Naam administrativeGenderCode Geslacht birthTime Geboortedatum (en evt. –tijd) deceasedInd Overlijdensindicatie deceasedTime Overlijdensdatum (en evt. –tijd) multipleBirthInd Meerlingindicatie multipleBirthOrderNumber Meerlingvolgnummer maritalStatusCode Burgerlijke staat educationLevelCode Opleidingsniveau

37 Marc de Graauw Person Healthcare De klasse Person heeft de volgende associaties: 0..1 EmploymentBeroep 0..*ContactParty Contactpers(o)n(en) 0..1PatientOfOtherProvider Relatie met de huisarts 0..1Birthplace Geboorteplaats 0..*CoveredParty Zorgverzekering(en)

38 Marc de Graauw Identification

39 Marc de Graauw 0..* 1 1 RIM (Reference Information Model) EntityParticipationAct ActRelationship * Referral Transportation Supply Procedure Condition Node Consent Observation Medication Act complex Financial act Organization Living Subject Material Place Health Chart Patient Guarantor Healthcare provider Insurer Practitioner Role 1 0..*

40 Marc de Graauw RIM Entities (Person, Organization, Medication) Roles (Registered Nurse, Anesthesia Resident) Participations (provider, recipient) Acts (administer, prescribe)

41 Marc de Graauw Identification in HL7 HL7v3 datatype Instance Identifier roots are OIDs (Object IDentifier) ITU-T ASN.1 hierarchy extension is local identification system – in this case, BSN (social security number)

42 Marc de Graauw HL7 in the OID tree

43 Marc de Graauw A root OID –HL7.org –HL7 international affiliates –HL7 Netherlands –external ids –AORTA application-ids –root node app in hospital X –prescription number within PIS

44 Marc de Graauw Identification in HL7

45 Marc de Graauw Identification in HL7

46 Marc de Graauw Schema Issues

47 Marc de Graauw Schema's serve multiple masters Schemas serve more than one purpose –design –validation –contract –code generation those purposes often need different Schemas

48 Marc de Graauw Schema's serve multiple masters design + reuseability, composability, simplicity - performance validation + performance, strictness, error messages, completeness - reuseability, composability, simplicity, readability contract + readability, strictness, completeness - performance code generation + simplicity, readability - reuseability, composability

49 Marc de Graauw The HL7v3 Schemas Lets look at an example Get Person Demographics Query Send in person id Get name, address, birthdate et cetera

50 Marc de Graauw The HL7v3 Schemas

51 Marc de Graauw The HL7v3 Schemas

52 Marc de Graauw The HL7v3 Schemas QUPA_101102_V01 MCCI_MT000300UV01 –COCT_MT040203UV01 COCT_MT150003UV03 COCT_MT030203UV02 MFMI_MT –COCT_MT090300UV01 COCT_MT150000UV02 –COCT_MT070000UV01 »COCT_MT710000UV01 COCT_MT150003UV03 COCT_MT070000UV01 –COCT_MT710000UV01 –COCT_MT COCT_MT150000UV02 –COCT_MT070000UV01 »COCT_MT710000UV01 COCT_MT150003UV03 COCT_MT070000UV01 –COCT_MT710000UV01 –COCT_MT COCT_MT150003UV03 –MCAI_MT QUPA_MT101102_V01 QUPA_MT101101_V01

53 Marc de Graauw The HL7v3 Schemas The XML document, though abbreviated, isnt difficult –(SOAP omitted here...) –Transmission Wrapper: message-id, creation date –Act Wrapper: query issuer etc. –Payload: person-id The Schema is very simple –5 includes and 1 element –but not very readable! –the schema inclusion tree is very complex

54 Marc de Graauw The HL7v3 Schemas Schemas should be readable –tools can solve this –but they make you dependent on the tool Therefore: flatten the Schemas –remove all includes –put included schemas where they belong For readability: make the Schema resemble the instance Readable Schemas generate readable code!

55 Marc de Graauw Flatten the Schemas

56 Marc de Graauw The HL7v3 Schemas

57 Marc de Graauw The HL7v3 Schemas HL7 datatypes –TS: Point in Time –CS: Simple Coded Value –ST: Character String Translate to XSD –datetime, string HL7 datatypes predate XSD datatypes With a lot of HL7 datatypes, nothing happens except translation to XSD datatypes Do this in the source, generates much more readable code

58 Marc de Graauw Simplify the Schemas

59 Marc de Graauw Layering

60 Marc de Graauw Medical Layer Control Query Layer Transmission Layer Web Services Layer HTTP Layer Medical Layer Control Query Layer Transmission Layer Web Services Layer Initiating Application Responding Application

61 Marc de Graauw HL7 Medical Application HL7 Control Query Processing Application HL7 Transmission Wrapper Adapter HL7 web services Messaging Adapter HTTP Client / Server SOAP Messages HL7v3 Messages HL7v3 Acts HL7v3 Medical Content

62 Marc de Graauw The HL7v3 Schemas layer the Schemas anonimyze with xs:any – SOAP Headers, soap:Body anon HL7 Transmission Wrapper, Act anon HL7 Act Wrapper, medical payload anon

63 Marc de Graauw SOAP Transmission Wrapper Control Wrapper Medical Data

64 Marc de Graauw SOAP Transmission Wrapper Control Wrapper Medical Data ANY

65 Marc de Graauw Layer the Schemas

66 Marc de Graauw The HL7v3 Schemas flattensimplifylayer

67 Marc de Graauw The HL7v3 Schemas Not very readable –without Schema editor not practically feasible Generated from database Fix them with XSLT or other: –Flatten the Schemas –Remove unneeded datatype hierarchies –Layer the Schemas Makes the Schemas much more readable Generates simpler code New ITS (HL7 Schemaset) is coming, but the approach sketched here will probably remain valid

68 Marc de Graauw The HL7v3 Schemas James Clark: validity is a relationship between a document and a schema, not a property of a document

69 Marc de Graauw The HL7v3 Schemas schemas can be equivalent: when two schemas consider the same set of documents valid the schemas are equivalent

70 Marc de Graauw The HL7v3 Schemas dont think of THE schema, but the SCHEMAS

71 Marc de Graauw The HL7v3 Schemas TIME VARIANTS V1V2 V3 V1a V1b

72 Marc de Graauw Truth, Trust and Belief

73 Marc de Graauw Authentication

74 Marc de Graauw Authentication Smartcard (UZI pass) with: –private key (RSA) –X.509 certificate (includes public key) PKI-Government Personal pass –guard safely –no sharing –PIN protected

75 Marc de Graauw Hello world SHA-1 hash: 5llABaWYz xCrKIdjS... RSA sig value: c9fVK7vYAdv s2DRZVtS... Private key: shhhh..... Public key: MIICHzCCAY ygAwIBAgI..... Hello world RSA sig value: c9fVK7vYAdv s2DRZVtS... OK SenderReceiver

76 Marc de Graauw

77 Marc de Graauw Security Services (X.800) Authentication Authorization Data Confidentiality Data Integrity Non-repudiation

78 Marc de Graauw Secure connection

79 Marc de Graauw Secure data

80 Marc de Graauw Security services Secure connection Authentica tion Token Digital Signature Authentication Authorization Confidentiality Integrity Non- repudiation

81 Marc de Graauw Authentication with SSL

82 Marc de Graauw

83 Marc de Graauw

84 Marc de Graauw

85 Marc de Graauw Security with SSL Works well only in simple scenarios There is no HL7v3 XML at the client The client is (relatively) unsecure SSL lays an impenatrable tunnel across the instutions secure zone SSL from server to server is fine, but: provides no care provider authentication

86 Marc de Graauw Context: clients all hospitals, GPs, pharmacists, other healthcare pros clients: any kind of client latest.NET / Java older dev environments (Delphi, BV, etc.) thin client/browser XSLT heavy XML / no XML WS-* / no WS-* HL7v3 / no HL7v3

87 Marc de Graauw Context: HL7v3 no HL7v3 at client (HL7v2, OZIS, other) not all data at client –Act.id –medication codes –patient id (BSN) not yet, is reasonable demand destination not always known at client either: require all data available at client or: sign subset of data

88 Marc de Graauw Lightweight authentication token X.509 style –message id nonce provides unique identification of message (if duplicate removal has already taken place) –time to live security semantics can expire time to store & check nonce –addressedParty replay against other receivers

89 Marc de Graauw SSL security premises: –healthcare pro keeps smartcard + pin safe –software to establish SSL tunnel not corrupted –PKI, RSA etc. not broken assertion: –healthcare pro sets up SSL tunnel assumption: –messages going over SSL tunnel come from healthcare pro weakness: –insertion of fake messages in SSL tunnel measures: –abort SSL tunnel after period of inactivity, refresh regularly

90 Marc de Graauw Lightweight token security premises: –healthcare pro keeps smartcard + pin safe –software to sign token not corrupted –PKI, RSA etc. not broken assertion: –healthcare pro signed auth token assumption: –message and auth token belong together weakness: –fake message attached to valid token

91 Marc de Graauw Lightweight token security signedData: –message id –notBefore / notAfter –addressedParty coSignedData –patient id (BSN) –message type (HL7 trigger event id) only possible to retrieve same kind of data for same patient at same time from same destination weakness: tampering with other message parameters for queries: acceptable (privacy not much more broken) for prescription: use full digital signature

92 Marc de Graauw Hospital workflow doctor makes round 360 seconds per patient nurse has file ready retrieval times are not acceptable pre-signing tokens and pre-fetching data just in time possible with auth tokens, not (so much) with SSL

93 Marc de Graauw SOAP Envelope SOAP Body Authentication alternatives HL7 payload SOAP Header Auth Token

94 Marc de Graauw SOAP Envelope SOAP Body Authentication alternatives HL7 payload SOAP Header Auth Token HL7 payload

95 Marc de Graauw HL7 Medical Application HL7 Control Query Processing Application HL7 Transmission Wrapper Adapter HL7 Web Services Messaging Adapter HTTP Client / Server SOAP Messages HL7v3 Messages HL7v3 Acts HL7v3 Medical Content

96 Marc de Graauw Authentication alternatives Authentication tokens in SOAP Headers separate them from the content HL7 sometimes allows multiple payloads, making this problem worse The token has to travel across layers with the paylaod This violates layering principles

97 Marc de Graauw WS-* WS-* is confused about whether it is a document format or a message format document: relevant to the end user message: relevant to the mailman keep metadata with the document putting document metadata in SOAP headers violates layering design principles

98 Marc de Graauw Digital Signatures

99 Marc de Graauw Some philosophy The President of the United States is John McCain Karen believes the President of the United States is John McCain John says that the President of the United States is John McCain Dr. Jones says: Mr. Smith has the flu

100 Marc de Graauw Signed Data

101 Marc de Graauw "Dissolve in water"

102 Marc de Graauw XML fragment

103 Marc de Graauw Digitally signed token

104 Marc de Graauw What You See Is What You Sign

105 Marc de Graauw HL7v3 bericht Token & XML Signature HL7v3 bericht Certificate Digest Sig value XML Signature Getekende gegevens Prescription1 Certificate Digest Sig value Componenten Getekende gegevens Prescription 1 HL7v3 bericht Met WSS Certificate Digest Sig value Getekende gegevens Prescription 1 SOAP envelope body HL7v3 bericht Getekende gegevens Prescription 1 headers In SOAP Headers Reference Certificate Digest Sig value Reference

106 Marc de Graauw HL7v3 bericht Meerdere Signatures, 1 certificaat Bericht + handtekening Certificate A Digest 1 Sig value 1 Getekende gegevens 1 Prescription 1 Prescription 2 Getekende gegevens 2 Digest 2 Sig value 2 Certificate Signature Getekende gegevens HL7v3 Prescription persisteren

107 Marc de Graauw Versioning

108 Marc de Graauw Backward Compatibility Doc App v. 1.0 Doc App v. 1.1 Doc App v. 2.0

109 Marc de Graauw Forward Compatibility Doc App v. 2.0 Doc App v. 1.1App v. 1.0

110 Marc de Graauw Classical tijd

111 Marc de Graauw In message chain

112 Marc de Graauw Recap: Backward, not forward Country {NL, BE} App v. 1 Country {NL, BE, DE} App v. 2 writes can read

113 Marc de Graauw Recap: Forward, not backward Country {NL, BE, DE} App v. 1 Country {NL, BE} App v. 2 writes can read

114 Marc de Graauw Backward, not forward compatible Sender v. 1 Sender v. 2 Receiver v. 1 Receiver v. 2 Country {NL, BE} Country {NL, BE, DE} Problems for new Sender and old Receiver

115 Marc de Graauw Forward, not backward compatible Sender v. 1 Sender v. 2 Receiver v. 1 Receiver v. 2 Country {NL, BE, DE} Country {NL, BE} Problems for old Sender and new Receiver

116 Marc de Graauw Strategies Support v1 and v2 at all nodes Up-/downgrade at central broker Schemas with XSLT with 2.0 to prune 2.x instances (UBL) Prune in code Separate sender and receiver Schemas XSLT with 2.x to downgrade to 2.0

117 Marc de Graauw Version identifier version identifier profileId year + month, i.e. 705 (May 2007) indicates a particular release of the entire specification of Dutch Healthcare Exchange

118 Marc de Graauw HIB Healthcare Information System 70x Patient Registry Messa- ging Services Provider Registry Act Registry Healthcare Information System 80x XSLT 80x to 70x 80x document stylesheet 80x-to-70x reference 80x document 70x document

119 Marc de Graauw Stylesheet reference soap Header with version identifier and stylesheet reference stylesheet published with 80x specification stylesheet published at National Broker broker may not touch medical payload

120 Marc de Graauw document collect profileId's supported? yes process collect stylesheets available? apply stylesheets no yes no reject process

121 Marc de Graauw What weve (tried to) cover Standardisation: –AORTA, the Dutch Healthcare Infrastructure –HL7v3, Vocabulary, Identification, Schemas –Web Services: SOAP, WSDL, WS-Security Truth, Trust and Belief: –Authentication –Digital Signatures Versioning

122 Marc de Graauw


Download ppt "Marc de Graauw De Zorg digitaliseren met XML, HL7v3 en Web Services Marc de Graauw Informatieketens in de Zorg XL User Group Holland."

Similar presentations


Ads by Google