Posted by: Jenny Laurello
Data privacy, Data security, health information exchange, HIE, HIPAA
Guest post by Ruby Raley, director, health care solutions, Axway
The HITECH Act and strengthened HIPAA regulations share the same goal: the promotion of health information technology and, in particular, health information exchange, to improve the well-being of society and reduce the cost of healthcare. The regulations clearly state that health records must be exchanged securely so that the public’s trust is increased. Regulators believe that IT must prove itself to be reliable and trustworthy if it is to be the cornerstone of healthcare reform. This effort demands that every organization and IT department continuously reassess how it manages and monitors the exchange of health records.
That said, IT has three fundamental types of file transmissions to secure:
- Real-time file transmissions are the newest challenge for many of us, and involve new types of message structures such as HL7 and synchronous request-response models. Real-time communications is a great choice for partners of similar size and technical strength who share architectural and security principles. However, architects designing structures to exchange data outside their enterprise should be cautious with real-time transmissions. Real-time communications requires management of open connections and the right software to balance loads. It demands server capacity to manage threads and long-lived connections that drive up costs related to secure telecommunications channels (such as VPN). Reliable, sustainable real-time communications calls for technical savvy and investment. So it is no surprise that EDI and FTP are still widely used – they both mitigate the need to address the challenges of real-time communications.
- Batch exchange is the most commonly used form of secure file exchange. Batch file movement is flexible and can handle a mismatch of capabilities between partners. For example, batch exchange works even if one partner cannot use Web services but can process XML messages, or if one partner cannot process as quickly as the other. However, batch file movement has a weakness – historically, it has not been encrypted or managed. Architects considering batch exchange must look to MFT (Managed File Transfer) to ensure that their file exchange is secure and appropriately governed.
- Delayed file transmission is, I would argue, an edge condition – not a typical use case, but still important. Edge conditions are the most challenging for systems, and just like electrical motors, computer systems are most stressed when under load, such as at startup, shutdown and peak processing. Delays can occur for many reasons, but your secure file transmission system must be designed to handle the delay whether it’s due to your partner’s processing capability or your own. Could your architecture handle high volumes of delayed messages? Could you prioritize messages within the queue? What is the worst case? Is your system resilient enough to stay up in a worst case scenario?
Regardless of the type of file transmission you choose, you must ensure that your healthcare record exchange functions smoothly under all conditions. Your hospital and state medical infrastructure must not only function during something as simple as a loss of power or system outage; it must function during an epidemic. Planning ahead to build in buffers, and having the ability to process messages after an event trigger, are essential steps in creating a resilient system.
Healthcare strives to make us all more resilient so that we can survive the unexpected and thrive. Likewise, Healthcare IT systems must strive to be resilient while giving healthcare professionals the ability to assess the right clinical information for the right patient at the right time. After all, isn’t it everyone’s goal to survive the unexpected and thrive?
For more information please visit www.axway.com.