Norwegian e-health infrastructure based on XML, ebXML and PKI
description
Transcript of Norwegian e-health infrastructure based on XML, ebXML and PKI
Norwegian e-health infrastructure based on XML, ebXML and PKI
Øyvind Gjørven
Rikstrygdeverket (RTV)/
National Insurance Administration
The presentation will give an overall technical solution and share our experiences after two years of operation between National Insurance Administration (RTV) and general practitioners, pharmacies and hospitals.
The focus will be on how sensitive information safely can be distributed over open networks by means of end-to-end security solutions based on XML, ebXML and PKI.
National Insurance Administration’s communication partners
Citizens in general Companies in general Hospitals Pharmacies Private labs General practitioners Government EU In total RTV is paying 230 billion NOK (30 billion EURO) to its
communication partners (1/3 of the total Norwegian Government budget) The communication solution covers 10% of the total amount
History
For 10 – 15 years the standardised communication solutions have been based on EDIFACT, X.400 and ”proprietary PKI”
Three years ago it was decided to upgrade the architecture:– Existing EDIFACT messages will continue until they are
replaced with new message formats– All new messages will be based on XML format– ebXML Messaging Service specification (ebMS) will be
used as the enveloping standard– X.400 will be replaced by SMTP– RTV will be connected to the new National Health
Network (NHN) in Norway by use of SMTP– A new frame agreement on PKI will be established
What we get by using PKI and ebXML
Authentication – secure identification of the sender Integrity – a message can not be changed from sender to
receiver Confidensiality – unauthorised people can not read the
content in the message Non-repudiation – sender can not deny having signed and
sent a message Sender gets response message when receiver gets the
message– Resending until response message is received (the
resending module in ebXML defines the number of resendings and the time interval)
ebXML Message Handling Service (ebXML MHS)
MHS
Authentication, authorization, andnon-repudiation
Processing of message header
Encryption / signing
Re
ce
ipts
an
d a
ck
no
wle
dg
em
en
ts
Err
or
ha
nd
lin
g
Enveloping / de-enveloping
Interface to communciation
HTTP SMTP IIOP FTP
Application
Interface to MHS
...
ebXML MessageTransport envelope (HTTP, SMTP, etc.)
MIME envelope (SOAP with attachment)
MIME part
SOAP envelope: Envelope
SOAP envelope: MessageHeader
SOAP envelope: Body
ebXML: MessageHeader
ebXML: ErrorList
ebXML: Signature
ebXML: Acknowledgement
ebXML: Manifest
MIME part
Payload (Business message)
ebXMLenvelope
ebXMLpayload
Message
ebXML Secure Messaging
Partner BResending3 times
ebXML protocol
Sender Receiver
ebXML Message
ebXML Control
ebXML Apprec
ebXML Control
Resending3 times
Before
Pharmacy 1
Pharmacy 2
Pharmacy n
EDIFACT
EDI/PKIDoctor 1
Doctor 2
Doctor n
EDIFACTRTV
Hospital 1
Hospital 2
Hospital n
EDIFACT
X400
Now
Pharmacy 1
Pharmacy 2
Pharmacy n
XML/ebXML
ebXML/PKIDoctor 1
Doctor 2
Doctor n
XML/ebXMLRTV
Hospital 1
Hospital 2
Hospital n
EDIFACT/ebXML
SMTP
SMTPNHN
Internet
SMTP
New architecture
Strategy: RTV shall get products from the market for the central modules in the architecture, if possible. Products from market leaders will be preferred:
– ebXML: Xenos Group – GoXML MS– PKI: RSA Security – RSA BSAFE– Application server: IBM – Websphere– Message handling: IBM – MQ Series– Trusted Third Party (TTP): Ergo Group – National Service Provider– Control system: Fair Isaac - Blaze Advisor– Archive system: Ergo Group – ePhorte– Insurance Administration system: Inhouse development– Platforms: Windows, HP-UX, zOS
Applications using the new architecture
Medical sertificate– 750 doctors at 300 offices (total numer is 1850) are using the system
today• The total number of messages are 3.5 million a year
Doctors request for payment– 500 doctors at 200 offices are using the system today
Pharmacies request for payment– All the 550 pharmacies are using the system
• 10 billions NOK (1.3 billions EURO) are payed to the pharmacies a year
EHIC (European health insurance card)– 1.4 million cards have been delivered
Example: Doctor’s Office
NIA
NHN
Office Server
· Message creation· Personal signature
using SmartCard and pin-code or software based
· Message encryption· ebXML packaging· Envelope signature
SMTPSMTP
· Message decryption· ebXML unpackaging· Signature check
User PC
Example: Pharmacies
NIANAF Data (HUB)
Company signature using software based certificate
· gZip· Message encryption· ebXML packaging· Envelope signature
SMTP
· Message decryption· ebXML unpackaging· Signature check
User PC
# 550 pharmacies
Example: National Insurance Administration
Mainframe zOS
SMTP/POP 3 Server
ebXML (goXML from Xenos)RSA for PKI functionsBlaze Advisor Rule Engine
HP/UXWebSphere
Application Server
JavaMail
Ephorte Message Archive
MQ Series
External TTP
WindowsNT
MQ Series
430 NIA Local offices
Insurance Administration System
Experiences with the new architecture
Use of open standards– Many products available in the market– More flexible interface– Better error detection (by checking in other products)– A national standardisation body keeps the messages updated and
available on the Internet ebXML
– Better message identification– Flexible response messages– Automatic resending of messages– Message routing based on envelope information– Easier to operate the information about communication partners– Better tracing and monitoring of the messages
Experiences with the new architecture (continue)
XML– Better message specification– Better validation functionalities in XML– Easier to automatically validate by sending and receiving messages
PKI – The open standards for PKI exist today– Products which handle authentication, integrity, confidensiality and
non-repudiation are available in the market today– Service providers which handle certification authority (CA) and
registration authority (RA) are established– Real-time verification of certificates using LDAP– A TTP/PKI frame agreement for the whole health- and social sector
has been in place for 2 years
Next activities
Extend our use of ebXML – today we send EDIFACT over X.400
Automate Collaboration Protocol Profile (CPP) and Collaboration Protocol Agreement (CPA) handling
– from manual handling of CPP/CPA information to automated handling
Upscale the communication solution– Increase the number of communication partners – Increase the number of messages – Increase the number of applications
• The next big e-health project in Norway will be ePrescription (17 million messages a year). Developing begins early 2006.