Title: Planning the Future of CDC Secure Public Health Transactions and Public Health Information Network Messaging System (PHINMS)
1Planning the Future of CDC Secure Public Health
Transactions and Public Health Information
Network Messaging System (PHINMS)
- Jennifer McGehee, Tim Morris, Charlie Peng, John
W. Loonsk
2The findings and conclusions in this presentation
are those of the authors and do not necessarily
represent the views of the Centers for Disease
Control and Prevention.
3Value of Public Health Shared, Secure Transaction
Standards and Tools
- Ensure that all public health participants have
the ability to exchange secure transactions - Minimize integration costs of non-standard
transaction approaches - Technical integration and security costs
- Identity proofing management
- Authentication management
- Opportunity to leverage clinical care efforts and
other public health program efforts to share
maintenance, advance robust security, and
minimize costs
4Public Health Information Network Messaging
System (PHINMS)
- Effort begun in 2002 to advance standards-based,
secure, reliable data messaging among public
health agencies and trading partners - CDC-produced PHINMS software as an implementation
of the standards the agency defined around public
health transactions - A related digital certificate authority and
service was established to support encryption and
non-repudiation - Support for route not read and behind the
firewall services - Led to commercial product implementations
5PHINMS at CDC Payloads Received
6PHINMS at CDC Message Size
7PHINMS State Example Georgia
- Supporting the Georgia Registry of Immunization
Transactions and Services (GRITS) state internal
system - Currently 262 installations in hospitals and the
Health Department - 22,500 transactions per day
- 450,000 transactions per month
Source André K. Wilson, HP Enterprise Services,
Contractor to the State of Georgia
8National Secure Transactions Landscape
- Over 22 billion dollars invested in Electronic
Health Records (EHRs) - New focus on EHR connectivity
- Opportunity for public health to leverage this
investment - Nationwide Health Information Network
- Exchange SOAP (Simple Object Access Protocol)
- CONNECT Federal government-developed software
solution - DIRECT initiative
- Mostly SMTP (Simple Mail Transfer Protocol, i.e.,
email) - RESTful web services
- Identified as future direction in S I
Framework, Health IT Standards Committee
9Public Health Transaction Needs
- Multiple transaction types
- Push (e.g. lab result reporting to health
department) - Pull (e.g. query of HD for immunization decision
support) - Pull / query of EHR (e.g. public health
investigation) - Publish / subscribe (e.g. code set distribution)
- Reliable messaging
- Synchronous and store-and-forward
- Each approach involves multiple standards applied
together, which we refer to as a stack
10The PHINMS Standards Stack
Common Name PHINMS
Major Standards SOAP, WS Stack, ebXML
Transactions Push, Store and Forward
Synchronous No
Vocabulary and Code Sets Agnostic
Query / Content Structure Typically HL7 messages
Reliable Messaging Yes
Queuing Included
Security HTTPS, two-factor authentication (digital certificates)
- ebXML is fading
- Not aligned with ONC efforts
- Only supports "push"
11The NwHIN Exchange Standards Stack
Common Name NwHIN / SOAP
Major Standards SOAP, WS Stack
Transactions Push, Pull, Pub/Sub, Store and Forward
Synchronous Yes
Vocabulary and Code Sets Agnostic
Query / Content Structure Focus on CCD
Reliable Messaging Possible
Queuing Not included
Security HTTPS, SAML, XACML
- Advanced by HealtheWay and Care Connectivity
Consortium - No longer supported by ONC
- SOAP still strong in health care
12The DIRECT Standards Stack
Common Name DIRECT
Major Standards SMTP
Transactions Push, Store and Forward
Synchronous No
Vocabulary and Code Sets Agnostic
Query / Content Structure Typically HL7 messages
Reliable Messaging No
Queuing Mail server-based
Security S/MIME
- Major push by previous National Coordinator
- Push only and store-and-forward
- Immunization Information Systems report did not
recommend
13The SFTP Standards Stack
Common Name SFTP
Major Standards SFTP
Transactions Upload/Download
Synchronous Yes
Vocabulary and Code Sets Agnostic
Query / Content Structure No structure
Reliable Messaging No
Queuing Not included
Security X-FTP
- Mostly used for manual data transfer vs. system
to system exchange - Does not support multi-factor authentication
14The RESTful Standards Stack
Common Name REST
Major Standards RESTful, oAuth, OpenID
Transactions Push, Pull, Pub/Sub, Store and Forward
Synchronous Both
Vocabulary and Code Sets Agnostic
Query / Content Structure Typically HL7 messages
Reliable Messaging Yes
Queuing Included
Security HTTPS, two factor (dig certs)
- Identified as future direction by HIT Standards
Committee and S I Framework - Limited health care implementation, but strong
Internet use - Supports HL7 FHIR initiative
15Conclusions
- A multi-protocol public health and clinical care
transaction world will be the reality for some
time - PHINMS legacy standards and system should be
updated to take advantage of new and emerging
standards, but with time and coordination - Alignment with standards being utilized in health
care could potentially allow CDC to reduce
support costs for software development and
improve transactions between clinical care and
health departments - DIRECT transactions are not suitable to fully
support public health needs, but they will need
to be supported and handled in some contexts - REST can offer a suitable and improved public
health transaction platform in time
16Recommendations
- CDC should plan, communicate, and pursue a path
forward for secure transactions - Public health should engage in stack
specification for REST development - CDC should consider enabling transport
translation and routing services
17Questions and Comments?
18Contact
- Jennifer McGehee
- PHINMS CDC Project Lead
- ake0_at_cdc.gov
- (404) 498-2411