Connect update improves health data security
By Mary Mosquera
Wednesday, October 07, 2009
The Health & Human Services Department (HHS) has updated the government’s Connect software to improve information security and enterprise services for organizations that want to use it to exchange health data, said its senior architect.
Connect is federally developed software that lets agencies and healthcare organizations share health data by using the protocols, agreements and core services that make up the nationwide health information network (NHIN).
HHS is trying to develop improvements in the Connect gateway quickly so it can serve as an early model of the NHIN, executives said yesterday.
“The intent of the plan is that Connect will be a reference implementation of NHIN and provide a mechanism for organizations that are building gateways to have the ability to test against it and to provide for feedback to the NHIN specification group,” said Les Westberg, Connect technical lead in the Federal Health Architecture program and an executive with Agilex.
Westberg made his remarks in a Webinar Oct. 6, on the technical details of Connect version 2.2. HHS released the software on Sept. 25 and plans to update it again in January 2010, Westberg said.
Among the enterprise services improvements, Connect provides a new graphical user interface that lets provider organizations mark consumer preferences for the data, such as whether it can be shared and who is authorized to access it.
For instance, a consumer may have given permission for all the physicians in a practice to access information but not the receptionist, Westberg said. Other choices let consumers opt in or out of NHIN participation.
The latest Connect version of Connect also strengthens security by using the same protocols in the interface between the healthcare organization and the Connect gateway that have been used between Connect and the NHIN, Westberg said.
These include two-way Secure Sockets Layer (SSL), digital signature, and Security Assertion Mark-up Language (SAML), a standard for exchanging authentication and authorization data.
