Securely sharing medical records through SOA
This National Ministry of Health is responsible for the accessibility and quality of public healthcare, welfare and social-cultural work.
Day-to-day management and delivery of the healthcare system is provided by a network of private health suppliers (General Practitioners, hospitals, medical specialists, obstetricians, paramedical caregivers, etc.), but the costs are borne by the government. With an aging national population, controlling healthcare costs was fast becoming the key mandate for the Ministry. Reducing overhead and administration costs by creating a central point of access for all care givers and patient records seemed like the most economical solution, but with 15M+ citizens, all of whom have some form of healthcare insurance, a centralized solution posed a significant challenge.
By the Numbers
- 15M+ citizens
- Hundreds of individual practitioners
- Dozens of care institutions and services (clinics, labs, emergency services, etc)
- Tens of hospitals
The National Ministry of Health’s IT department recognized that, given their current resources and budget and the enormous undertaking a centralized solution might require, the timeline to deliver a solution would not meet expectations. In addition, a number of security issues also arose around the ability to share medical records across the entire network of healthcare providers without compromising the privacy of their patients. As a result, the Ministry brought onboard the local resources of a global Systems Integrator (SI).
The SI identified the fact that the Ministry’s small budget and short time frame for implementing a national system meant that a traditional centralized approach – a single database containing all patient records – would not be feasible. A leaner, more flexible, decentralized solution would better fit budget and time constraints. The SI proposed a Service Oriented Architecture (SOA) approach, since SOA would enable standards-based interactions between the country’s many diverse medical applications without requiring structural-level integration. However, to control costs, patient records would need to flow across public networks. This meant that not only would security have to be maintained for data in flight, but interactions at both ends would have to be secured in order to ensure privacy.
The solution was the Layer 7 SecureSpan SOA Gateway, which sits in the middle of each interaction and acts as a Web services broker, validating message-level digital signatures, enforcing access control rules (based on each healthcare provider’s smart card), and protecting against XML-based threats.
The resulting system securely pulls records from where they reside – at multiple healthcare providers across the country – effectively assembling a complete medical history of a patient on demand.
The solution follows a hub and spoke architecture, with the Layer 7 Gateway at the hub connecting healthcare provider systems located in hospitals, clinics, doctors’ offices – systems that store patient information – to healthcare practitioners such as physicians and pharmacists, via standard, Web services APIs. Each of the country’s healthcare systems, registered as services, can be centrally queried and accessed via the SOA Gateway. Since the Gateway is policy-based, new services and new security requirements can be rapidly accommodated by centrally updating a single policy rather than updating the code for each healthcare application.
To create a more flexible, secure system, each healthcare provider that requires access to patient data is issued with a smart card which automates the digital signing of their requests. Swiping the card initiates a token-based logon to the Layer 7 Gateway.
With all the pieces in place, registered physicians can now access information their patient has previously granted them access to in an authorization profile. For example, when a healthcare provider swipes their smart card, an authentication token is received by the Layer 7 Gateway, which verifies them against a central LDAP and allows/denies the physician access. If the physician is authenticated, they can then submit a query. The SecureSpan SOA Gateway extracts the patient’s id from the query and performs a lookup on each health service within the system until a match is found. The patient record is then encrypted over the wire and decrypted on the physician’s system, where it is displayed locally, but not stored ensuring patient privacy can be preserved.
Compared to centralized national healthcare projects (some of which are currently over budget and have missed deadlines), the decentralized, SOA-based solution has not only proven itself to be a successful approach, but has also resulted in cost reductions and improvements in the quality of healthcare (principally by reducing manual errors) – all without compromising patient record privacy. While most IT architects believe that centralized systems will usually have the edge in terms of scalability and accessibility, this decentralized approach has demonstrated comparable capabilities while realizing better security, greater cost savings and a faster implementation time.
In fact, analysts from International Data Corporation (IDC) and Computerworld magazine gave the SI an Innovator Award for its rapid development of a national health system.
The IT team now tasked with maintaining and updating the system, is also impressed with the Gateway’s capabilities: “Being able to update the system by revising policies on the Gateway streamlines the maintenance process for us. There’s no need to update, test and re-deploy application code across the wide range of registered healthcare provider systems when requirements change.”