Issues Identified in Consensus Process
Jump to navigation
Jump to search
The following objections or issues to fix were raised with each approach in the consensus process:
SOAP/XDR Push
- Separate routing metadata from content metadata (also raised by HITSC review and an important HITPC Privacy and Security Tiger team consensus option)
- Enable transport of simple messages without requiring CDA attachments or "step-ups"
- Enable HISPs that can delivery messages without viewing the content metadata, only the to/from information (no PHI)
- Allow end-to-end content encryption
- Enable transport of content not related to a single patient (e.g., quality reporting)
- Substantially drop total implementation costs
- Substantially better documentation and all-in-one-document specifications and implementation guides
- Much better reference guides defining samples, particularly for metadata
- Better overviews describing all the parts that are required to send a transaction
- Skinny the minimal requirements for creating an XDR (or XDD message)
- Address requirement for UDDI and central infrastructure
- Enable "HISP in a box"
- Address business case for organizations already supporting small practices (PMS vars, ISPs, etc.)
REST
- Demonstration of cross-conversion to SMTP and XDR [ed note: demonstration did address email at the edge)
- Define ability to address additional metadata [ed note: specification endorses use of XDM attachments]
- Demonstration of critical scalability items
- Retries, reliable delivery [Latest specification includes orchestrations for asynchronous messaging]
- Error handing and exception processes [Latest specification addresses status resource]
- Much better specification document REST Specification
- Risk analysis
- Automated testing [Rails code includes an automated integration test suite that is driven by a client driver)
SMTP
SMTP Consensus Issue Responses
- Better define error handing and exception processes [ed note: email clients support MDN but specific features supported vary)
- Define ability to address additional metadata [ed note: specification endorses use of XDM attachments]
- Presence of viewers for health content
- Address cost of data centers to add new infrastructure not currently supported (note that data centers for HIE often not the same IT staff as data centers for email)
- Trusted paths of routing [ed note: OCR may consider any intermediary that has even encrypted data as requiring a BAA]
- Address extension
- Risk analysis
- Automated testing
- Address risks of users using their current email clients (possible confusion, sending data to standard SMTP servers)