Issues Identified in Consensus Process

From Direct Project
Jump to navigation Jump to search
The following objections or issues to fix were raised with each approach in the consensus process:

SOAP/XDR Push

SOAP-XDR Issues, Addressed

  1. Separate routing metadata from content metadata (also raised by HITSC review and an important HITPC Privacy and Security Tiger team consensus option)
    1. Enable transport of simple messages without requiring CDA attachments or "step-ups"
    2. Enable HISPs that can delivery messages without viewing the content metadata, only the to/from information (no PHI)
    3. Allow end-to-end content encryption
  2. Enable transport of content not related to a single patient (e.g., quality reporting)
  3. Substantially drop total implementation costs
    1. Substantially better documentation and all-in-one-document specifications and implementation guides
    2. Much better reference guides defining samples, particularly for metadata
    3. Better overviews describing all the parts that are required to send a transaction
    4. Skinny the minimal requirements for creating an XDR (or XDD message)
    5. Address requirement for UDDI and central infrastructure
    6. Enable "HISP in a box"
  4. Address business case for organizations already supporting small practices (PMS vars, ISPs, etc.)


REST


  1. Demonstration of cross-conversion to SMTP and XDR [ed note: demonstration did address email at the edge)
  2. Define ability to address additional metadata [ed note: specification endorses use of XDM attachments]
  3. Demonstration of critical scalability items
    1. Retries, reliable delivery [Latest specification includes orchestrations for asynchronous messaging]
    2. Error handing and exception processes [Latest specification addresses status resource]
  4. Much better specification document REST Specification
  5. Risk analysis
  6. Automated testing [Rails code includes an automated integration test suite that is driven by a client driver)


SMTP

SMTP Consensus Issue Responses

  1. Better define error handing and exception processes [ed note: email clients support MDN but specific features supported vary)
  2. Define ability to address additional metadata [ed note: specification endorses use of XDM attachments]
  3. Presence of viewers for health content
  4. Address cost of data centers to add new infrastructure not currently supported (note that data centers for HIE often not the same IT staff as data centers for email)
  5. Trusted paths of routing [ed note: OCR may consider any intermediary that has even encrypted data as requiring a BAA]
  6. Address extension
  7. Risk analysis
  8. Automated testing
  9. Address risks of users using their current email clients (possible confusion, sending data to standard SMTP servers)