HL7 messages are like the water flowing in the pipes connecting one healthcare information system to another. The relatively simple data transfer standard developed by Health Level Seven has become the most widely used format for sending and receiving messages between disparate healthcare systems. However, due to the weak enforcement of security in HL7 messages, it has become a significant concern among CIOs and solution providers. That’s why we’re highlighting some methods of securing Hospital HL7 Interface messages within and outside your organization.
1. Use a VPN
A reliable VPN will create an encrypted tunnel to secure your data. It also hides your IP address, so hackers cannot easily track your IP and location.
Using a VPN to transfer HL7 data boosts security because the data is encrypted in transit. This is particularly important when sending sensitive health information from your EHR to an external laboratory or radiology service.
To protect your data with a VPN, route it through lower layer protocol (LLP). This is a relatively simple task since leading cloud platform providers offer VPN connections with their service.
2. Send Files With Secure FTP
If you need to send batches of HL7 messages in file format to another endpoint, you can use SFTP and FTPS. This is an effective method for transferring and managing data streams when using an interface engine.
However, it would be best if you used either SFTP or FTPS. Since the two transport protocols are incompatible, you can’t combine them. SFTP is part of the SSH protocol. On the other hand, FTPS, also called FTP Secure, works with Secure Socket Layer (SSL) and Transport Layer Security (TLS) protocols.
3. Combine TLS with LLP
Some HL7 integration engines support using LLP with the SSL or TLS cryptographic protocol. This is the standard developed and supported by Integrating the Healthcare Enterprise (IHE). IHE is a non-profit organization based in Illinois that promotes the development of data-sharing standards in healthcare.
In practice, this security protocol is not used often. But if you want to use it, you need to set up an LLP client or listener that will work with SSL Settings.
4. Deploy a User-Agent
If you need to take security to a very high level, deploying a user agent at the two endpoints may be practical. The integration engine needs to be installed along with the EHR and at the client’s site.
Then data may be transferred with LLP with HTTPS, FTPS, or TLS/SSL. Unfortunately, working with a user agent increases the number of points of failure. If the user agent has a problem, data will not flow successfully.
5. Use PHINMS for Public Health Reporting
If you need to send HL7 messages to a public health organization, you can exchange sensitive data securely using the messaging system designed by CDC.
The Public Health Information Network Messaging System (PHINMS) uses electron business XML, a.k.a ebXML. Presently, the PHINMS software is Windows-based, and you need to have either Windows 10 or Windows Server 2016 to install and use it.
After installing the software, you need to obtain a digital certificate and create a route map to recipients before you can send or exchange data.
Work With a Hospital HL7 Interface Expert
For in-depth knowledge and insight on how to secure your HL7 messages from intruders, contact Lifepoint at 877.522.8378 today. Visit our contact page to book a free consultation session or discuss your healthcare data integration needs.