Blog

Securing HL7 communication is accomplished using Virtual Private Networks (VPN) and Secure Shell File Transfer Protocol (SFTP). RosettaHealth has both.

IT Guy Bits and Bytes: Options for Securing HL7 Connections

The Health Level-7 (HL7) standard doesn’t include security. When needing to secure HL7 communication it is accomplished using other secure channels. Two common choices are Virtual Private Networks (VPN) and Secure Shell File Transfer Protocol (SFTP).

  • VPNs provide the ability to join two or more private sub networks as if there were one. This approach has been used time and again due, in part, to the limited impact on existing systems. Said differently, no architectural changes required to existing health IT infrastructure
  • SFTP was designed as an extension of SSH2 to provide file transfer capability. SSH2 provides a high level of security and the file transfer capability, unlike regular FTP, follows a strict standard. That is, it's easy to use SFTP for automated processes.

HOW TO DECIDE WHETHER TO USE VPN OR SFTP?

We recommend VPNs if you require a LLP interface for synchronous HL7 messaging or you are needing to securely connect multiple systems between two organizations.

PROS

  • Able to connect a multitude of systems over a single secure connection

CONS

  • Can require noticeable effort to implement and maintain

SFTP is ideal if you already treat HL7 messages as regular files as well as if you have found the time or cost involved with a VPN is prohibitive.

PROS

  • Can often be established faster than VPN
    • Does not require changes at the network boundaries
  • Collapses the secure channel and the messaging protocol together which
    • Simplifies solution
    • Makes it straightforward to produce complete audit logs of who, did what, when
  • In the case of receiving HL7 messages, SFTP inherently provides a queue / storage. If a connection is lost, when processing is re-established you can continue without fear of losing a message

CONS

  • Can not be used for synchronous messaging
  • Requires messages to be treated as files

With pros and cons to each option, we have opted to support both in the RosettaHealth platform.

Subscribe to Email Updates

Follow Us

Recent Posts

Popular Posts