VPNs provide the ability to join two or more private sub networks as if there were one. This approach has been used time and again due, in part, to the limited impact on existing systems. Said differently, no architectural changes required to existing health IT infrastructure
SFTP was designed as an extension of SSH2 to provide file transfer capability. SSH2 provides a high level of security and the file transfer capability, unlike regular FTP, follows a strict standard. That is, it's easy to use SFTP for automated processes.
HOW TO DECIDE WHETHER TO USE VPN OR SFTP?
We recommend VPNs if you require a LLP interface for synchronous HL7 messaging or you are needing to securely connect multiple systems between two organizations.
Able to connect a multitude of systems over a single secure connection
Can require noticeable effort to implement and maintain
SFTP is ideal if you already treat HL7 messages as regular files as well as if you have found the time or cost involved with a VPN is prohibitive.
Can often be established faster than VPN
Does not require changes at the network boundaries
Collapses the secure channel and the messaging protocol together which
Makes it straightforward to produce complete audit logs of who, did what, when
In the case of receiving HL7 messages, SFTP inherently provides a queue / storage. If a connection is lost, when processing is re-established you can continue without fear of losing a message
Can not be used for synchronous messaging
Requires messages to be treated as files
With pros and cons to each option, we have opted to support both in the RosettaHealth platform.