The Health Level-7 (HL7) standard doesn’t include security. When needing to secure HL7 communication it is accomplished using other secure channels. Two common choices are Virtual Private Networks (VPN) and Secure Shell File Transfer Protocol (SFTP).
- VPNs provide the ability to join two or more private sub networks as if there were one. This approach has been used time and again due, in part, to the limited impact on existing systems. Said differently, no architectural changes required to existing health IT infrastructure
- SFTP was designed as an extension of SSH2 to provide file transfer capability. SSH2 provides a high level of security and the file transfer capability, unlike regular FTP, follows a strict standard. That is, it's easy to use SFTP for automated processes.
HOW TO DECIDE WHETHER TO USE VPN OR SFTP?
We recommend VPNs if you require a LLP interface for synchronous HL7 messaging or you are needing to securely connect multiple systems between two organizations.
- Able to connect a multitude of systems over a single secure connection
- Can require noticeable effort to implement and maintain
SFTP is ideal if you already treat HL7 messages as regular files as well as if you have found the time or cost involved with a VPN is prohibitive.
- Can often be established faster than VPN
- Does not require changes at the network boundaries
- Collapses the secure channel and the messaging protocol together which
- Simplifies solution
- Makes it straightforward to produce complete audit logs of who, did what, when
- In the case of receiving HL7 messages, SFTP inherently provides a queue / storage. If a connection is lost, when processing is re-established you can continue without fear of losing a message
- Can not be used for synchronous messaging
- Requires messages to be treated as files
With pros and cons to each option, we have opted to support both in the RosettaHealth platform.