January 19,2010 SOCIAL SECURITY ADMINISTRATION-HIT SUPPORT Healthcare Provider Directory (HPD) Standards and Transaction Discussion IHE Face 2 Face February

January 19,2010 SOCIAL SECURITY ADMINISTRATION-HIT SUPPORT SOCIAL SECURITY ADMINISTRATION-HIT SUPPORT

Healthcare Provider Directory (HPD)

Standards and Transaction DiscussionIHE Face 2 Face

February 1-3, 2010

Presenter: Nitin Jain (IBM/SSA), Toby Briks-Fader

SSA Representative: Shanks Kande

SOCIAL SECURITY ADMINISTRATION-HIT SUPPORT SOCIAL SECURITY ADMINISTRATION-HIT SUPPORT 2February 2, 2010

Topics

Overview of recommended standards

Analyze in detail the recommended standards

► Identify any commonality and/or gaps between standards and HPD

Transaction Services Metadata

Next Steps


Recommended Standards Overview

Standard SDO Description

ISO TC 215 : ISO/TS 21091 Health Informatics

ISO Directory services for health care providers, subjects of care, and other entities

HL7 V3 HL7 Covers message standards, interactions and the XML data model for provider registry

Lightweight Directory Access Protocol (LDAP)

OASIS Defines the messaging protocol, operations and data schema for directory services. OASIS DSML v2 as a means to cover this with SOAP messages

Personnel White Pages (PWP) IHE The Personnel White Pages Consumer may make a wide variety of queries and cascaded queries using LDAP. Intended for inside of an organization;

Universal Description Discovery and Interaction

OASIS Defines a way to publish and discover information about Web services.


Messaging Standard We recommend adopting SOAP v1.2 as the messaging

standard for the following reasons:► Firewall friendly way to make remote procedures call and could

be used over HTTP/TLS. ► Promotes Interoperability by providing a shared language for

mapping structured data transmitted across different platforms and architectures.

► Allows full scale support to web services protocol standards with standard tooling, i.e. new requirements can be addressed without definition of new specification and implementations

► Encapsulates SAML assertions to carry user credentials for authorization and auditing purposes

► Extensive tooling support available for SOAP/XML


ISO/TS 21091 Overview Directory services for health care providers, subjects of care, and

other entities

Supports the communication through X.500 framework

Provides common directory information model of healthcare professionals extending the X.500 object model ► Extended Attributes (e.g. HcIdentifier, HcOrganization, HcSpecialisation)

► HL7 defined attributes (e.g. HL7 Sex, HL7 County Code etc)

Supports LDAP query and syntax for representing attributes

Inherits security requirements for authentication and non-repudiation from ISO 17799 and ISO TR 13335


ISO/TS 21091: Directory Information Tree


Commonality between ISO/TS 21091 and HPD Requirements

Supports Transactions for ► Lookup Provider (how it is extensible for other lookup attributes)► Store Provider Contact Information, Credentials

Schema for► Healthcare Organizations, different organization types ► Individual Professionals, Credentials► Health care-specific contact information, ► Health care identifiers, roles (standard and local), ► Multiple Affiliations: Persons to Multiple Organizations affiliations► Supporting Organizations (can be used for HIE/HIO information)

Vocabulary Sets: HL7 domain, ISO 21298


Gaps between ISO/TS 21091 and HPD Business Relationship definitions between Individual and

Organization XML Based messaging


Enhancements on ISO/TS 21091 Encapsulating LDAP operations within XML for communication

► DSMLv2 to express LDAP requests and responses in SOAP bindings. ► DSMLv2 is a systematic translation of LDAP’s ASN.1 grammar (defined by

RFC 2251) into XML-Schema. ► Allows HPD consumers to access HPD without having to write to the LDAP

interface and offers a consistent way to interact with multiple dissimilar directories.

Open Issues► Ease of DSMLv2 implementation? ► Would it cause any unreasonable burden on the implementers and

adopters?► Currently use of DSML v2 is primarily in identity management domain

Electronic end point information of Provider, HIE/HIO:► labeledURIObject and labeledURI attribute [RFC2079]► Mail attribute


HL7 v3: Personnel Management; Provider Registry Uses Messaging protocol of HL7 v3.0 Vocabulary Code set: Provider Role Type, HL7 Domain

tables Schema

► Organization (Organization), Principal Person (Individual)

► Licensed Entity (Credentials), Healthcare Provider (Specialty), LicensedEntity (Qualifications), AssignedEntity (Functional Role)

► AlsoKnownAs (Aliases), Place (Location)

► OrganizationPartOf, OrganizationContains (Organization Hierarchy)

► Employee, Affiliate (Business relationships between Individual and Organization)


HL7 v3: Personnel Management; Provider Registry


Commonality between HL7 v3 and HPD

Supports Transactions Add Provider Update Provider Add Provider Notification (Broadcast) Update Provider Notification (Broadcast) Query Provider Details Find Associated Providers Identifiers Query

Supports SOAP/XML Communications


HL 7 v3 - Gaps/Open Questions What is the adoption of this standard in industry for

directory services Any Interoperability issues? Limited or no existence of HL7v3 provider directory in a

production environment


Analysis of ISO vs HL7 V3 LDAP is much more extensively implemented than HL7

V3 Community and tooling know how easily available on

LDAP standard Tooling to support v3 schemas are incredibly complex

and coded data and costly to implement HL7 interfaces HL7v3 may pose significant barrier to adoption due to

limited or no existence of HL7v3 provider directory in a production environment

HL7 v3 relies heavily on coded vocabulary; dependency on OIDs;


LDAP V3 Basis for ISO/TC 21091 Lightweight exchange protocol of X.500 schema Exchange protocol TCP/IP with LDAP specific syntax Operations: StartTLS, Bind, Search, Compare, Update,

Abandon, Unbind


LDAP v3 - Advantages LDAP a very commonly implemented protocol, many

implementations including opensource

LDAP well understood and adopted across many industries

LDAP schema supports most requirements of HPD and can be extended

ISO and IHE have already adapted generic LDAP to the healthcare provider space – providing a platform for our work


LDAP v3 - Disadvantages No support for SOAP/XML communication protocol in

native LDAP communication protocol.► May consider applying DSMLv2 to express LDAP requests and

responses in SOAP bindings. DSMLv2 is a systematic translation of LDAP’s ASN.1 grammar (defined by RFC 2251) into XML-Schema.

► How easy is it to implement?

► Would it cause any unreasonable burden on the implementers and adopters?

No automatic support for Notification


PWP – Personnel White Pages

Personnel White Pages Directory DNS Server

Personnel White Pages Consumer

Find Personnel White Pages [ITI-23] Query Personnel White Pages [ITI-24]


PWP – Query Personnel White Pages TransactionStandard: Lightweight Directory Access Protocol (v3)

Commonly used schema found in X.500 Schema for LDAP and inetOrgPerson

Schema includes required elements for: ►Names►phone #s►Email►Organization►Address►Language►Title

Optional elements: ►Alias►Vehicle license►Department►employee #►employee type►home address/phone►Photo►Locality►URI►Manager►preferred delivery method►registered address►Secretary►Uid►User S/MIME Certificate►X.500 ID


PWP – Disadvantages Intended for inside of an organization. Not Designed for Broader scale to allow cross-enterprise queries.Need to accommodate Health care specifics attributes


Secure IT Infrastructure

Healthcare Provider Directory

HPD Actors and Transactions

Provider Directory Source

Provider Directory Consumer

Add/Update Provider

Notify of Change

Subscribe

LookupProvider

Authentication AuditingTransaction

Actor


Assumptions Secured IT Infrastructure hosting HPD provides security

services related to Authorization, Authentication and Auditing

Data validation for Add/Update transactions is out of scope

Access-based-control policy to view HPD data is out of the scope of HPD profile

HPD profile is agnostic of Search Algorithm and leave the business rules to determine exact/ambiguous rules to the HPD implementers


Transaction MetadataAdd/Update Provider Request Provider Name, Aliases

Provider Type (Organization/Individual)

Provider Address

Individual Provider Other Identifiers

Individual Provider other demographics (e.g. Gender, DOB, Race etc)

Provider Specialty

Provider Credential

Provider Status and Effective Dates Individual provider association to the provider

organization

Organization structure including Facilities?

Organization/Individual Provider Association to HIE

Add/Update Provider Response

HPD Provider ID

Acknowledgement


Transaction MetadataLookup Provider Request Provider Name, Alias

Provider Address

Provider global and directory Identifier (e.g. NPI, HPD Provider Id etc)

Provider other traits such as DOB, Gender

Provider Specialty

Zip code (geographic searches)

Response parameters to return

Lookup Provider Response Provider Name, Alias

Demographics

Provider associated Address

Provider Other Identifiers

Provider Specialty

Provider Status and Effective dates

Provider Type (Organization, Individual) Individual provider relationship to the

provider organization and relationship status

Provider Relationship to HIE

Associated HIE Location, URLs


Next Steps (to be completed by Face to Face)

Decide on Content Model Standards

Decide on Communication standards

Confirm metadata for the Transactions

Confirm Data modeling tool


Backup Slides


HL7 v3: Personnel Management; Provider Registry


Transaction MetadataSubscribe Request (WS-Notif) Event definition code

Provider Identifier such as HPD ID

Provider Name

Subscriber Name

Subscriber Identifier SAML search request?

Subscribe Response Subscription Id

Confirmation message


Transaction MetadataNotification Request N/A

Notification Response (encoded search result?)

(Same as Lookup Provider Response)

Provider Name,

Demographics

Provider Identifiers

Provider Specialty

Individual provider association to the provider organization

Provider Association to HIE

Associated HIE service endpoints (URLs)

Provider and relationship Status

Provider Type (organization, Individual)

Documents

January 19,2010 SOCIAL SECURITY ADMINISTRATION-HIT SUPPORT Healthcare Provider Directory (HPD) Standards and Transaction Discussion IHE Face 2 Face February