Upload
tranque
View
218
Download
0
Embed Size (px)
Citation preview
Prescription Monitoring Information
Exchange (PMIX)
PDMPs are among the most effective tools available to identify and prevent drug diversion
Prescription Monitoring Information Exchange (PMIX) enables secure, reliable, sustainable interstate and intrastate exchange of prescription drug history
Goals of PMIX Architecture
Facilitate PDMP exchange of prescription history
reports with other PDMP systems and other
authorized organizations using appropriate data and
information exchange standards
Define high-level security requirements for information
exchanges
Provide PDMP interoperability execution
infrastructure for security related functions and
exchange-facilitating intermediate hubs
PMIX Architectural Principles
PMP-to-PMP security and privacy using Public Key
Infrastructure (PKI)
National Information Exchange Model (NIEM) data
and metadata
Hub-to-hub capability
Industry standard Web Services using the Global
Reference Architecture (GRA) Profile
NIEM and GRA
Use of NIEM and GRA
ensures compatible
data formats and
interoperability of the
underlying information
exchanges including
message security
Lineage of the PMIX Data Model
The ASAP pharmacy-to-PDMP reporting standard
was a “carve-out” of the NCPDP standard, which
was an extension of HL7 V2
The PMIX IEPD extension schemas used the ASAP
content as the starting point for performing the XML
data modeling
2006: PMIX GJXDM
IEPD (CA-NV Prototype)
2007: NIEM 1.0
2009: NIEM 2.0 (KY-OH prototype)
2011: NIEM 2.1 (KY-OH pilot & subsequent
production operation)
PMP-to-PMP Security
End-to-end encryption of all Protected Health
Information (PHI) and Personally Identifiable
Information (PII)
Encryption/decryption occurs only at the endpoints of
each exchange transaction, which limits the potential
risk of disclosure en route
Data encrypted in accordance with NIST encryption
standard
Post Office Metaphor for the PMIX
Architecture
NIEM data
standard
NIEM data
standard
End-to-end
Security Hubs
GRA service
standard
Directory and
Public Key
Infrastructure
PMIX Architecture Document
Prescription Monitoring Program Information
Exchange (PMIX) Architecture Version 1.0, April
2012
PMIX Architecture Overview
Security
State-to-state message level security
Transport security (SSL) between states and hub
including client authentication
Hubs and Hub-to-hub Exchanges
11/18/2014 12
Hub provides secure routing services to direct
information exchanges and can exchange data
through other hubs
Hub-to-hub connections must comply with the PMIX
Service Specification
State hubs can be
deployed to provide
states with the ability
to more easily add
in-state exchanges
in the future
PMIX Directory
Central Shared repository for X.509 certificates,
authorizations, contact information
PMIX Directory maintained as an LDAP server
PMIX LDAP Extensions
Base – description, preferences, authorizations
Contact – contact information
Certificate – X.509 certificate
Request Profile – required fields
Hub-Hub – configuration, hub endpoint
PMIX Architecture Specifications
PMIX Service Specification Package (SSP) V1.1.0
PMIX Information Exchange Package
Documentation (IEPD) as provided in the PMIX
SSP
Service Specification Package
Service Description
Service Interface Description
Security/privacy
Execution Context
Routing Service
Key management for Public Key Infrastructure (PKI)
State Routing Service (SRS)
Optional component
Simplifies exchanges with PMIX Hub
Serves as a foundation for a State PMP “Hub”
Interoperability capability provide via “off the shelf”
service
Extensible standards based security and access
Potential point for value added capabilities such as
response collation or statistics
Separates network administration and security from
PMP operations
State Routing Service
PMP Data
PMP
Service
PMP
App
State Data Center
State
Health Information
Exchange
HIE User
With PMP Access
through the HIE
Internet
State Hub
Routing Service
Springboard
A standards-based interoperability partnership
program managed by the IJIS Institute
Providing a shared resource venue for industry to
work with government to evaluate, test and certify
use of information sharing and interoperability
standards
Designed to help advance information sharing in the
justice, public safety, health and homeland security
operational environments
RxSentry hub was first and only hub to be certified
by Springboard as PMIX Conformant
PMIX Springboard
Request Form
Mock Service
Certification
Primary Site
PMIX
SOAP
PMIX
SOAP
Report
PMIX
SOAP
PMIX
SOAP
PMIX
SOAP
PMIX
SOAP
Request Form
Mock Service
Certification
Support Site
PMIX
Conformant Hub
Test Support
PMIX
Conformant Hub
Test Target
Request Form
Mock Service
PMIX
Conformant Hub
[ Optional ]
PMIX
SOAP
PMIX
SOAP
Report
PMIX
SOAP
PMIX
SOAP
Certification
Primary Site
Certification
Target PMP
PMIX Service Testing Capabilities
PMIX soapUI project provides functional tests
Tests are fully automated with formal reports
soapUI provides “mock” service capability
PMIX soapUI project available for state PMIX testing
including interactive forms based console
Implementation Resources
11/18/2014 20
Service Specification Packages including WSDL,
Information Exchange Package Documentation
State Routing Service (optional Microsoft server
component)
Microsoft .NET C# and open source Java reference
implementations and sample code
What Does This Mean?
Preserves choices for state PMPs
Opportunity for a truly national capability
Extends the access to prescription history information
Mutual governance between hubs is becoming necessary
Allow capability to begin considering how prescription data fits within broader information sharing landscape
Contact Information
Donald Gabbin, MPA, PMP
Senior Project Manager
IJIS Institute
703-726-3647
Interoperability Challenge – PMPi &
PMIX
PMIX PMP-to-PMP
security NIST encryption with XML encryption
NIEM
Hub-to-hub design
Standard web services
PMPi
PMP-to-PMP security
NIST encryption only
NIEM
Hub-to-hub feasible
RESTful web services
NIEM
Hub-to-hub
Challenge
Interoperability Solution – PMPi & PMIX
PMIX PMP-to-PMP
security NIST encryption with XML encryption
NIEM
Hub-to-hub design
Standard web services
PMPi PMP-to-PMP
security NIST encryption only
NIEM
Hub-to-hub feasible
RESTful web services
Double Encryption
NIEM
Hub-to-hub
Web service proxy
Solution
PMIX PMPi Interoperability Benefits
Faster adoption and implementation of PMP
information sharing
Provides clear implementation path for State PMP
administrators regardless of hub plans
Easier PMP onboarding
Hub access decisions based on business benefits
rather than technology constraints or immediate
sharing needs