Healthy Living Onc’S Straight Project: Inwards Defense Forcefulness Of Simplicity
Over the yesteryear twelvemonth or so, I’ve been deeply involved inward diverse Federal gov’t wellness information technology initiatives, including the Direct Project in addition to Query Health. This is origin time, I believe, that the populace (private sector “outsiders”) has had access to the inner-workings of the Office of the National Coordinator for Health Information Technology (ONC). While I’ve been delighted amongst this novel degree of transparency, I’ve been dismayed yesteryear the agency the procedure tends to transform elementary ideas in addition to sensible goals—aimed at improving attention character in addition to efficiency—into overwhelmingly complex, convoluted in addition to costly technical specifications in addition to requirements!
One of the reasons for province of affairs is that people oftentimes “come to the table” amongst preconceived notions of what is possible in addition to how create it. These narrow/closed mindsets are either unaware or prone to reject technologies that supply elementary cheap solutions through the “novel combinations of existing off-the-shelf components, applied cleverly to a small, fledgling value network”) inward favor of conventional technologies (commodities) that lack those positive qualities. Following is simply i example.
Influenza A virus subtype H5N1 few months ago, MD John Loonsk (CMO of CGI Federal) wrote a widely cited article at this link inward which he criticizes the Direct Project’s reliance on SMTP (Simple Mail Transfer Protocol)—the elementary method for transporting email messages that’s been widely used since the early on 1980s. His criticism is based on the fact that SMTP uses a “store in addition to forward” procedure inward which messages are stored locally (in the user's computer) and then sent to the recipient. He claims that SMTP is insufficient in addition to thence should locomote augmented yesteryear types of Web Services, such equally SOAP or RESTful methods, which tend to locomote considerably to a greater extent than complex than SMTP.
In his critique, MD Loonsk takes a “closed inside-the-box” persuasion of SMTP-based e-mail. Following are my responses to his primal issues. In contrast to his narrow conventional bespeak of view, my replies possess got an “open outside-the-box” perspective of SMTP’s capabilities that incorporates a novel publish/subscribe (pub/sub) node-to-node desktop architecture (see this link for technical details).
Issue 1: MD Loonsk wrote that “the shop portion of SMTP…introduces novel safety concerns fifty-fifty amongst encrypted data.”
My reply: Since when is the encryption of stored files non enough? These days, it is gratis in addition to slow to encrypt non solely private files, but fifty-fifty entire difficult drives (or partitions) tin locomote protected amongst bit-locker encryption. With this form encryption of stored files, along amongst encryption of email inward transit (e.g., using PKI), Protected Health Information (PHI) is protected end-to-end (in transit in addition to at rest), which is nigh equally secure equally yous tin get!
In contrast, the Web Services approach tin leave of absence PHI exposed at the spider web server, e.g., when Web Services supply the in-transit encryption in addition to when they transform the PHI format equally it passes betwixt disparate EHRs. With the SMTP pub/sub node-to-node architecture, on the other hand, all encryption in addition to PHI transformations are done yesteryear the sender prior to transporting the e-mail.
One to a greater extent than affair nigh XML security: Encryption vulnerabilities. According to an interesting (and technical) weblog post yesteryear a cryptographic engineer, encrypting XML securely requires extra steps to preclude a "ciphertext" assault that exposes the encrypted XML content. The writer concludes: "If your scheme is online in addition to doesn't possess got a solid, well-analyzed protection against them, don't pretend that you're doing anything at all to secure your data. I want I had a funny, pithy agency to amount this all up. But honestly, I'm simply a petty depressed."
Issue 2: MD Loonsk wrote that “Because SMTP shop in addition to forwards infrastructure tin solely create the force transaction, it is a express platform criterion in addition to a technical dead-end inward trying to address other transaction needs…a truthful USA wellness scheme all seem to necessitate to a greater extent than [which does] non halt amongst the information that i provider anticipates around other provider volition need…[nor] amongst the supposition that providers volition reliably initiate a shop in addition to forwards SMTP transaction to motility the correct information to all that necessitate them.”
My reply: The SMTP pub/sub node-to-node architecture truly enables both “pull” transactions whereby the asking for the transmission of information is initiated yesteryear the receiver, equally good equally “push” whereby the asking for a given transaction is initiated yesteryear the sender. To perform a force transaction, the political party who wants to have the PHI (1st party) e-mails a asking for it to the political party amongst whom the PHI resides (2nd party). Upon receipt of the request, the 2nd political party responds yesteryear sending the requested PHI to the 1st party. Either or both parties tin create his manually or possess got it done programmatically (automatically) yesteryear the software. This elementary solution resolves the SMTP push-pull issue. Nevertheless, as reported yesteryear ONC inward 2009, force messaging is crucial because it is "...less complex in addition to volition locomote far to a greater extent than readily available to a broader gain of providers than so-called 'pull' technologies.
Issue 3: MD Loonsk wrote that, dissimilar Web Services in addition to REST, the SMTP infrastructure does non back upwards HIE functions such equally “unanticipated needs, unanticipated providers, reliable information access from unreliable senders, accumulation of information into longitudinal in addition to population records, accessing registries in addition to information for conclusion support, accumulating character reporting data, querying to larn to a greater extent than information when needed, a raft of directory services, in addition to amongst squad care, the shared management of attention plans, occupation lists in addition to other data.”
My reply: The SMTP pub/sub node-to-node architecture truly does back upwards these functions in addition to we’ve demonstrated such capabilities amongst our software tools using SMTP.
Issue 4: MD Loonsk wrote that “One declaration for SMTP has been that it is to a greater extent than accessible to small-scale providers. In practice, implementations to appointment possess got involved to a greater extent than complexity than predicted and…[rely] on an exterior scheme – a Health Information Service Provider (HISP) to bear the technical load. If a HISP is necessary, a to a greater extent than robust platform criterion similar Web services or REST would seem to locomote simply equally achievable equally SMTP.”
My reply: Unlike Web services or REST, the SMTP pub/sub node-to-node architecture I’ve been describing does NOT rely on a HISP since the desktop email customer (MS Outlook inward our case) carries the technical load, non the HISP. To comply amongst the Direct Project requirements, however, nosotros utilization a HISP for PKI certificate management in addition to provider registries, but the actual e-mails locomote yesteryear correct through the HISP from senders (publisher) to their recipients (subscribers).
In conclusion, the persuasion of MD Loonsk in addition to many others neglect to realize how breakthrough innovations, similar our novel SMTP architecture in addition to apps, tin gain what seems impossible to folks focused conventional technology. Though no uncertainty well-intentioned arguments yesteryear intelligent people, their criticisms create non supply practiced argue for denigrating the simple, sensible, survivable solution SMTP provides.
One of the reasons for province of affairs is that people oftentimes “come to the table” amongst preconceived notions of what is possible in addition to how create it. These narrow/closed mindsets are either unaware or prone to reject technologies that supply elementary cheap solutions through the “novel combinations of existing off-the-shelf components, applied cleverly to a small, fledgling value network”) inward favor of conventional technologies (commodities) that lack those positive qualities. Following is simply i example.
Influenza A virus subtype H5N1 few months ago, MD John Loonsk (CMO of CGI Federal) wrote a widely cited article at this link inward which he criticizes the Direct Project’s reliance on SMTP (Simple Mail Transfer Protocol)—the elementary method for transporting email messages that’s been widely used since the early on 1980s. His criticism is based on the fact that SMTP uses a “store in addition to forward” procedure inward which messages are stored locally (in the user's computer) and then sent to the recipient. He claims that SMTP is insufficient in addition to thence should locomote augmented yesteryear types of Web Services, such equally SOAP or RESTful methods, which tend to locomote considerably to a greater extent than complex than SMTP.
In his critique, MD Loonsk takes a “closed inside-the-box” persuasion of SMTP-based e-mail. Following are my responses to his primal issues. In contrast to his narrow conventional bespeak of view, my replies possess got an “open outside-the-box” perspective of SMTP’s capabilities that incorporates a novel publish/subscribe (pub/sub) node-to-node desktop architecture (see this link for technical details).
Issue 1: MD Loonsk wrote that “the shop portion of SMTP…introduces novel safety concerns fifty-fifty amongst encrypted data.”
My reply: Since when is the encryption of stored files non enough? These days, it is gratis in addition to slow to encrypt non solely private files, but fifty-fifty entire difficult drives (or partitions) tin locomote protected amongst bit-locker encryption. With this form encryption of stored files, along amongst encryption of email inward transit (e.g., using PKI), Protected Health Information (PHI) is protected end-to-end (in transit in addition to at rest), which is nigh equally secure equally yous tin get!
In contrast, the Web Services approach tin leave of absence PHI exposed at the spider web server, e.g., when Web Services supply the in-transit encryption in addition to when they transform the PHI format equally it passes betwixt disparate EHRs. With the SMTP pub/sub node-to-node architecture, on the other hand, all encryption in addition to PHI transformations are done yesteryear the sender prior to transporting the e-mail.
One to a greater extent than affair nigh XML security: Encryption vulnerabilities. According to an interesting (and technical) weblog post yesteryear a cryptographic engineer, encrypting XML securely requires extra steps to preclude a "ciphertext" assault that exposes the encrypted XML content. The writer concludes: "If your scheme is online in addition to doesn't possess got a solid, well-analyzed protection against them, don't pretend that you're doing anything at all to secure your data. I want I had a funny, pithy agency to amount this all up. But honestly, I'm simply a petty depressed."
Issue 2: MD Loonsk wrote that “Because SMTP shop in addition to forwards infrastructure tin solely create the force transaction, it is a express platform criterion in addition to a technical dead-end inward trying to address other transaction needs…a truthful USA wellness scheme all seem to necessitate to a greater extent than [which does] non halt amongst the information that i provider anticipates around other provider volition need…[nor] amongst the supposition that providers volition reliably initiate a shop in addition to forwards SMTP transaction to motility the correct information to all that necessitate them.”
My reply: The SMTP pub/sub node-to-node architecture truly enables both “pull” transactions whereby the asking for the transmission of information is initiated yesteryear the receiver, equally good equally “push” whereby the asking for a given transaction is initiated yesteryear the sender. To perform a force transaction, the political party who wants to have the PHI (1st party) e-mails a asking for it to the political party amongst whom the PHI resides (2nd party). Upon receipt of the request, the 2nd political party responds yesteryear sending the requested PHI to the 1st party. Either or both parties tin create his manually or possess got it done programmatically (automatically) yesteryear the software. This elementary solution resolves the SMTP push-pull issue. Nevertheless, as reported yesteryear ONC inward 2009, force messaging is crucial because it is "...less complex in addition to volition locomote far to a greater extent than readily available to a broader gain of providers than so-called 'pull' technologies.
Issue 3: MD Loonsk wrote that, dissimilar Web Services in addition to REST, the SMTP infrastructure does non back upwards HIE functions such equally “unanticipated needs, unanticipated providers, reliable information access from unreliable senders, accumulation of information into longitudinal in addition to population records, accessing registries in addition to information for conclusion support, accumulating character reporting data, querying to larn to a greater extent than information when needed, a raft of directory services, in addition to amongst squad care, the shared management of attention plans, occupation lists in addition to other data.”
My reply: The SMTP pub/sub node-to-node architecture truly does back upwards these functions in addition to we’ve demonstrated such capabilities amongst our software tools using SMTP.
Issue 4: MD Loonsk wrote that “One declaration for SMTP has been that it is to a greater extent than accessible to small-scale providers. In practice, implementations to appointment possess got involved to a greater extent than complexity than predicted and…[rely] on an exterior scheme – a Health Information Service Provider (HISP) to bear the technical load. If a HISP is necessary, a to a greater extent than robust platform criterion similar Web services or REST would seem to locomote simply equally achievable equally SMTP.”
My reply: Unlike Web services or REST, the SMTP pub/sub node-to-node architecture I’ve been describing does NOT rely on a HISP since the desktop email customer (MS Outlook inward our case) carries the technical load, non the HISP. To comply amongst the Direct Project requirements, however, nosotros utilization a HISP for PKI certificate management in addition to provider registries, but the actual e-mails locomote yesteryear correct through the HISP from senders (publisher) to their recipients (subscribers).
In conclusion, the persuasion of MD Loonsk in addition to many others neglect to realize how breakthrough innovations, similar our novel SMTP architecture in addition to apps, tin gain what seems impossible to folks focused conventional technology. Though no uncertainty well-intentioned arguments yesteryear intelligent people, their criticisms create non supply practiced argue for denigrating the simple, sensible, survivable solution SMTP provides.
0 Response to "Healthy Living Onc’S Straight Project: Inwards Defense Forcefulness Of Simplicity"
Post a Comment