• No results found

Data Transfer Service A Migration tool to replace current X.400 messaging between NHS workflow applications

N/A
N/A
Info
Download
Protected

Academic year: 2021

Share "Data Transfer Service A Migration tool to replace current X.400 messaging between NHS workflow applications"

Copied!
6
0
0

Loading.... (view fulltext now)

Download now ( 6 Page )

Full text

(1)

Data Transfer Service – A Migration tool to replace

current X.400 messaging between NHS workflow

applications

Submitter: Richard Corbridge Sponsorship: Gwyn Thomas 1. Introduction

1.1 This paper proposes a technical solution to support a secure transport infrastructure to transfer data between NHS organisations and NHS

organisations and local authorities. The strategy specified in this submission is considered to achieve the encryption provision needed to comply with the stated security requirements for application to application workflow

messaging that carry clinical and patient identifiable information. The technical solution proposed will enable workflow applications currently utilising the X.400 Managed Message Handling Service to migrate onto an e-GIF compliance secure data transfer infrastructure (i.e. HTTPS – secure Hypertext Transfer Protocol).

1.2 This paper is supported by the following documentation:

• Extract from e-GIF (electronic Government Interoperability Framework) document, version 4 part 2, “Technical Policies and Specifications” 25th April 2002, section 6.1. table 1 – see Appendix 1

• Delivering 21st

Century IT Support for the NHS - National Strategic Programme – (June 2002) – see Appendix 2

• Statement of Approval for Technical Security Aspects of Data Transfer Service from NHS Information Authority Security Board (January 2003 Board Meeting) – see Appendix 3

• Statement of Approval from the Design Authority with reference to the strategic fit of the Data Transfer Service when considered in relation to the required programme of works for the National Programme for Information Technology – See Appendix 6.

• Data Transfer Service Functional Specification (version 1.2) – See Appendix 4

• Data Transfer File Interface Specification (version 1.2) – See Appendix 5 The strategy specified in this submission to the Information Standards Board (ISB) requires approval as an NHS Draft Standard to support the achievement of migration from X.400 to eSMTP. Any uses of the DTS beyond this scope will be submitted to ISB for further approval. The lifespan of the DTS (as specified in this submission), and therefore the life of this Draft Standard will determined by the contractual period of the NHS Managed Message Handling Service.

(2)

1.3 The first workflow application community scheduled to use this standard for migrating off the X.400 messaging infrastructure are the NHAIS (Exeter) systems. The subsequent communities of NHS workflows to use this migration standard are NHS-Wide Clearing Service (NWCS), Central Registration and General Practice systems.

1.4 The technological concept of the DTS has already been implemented with great success in the NHS Numbers for Babies (NN4B) project.

2 Compliance with Requirements for Strategic Information Standards

2.1 The technologies that support the secure data transfer in the solution specified in this submission comply with the transport security standards covered within the e-GIF (electronic Government Interoperability Framework) document, version 4 part 2, “Technical Policies and Specifications” 25th April 2002, section 6.1.

2.2 The architecture of the strategy specified in this submission is considered to meet an agreed set of purposes, these are:

• Compliance with the requirements of “Domain to Domain Encryption” for clinical workflows, as defined in “Delivering 21st Century IT Support for the NHS”

• To afford the appropriate levels of security to sensitive and personal health information to comply with the requirements of the Data Protection Act 1998.

• Common law duty of confidence.

• Transfer of sensitive and personal health information between NHS organisations and NHS organisations and local authorities as defined in the Health Act 1999 section 31.

3 Strategy Overview

3.1 The NHS has historically utilised the X.400 messaging standard to support data transfers between EDI (electronic data interchange) systems and clinical / business workflow applications. In order to comply with e-GIF and

International Internet standards, the NHS made a strategic decision to migrate workflow applications off the X.400 messaging standard.

3.2 The DTS (Data Transfer Service) is a technological solution that has been specifically developed for the NHS to enable workflows to migrate off the X.400 messaging standard. The principle objectives for the DTS development were to support:

-• A standardised, e-GIF compliant, infrastructure for NHS workflow applications to exchange information

(3)

• Separation of NHS workflow application handshaking /

acknowledgement function from underlying messaging protocol layers • Simplify implementation of 128 bit encrypted connection between

NHS workflow applications

• Improved management information for data transfers between NHS workflow applications (web-based message tracking)

3.3 The DTS has the following key components: • DTS Server

• DTS Client

• Client File Interface • Security

• Administration and Data Transfer Tracking

3.3.1 Service Summary

The following diagram shows the key components of the DTS. Abbreviation of DTS components

eSMTP enhanced Simple Mail Transfer Protocol is the e-GIF specified

standard for mail transfer

HTTP Hypertext Transfer Protocol

MTA Message Transfer Agent – transfer messages between computers

MSS Managed Server Service – a service provided within the core NHS Messaging Service designed for organisations who do not wish to own or operate their own MTA.

SSL Secure Sockets Layer is the e-GIF specified standard for transport security.

(4)

HTTP / SSL 128 bit Encrypted HTTP / SSL 128 bit Encrypted Data Transfer Server Central MTA (MSS) Application DTS Client Application DTS Client eSMTP Application 3.3.2 DTS Server

The Data Transfer Server performs two primary functions. First, it supports the transfer of data to and from the Data Transfer Clients that reside on the clinical / business applications. Secondly, it supports communications to and from the eSMTP component of the NHS Messaging Service.

3.3.3 DTS Client

The Data Transfer Client supports the transfer of data to and from the clinical / business applications in a secure manner using the Data Transfer Server. When transferring data from the end-site application, the Client will transfer data that has been downloaded by the application over an encrypted link. The local configuration of the DTS Client is defined in a Client configuration file. All activities undertaken by the DTS Client is recorded to a local Log File.

3.3.4 Client File Interface

A file-based interface has been developed to pass a data file and an associated control file from the Host Application to the DTS Client.

3.3.4.1 Client File Interface - Folder Structure

DTS Root – defined in client configuration file

• IN – used by the DTS Client to deposit data and status information to be received by Host Application

• OUT – used by the Host Application to copy data to be sent by the DTS Client

(5)

• SENT – used by the DTS Client to copy sent data for use by the Host Application

• TEMP - used by the DTS Client for any intermediate files during its processing

3.3.4.2 Client File Interface – Transactions

For each transaction or data transfer the following activities occur:

-• Each individual data transfer consists of a data file and a control file • A status report is generated for each transaction, that can be viewed

via a web-based message tracking system

3.3.4.3 Client File Interface – Control File Elements

The Control File has been developed using XML (extensible Mark-up Language) which supports the e-GIF compliance objectives of the DTS development. AddressType From Subject DTSID Compress WorkflowID DataChecksum StatusRecord MessageType To Local ID PartnerID Encrypted ProcessID IsCompressed

3.3.5 Client with the Data Transfer Server Interface

The client transfers data, sent by the application, to the Data Transfer Server for onward transmission. The client periodically polls the Data Transfer Server, to check if there are any messages to be retrieved. If there are, it will then transfer them.

3.3.6 Security

When a data transfer is initiated the following activities occur: Confidentiality:

• The client will transfer the data to the server via an SSL 128 bit encryption between DTS Client and DTS Server over NHSnet. Authentication:

• The DTS Client will authenticate to the DTS Server using a ‘UserID’ and ‘password’

• The DTS Server will undertake an NHSnet DNS (domain name

system) lookup of the Internet Protocol address of the Host Application machine.

(6)

3.3.7 Web-based Administration and Data Transfer Tracking 3.3.7.1 Administration

For each DTS Client, password protected user accounts users can be configured that will allow defined levels of access to view the web-based administration and data transfer tracking system.

3.3.7.2 Data Transfer Tracking System - Search / Filter Functionality

The following criteria can be used by authorised users to search for information about previous data transfers:

• Date and time period • To Address

• Local Identifier • DTS Client Identifier • Partner Identifier

3.3.7.3 Data Transfer Tracking System - Reports

The following criteria can be used by authorised users to produce reports about previous data transfers:

• To Address • From Address • Subject • Local Identifier • DTS Client Identifier • Partner Identifier • Workflow ID • Process ID

• Tracking Record for the Transfer o Date and Time of event

o Event description

Published by: Stephen Humphries Data Services Manager Published: 30 June 2003

References

Download now ( PDF - 6 Page - 51.79 KB )

Related documents

NJ Realty Transfer Fees

A. T he Realty Transfer Fee shall not apply to a deed: a) for a consideration of less than $100; b) by or to the United States of America, this State, or any instrumentality, agency,

The high cost of cost efficiency: A critique of carbon trading

Carbon trading, as a market-based climate policy that allows polluters to comply with emissions reductions commitments with tradable pollution rights, is presented by its proponents

Streaming Real-Time Data into Xcelsius Apps

Data Management RPC Services Messaging Service Adapters Data Synchronization Off-line Applications Data Paging Web Service HTTP Service Remote Object Service. Publish &

SUMMARY OF PRODUCT CHARACTERISTICS 2 QUALITATIVE AND QUANTITATIVE COMPOSITION

Toxic reactions (showing an abnormally high concentration of local anaesthetic in the blood) may appear either immediately, by accidental intravascular injection or later, by

Transaction Costs and Strategic Trading of German Investment Management Firms: Empirical Evidence from European Stock Markets

For the data set of this study, the volume (equally) weighted market impact relative to the opening price of the trading day is 81.25 bp (38.98 bp), more than twice as much as the

Explaining variability in the investment location choices of MNEs: an exploration of country, industry and firm effects

This model explores how the effects of country-level factors on investment location decisions might vary according to different firm and industry observed characteristics through

HA Convention 2007 Service Priorities & Programmes 8

An Expenditure - - saving Cluster saving Cluster - - wide Cyclosporin wide Cyclosporin A Service with Improved Analytical Performance.. A Service with Improved

Pharmaceutical & Regulated Waste Reduction at Tripler Army Medical Center

Implementing this best practice at Tripler AMC had the stated objective of reducing overall costs by $34,709 per year by reducing excess and expired pharmaceutical supplies