HL7 transports a lot of (privacy) sensitive data. As a security minded person, this is a real issue. Most of the data transmits on a corporate network, but the basis of HL7 with MLLP is a plain text protocol. Anyone can sniff the data and get sensitive information.
Luckily I’m not the only one thinking about these security issues. The organization behind HL7 offers guidance on how to identify and solve security problems. They are using the Risk Management Lifecycle to do this. I hope that any organization is aware of these issues and draw up some plans to mitigate any security issue they possibly can identify.
Besides the process of identifying security issues, there is not a lot of explanation on how to solve these issues on a technical level. There are multiple ways to deal with security in communication. Two good ways are offered. The first one is to use SSL to encrypt communication between applications. This way it will be harder to sniff the HL7 network traffic.
Besides making it harder to steal information, unauthorized communication must be addressed. Some form of authentication and authorization should be applied on the HL7 services. One way to implement this is using EDI (Electronic Data Interchange).
Here are some resources on helping you to identify security risks:
This document will help you with technical implications of the identified risks: