Main Menu

Daily using/supporting

Get Firefox browser!
Get Thunderbird!
Get Opera browser!
Get The Gimp!
Get Inkscape!
Get LibreOffice!
Get Videolan!
Get Linux!
Get Mandriva!
Get Joomla!
Hacker Emblem

Popular Tags

Archives

Which topics would you like us to cover more?

Latest comments

Latest tweets

about 1 day ago Using REDIPS.drag to add drag and drop to your .Net webapplication #li #dib0 http://t.co/n8zY3s7d
about 7 days ago http://t.co/cknQcDbo #Kindle
about 15 days ago Freedom isn't the ability to choose what to do or say, but the ability to choose what not to do or say #freedom
about 29 days ago http://t.co/61KTQknI #Kindle
12 Apr 2012 Force the use of a networking adapter using C# #li #dib0 http://t.co/ZTJOPzOz
9 Apr 2012 http://t.co/k9yliR2t #Kindle
9 Apr 2012 Mandriva 2010.2 and USB devices in Virtualbox http://t.co/fwq9gbHB
9 Apr 2012 Execute a http request to you own site with PHP http://t.co/DIvWPrpd
Twitter
Prev Next
Home Architecture, security and coding HL7 and security
HL7 and security
Written by Division by Zero   
Tuesday, 18 January 2011 14:25

HL7 transports a lot of (privacy) sensitive data. As a security minded person, this is a real issue. Most of the data transmits on a corporate network, but the basis of HL7 with MLLP is a plain text protocol. Anyone can sniff the data and get sensitive information.

Luckily I’m not the only one thinking about these security issues. The organization behind HL7 offers guidance on how to identify and solve security problems. They are using the Risk Management Lifecycle to do this. I hope that any organization is aware of these issues and draw up some plans to mitigate any security issue they possibly can identify.

Besides the process of identifying security issues, there is not a lot of explanation on how to solve these issues on a technical level. There are multiple ways to deal with security in communication. Two good ways are offered. The first one is to use SSL to encrypt communication between applications. This way it will be harder to sniff the HL7 network traffic.

Besides making it harder to steal information, unauthorized communication must be addressed. Some form of authentication and authorization should be applied on the HL7 services. One way to implement this is using EDI (Electronic Data Interchange).

Here are some resources on helping you to identify security risks:

This document will help you with technical implications of the identified risks:

Tags:

Related Articles
 

Add comment


Security code
Refresh

Only put off until tomorrow what you are willing to die having left undone. - Pablo Picasso


© 2009 - 2012, Division by Zero

Template based on the empire template by joomlashack 

Valid XHTML 1.0 Strict  Valid CSS!  Creative Commons License
This work by Division by Zero is licensed under a Creative Commons Attribution-Noncommercial-Share Alike 3.0 Netherlands License.