[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: EDIINT and HIPAA

To: dick@xxxxxxxx
Subject: Re: EDIINT and HIPAA
From: Gunther Schadow <gunther@xxxxxxxxxxxxxxxxxxxxxx>
Date: Thu, 02 Nov 2000 11:12:44 -0500
Cc: Rik Drummond <rvd2@xxxxxxxxxxxxxxxx>, Kepa Zubeldia <Kepa.Zubeldia@xxxxxxxxxxx>, CLEM <clem@xxxxxxxxxxxxxxxxxx>, Gary Crough <gcrough@xxxxxxxxxxxxxxxxxxx>, Beth Morrow <Beth@xxxxxxxxxxxxxxxxx>, "David@Drummondgroup. Com" <david@xxxxxxxxxxxxxxxxx>, GISB1@xxxxxxx, ietf-ediint@xxxxxxx
List-archive: <http://www.imc.org/ietf-ediint/mail-archive/>
List-id: <ietf-ediint.imc.org>
List-unsubscribe: <mailto:ietf-ediint-request@imc.org?body=unsubscribe>
Organization: Regenstrief Institute
References: <LPBBLBPKDKAJOLGFEMDNAEMJCDAA.rvd2@worldnet.att.net> <00e901c044dc$9f394b80$cde379a5@techcomm.com>
Sender: owner-ietf-ediint@xxxxxxxxxxxx

Dick, 

I appreciate your warning. Please me (and others) understand ...

You say:
> AS2 contains two distinctly different  ways to package and send EDI
> and other data over HTTP:
> 
> 1. The HTTP standard approach,  ref: HTTP spec (www.ietf.org/rfc/rfc2616.txt),
> Multipart/form-data spec (www.ietf.org/rfc/rfc2388.txt formerly rfc 1867) and
> HTML 4.0 spec (http://www.w3.org/TR/REC-html40/)
> This is the approach used by GISB and the Automotive Industry (AIAG E5)
> 
> 2. E-mail based packaging as specified in EDIINT AS1
> (http://www.ietf.org/internet-drafts/draft-ietf-ediint-as1-11.txt ).

Hmm, my understanding is that, while AS#1 uses SMTP (which I still believe
is good ... but we had enough of that discussion :-), both AS#2 and the GISB
profile use HTTP. The difference may be the payload of the HTTP request.

Isn't it true that both AS#2 and GISB use the MIME security wrappers?

Isn't the only difference that AS#2 uses RFC1767 application/EDI-*
payload while GISB use multipart/form-data?

Since you use form data, does that mean that GISB's operational model
is that of a user interacting with a web-based e-commerce system
directly (i.e. filling out an HTML form?)

Most of X12, HL7, and NCPDP, certainly do not work with direct user
interactions but use an EDI message payload formatted according to
X12, HL7 and NCPDP specifications respectively. (Though I know that
NCPDP has done something in direct user interaction too, but not
sure how much that is actually used.)
 
> The EDIINT AS2 interoperability test currently underway by the Drummond Group
> and sponsored by UCC is exercising  the e-mail specifications (option #2 above).
> The "profile" defined and adopted by GISB and AIAG (option #1 above) is not
> included in the EDIINT test, however there are numerous implementations of GISB
> EDM and AIAG-E5 (the foundation specs that formed the basis of AS2 profile #1)
> that have been used daily since 4/1997 for E-Commerce on the Internet (Enron
> recently announced $200 Billion dollars in E-Commerce on the Internet; they were
> the first company to implement the GISB standard for Internet E-Commerce).

this is good and fine. The only requirement would be that these 
implementations can also support the EDI payload method of AS#2, 
either now or easily soon (I suppose they can.) 

We certainly do not want to change the underlying EDI standards to
use form-data presentation.
 
> The EDIINT AS2 interoperability test has uncovered some issues that required
> changes to the e-mail formatting specifications within AS2 (Rik can provide the
> details of the problems, but they were "show stoppers" that had to be fixed).
> These changes do NOT affect the GISB or AIAG profiles of AS2 (option #1), the
> changes are limited to the e-mail section (option #2).  This means the AS2
> authors (Dale Moberg, Rik Drummond and myself) will have to make appropriate
> adjustments to AS2 and republish as an IETF draft. This will begin a review
> process and will most likely require a face-to-face meeting at the IETF to move
> the process along.  This could delay the standardization of AS2 by IETF,
> depending on the feedback received regarding the changes. The GISB profile of
> AS2 (option #1) has remained unchanged, so I don't expect any opposition/issues
> to arise.

Gulp, this means another year delay until the final RFC is out, the IESG
has got to speed up its processes!
 
> I'm willing to discuss this further and help move AS2 closer to becoming an IETF
> and government approved standard, beyond the endorsement received by GISB from
> DOE/FERC.
>
> FYI - Group 8760 has assisted in performing interoperability testing (Internet
> transport only), using the GISB standard (with PGP encryption/signatures),
> between an institutional provider and a large Insurance Carrier (payer) for
> HIPAA compliance within the last 3 months with successful results.

Would you be willing to come to a couple of HL7 meetings and help us 
release the IETF specs as HL7 standard (for ANSI approval) and communicate 
our few additional requirements back into the IETF?

In addition, I would like to have some other IETF-EDIINT members (vendors)
to step up and join that fast track group for EDIINT ANSI approval. If we
could get three people who see this as a valuable investment, it would 
help. May be on the next IETF-EDIINT meeting we should talk about this.
Either Kepa and/or I should come see you to discuss the ANSI question and
get the ball rolling. 

But, you have to understand, I'm kind of looking for a clear sign from the 
EDIINT group to say "yes, this ANSI thing makes sense, so let's go do it," 
you know, some committment. Note that neither I nor HL7 has a particularly 
huge selfish interest in this to happen, we would not participate in that
sudden market growth, we are not vendors selling products to every Medicare
provider in the US :-). We are just kind of hoping to help the right thing
to happen for the sake of sanity :-)

regards
-Gunther

begin:vcard 
n:Schadow;Gunther
tel;fax:+1 317 630 6962
tel;home:+1 317 816 0516
tel;work:+1 317 630 7960
x-mozilla-html:FALSE
url:http://aurora.rg.iupui.edu
org:Regenstrief Institute for Health Care
adr:;;1050 Wishard Blvd;Indianapolis;Indiana;46202;USA
version:2.1
email;internet:gschadow@xxxxxxxxxxxxxxx
title:M.D., Medical Information Scientist
note;quoted-printable:Al oppinions expressed in this message are my own and do =0D=0Anot necessarily represent those of the Regenstrief Institute.
fn:Gunther Schadow
end:vcard

Follow-Ups:
- RE: EDIINT and HIPAA
  - From: Dick Brooks

Prev by Date: RE: Status and Future of EDIINT
Next by Date: RE: EDIINT and HIPAA
Previous by thread: Status and Future of EDIINT
Next by thread: RE: EDIINT and HIPAA
Index(es):
- Date
- Thread