RE: HL7 Standards Process (was RE: EDIINT and HIPAA)

["Rishel,Wes" <wes.rishel@xxxxxxxxxxx>]

Comment below.



> -----Original Message-----
> From: Terry Harding [mailto:tharding@xxxxxxxxxxxxxxxxxxx]
> Sent: Wednesday, November 22, 2000 3:31 PM
> To: Rishel,Wes; 'Gunther Schadow'
> Cc: dick@xxxxxxxx; Rik Drummond; Kepa Zubeldia; CLEM; Gary 
> Crough; Beth
> Morrow; David@Drummondgroup. Com; GISB1@xxxxxxx; ietf-ediint@xxxxxxx
> Subject: Re: HL7 Standards Process (was RE: EDIINT and HIPAA)
> 
> 
> > Whatever happens to electronic signatures I would be 
> delighted if AS2
> > somehow got launched for the simple purpose of providing authentic,
> > encrypted B2B messages built on top of ubiquitous Internet 
> protocols. I
> > would like to offer my enthusiastic support to enabling 
> that by whatever
> > means works best. If that means that HL7 adopts it, so be 
> it. (I just hope
> > we don't adapt it.)
> Many vendors are already supplying that capability.  Several 
> vendors are
> AS1 and AS2 compliant and create a transport independant 
> signed, secured
> message which is transferred using SMTP or HTTP.
> The packaging remains the same for either transport and returned MDNs
> also follow the same format, transport independant.
> 
> Terry Harding
> Cyclone Commerce

Why do vendors frequently say the industry doesn't need a standard because
the vendor already has the function? Speaking as someone who spent most of
his career as a vendor I would suppose it is because we secretly harbor the
fantasy that we will someday entirely control the space. 

I recognize and laud that Cyclone has been involved in interoperability
testing with other vendors and don't mean to focus on Cyclone or Terry for
criticism. But I do think that vendors, as a community, tend give deference
to standards up to a point, and then want to "embrace and extend" to attempt
to corner part of the market.

Standards help to promote interoperability across vendors and limit the
effectiveness of "embrace and extend". This is an area that is sadly lacking
for authentication and security in general and for B2B transactions
specifically.

In healthcare we have an intersting relationship between the government and
consensus standards becasue of the HIPAA of 1996. Rather than create its own
standards, as has been the typical Government approach, that law mandated
Secretary HHS to find and use consensus standards if any were available,
with a strong bias towards ANSI-certificed SDOs. Part of the thrust of HIPAA
is to enable wide spread interoperability for certain healthcare
transactions. Currently the government cannot find a standard to mandate
that would permit free exchange of these transactions over the Internet
because there is nothing like AS2 standardized.

Wouldn't it be great if some group standardized AS2 and specific profiles to
meet specific business needs, such as batch and interactive transactions,
and Sec HHS recognized and mandated that standard and those profiles?
Ideally, IETF would have done so. Even though it is not ANSI-certified it
carries the weight that would allow the Secretary to mandate it. However
healthcare cannot wait for the standard to come out given the deliberate
pace of the IETF.

My company has been describing the Internet as "digital dial tone" for B2B
transactions -- that is to say, a way to communicate business transactions
that (a) permits structured data, and (b) is as ubiquitous and interoperable
as voice and fax. The concept is great, but it is not a reality until a
specification such as AS2 is standardized and widely adopted in its standard
form.

Wes Rishel
Research Director
Healthcare Industry Research & Advisory Services
GartnerGroup
Alameda, CA
Client inquiries: call +1-203-316-1288 or email to indapps@xxxxxxxxxxx
wes.rishel@xxxxxxxxxxx
510 522 8135
510 521 2423 (fax)