[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: AS2 XML requirements (was Re: HL7 Standards Process)
- To: "Rishel,Wes" <wes.rishel@xxxxxxxxxxx>
- Subject: Re: AS2 XML requirements (was Re: HL7 Standards Process)
- From: Gunther Schadow <gunther@xxxxxxxxxxxxxxxxxxxxxx>
- Date: Fri, 24 Nov 2000 00:18:35 -0500
- Cc: "'dick@xxxxxxxx'" <dick@xxxxxxxx>, "'Kit (Christopher) Lueder'" <kit@xxxxxxxxx>, "'Kepa Zubeldia'" <Kepa.Zubeldia@xxxxxxxxxxx>, Rik Drummond <rvd2@xxxxxxxxxxxxxxxx>, CLEM <clem@xxxxxxxxxxxxxxxxxx>, Gary Crough <gcrough@xxxxxxxxxxxxxxxxxxx>, Beth Morrow <Beth@xxxxxxxxxxxxxxxxx>, "David@Drummondgroup. Com" <david@xxxxxxxxxxxxxxxxx>, GISB1@xxxxxxx, ietf-ediint@xxxxxxx
- List-archive: <http://www.imc.org/ietf-ediint/mail-archive/>
- List-id: <ietf-ediint.imc.org>
- List-unsubscribe: <mailto:ietf-ediint-request@imc.org?body=unsubscribe>
- Organization: Regenstrief Institute
- References: <>
- Sender: owner-ietf-ediint@xxxxxxxxxxxx
Wes, Dick, Kepa, and all ...
wow, you've had quite an e-mail day today (I mean yesterday), we can be really
lucky that I see all this only after the fact that way I didn't get involved
and didn't write my usual e-mail bombs :-) So, I can summarize a few key
issues:
1) AS1 vs. AS2 / email vs. HTTP
2) XML as payload and how to process payload
3) digital e-signatures, the law, and whatnot
4) what else?
1) AS1 vs. AS2 / email vs. HTTP
Kepa, I agree with you. Dick and Wes, I see a good place for email routes
especially to smaller participants. However, we had been engaged in endless
hard debates on this issue before and it's like everything had been said.
All I ask is that we will continue to offer AS1 for email and AS2 for
HTTP and whatever else we need. I didn't see you object against continuing
to offer AS1, and that is enough for me. I don't need to change your mind
to thing less negative about email.
2) XML as payload and how to process payload
I agree with Wes. XML don't mean s... (I spent my day with car mechanics,
so I picked up some of their jargon :-). HL7 v3 has fully embarked XML,
and I agree, but it's not XML that's important but HL7, NCPDP, X12 or
what have you. EbXML might provide a common message "header", but that's
going to be about all, and ebXML is out of the question at this time.
I have long ago tried to convince people at IETF EDIINT to revise the
RFC 1767 spec to add additional EDI-* MIME types, to add parameters
to the EDI-* MIME type, and to devise a way to use EDI-consent more
robustly. I talked high and low, long and short, but I didn't get my
point accross. Might it be that now is the time to get some agreement
about this? At least some of this is a precondition to do any of the
HL7/NCPDP profiles in that ANSI/HHS process.
3) digital e-signatures, the law, and whatnot
I have heard a lot of very cautious statements about e-signatures
in healthcare and have read 3 articles now that caution more or
less bluntly that "digital signatures" are no signatures. I am
also aware of ths issue of requiring to see exactly what is signed
and to freeze that representation as part of the signed document.
XSL stylesheets or screenshots are then discussed, and I believe
that if we'd take that serious we could only allow screenshots to
be signed and that wouldn't even be enough.
All these worries are worth thinking about to some extent, but then
there is the sheer pragmatic fact that the world won't stop spinning
and e-signatures are here to stay in some form. In fact, the ESIGN
act -- according to my reading -- is quite loose in what it requires
of a signature. I see no demand for screenshots or XSL in it. I
see simply the statmement that no for of a signature can be denied
a legal status merely on the basis that it is not "in written form".
Much of the rest is left open to hopefully close investigation of
each individual case that goes to the courts.
4) what else?
Ah, to reiterate Kepa: limit the scope. With the transaction standards
in the HIPAA scope, we do not need very elaborate signature and
countersignature attribution mechanics, since those transaction
standards don't have much of that elaborate notion. So, the EDIINT
route with one signature per transaction is probably all that's
needed for now.
Down the road, of course, we have HL7 v3 and XML digital signatures
and we are ready for fine grained multi-signature and countersignature
control with attributions along the lines of ASTM E1762 requirements,
etc. But that isn't what the HHS would consider adopting anytime
soon because it is simply too new and too advanced.
regards
-Gunther
PS: thanks to Peggy Leiby and the HL7 headquarter, we now have a
room for our Monday 1/8 meeting. So we can send out invitations rather
soon. We will have people from ASTM, IETF, NCPDP, ABA, NCVHS, and HL7
present. This is great stuff!
begin:vcard
n:Schadow;Gunther
tel;fax:+1 317 630 6962
tel;home:+1 317 816 0516
tel;work:+1 317 630 7960
x-mozilla-html:FALSE
url:http://aurora.rg.iupui.edu
org:Regenstrief Institute for Health Care
adr:;;1050 Wishard Blvd;Indianapolis;Indiana;46202;USA
version:2.1
email;internet:gschadow@xxxxxxxxxxxxxxx
title:M.D., Medical Information Scientist
note;quoted-printable:Al oppinions expressed in this message are my own and do =0D=0Anot necessarily represent those of the Regenstrief Institute.
fn:Gunther Schadow
end:vcard