Application Interfaces: VPNs are not the answer

You have a new application, vendor or hospital that you need to interface to. Everyone in meeting grumbles about how the application interface will be built, where the resources will come from, and who’s budget will take the hit for adding the new partner.

To get started, you start thinking about everything that will need to happen:

1. A new VPN connection will need to be created to bring the new trading partner onto the network… paperwork with the hosting company or telco, network configuration changes, firewall ports opened, etc.

2. Depending on the application or partner you are working with, you need to understand what interfaces you will need support/build, e.g. does the application have a specific transport protocol you are not familiar with, is there a specific message protocol that you will need to convert

3. Specialist that have worked with these types of interfaces will need to be selected and contracted

4. Depending on how many connections you are creating, you may need to bring on additional staff to manage and support these connections

5. If any value added services such as guaranteed delivery or file tracking need to be implemented, this will increase the scope of contract work

6. Each connection will need to be tested thoroughly

VPNs provide the basic necessity of secure connectivity, but they are a unwieldy solution for IT organizations that are faced with deploying many connections and are limited on technical resources, time, and money.

When working with new trading partners, healthcare application interfaces, or vendors, VPNs may not make the most sense for your needs. Think about some of the problems you may face when adding new VPNs and how you can mitigate those pain points:

1. Are there other secure, application connectivity solutions available? If so, do they offer the most basic needs for interoperability?

2. Does the VPN solution offer file-level tracking, encryption, guaranteed delivery and web portals to view message and data traffic?

3. Are there solutions available that do not require changes to the firewall and/or network

4. Is there a solution that will require minimal IT support, reducing the total cost of ownership for maintaining secure outbound connections?

5. Will these connections continue to meet changing government standards for connectivity or will additional work need to be done to keep them compliant?

6. Is there a solution available that does not take weeks or months to implement?

There are many more questions to be answered, but the basic question is “can you find a better way?”. As technology advances and the Cloud becomes a more trusted platform for offering services, it may be time to start seriously evaluating alternatives to VPNs.


Preparing for Health Application Interoperability

2011 is going to see a dramatic increase in the adoption of EHR software and digital patient information exchange will become an even greater priority in order to meet Stage 1 meaningful use requirements.

If you are an IT Manager, this looks like it will require an all hands on deck and a huge shift in how things have been run throughout your organization. Since all patient data will need to be exchanged digitally in a safe and reliable way, you will be tasked with:

  • Ensuring application interfaces can connect internally as well as make connections outbound through your firewall
  • Making sure your IT ecosystems are documented carefully to determine where the holes are in internal and outbound connectivity
  • Allocating resources for managing all new connections and configuring your firewall to accept new connections
  • Dedicating staff to managing the new network; either adding to overhead or detracting from other initiatives within the organization

Some things to think about in 2011 as you prepare to meet these new requirements are:

1. Meaningful Use Incentives: Registration for the EHR Incentive program started on January 3rd: http://www.healthcareitnews.com/news/government-ehr-incentive-program-ready-go

2. New Infrastructure: New processes will need to be learned as you begin interfacing to all the EHRs, PMS’, HIEs, Physician Groups, Clinical Labs, etc. being brought onto the network.

3. Security: All patient health information will need to be encrypted and transported securely in order to meet HIPAA compliance.

4. Training: Staff will need to be trained and allocated to manage these networks. As your network continues to grow, so will the resources required to support and manage it. Changes in your firewall will need to happen and application interfaces will need to be built.

5. Solution Providers: HISPs (Health Information Service Providers) will need to be selected. Not everything can/should be done in-house, so you will need to determine how to minimize the total impact of these new application interoperability requirements. Your EMR may already provide application interfaces, but it is possible that many of your systems do not support outbound connectivity.

2011 will bring a lot of change for the healthcare industry as a whole, and with that change, progress. Despite the huge burden these new regulations will have on IT departments large and small, the end game will produce a cohesive, secure and reliable patient information exchange that improves the quality of care for all Americans.