Secure HL7

The HL7 protocol is widely used to integrate healthcare applications. Cloak Labs has significant experiences in securely delivering HL7 messages between enterprises. This is especially important in the US due to HIPAA regulations but is also valuable in other countries since HL7 messages contain patient health information (PHI).

HL7 is routinely used within a single enterprise as an integration protocol between different systems. Where Cloak Labs secure messaging comes into play is when one enterprise wants to integrate with other enterprises, for example a lab that serves multiple hospitals, or a 3rd party provider of in-hospital treatment centers. In those cases the systems that need to communicate with each other are built and managed by completely different organizations and are each behind their own firewalls. This makes security and interoperability conceptually much harder than when everything is happening inside a single organization.

Cloak Labs technology is HIPAA compliant, encrypting data in motion and at rest. Data which passes through our cloud-based network is encrypted and unreadable by anyone excepting the intended recipient. Even we can’t read your messages. Cloak Labs will sign BAA agreements.

Simple Billing Example

One of the most common data exchanges between any two businesses is billing. In most industries this is pretty routine but privacy and legal concerns make this exchange much more complex in healthcare. Invoices routinely contain PHI and therefore cannot (in the US at least) be delivered unencrypted or in the clear. What’s amazing is that in the 21st century a large percentage of invoices are still delivered via fax! This creates numerous inefficiencies. eFax can help but an external eFax system may not satisfy privacy regulations, especially those that simply email the contents of the fax to the ultimate recipient in the clear. Worse yet, the structure of the underlying data is completely lost with a fax requiring costly manual re-entry with its attendant cost and errors.

Cloak Labs’ solution can provide end-to-end secure and reliable connectivity with minimal integration effort. The following diagram illustrates a simple secure HL7 invoicing setup.


Secure HL7 Communications with Cloak Labs

Furthermore Cloak Labs provides for non-repudiation of messages via our Customer Portal. Unlike emails which can easily be lost or disappear into spam folders, Cloak Labs keeps a complete audit trail of what messages were delivered to whom and when.

Multiple Channel Example with Billing and Patient Information Exchange

A more interesting situation occurs when healthcare providers not only want to bill each other but also want to exchange patient data. Common examples include:

In these more sophisticated situations there will likely be multiple systems involved at both collaborating enterprises. The billing and payment systems as we’ve described before, but also EMR and ERP systems. Again, the data being exchanged almost universally contains PHI and thus falls under security and privacy rules that far exceed those that exist in non-healthcare supply chains.

Cloak Labs’ Security Gateways allow you to define multiple channels. Each channel can be used to connect different systems with even potentially different protocols/message formats. The following figure illustrates one such use case:

Secure Multi-Channel/Multi-Protocol Communications with Cloak Labs

Secure Multi-Channel/Multi-Protocol Communications with Cloak Labs

Here HL7 diagnostic messages go from system A.1 to B.1 while billing messages in XML go from system B.2 to A.2. Many protocols are supported and there is no limit on the number of channels.