News

Case study: security vulnerabilities in C-CDA display

For background, see my previous blog post describing the details of three security vulnerabilities in C-CDA Display using HL7’s CDA.xsl.

Last month I discovered a set of security vulnerabilities in a well-known commercial EHR product that I’ll pseudonymously call “Friendly Web EHR”. Here’s the story…

The story: discovery and reporting

I was poking around my account in Friendly Web EHR, examining MU2 features like C-CDA display and Direct messaging. I used the “document upload” feature to upload some C-CDAs from SMART’s Sample C-CDA Repository. At the time, I was curious about the user experience. (Specifically, I was bemoaning how clunky the standard XSLT-based C-CDA rendering looks.) I wondered how the C-CDA viewer was embedded into the EHR. Was it by direct DOM insertion? Inline frames? I opened up Chrome Developer Tools to take a look.
Continue reading “Case study: security vulnerabilities in C-CDA display”

Security vulnerabilities in C-CDA Display using CDA.xsl

TL;DR: If you’re using XSLT stylesheets to render C-CDAs in your EHR, make sure you understand the security implications. Otherwise you could be vulnerable to a data breach.

This blog post describes security issues that have affected well-known 2014 Certified EHRs.. Please note that I’ve already shared this information privately with the Web-based EHR vendors I could identify, and I’ve waited until they were able to investigate the issues and (if needed) repair their systems.

Last month I observed a set of security vulnerabilities in XSLT “stylesheets” used to display externally-supplied C-CDA documents in many EHRs. To be specific: the CDA.xsl stylesheet provided by HL7 (which has been adopted by many EHR vendors) can leave EHRs vulnerable to attacks by maliciously-composed documents.
Continue reading “Security vulnerabilities in C-CDA Display using CDA.xsl”

HIMSS14: Health IT’s Next Boom Cycle

HealthCare_InformationWeek_Logo

InformationWeek Healthcare, February 25, 2014 — Mark Braunstein
We’ve seen health informatics booms and busts before — will this one be different?
I’ve been attending HIMSS for decades, and in my view, the exhibit hall is the place to get a true pulse of the industry and the field in general. Over the years we’ve seen booms and busts. I remember HIMSS in my hometown of Atlanta during the heyday of health information exchange in the 90s, when the regional phone companies (remember them?) had huge exhibits touting their entry into the health informatics space…

Read more

Top Ten Tech Trends: Catching FHIR

healthinformatics-techtrends

Healthcare Informatics, February 19, 2014 — David Raths
A New HL7 Draft Standard May Boost Web Services Development
Standards development work in healthcare is a challenging, often thankless task, and definitely more of a marathon than a sprint. It isn’t often that a proposed standard garners genuine enthusiasm among people working on interoperability issues, but that is what is happening with HL7 Fast Healthcare Interoperability Resources (FHIR)…

Read more

How does FHIR express uncertainty and negation?

Last week I received an e-mail asking how FHIR expresses Uncertainty and Negation. It was a general inquiry, but also asked how FHIR might express a specific clinical statement like “Intolerant to opiods, no known other medication ADEs, and no known environmental/food allergens”.

Here’s what I said…
Continue reading “How does FHIR express uncertainty and negation?”

UConn Health Video Vouches for Value of Meducation

The winner of the 2011 SMART Apps for Health Challenge is in the spotlight once again.

Polyglot Systems’ medication instruction app, Meducation, was implemented at UConn Health Center in March 2013. By August the software had significantly improved patient satisfaction scores on certain HCAHPS measures, according to a report in BioPortfolio.

Now UConn’s own news site, UConn Today, features a video of hospitalist Dr. Wendy Miller describing in further detail how valuable the app has been to patients and caregivers at the center.

Screen shot 2014-01-24 at 4.15.37 PM

The Power of Shared Data

SMART, i2b2, and other open-source technologies made possible by the federal $48B investment in health IT will soon be used as the foundation of SCILHS: the Scalable Collaborative Infrastructure for a Learning Health System. Read the full report from the Harvard Medical School news office.

Based at Harvard Medical School and operating out of 10 health care sites from Massachusetts to Texas, SCILHS will be one of 29 networks in the national Patient-Centered Clinical Research Network (PCORnet). Pictured below are members of the network who made it through the snow to attend the official kickoff meeting held January 22–23 in Washington, D.C.

PCORnet Kickoff Attendees

C-CDA Endoscopy, or
Improving Clinical Document Exchange

SMART C-CDA infographic -- click to enlarge
Click infographic for full-size PDF

By David Kreda and Joshua Mandel

2014 will see wide-scale production and exchange of Consolidated CDA documents among healthcare providers. Indeed, live production of C-CDAs is already underway for anyone using a Meaningful Use 2014 certified EHR. C-CDA documents fuel several aspects of meaningful use, including transitions of care and patient-facing download and transmission.

This impending deluge of documents represents a huge potential for interoperability, but it also presents substantial technical challenges. We forecast these challenges with unusual confidence because of what we learned during the SMART C-CDA Collaborative, an eight-month project conducted with 22 EHR and HIT vendors.

Continue reading “C-CDA Endoscopy, or
Improving Clinical Document Exchange”

PCORI Award Will Support SMART/i2b2 Efforts Toward a Learning Health System

The Patient-Centered Outcomes Research Institute (PCORI) announced today that it will fund an exciting new venture for SMART and collaborators. The Scalable Collaborative Infrastructure for a Learning Health System—SCILHS (pronounced “Skills”)—will use SMART-enabled i2b2 at the following ten sites to help build a National Patient-Centered Clinical Research Network:

Continue reading “PCORI Award Will Support SMART/i2b2 Efforts Toward a Learning Health System”

Understanding “whitelists” in Direct Project secure e-mail

What’s a “Whitelist”?

As a follow-on to the last post about Direct messaging, I want to distinguish the Mass Medical Society’s vision of a “whitelist” from another concept that confusingly shares the “whitelist” moniker. Below, I’ll introduce two distinct terms and try to clarify the distinction:

“OR-gate whitelists” expand the communication pool

Mass Medical Society envisions a kind of per-physician “whitelist” that I’ll call an OR-gate whitelist. The basic premise of an OR-gate whitelist is that a physician can add any Direct address to her OR-gate whitelist via a UI in her EHR or HISP. By doing so, she’d be able to send secure e-mail to that address — regardless of CAs, trust bundles, or pre-existing local policy. An OR-gate whitelist acts like a logical “OR gate,” meaning that a message will be sent if institutional policy allows it, or if a physician’s personal OR-gate whitelist allows it.  With OR-gate whitelists, physicians can send to any Direct endpoint in the world, full stop.

“AND-gate whitelists” restrict the communication pool

The current Massachusetts HIWay has a deployed a different kind of “whitelist” functionality that I’ll call an AND-gate whitelist. Mass HIWay maintains a state-wide AND-gate whitelist of acceptable Direct addresses to which HIWay users are allowed to send Direct messages. An AND-gate whitelist acts like a logical “AND gate,” meaning that a message will be sent only if institutional trust bundles allow it (i.e. the recipient’s cert is signed by a CA that the organization trusts) and the institution’s AND-gate whitelist allows it. So Mass HIWay’s state-wide AND-gate whitelist is a way to avoid allowing, say, “all eClinicalWorks users across the whole country” into the pool at once. Instead, access can be restricted to the intersection of two sets: “All eClinicalWorks users across the whole country” and “Users on the Mass HIWay AND-gate whitelist.”