HL7 via SFTP

By: Johnathon Wright on: February 20, 2013

This page documents the process of creating an HL7 interface between my client's "micro-EMR" and a medical laboratory named "BioReference":bioreference.com

BioReference presented me with two interface options: * install software on my windows machine. Their software would dump files into a directory of my choosing. * SFTP

Since our application runs on Linux, I had to choose SFTP. Per my contact, Raxit, they did not have any other available interfaces.

h2. On whether or not SFTP is a good idea

I recently compared passing messages via FTP to sending emails by opening up a share and typing those messages in notepad. It's a good analogy -- I can say it was me that sent it, and it probably was, but in the end, even though email is obviously just as insecure if not less secure, the lack of a "sender" really bothers me.

h3. Pros * widely used * easy-ish to implement (though I have to check for new files and that's kinda sloppy... ) * Of the one option presented to me, this was one of them. * Unlike SMTP, messages will not sit on a business partner's machine, waiting for me to retrieve them. * SFTP sits on top of SSH which is unquestionably very secure in terms of preventing outside parties from reading the data while in transmission, barring a man-in-the-middle attack.

h3. Cons * there is no queue to be checked; no intrinsic marking things as read. * If the server goes, this goes too, and no way to know what was lost. * though in the end, this app isn't (to use NASA terminology) "man-rated" (no human lives depend on it.) * not clear to me that it conforms strictly to HIPPA standards. However, all the major companies use it, and they have more lawyers than my client, so it seems safe to assume it has been vetted. * no way to send an ACK * I am supposed to log who sent the file. Unlike SMTP or whatever, there is no listed sender. (Though of course, SMTP senders can be faked... )

h2. Security Concerns

Do I really want to give these people a user account on my server? NO.

Under normal FTP conditions (or SFTP), a user who FTPs into your machine will have read-only access to many, many files, such as those in /var and /etc. Since locking down Linux is not my full time job, this seems like a pretty terrible idea to me. Fortunately, the people at RackSpace (long may they live) had some suggestions to help me make this more secure.

change port Change your SFTP port to something obscure to decrease attempts to access your machine.

shroot is a tool that allows you to change the apparent root for a user so that users see only the files in a specific directory, and nothing outside it.

h2. Other Utilities

tripwire is a program that I may be able to use to simulate a better interface... it should be able to watch this directory and notify my app, perhaps by posting to a URL or something, that a new file is ready for processing.

h2. Implementation

h2. References

http://instagrati.com/tag/subsystem-request-failed-on-channel-0/ http://www.faqs.org/docs/securing/chap15sec122.html http://www.pureftpd.org/project/pure-ftpd


hermes said: A lot of thanks for your whole effort on this site. Betty take interest in engaging in internet research and it is obvious why. All of us learn all of the lively form you present priceless guidelines through the website and therefore attract response from other people about this situation and our own simple princess is in fact starting to learn so much. Have fun with the rest of the new year. You are doing a very good job. hermes [url=http://www.hermesonlineshop.com]hermes[/url]

goyard handbags said: I intended to create you the bit of observation to say thanks again on your extraordinary strategies you've shared here. It has been really extremely generous with people like you in giving unreservedly exactly what a lot of people could possibly have supplied for an e-book to help make some profit for themselves, primarily now that you could have tried it in case you decided. The inspiring ideas as well acted as the fantastic way to be certain that other individuals have a similar keenness like mine to learn lots more when it comes to this condition. Certainly there are numerous more pleasurable periods in the future for folks who look into your blog post. goyard handbags

nike 270 said: I intended to write you a very small observation to thank you very much the moment again with your amazing pointers you have shared on this website. It is simply shockingly open-handed of you giving unhampered all many individuals could have offered as an ebook in order to make some dough for their own end, especially considering the fact that you might have tried it if you ever considered necessary. These secrets also worked to be a easy way to be sure that the rest have similar interest similar to my very own to understand a whole lot more with regards to this issue. I'm certain there are millions of more fun situations in the future for individuals who view your site. nike 270

cheap jordans said: I am glad for commenting to let you know of the superb encounter my wife's daughter had visiting your site. She noticed lots of issues, most notably what it's like to have a great coaching character to get many others without hassle completely grasp chosen grueling subject matter. You actually did more than our own expected results. Many thanks for churning out these good, safe, edifying not to mention fun tips on this topic to Jane. cheap jordans

nike air max 2018 said: My spouse and i got absolutely happy when Jordan could deal with his homework from the ideas he discovered from your own web pages. It is now and again perplexing to just happen to be making a gift of ideas that the rest might have been trying to sell. And we also discover we have the website owner to give thanks to for this. These explanations you've made, the straightforward web site menu, the relationships you can aid to foster - it is many extraordinary, and it's leading our son and the family understand that subject is fun, and that is especially vital. Thanks for all the pieces! nike air max 2018

kevin durant shoes said: I simply wanted to compose a comment so as to say thanks to you for these magnificent steps you are posting at this site. My prolonged internet research has at the end of the day been compensated with pleasant know-how to talk about with my great friends. I 'd mention that many of us site visitors are truly fortunate to live in a magnificent place with many marvellous individuals with useful techniques. I feel very privileged to have seen your website and look forward to many more awesome minutes reading here. Thanks a lot again for everything. kevin durant shoes

off white hoodie said: I want to show my appreciation to the writer for bailing me out of this challenge. Just after exploring through the the net and seeing ideas which are not helpful, I believed my life was over. Living devoid of the strategies to the difficulties you have fixed as a result of your main guide is a serious case, and ones which may have negatively affected my career if I had not discovered the blog. Your actual understanding and kindness in maneuvering a lot of stuff was tremendous. I'm not sure what I would have done if I hadn't discovered such a stuff like this. I can also at this moment look ahead to my future. Thanks for your time very much for this reliable and sensible guide. I will not be reluctant to refer the sites to anyone who should receive assistance about this area. off white hoodie

cheap jordans said: You must take part in a contest for among the finest blogs on the web. I'll recommend this website! cheap jordans

lebron 16 said: There may be noticeably a bundle to learn about this. I assume you made sure good points in features also. lebron 16

supreme hoodie said: I found your blog web site on google and test a number of of your early posts. Proceed to maintain up the excellent operate. I simply further up your RSS feed to my MSN Information Reader. In search of forward to studying extra from you later on!? supreme hoodie

cheap jordans said: Your place is valueble for me. Thanks!? cheap jordans