I was uncertain of the correct site in StackExchange to ask this but since it's about APIs I just went with Stack Overflow.
In the US currently more and more States and companies are setting up Health Information Exchanges to electronically exchange records between different hospitals, practices, etc. What I'm wondering is: are any of these protocols, APIs, etc documented anywhere? Off and on over the last few weeks I've tried to find anything, from any state, detailing how these work specifically, but I cannot find anything. I do find vague references to "documentation" and "standards," with no detail on the protocols, encoding, etc.
It may be a case of just not searching with the correct terminology, though part of me is beginning to suspect that none are documented anywhere.
Time for an acronym stew.
I'm not aware of any specific products/platforms provided by specific HIE vendors that expose public APIs. But, there are a variety of standards in the HIT community that are commonly used by HIEs:
The HL7 standards define a large number of data exchange and message formats for all sorts of patient health information. HL7 v2 is a custom delimited format. HL7 v3 is an XML format. Both have similar semantics. This is commonly used to exchange health information with an HIE. Note that this is a very broad standard and HL7 messages are highly subject to interpretation or customization in terms of which individual elements are required or utilized by each vendor.
CCD and CCR are also commonly used for exchange of health data, especially in conjunction with PHR (Personal Health Record) systems such as HealthVault.
LOINC and SNOMED are sets of standard names and identifiers used, among other places, in HL7 messages.
I've often seen SAML used in SOAP messages to provide additional security.
SAML only provides authentication/authorization support. HL7 is not encrypted so for HIPAA compliance when communicating between enterprises you either need to encrypt the connection via SSL or a VPN or use an application layer encryption solution such as CloudPrime
Disclosure: I am an advisor to CloudPrime.
Related
I read a lot about ABAC and its benefits, but I can't comprehend is how the involved parties to their work exactly.
I am creating a REST API microservices using C++ and I want to secure all API requests using ABAC. I do understand that I need to have: PEP, PDP, PIP etc. And I understand the general idea of what each service will do. But I have some questions about some issue that I am facing and I need to understand if there is a standard way to do it or it just depend on my imagination.
I am not going to use XACML (XML) to store the policy because my company prefers that policies be stored in a database or JSON format.
After forming the XACML request on the PEP side and send it to PDP how to search the policies stored on the PDP side with this request knowing that and if I understand it correctly not all PolicySets have targets, not all Policies have targets and the same for rules?
Do i have to use regex to match data from the request with policies from PDP. And if it is regex to be used how can i deal with policysets with no targets as i mentioned before or multiple targets in the same branch
I am trying to find a database with scientific papers which will allow me to:
1. Get metadata of papers by doi (including abstracts);
2. Do this stuff regularly (e.g. daily updated);
3. Ability to download whole existing database.
I know about Crossref API, however, only 3% of all publications presented have abstract (and none of biggest publishers like Springer or Elsevier provide them). On the other side I see some projects like Dimensions or Researcher which already implemented mentioned functionality. So the question is: does somebody know such services (possibly not free) and had experience working with them?
Have you looked at Semantic Scholar (https://www.semanticscholar.org/)? They have an API that supports the first of your requirements (http://api.semanticscholar.org/) and also provide the "Open Research Corpus" (http://labs.semanticscholar.org/corpus/) which should satisfy your third requirement. It is a smaller database than what is provided by Scopus or Web of Science, but both of those require subscriptions to fully use their APIs and don't (as far as I know) have a real way for you to purchase a full download of the database.
I'm wondering if WebSphere Liberty is collecting usage data and send it as anonymous data to IBM.
If yes,
What kind of data is being collected and sent?
Can I disable that?
Is the sent data encrypted?
The only thing I could find in the licenses related to collecting data is in the general IBM Customer Agreement:
11.1 Verification Process
Licensee agrees to create, retain, and provide to IBM and its auditors
accurate written records, system tool outputs, and other system
information sufficient to provide auditable verification that
Licensee's use of all Programs is in compliance with the ILAN Program
Terms, including, without limitation, all of IBM's applicable
licensing and pricing qualification terms. Licensee is responsible for
1) ensuring that it does not exceed its Authorized Use, and 2)
remaining in compliance with ILAN Program Terms.
Upon reasonable notice, IBM may verify Licensee's compliance with ILAN
Program Terms at all sites and for all environments in which Licensee
uses (for any purpose) Programs subject to ILAN Program Terms. Such
verification will be conducted in a manner that minimizes disruption
to Licensee's business, and may be conducted on Licensee's premises,
during normal business hours. IBM may use an independent auditor to
assist with such verification, provided IBM has a written
confidentiality agreement in place with such auditor.
So the "Upon reasonable notice" can mean many things. So I think legally they can collect these information if they ask your permission some how through license update or something like that.
The "may be conducted on Licensee's premises" doesn't eliminate the possibility of electronic data collection off premises.
So to put this together, I don't think they are collecting anonymous data right now, but legally they can with the right notification.
Nope, no usage data is sent to IBM unless you knowingly do so through a support ticket.
Im looking for information about how the IMAP protocol works. Google yields only high level information, but not enough to understand the details. I'd like to know enough to be able to create my own implementation. I found a c library which does it, but is poorly documented.
Some basic questions are: what are the IMAP uid's and what are their guaruntees? For example, will an id ever change? will it be reused if deleted?
This looks like a good starting point:
http://www.imapwiki.org/ImapRFCList
In general, the keyword you want when searching for details on an internet protocol is "RFC". Add that to your search along with the name of the protocol and you should get off to a good start.
Google yields only high level information, but not enough to understand the details.
Google is a general search engine, and its results will only be as good as the search terms you supplied. If you want to get detailed and definitive technical information about a protocol or standard or programming language, you should start by searching for the specification; i.e. use "specification" as one of your search terms.
I'd like to know enough to be able to create my own implementation. I found a c library which does it, but is poorly documented.
If you've already found an implementation, why would you want to create another? Or even know enough to (hypothetically) create another?
I'm sure there are other open source implementations of IMAP around in various languages.
It is a bit much to expect an implementation of IMAP to be sufficiently well documented as to serve as a specification.
Some basic questions are: what are the IMAP uid's and what are their guaruntees? For example, will an id ever change? will it be reused if deleted?
I expect that these questions can be answered by reading the IMAP specification; see RFC 3501
Imagine that you have thousands or millions documents signed in CAdES, XAdES or PAdES format. Signing certificate for end user is typically issued for 1-3 years. After few years, certificate will expire, revocation data (CRLs) required for verification will not be available and original crypto algorithms will not guaranee anything after 10-20 years.
I am courious if there is some mature and ready to use solution for this. I know that this can be handled by archive timestamps, but I need real product which will automatically maintain data required for long term validation, add timestamps automatically, etc.
Could you recommend me some application or library? Is it standalone solution or something what can be integrated with filenet or similar system?
The EU does currently try to endorse Advanced Digital Signatures based on the CAdES, XAdES and PAdES standards. These were specifically designed with the goal of providing the possibility for long-term archiving and validation.
CAdES is based on CMS, XAdES on XML-DSig and PAdES on the signatures defined in ISO 32000-1, which themselves again are based on CMS.
One open source solution for XAdES is the Belgian eid project, you could have a look at that.
These are all standards for signatures, they do not, however, go into detail on how you would actually implement an archiving solution, this would still be up to you.
These are all standards for signatures, they do not, however, go into detail on how you would actually implement an archiving solution, this would still be up to you.
However, this is something what am I looking for. It seems that Belgian eid mentioned above does not address it at all. (I added some clarification to my original question).
You may find this web site helpful. It's an official site even though its pointing to an IP address. The site discusses in detail your problem and offers a great deal of advise in dealing with long term electronic record storage through a Standards based approach.
The VERS standard is quite extensive and fully supports digital signatures and how best to deal with expired signatures.
The standard is also being adopted by leading EDMS/ECM providers.
If I got your question right, our SecureBlackbox components support XAdES, PAdES and CAdES standards and pulls necessary revocation information (and timestamps) and embeds them in to the signature automatically.