From the January/February 2016 issue of HealthCare Business News magazine
However, health care has become increasingly more complex, and Health Information Systems (HIS) have made health care delivery more dispersed (PCs, tablets, smart-phones, etc.). As health care has outgrown the original intended use of HL7, we are beginning to see gaps in security coverage. Addressing these security issues requires providers to engage their in-house IT departments, hire consultants or bring in middleware.
Non-health care applications may not meet security needs.
Many devices, third-party applications and EHR developers are incorporating non-health care tools, such as Application Programming Interfaces (APIs). APIs allow application connectivity among systems by clearly defining transmission and security rules. Amazon, Facebook and Google have provided APIs during the past decade to allow outside entities, including hospital systems, to successfully integrate and communicate with their technology. However, end systems in hospitals still require clearly defined message standards. The clinical systems will dictate these. Health care IT teams need to work closely with these outside companies to tailor APIs and other non-health care applications to their security needs.
Middleware can have security flaws.
Middleware is a software tool that patches together existing, often complex systems and allows data to be exchanged between multiple applications or devices. Most large EHR health care vendors have developed proprietary middleware, such as Epic’s Bridges and Cerner’s CareAware and OPENlink, but there are also third-party companies, such as Iatric Systems, Corepoint Health and Mirth, that offer solutions.
The value of middleware is undeniable because it mediates network services to applications, but it also comes with its own set of security problems. In some instances, middleware can create a secondary path for malware to compromise an application or data. According to a TechTarget article published in 2014, “By not mixing sensitive applications and more open (Web) applications on the same platform you can reduce middleware security risks, and also make it easier and less expensive to secure what’s important.”
