1

NIST NwHIN Testbed

2

What's NwHIN

The nationwide health information network is a set of standards, services and policies that enable secure health information exchange over the internet.

3

Purpose

To provide testing tools for NwHIN Specifications.

4

Specifications

Authorization Framework Production Specification V1.0– SAML, CERTS

Messaging Platform Production Specification V2.0– SAML

Patient Discovery Production Specification V1.0– IHE_XCPD

Query for Documents Production Specification V2.0– IHE_XCA

Retrieve Documents Production Specification V2.0– IHE_XCA

5

Tool Support for Specs

Make NIST tools available for testing

Started with the 3 distinct toolsXD* toolsPix/Pdq toolCDA Validator

6

Support for Specs

Our tools worked at document and message level

Tooling failed because of soap header requirementsLack of SAML support.

Validated messages from Log files

7

Initial Approach to Improving theTools

Add SAML to the IHE Pix/Pdq and XD* tools Keep them as separate tools.

Some Problems

Difficulty with maintaining tools in two locations.Need to modify some of the tools for gateway testing.

8

NIST XD* Tools

StrengthsQuery SupportRetrieve SupportHTTP, SOAP support

WeaknessMissing SAML

NIST IHE Pix/Pdq Tool

Weakness Missing SAML, Fragile Soap Handler

StrengthsXCPD MessageType SupportPRPA_IN201305UV02PRPA_IN201306UV02

Tool Review

9

Current Approach

Combine what we have into one testbed.

Expanding the XD* tooling framework into aNHIN tooling testbed.

Use What We Have

Using the message validator from IHE Pix/Pdq tool.

Take advantage of the XD* infrastructure

10

What's Done Now

11

Next area of focus is xcpd simulators

12

Find Patients Simulator

13

SAML Tool

Tool being developed by a contractor, Metrix Technologies

•Message Validator with SAML option

•Simulator with SAML option.

14

SAML Tool

Tool being developed by Contractor Matrix

15

SAML Validator Output

16

Initial Focus is Validation

Insert assertion graphic as example of whats tested.Keep it focused

17

Rampart used in Simulators

Rampart work is just starting.

Rampart handles the digital signatures but the assertion Rules need to be done by hand.

18

Benefits For NIST

Leverage what we haveReduce development timeBetter tool support

Benefits For Users

One place for security checksUnified look and feelXD* tool currently used by NwHIN

19

Team Members

Diane Azais - NIST Guest ResearcherPatient Discovery Standards Analyst, Use Case Developer

Mary Laamanen - NIST Computer ScientistPatient Discovery and CDA Validation Implementor

Bill Majurski – NIST Electronics EngineerToolbed Architect

Gavin O'Brien – NIST Computer ScientistProject Lead, SAML Tooling

Linan Wang – NIST Guest ResearcherPatient Discovery Simulation Implementor