CIP-CS Secure Agent
The CIP-CS Secure Agent is a lightweight set of programs that provide secure communications capability between a computer on a network to a CIP host system and is designed to be exceptionally easy to install and maintain. The CIP-CS agent uses internet ports to establish secure communications between itself and the host system. Since the agent never listens or accepts an inbound connection, no firewall modifications, network pinholes or other special network arrangements are required for a enterprises’ systems to join the HIP as a node.
The Secure Agent can connect to host systems such as LIS, RIS, or EMRs using local area network sockets or can communicate to the hosts via file import and export. Data received from the host is encapsulated into a primary delivery envelope. The envelope and its contents are then encrypted using a specialized 128 bit key technology. The primary envelope is then placed into a second delivery envelope along with information on the source, and destination, and several authentication tokens. This secondary envelope and its content is then passed through a second encryption layer using a different technology.
After packaging the Secure Agent connects to the HIP host site through a complex handshaking dialog. The Secure Agent can connect only the CIP-CS host for which it is licensed. The complex handshake used ensures that if the Secure Agent accidentally tries to connect to a non-CIP system or to an incorrect CIP-CS host by some odd circumstance the connection will be rejected. Once establishing the connection the Secure Agent logs into the host system and delivers the encrypted secondary envelop and contents. The secondary envelope is decrypted and authentication tokens are tested. If the authentication tokens pass, they are updated along with the routing and destination information to match the requirements of the final destination and then re-encrypted. The message is then queued for delivery to the final destination. Using the double envelope method, it is important to note that the HIP host site never decrypts the primary envelope, thus, sensitive patient data is not exposed in the transport process.
Destination systems contact the HIP host at regular intervals to check for the availability of data. If the HIP host has a delivery a manifest of messages intended for the destination is sent to the receiving site. The receiving node then requests each message individually. When received the message is again tested for authenticity, and if it passes, it the primary envelope is decrypted and removed. The original message contents are then processed based on the configuration of the receiving node. This processing may include printing of the message content on a local printer, delivering a file to a directory for the remote application to use, or placing the information on a local area network socket for delivery to an application. The CIP-CS is capable of connecting to a variety of interfaces and can handle both communications and processing level acknowledgments of messages.
Key Benefits:
- Easy installation
- Works on almost any PC
- Employs multiple layers of security
- Transmits data from your EMR, PMS or other applications
- Recieves data from the data provider(e.g. order update & result tranaction)
Requirements:
- Current EMR/PMS application must have an interface (e.g. Hl7 or SOAP using network socket or file export/import
- Must have internet access that supports secure “https” on your browser