Encrypting Traffic Between Epic and Cloverleaf

This topic has 7 replies, 6 voices, and was last updated 6 years, 2 months ago by Bob Schmid.

Creator

Topic
October 16, 2017 at 8:35 pm #55527
Gerald Hodges
Participant
Our organization is looking to encrypt internal traffic between Epic and our Cloverleaf Engine that is currently using tcpip realtime threads.

Anyone else have experience with this process? It appears we need secure messenger along with an Epic conversion of our interfaces to use Interconnect and HTTPS.
Creator

Topic

Viewing 6 reply threads

Author

Replies
- October 16, 2017 at 10:05 pm #85639
  David Coffey
  Participant
  One question: why?
- October 16, 2017 at 10:18 pm #85640
  Robert Milfajt
  Participant
  ~~David Coffey wrote:~~
  
  One question: why?
  
  I can tell you our organization has batted this idea around. The assumption being that inside the firewall is not a safe zone, given the sophistication of hackers today with spoofing, etc. Encrypting all data transfer, either internal or external, provides another data safeguard from those hackers.
  
  Hope this helps,
  
  Robert Milfajt
  Northwestern Medicine
  Chicago, IL
- October 17, 2017 at 12:23 pm #85641
  Gerald Hodges
  Participant
  Robert summed it up pretty well. Adding an extra level of security to safeguard the internal data traffic on the worst case scenario that there is a network breach.
- October 17, 2017 at 1:23 pm #85642
  Jim Kosloskey
  Participant
  Gerald,
  
  I have done one SSL connection (https) and I would use Secure Messenger on the Cloverleaf side. That will suffice for Cloverleaf being the Client.
  
  What about Epic (or other system) outbound to Cloverleaf (Cloverleaf is a Server then). Cloverleaf natively does not do https Server well (by design). For that you would need CAA-WS I think.
  
  Can’t Epic do Secure TCP/IP (would mean you don’t need to consider CAA-WS)?
  
  I don’t know what needs to be done on the Epic side.
  
  But aren’t there also other systems exchanging messages? Can they all support Secure TCP/IP or https?
  
  What about files – will you be using SFTP or FTPS (Cloverleaf with Secure Messenger supports both)?
  
  I suspect you will have some outlying systems (systems which cannot do secure exchanges). If that is the case then from a security standpoint wouldn’t you still have a hole?
  
  Well that is my contribution for what it is worth.
  
  email: jim.kosloskey@jim-kosloskey.com 29+ years Cloverleaf, 59 years IT - old fart.
- October 17, 2017 at 3:14 pm #85643
  Gerald Hodges
  Participant
  We confirmed this morning that EPIC currently does not have any security options for their tcp-ip connections so we would not be able to use the ssl options on our tcp-ip threads. They consider those types of interfaces behind a firewall.
  
  HTTPS(Epic Interconnect) appears to be the only transport method with additional security available with Epic for real time hl7 message handling that is intended for transmission outside of the firewall.
  
  We are still investigating if all of the interface types in Epic can use Interconnect.
- October 18, 2017 at 12:59 pm #85644
  Mark Thompson
  Participant
  Can you do this at the network level? Your network team may be able to provide a private VLAN for interface communication. Network switch technology can limit where communication is “visible” within your internal network. Getting all of my application vendors to implement secure communication would be a sizable task.
  
  - Mark Thompson
  HealthPartners
- October 10, 2018 at 3:01 pm #85645
  Bob Schmid
  Participant
  Gereald,
  
  Just presented yesterday with the EPIC 2018 initiatied to go interconnect https to us for their document interfaces.
  
  We have secure messenger but not CAA
  
  Was there a solution that you came up with?
  
  Thanks for any wisdom / experience you might be able to convey
  
  Bob
Author

Replies

Viewing 6 reply threads

The forum ‘Cloverleaf’ is closed to new topics and replies.