Keeping up with changes in Health Insurance Portability and Accountability Act (HIPAA) messaging standards is becoming more challenging. Many governmental agencies, payers, and benefits managers now require adoption of ePrescription, new versions of HIPAA X12 transactions, and electronic health records.
Cisco® Application-Oriented Networking (AON) Healthcare Services Extension for HIPAA and ePrescription is an innovative approach to healthcare information exchange. This solution greatly simplifies the secure transport, transformation, and reliable delivery of HIPAA-compliant messages directly between healthcare providers, payers, benefits managers, and governmental agencies over the Internet. It provides the ideal platform for information exchange for:
• Delivery and management of patient care
• Benefits eligibility verification
• Electronic prescriptions
• Other administrative functions
Cisco® AON is available in multiple form factors, which can be selected based on the customer's network topology and performance requirements. Three of these form factors are shown in Figure 1.
Figure 1. Cisco AON Form Factors
Network Module for Cisco 2800/3700/3800 Routers
Single-core 1 GHz Intel 373 Celeron-M CPU, 1 GB RAM, 80 GB hard disk drive
CADE-1010 Integrated Single-Core Appliance
Single-core Intel D352 3.2 GHz CPU, 1 GB RAM, 250 GB hard disk drive
Enterprise Data Center
CADE-2142 Integrated Dual Quad-Core Appliance
2 Quad-Core Intel E5320 1.86 GHz CPUs, Up to 18 GB RAM, Up to 735 GB hard disk drive
Features and Benefits
Designed to meet the demanding operations requirements of healthcare providers, Cisco AON Healthcare Services Extension for HIPAA and ePrescription replaces legacy server-based messaging, transformation, and data security software with a reliable and scalable network-embedded platform. It eliminates the need for virtual private networks (VPNs), dedicated leased line and dial-up private networks, and proprietary value-added networks (VANs) for HIPAA-compliant health information exchange.
This complete, easily deployed solution includes:
• A simplified Web-based management console for centrally provisioning and managing HIPAA-compliant document exchange over the Internet
• Full support for HIPAA-compliant X12 and National Council for Prescription Drug Programs (NCPDP) message transformation and delivery
• Secure, reliable, interoperable information exchange of any document regardless of type over the Internet, including HL7 and DICOM, using proven, interoperable message transport standards including HTTP over Secure Sockets Layer (SSL)1, payload encryption, digital signatures, reliable delivery, and authentication and authorization support
• Direct integration to healthcare information systems utilizing application integration protocols including Java Message Service (JMS), Web Services (WS), and Java Database Connectivity (JDBC) as well as direct file system access for document delivery/pickup using Network File System (NFS) and Common Internet File System (CIFS)
• Web-based administrative console for transaction auditing and monitoring transaction delivery exceptions
• Centralized remote management and lights-out operation
• An integrated hardware/software system with built-in support for clustering and load balancing to simplify operations and reduce the total cost of ownership
• Simple-to-use policy-driven execution framework for system extension and customization, including a workflow designer for message workflow modification
• Application programming interface (API) and software development kit (SDK) for end-customer or third-party development of additional functionality using Java
• Cisco Unified Communications integration support for policy-driven notification of critical information
Cisco AON Healthcare Services Extension for HIPAA and ePrescription provides a prebuilt, telecommunications-grade infrastructure for secure, reliable delivery of any document or message format, including HL7 and DICOM messages. It is ideally suited for Regional Health Information Organizations (RHIOs), Health Information Exchanges (HIEs), and Healthcare Information Networks (HINs). The network-centered approach provides a much more cost-effective, secure, and reliable information exchange infrastructure than an organization can possibly achieve through traditional server software-based solutions.
Cisco AON Platform Features
Cisco AON Healthcare Services Extension for HIPAA and ePrescription utilizes the full capabilities of the Cisco AON platform. Cisco AON natively understands the content and context of application messages and conducts operations on those messages in-flight according to business-driven policies and rules. It complements existing networking and application technologies with enhanced security, visibility, messaging, and optimization services that provide a higher degree of awareness regarding the essential business information flowing in the network. These services help to:
• Enforce consistent business policies across information access and exchange
• Provide visibility of information flow, including monitoring and metering of information flow for both business and infrastructure purposes
• Facilitate communication between disparate applications by routing information to the appropriate destination, in the format expected by that destination
• Enhance application optimization and security by providing application-level load-balancing, processing offload, message caching, compression, encryption, and digital signature capability in addition to authentication and authorization services
Cisco AON works primarily at the message level rather than the packet level. Typically it inspects the full message, including the payload as well as all headers. It also understands and enhances delivery of application-level transport protocols such as HTTP and JMS.
Built-In Transformation Support and Failsafe Security
Cisco AON has native capability to produce and consume proprietary and standard XML, flat-file, and standards-based document formats. Utilizing open business-to-business (B2B) messaging standards, Cisco AON can be easily configured to facilitate secure data exchange directly between different organizations over the Internet (eliminating the need for VPNs, VANs, or dedicated/leased lines), provision encryption/decryption services, and generate/validate digital signatures. And all this is available either as an add-on module to existing Cisco routers and switches or as a standalone, network-embedded appliance, eliminating the need to provision, configure, and maintain servers.
Cisco AON includes support for the following security features:
• Authentication: Cisco AON can verify the identity of a sender's inbound message-based content (username and password, WS-Security profile, digital certificate, and so on). The solution integrates with security frameworks, such as Kerberos Protocol, and Lightweight Directory Access Protocol (LDAP) servers such as Netegrity SiteMinder, Microsoft Active Directory, OpenLDAP, and SunONE.
• Authorization: Cisco AON can determine which level of access the originator of the message should have to the services it is attempting to invoke. Features supported include Security Assertion Markup Language (SAML) authorization assertion embedded in Simple Object Access Protocol (SOAP), WS-Security headers, LDAP group-based authorization, and customer-defined rule-based control policies.
• Nonrepudiation and data integrity: Cisco AON can digitally sign message elements or entire messages at any given AON device. Features supported include insertion and verification of XML signatures in WS-Security headers, detached envelope and enveloping XML signature types, signatures based on private keys, Secure Hash Algorithm version 1 (SHA-1) digest computation, and RSA digest encryption.
• Confidentiality: Based upon policy, Cisco AON can encrypt and decrypt message elements or entire messages. Features supported include Triple Digital Encryption Standard (3DES) and Advanced Encryption Standard (AES)-128/192/256 symmetric ciphers, RSA symmetric ciphers, destination URL-based keys, and certificates.
• Centralized key management: The Cisco AON Management Console (AMC) allows users to register, configure, bind, and provision keys and certificates from the Cisco AMC server to the AON device. Capabilities include generating, registering, and obtaining Class 2 and SSL certificates using Verisign Class 3 Certificate Service; fetching, uploading, and importing SSL certificates; importing PKCS#12 certificates; and importing keys from Java keystores.
• Transport-layer security: Cisco AON supports transport-layer security mechanisms such as SSL 3.0.
Service Oriented Architecture (SOA) Support
Cisco AON can natively host Web services and JMS and MQ series transports and provides support for a number of service oriented architecture (SOA) standards. It is an ideal way to bridge between legacy protocols/data exchange standards and modern SOA integration and messaging protocols, offering unprecedented investment protection as standards continue to evolve.
Each Cisco AON node can be configured to act as a sensor that captures, processes, and logs highly granular information about application messages. This capability helps Cisco AON provide an event-capture fabric for specified application messages. Cisco AON can inspect the messages and apply rules at the message-content level.
• Logging: Cisco AON can log messages to external systems for purposes of auditing and compliance or for future analysis.
• Contextual lookup: Cisco AON can refer to external systems to obtain contextual information required to analyze the data. For example, it can call out to a customer database to look up customer information based on a customer ID in the message.
• Notification and alerting: Cisco AON can notify or alert other applications or even end users through e-mail, text messages, and phone calls (using Cisco Unified Communications) in the case of a critical event. For example, if the service-level agreement (SLA) to deliver a message has been exceeded or a critical message has been received, operations personnel can be alerted to take corrective action.
Intelligent Message Routing
Given its role as an intermediary in highly heterogeneous application environments, Cisco AON must flexibly adapt to different types of enterprise information, business policies, and endpoints. Cisco AON operates at the application-message level, allowing a high degree of flexibility:
• Protocol support: Cisco AON understands various application access methods and provides adapters for most commonly used application transport protocols: HTTP, HTTPS, Tibco EMS, WebSphere JMS and MQ, and BEA JMS. Additionally, a custom adapter SDK is available for creation of new adapters to any environment. Most policies and bladelets used within Cisco AON understand the semantics of these protocols natively, allowing for higher fidelity and control of the interaction.
• Protocol switching: A Cisco AON node can act as a protocol gateway between multiple applications; for example, receiving an application message through WebSphere MQ and sending it to another application as a Web Service Message. Cisco AON supports protocol translation between any combination of its supported protocols.
Built on an open, extensible architecture, Cisco AON includes a set of APIs to add new adapters and bladelets. It provides an interface to develop extensions to the base AON platform using languages such as Java and C.
• The Adapter Developer Kit (ADK) supports development of plug-in custom adapters to receive and send messages from Cisco AON.
• The Bladelet Developer Kit (BDK) supports development of custom bladelets in Java and C/C++. This capability is also available in the system optimized code execution path.
Scalability and Performance
Cisco AON is designed for high performance and scalability to address the needs of the most demanding applications. It accomplishes this through a:
• Virtual cluster: As application message traffic increases, additional Cisco AON devices (blades or appliances) can easily be added to a virtual cluster. Thus Cisco AON can scale horizontally and transparently to match the increased traffic.
Benefits over Server-Based Software Solutions
Cisco AON reduces the total cost of ownership (TCO) when compared with server-based transformation and messaging engines. It dramatically reduces the investment costs required for acquisition, deployment, and delivery of application infrastructure. It also eliminates the people costs for ongoing application infrastructure maintenance and provides automated clustering, load balancing, and failover within network devices for high availability. Above all, the Cisco AON integrated hardware/software approach provides much faster and more reliable message processing when compared with server-based messaging and transformation engines.
Cisco AON Design, Configuration, and Management
Cisco AON operates as a set of distributed application and network services that span business, security, administrative, and network domains.
The following tools are included to centrally manage and configure Cisco AON devices regardless of hardware platform:
• Cisco AON Development Studio (ADS) is used to create policy execution plans (PEPs) that represent a set of operations (bladelets) to apply to application messages.
• Cisco AON Management Console provides centralized control for configuration, certificate management, and lifecycle management of a distributed AON network.
Cisco Application-Oriented Networking Software version 3.0 and associated hardware is required. See http://www.cisco.com/go/aon for more information.
Table 1 contains ordering information for Cisco AON Healthcare Services Extension for HIPAA and ePrescription.
Table 1. Ordering Information
AON Healthcare Services Extension HIPAA/ePrescription 1.0 for AON Network Module
AON Healthcare Services Extension HIPAA/ePrescription 1.0 for AON Network Module (Spare)
AON Healthcare Services Extension HIPAA/ePrescription 1.0 for Cisco Application Deployment Engine (CADE)
AON Healthcare Services Extension HIPAA/ePrescription 1.0 for Cisco Application Deployment Engine (CADE) (Spare)
To order, contact your Cisco account representative.
Service and Support
Support programs including Cisco SMARTnet® Service and Software Application Support (SAS) are available as part of the Cisco AON solution. Cisco AON products can optionally be bundled with Cisco Advanced Services that will accelerate your time to deployment and help ensure a high-quality, reliable implementation.