Implementing Healthcare Messaging with XML

XML is great, and we all love it. But it can get in your way too. In the Netherlands a national EHR is set up, using XML, HL7v3 and Web Services. We’ll take a look at lessons learned and the pitfalls to be avoided.

1. Schema’s serve multiple masters – design, validation, contract, code generation. And those purposes don’t play together well. Write flat, simple Schema’s. Those are understandable and generate understandable code. Don’t design Schema’s for reuse. Use a simple spreadsheet format instead as your baseline. And tweak your Schema’s with XSLT before generating code. After all, they’re just XML.
2. Use a layered approach. Anything beyond Celsius-to-Fahrenheit will not be a monolithic Web Service. So anonymize payloads with <xs:any> to generate stubs and make Schema’s which describe just one software layer. This ensures reuse, and stacks nicely on top of the Internet stack.
3. Not all data is at the client. Don’t assume you can make a full XML message at a thin client. Often a message will need to be augmented with data from a database several servers downstream.
4. Take care with SSL. SSL with user certificates makes an impenetrable tunnel across all servers, firewalls and middleware – a security nightmare. So use the right tools at the right place. SSL from server to server, signatures and authentication from client to server. We’ll discuss authentication alternatives (SSL, Kerberos, X.509 one-way) and signing strategies.
5. Make examples everywhere. Hand-write XML messages, and use those to develop and test services. XML based message exchanges are hard, and documentation for them gets large. Example XML messages are required to keep everyone sane. And make your messages wrong – see how applications handle all kinds of common mistakes.
6. Do a lot of HTTP work. Specify HTTP status codes, when to use which codes in combination with higher level (SOAP, HL7v3) error codes.
7. Profile the profiles! Don’t simply use WS-I Basic Profile and Security Profile, but write your own lean profiles – skin them till only what’s really needed is left. Plenty of options means plenty of interoperability problems. We’ll take a detailed look at some profiling possibilities on top of WS-ReliableMessaging and WS-Security.

Can be combined with my “Versioning XML in Healthcare” proposal to a single 90-min. session.