The CIP_CS secure agent is a lightweight set of programs that provide secure communications capability between a computer on a network to a CIP host system. Designed to be exceptionally easy to install and maintain, the CIP_CS agent uses internet port 443 to establish secure https:// communications between itself and the host system. Since the agent never listens for or accepts an inbound connection, no firewall modifications, network pinholes or other special network arrangements are required for a enterprises' systems to join the HIP as a node.

The secure agent can connect to host systems such as LIS, RIS, or EMRs using local area network sockets or can communicate to the hosts via file import and export. Data received from the host is encapsulated into a primary delivery envelope. The envelope and its contents are then encrypted using a specialized 128 bit key technology. The primary envelope is then placed into a second delivery envelope along with information on the source, and destination, and several authentication tokens. This secondary envelope and its content is then passed through a second encryption layer using a different technology.

After packaging the SA connects to the HIP host site using https:// and a complex handshaking dialog. The SA can connect only the CIP_CS host for which it is licensed. The complex handshake used ensures that if the SA accidentally tries to connect to a non-CIP system or to an incorrect CIP_CS host by some odd circumstance the connection will be rejected. Once establishing the connection the SA logs into the host system and delivers the encrypted secondary envelop and contents. The secondary envelope is decrypted and authentication tokens are tested. If the authentication tokens pass, they are updated along with the routing and destination information to match the requirements of the final destination and then re-encrypted. The message is then queued for delivery to the final destination. Using the double envelope method, it is important to note that the HIP host site never decrypts the primary envelope, thus, sensitive patient data is not exposed in the transport process.

Destination systems contact the HIP host at regular intervals to check for the availability of data. If the HIP host has a delivery a manifest of messages intended for the destination is sent to the receiving site. The receiving node then requests each message individually. When received the message is again tested for authenticity, and if it passes, it the primary envelope is decrypted and removed. The original message contents are then processed based on the configuration of the receiving node. This processing may include printing of the message content on a local printer, delivering a file to a directory for the remote application to use, or placing the information on a local area network socket for delivery to an application. The CIP_CS is capable of connecting to a variety of interfaces and can handle both communications and processing level acknowledgments of messages.

[ return to CIP_CS Technical Discussion ]