Tuesday, 13 November 2007

EHR: Workflow First

This short piece on the Health Data Management site resonated quite deeply with me: we discovered this truth the hard way, during the implementation of a large-scale radiology project here in the UK. A lot of time was spent on technology (RIS, PACS, PAS, HL7 messaging, DICOM integration, etc.) early on, and a lot of assumptions were made about workflow and the implementation of the operational side of the solution.

WS-*, REST and security

Via Don Box's recent post and a comment in Sam Ruby's reply, I found this presentation: worth reading. The latest version (together with a lot of other stuff the same folk have presented) can be found here.

The main message surely is to make the first gate as secure as you can: SSL + certificates. After that, if you need/want additional security then I think I agree with Don that uniformity, at least at the authentication level, is desirable. I just don't see where vested interests or additional value accrue from doing otherwise.