Notifications
Clear all
Topic starter
does anyone know how to apply the FHIR server with a signed CA certificate? Can it be a wildcard certificate? thanks
Posted : May 15, 2019 3:46 am
I would assume you can use a wildcard. That is what we have for our clinic but I did not implement FHIR yet.
I have more a of a problem with the security with Athena's FHIR implementation and was wondering if anyone else has started to look at this yet. My network is secured in part, with the use of a DMZ for any server which communicates with the internet for inbound (mail, OWA, Activesync, patient portal, etc). All of my interfaces utilize a VPN. Since the FHIR server resides on a Jboss server or your only Jboss server you don't have the option to keep your patient data secured in this fashion. It would not help to put my Jboss in the DMZ because it really isn't "DMZ compliant" by it's design. We are at the mercy of Windows updates, FHIR updates, and possible Java/Jboss updates which I believe are only updated when you upgrade your version of CPS. I guess passwords are a big part of this too but bots looking for unpatched security holes is a bigger problem for me. That's the whole reason for a DMZ.
I spoke with support on this and they did not disagree. They also mentioned that they may have to change some things around or work with Surescripts on some alternate solution but that delays implementation which is bad for needing this done before Q4 begins.
Anyone else have any input here?
Posted : May 16, 2019 1:29 am
Topic starter
Virence has published the setup of the SSL for jboss. I tested it on a test environment and it went well. The only issue i have was when i was trying to import the gd_bundle-g2-g1.crt, it was telling me that the cert is already exist in the keystore under alias intermed which was the previous .pem cert i imported. I don't know if there's an error in the instructions or not but it allowed me to overwrite it and move on to the next step.
Posted : June 13, 2019 3:27 am
Topic starter
anyone got the patient api done?
Posted : June 26, 2019 1:15 am
Topic starter
Anyone with any issue, suggestions, etc?? thx
Posted : June 28, 2019 2:36 am
We got the API setup completed in April. However, CQR does not show our patients as Met even when they seem to have all the requirements in place - I'm hoping that's just a CQR or other setup issue, but we'll see.
The API documentation was poor and there were evidently very few people at Virence who had knowledge of it when I was working on it earlier this year. I've seem the most recent instructions and they are far more detailed, which is a good thing since I'll have to re-do all the work for it after we apply SP3 in a few weeks.
Wade
Posted : July 16, 2019 2:49 am
