Current exchange mechanisms are using for instance the national contact points when medical data is needed abroad, however on occasions when healthcare professionals need to exchange data more ad-hoc this is poorly controlled and there is a tendency to fall-back to insecure methods of exchange, for instance by email, physical media, or fax. Further, it is known that health care professionals have used instant messaging to exchange sensitive information about patients which provide low security and breaks GDPR and other legislation.  

There is a need to bridge the gap between strict and complicated exchange between hospitals and the unsecure solutions by providing secure and flexible exchange within and between disparate health organizations.  

Health-organizations needs to exchange information for both planned events and for unplanned events, for instance when transferring patients for specific treatments or in the case of emergencies. Any platform provided need to be able to integrate with existing infrastructure and provide a high confidence of information accuracy and security. While at the same time be as efficient or more than less secure alternatives.  

SISP provides a software platform to hospitals that allows them to share healthcare relevant data. It does so by providing a boundary of trust between organizations, a constituent. The constituent provides a grouping of organizations where the proper governance and agreements exist to allow health-professionals to directly share with each other. The system leverage health specific ticketing approach, where the data-model and workflows can be tailored to the specific needs of the organizations.  

The software provides organizations control over the data locality by a federation mechanism, SISP exchange the data over trusted and secure peer-to-peer messaging over industry best practice Transport Layer Security (TLS) and using mutual x.509 certificates. The sharing controls allow an operator to redact and only share specific attributes while ensuring that some attributes never leave the premise of the originator. This enables organizations to keep control over how data is spread and protects the data while in transport. The implementation also ensures that the system can continue to work during network partitioning through an eventual-consistent model. As a result, the system provides data residency, confidentiality, and high availability.  

SISP is composed of a web-client and a server component. The client providing near desktop application user-experience by the usage of rich in-browser application, this minimizes the need to install additional software on end-user’s computer and provides flexible delivery. The server component provides a set of APIs and the interconnectivity between disparate organizations. 

If you wish to know more about SISP, watch the demonstration video on ECHO's YouTube channel here: