HL7

What is the purpose of this safeguard?

The purpose of the certificate validation process is to prevent Man-in-the-Middle attacks on HTTPS connections.

How does this safeguard impact me?

This change impacts customers who use HTTPS endpoints to receive requests from HTI. If certificate validation is enabled and you are using a self-signedexpiredmis-matched domain or a certificate not issued by a trusted-certificate authority*, HTTP requests to your application from HTI will fail, which will result in a error notification. Error notifications are available in Monitor under Alerts.

*HTI considers any Certificate Authority included in the Mozilla Trust Store and Java CA Store to be trusted.

How do I enable this safeguard?

This setting is enabled by default for all new HTI accounts created after October 2015. We strongly recommend you maintain a valid certificate and enable certificate validation for all production applications.

You can enable or disable this safeguard within the “Account Settings” page under “SSL Certificate Validation.”


HL7
Health Level Seven or HL7 refers to a set of international standards for transfer of clinical and administrative data between software applications used by various healthcare providers. These standards focus on the application layer, which is “layer 7” in the OSI model. The HL7 standards are produced by Health Level Seven International, an international standards organization, and are adopted by other standards issuing bodies such as American National Standards Institute and International Organization for Standardization.

Hospitals and other healthcare provider organizations typically have many different computer systems used for everything from billing records to patient tracking. All of these systems should communicate with each other (or “interface”) when they receive new information, or when they wish to retrieve information, but not all do so.

HL7 International specifies a number of flexible standards, guidelines, and methodologies by which various healthcare systems can communicate with each other. Such guidelines or data standards are a set of rules that allow information to be shared and processed in a uniform and consistent manner. These data standards are meant to allow healthcare organizations to easily share clinical information. Theoretically, this ability to exchange information should help to minimize the tendency for medical care to be geographically isolated and highly variable