May 10, 2011 3:20 - 5:00pm
Madhav Iyer, NBME
Neal Swearer, AAMC
The Association of American Medical Colleges (AAMC) and National Board of Medical Examiners (NBME) have jointly developed a data exchange framework called Data Commons. The technical architecture of Data Commons is based on SOAP Web Services implemented in a Java EE environment. The WSDL is WS-I Basic Profile 1.0 compliant enabling interoperability with any Web Services client. New medical data providers can easily plug-in to this infrastructure by implementing Web Services using the Data Commons XML interface specifications. The system is highly secure through use of SSL and message encryption. MedBiquitous Professional Profile XML data format is used by Data Commons to send and receive medical professional data. Data Commons is being used by NBME to get updated medical school student rosters to support Web Based Testing (WBT). Data Commons is also being planned for use in getting information about new matriculants from LCME schools.
Implementing secure Web services using Professional Profile
1. Implementing Secure Web Services using
Professional Profile (Data Commons)
MedBiquitous Annual Meeting (May 10, 2011)
Madhavkumar Iyer Neal Swearer
NBME AAMC
miyer@nbme.org neal.swearer@aamc.org
2. What is Data Commons?
An infrastructure for real-time creation of data sets across organizations in the House of
Medicine based on agreements.
Developed jointly by NBME & AAMC.
Not a new repository. Data sets compiled from existing repositories and expunged after
creation.
Organizational members build infrastructure collaboratively and own and operate it jointly.
Used to aggregate data sets for individuals, educational programs, institutions and
educational research.
Individual medical professional can compile data for private self-assessment or to authorize
public report-out of selected information.
3. Definitions
Data Sharing Agreement
Agreement between participating organizations for the exchange
for data in real-time.
Provider
A participating organization providing data to Data Commons
Invoker
A participating organization requesting data from Data Commons
IDMS
Identity Matching Service to match or reconcile different identifiers used
across multiple organizations for each medical professional.
4. System Architecture
Click to edit Master text styles
◦ Second level
◦ Third level
Fourth level
Fifth level
5. System Features
Connects to certified Data Providers
Accepts requests only from member organizations
Requests are authenticated & authorized before retrieving data
Request/Response data is encrypted based on invoker’s 128 bit KEY
Requests validated using Authorization Certificate
Transactions logged without storing request/response data
Generic Web Service processes all requests from Invokers
Providers provide data using Web Services
All Web Services are of document/literal format and secured by SSL
Generic Request/Response XML data formats for Invoker/Provider
6. Technology
Application Server – J2EE 1.4
Oracle Database 10g/11g
Java / PL-SQL
XML
SOAP 1.1
WSDL 2.0
AES 128 bit message encryption
7. Using MedBiquitous Professional Profile
The following operations uses MedBiquitous Professional
Profile:
◦ Get Enrolled Students
◦ NBME gets updated enrolled student information for each school from AAMC
◦ Get Matriculated Students
◦ NBME gets new matriculants for each school from AAMC
◦ IDMS Biographic Update
◦ NBME and AAMC provide updates to IDMS
9. MedBiquitous XML Schemas
The MedBiquitous Healthcare Professional Profile Schema
provides a data structure that allows one to represent one or
more healthcare professionals in a standard format.
DataCommons uses version 1.0 of the following MedBiquitous
XML schemas:
◦ Member
◦ Name
◦ Address
Source: http://ns.medbiq.org/member/v1/
10. Example 1: Using the MedBiquitous XML Schemas
GetStudentProfile web service operation
◦ Request
<DcomOutboundGetStudentProfileRequest
xmlns="http://www.dcom.org/service">
<OperationName>GetStudentProfile</OperationName>
<RequestPacket>
<RequestHeader>
<AamcId>12113983</AamcId>
<MedicalSchoolCode>816</MedicalSchoolCode>
</RequestHeader>
</RequestPacket>
<TransactionId>112312312318</TransactionId>
</DcomOutboundGetStudentProfileRequest>
11. Example 1: Using the MedBiquitous XML Schemas
GetStudentProfile web service operation (continued)
◦ Response
<DcomOutboundGetStudentProfileResponse
xmlns="http://www.dcom.org/service/getStudentProfile"
xmlns:dcom=http://www.dcom.org/service
xmlns:medAddress="http://ns.medbiq.org/address/v1/"
xmlns:medMember="http://ns.medbiq.org/member/v1/"
xmlns:medName="http://ns.medbiq.org/name/v1/">
….
</DcomOutboundGetStudentProfileResponse>
12. Example 1: Using the MedBiquitous XML Schemas
GetStudentProfile web service operation (continued)
◦ Response
<medMember:Members>
<medMember:Member restrictions="Restricted">
<medMember:UniqueID
domain="Member:USMLE ID">52153983</medMember:UniqueID>
<medMember:UniqueID
domain="Member:AAMC ID">12713993</medMember:UniqueID>
…
</medMember:Member>
</medMember:Members>