May 10, 2011 3:20 - 5:00pm Madhav Iyer, NBME Neal Swearer, AAMC The Association of American Medical Colleges (AAMC) and National Board of Medical Examiners (NBME) have jointly developed a data exchange framework called Data Commons. The technical architecture of Data Commons is based on SOAP Web Services implemented in a Java EE environment. The WSDL is WS-I Basic Profile 1.0 compliant enabling interoperability with any Web Services client. New medical data providers can easily plug-in to this infrastructure by implementing Web Services using the Data Commons XML interface specifications. The system is highly secure through use of SSL and message encryption. MedBiquitous Professional Profile XML data format is used by Data Commons to send and receive medical professional data. Data Commons is being used by NBME to get updated medical school student rosters to support Web Based Testing (WBT). Data Commons is also being planned for use in getting information about new matriculants from LCME schools.

1. Implementing Secure Web Services using
Professional Profile (Data Commons)
MedBiquitous Annual Meeting (May 10, 2011)
Madhavkumar Iyer Neal Swearer
NBME AAMC
miyer@nbme.org neal.swearer@aamc.org

2. What is Data Commons?
 An infrastructure for real-time creation of data sets across organizations in the House of
Medicine based on agreements.
 Developed jointly by NBME & AAMC.
 Not a new repository. Data sets compiled from existing repositories and expunged after
creation.
 Organizational members build infrastructure collaboratively and own and operate it jointly.
 Used to aggregate data sets for individuals, educational programs, institutions and
educational research.
 Individual medical professional can compile data for private self-assessment or to authorize
public report-out of selected information.

3. Definitions
Data Sharing Agreement
Agreement between participating organizations for the exchange
for data in real-time.
Provider
A participating organization providing data to Data Commons
Invoker
A participating organization requesting data from Data Commons
IDMS
Identity Matching Service to match or reconcile different identifiers used
across multiple organizations for each medical professional.

4. System Architecture
Click to edit Master text styles
◦ Second level
◦ Third level
 Fourth level
 Fifth level

5. System Features
 Connects to certified Data Providers
 Accepts requests only from member organizations
 Requests are authenticated & authorized before retrieving data
 Request/Response data is encrypted based on invoker’s 128 bit KEY
 Requests validated using Authorization Certificate
 Transactions logged without storing request/response data
 Generic Web Service processes all requests from Invokers
 Providers provide data using Web Services
 All Web Services are of document/literal format and secured by SSL
 Generic Request/Response XML data formats for Invoker/Provider

6. Technology
 Application Server – J2EE 1.4
 Oracle Database 10g/11g
 Java / PL-SQL
 XML
 SOAP 1.1
 WSDL 2.0
 AES 128 bit message encryption

7. Using MedBiquitous Professional Profile
 The following operations uses MedBiquitous Professional
Profile:
◦ Get Enrolled Students
◦ NBME gets updated enrolled student information for each school from AAMC
◦ Get Matriculated Students
◦ NBME gets new matriculants for each school from AAMC
◦ IDMS Biographic Update
◦ NBME and AAMC provide updates to IDMS

8. MedBiquitous Professional Profile - Sample

9. MedBiquitous XML Schemas
 The MedBiquitous Healthcare Professional Profile Schema
provides a data structure that allows one to represent one or
more healthcare professionals in a standard format.
 DataCommons uses version 1.0 of the following MedBiquitous
XML schemas:
◦ Member
◦ Name
◦ Address
 Source: http://ns.medbiq.org/member/v1/

10. Example 1: Using the MedBiquitous XML Schemas
 GetStudentProfile web service operation
◦ Request
<DcomOutboundGetStudentProfileRequest
xmlns="http://www.dcom.org/service">
<OperationName>GetStudentProfile</OperationName>
<RequestPacket>
<RequestHeader>
<AamcId>12113983</AamcId>
<MedicalSchoolCode>816</MedicalSchoolCode>
</RequestHeader>
</RequestPacket>
<TransactionId>112312312318</TransactionId>
</DcomOutboundGetStudentProfileRequest>

11. Example 1: Using the MedBiquitous XML Schemas
 GetStudentProfile web service operation (continued)
◦ Response
<DcomOutboundGetStudentProfileResponse
xmlns="http://www.dcom.org/service/getStudentProfile"
xmlns:dcom=http://www.dcom.org/service
xmlns:medAddress="http://ns.medbiq.org/address/v1/"
xmlns:medMember="http://ns.medbiq.org/member/v1/"
xmlns:medName="http://ns.medbiq.org/name/v1/">
….
</DcomOutboundGetStudentProfileResponse>

12. Example 1: Using the MedBiquitous XML Schemas
 GetStudentProfile web service operation (continued)
◦ Response
<medMember:Members>
<medMember:Member restrictions="Restricted">
<medMember:UniqueID
domain="Member:USMLE ID">52153983</medMember:UniqueID>
<medMember:UniqueID
domain="Member:AAMC ID">12713993</medMember:UniqueID>
…
</medMember:Member>
</medMember:Members>

13. Questions?