A note on security

Neither HCM nor the original HL7 Comm take any interest in security. The reason is pretty simple, the data most health care engines move about is in plain text anyway. That puts the burden of securing the information on your network staff (and that’s not a bad thing).

Something HCM provides that HL7 Comm doesn’t is the ability to monitor the interfaces and see recent log messages (though not necessarily the entirety of the logs) via a web browser. That means that access to the ports providing the web service must be blocked to untrusted network access. For most healthcare organizations, allowing access on a LAN is fine, but you should check with your security personnel to be sure. In any case, be prepared to access HCM via VPN or some other more secure mechanism when supporting it off hours.