§170.315(d)(8) Integrity

Mirth® Connect by NextGen Healthcare User Guide

Use hashing to ensure message integrity

A SHA-256 hash is automatically generated for each outgoing message from a destination connector. See the Message Hash variable on Destination Mappings. Using that variable, the hash value can be sent to the destination alongside the message content. The recipient can use the hash to validate that the message hasn't been altered. An example use case is to include the hash value in a header using an HTTP Sender. To validate the integrity of incoming messages, you can use JavaScript code in a Source Filter. For example, using an HTTP Receiver and assuming the hash value is being sent in a header named hash, you can use the following code in a JavaScript Filter step: Validate Message Hash // Get the received hash from the request header var receivedHash = sourceMap.get('headers').getHeader('hash'); // Generate a hash from the received message content var generatedHash = HashUtil.generate(connectorMessage.getRawData(), 'UTF-8', 'SHA-256'); // Accept the message only if the hashes match ret

Mirth® Connect by NextGen Healthcare User Guide

Variable Maps

Throughout the Message Processing Lifecycle, your channels and messages have access to various maps. Depending on the scope, the map may only be available in the current channel/connector, or may be globally available across your entire system. These variable maps allow you to store a piece of information that can be used later (in a downstream channel, connector, or somewhere else). A common use for these variables is to provide easy drag-and-drop for connector properties. The Destination Mappings list will display all available connector/channel map variables for example. They are also used in other ways, such as populating Custom Metadata Columns. The following variable maps exist throughout Mirth® Connect: Name JavaScript Variable Get/Put Shortcut Variable Response Map responseMap $r Connector Map connectorMap $co Channel Map channelMap $c Source Map sourceMap $s Global Channel Map globalChannelMap $gc Global Map globalMap $g Configuration Map configurationMap $cfg The table above

Mirth® Connect by NextGen Healthcare User Guide

§170.315(d)(12) Encrypt Authentication Credentials

(d)(12) Encrypt authentication credentials requires encryption of stored authentication credentials. Required Extensions None Features that Support the Certification SHA256 is the default algorithm used by Mirth® Connect by NextGen Healthcare that creates salted hash values for user passwords. This value is stored in the database, not the user password. SHA256 is approved for Cures, as are SHA384 and SHA512. If a different algorithm is desired, the mirth.properties file can be modified using the digest.algorithm property. For example: digest.algorithm = SHA384 Required Actions None Parent topic: Cures Certification

Mirth® Connect by NextGen Healthcare User Guide

Generating a Hash with JavaScript

Use HashUtil.generate() to create a hex hash of a message passing through a channel in JavaScript contexts: var hash = HashUtil.generate(message); We provide 3 overloaded versions: HashUtil.generate(Object) Takes in any object and returns a hex hash of the object as a String. This defaults to using the platform's default character encoding and the SHA-256 hashing algorithm. Example HashUtil.generate("Hello, World!") HashUtil.generate(String, String, String) Takes in data as a string, a character encoding as a string, and a hashing algorithm as a string and returns a hex hash of the data as a string. Example HashUtil.generate("Hello, World!", "UTF-8", "SHA-256") HashUtil.generate(byte[], String) Takes in data as a byte[] and a hashing algorithm as a string and returns a hex hash of the data as a string. Example HashUtil.generate("Hello, World!".getBytes(), "SHA-256") Supported Character Encodings (for more information, please see documentation on Charset): US-ASCII ISO-8859-1 UTF-8 UTF-

Mirth® Connect by NextGen Healthcare User Guide

Message Integrity

Use hashing to ensure message integrity Use hashing to ensure message integrity Parent topic: Channel Development Best Practices and Tips

Mirth® Connect by NextGen Healthcare User Guide

Encryption Settings

You can change the default encryption settings for Mirth® Connect as you see fit. The following can be set in mirth.properties: Property Default Value Description encryption.algorithm AES/CBC/PKCS5Padding The algorithm to use for symmetric encryption. This applies to messages, exports, and anything that is used along with the keystore to encrypt / decrypt. You must include the explicit mode and padding settings with the algorithm. The mode must also require an initialization vector. Note: The default value is updated in version 4.3. If you did not explicitly set this property, then no action is needed. Mirth® Connect will automatically start using the new default. If you did explicitly set this property, then NextGen Healthcare highly recommends you to update it to include the mode/padding options as well. Support for "AES" (without any mode/padding specified) will be removed in a future version. encryption.charset UTF-8 The charset to use when encoding textual data into bytes before e

§170.315(d)(8) Integrity

Required Extensions

Features that Support the Certification

Required Actions

Recommendations

Use hashing to ensure message integrity

Variable Maps

§170.315(d)(12) Encrypt Authentication Credentials

Generating a Hash with JavaScript

Message Integrity

Encryption Settings

Use hashing to ensure message integrity

Variable Maps

§170.315(d)(12) Encrypt Authentication Credentials

Generating a Hash with JavaScript

Message Integrity

Encryption Settings