There have been many attacks on XDS/XDR as being overly complex including that they are SOAP based. These have also included questions of if HITSP should offer an alternative transaction that is RESTful.
The requirements that XDS/XDR satisfy are well documented in the IHE Technical Framework. I will highlight a few that are relevant to why the benefits of the SOAP stack are important:
- User Authentication supported by HTTP alone is inadequate for healthcare information. WS-Security includes support for many user authentication methods including Federated ID using SAML Assertions.
- URL representations of healthcare resources (e.g., Medical Record, Patient Chart, or provider ID, et cetera), can:
- Expose PHI in web URLs (probably the most common security error made in web-based healthcare apps)
- Create easily exploitable web pages (another very common security error).
We either clothe Healthcare in a ‘simple’ jumpsuit, or we build a long-term HIE architecture out of strong durable fabric.