Gartner Blog Network

Simple Interop: Why We Don’t Seek a Top Level Domain Name

by Wes Rishel  |  December 20, 2009  |  3 Comments

Since Simple Interop: The Health Internet Node was posted there has been a very thoughtful thread on the notion of having a top level domain (TLD) for healthcare. In the original post I thought I was pretty clear that we did not think this is a good idea, but in a separate posting I can give the topic more space.

  1. Our primary goal in the “simple interop” thread has been to do something that could start to give functionality quickly and yet serve as a basis for extended functionality in the future. I am wondering how much time is required to establish a new TLD, but I’ll bet it is measured in years.
  2. Getting started quickly is particularly important in light of the U.S. legislative mandate to accelerate the adoption of interoperable EHRs (see the soapbox below on the EHR term). It would be bad policy and an affront to other countries to attempt to create a U.S.-only TLD.
  3. On the other hand, it would be really complex to create an international TLD. Healthcare is regulated nationally, when it is not regulated in more granular jurisdictions. For example, the European Union specifically delegates the regulation of healthcare to the member countries. It is difficult to conceive of the establishment of an international authority for issuing domains in a healthcare TLD that would be trusted by all countries.
  4. Irrespective of process issues in standards and governments, it would not be good security practice to impute any level assurance about the eligibility of a domain-name holder to anything in syntax of the domain name. Current security status should be verified through digital certificates issued by a trusted certificate authority that must be renewed from time to time and can be revoked.
  5. It would not be a good idea to create the illusion that the domain name itself carries assurance about the legitimacy of a healthcare organization. People will build software that depends on the illusion despite all the disclaimers in the fine print of the protocol documents. People will also make personal decisions to share information on that basis where they should not.

For these reasons our proposal is intended to depend on CAs to maintain current information on the eligibility of an organization that holds a domain to participate in healthcare exchange. A single healthcare domain name could be certified by one or more CAs. Then perhaps each country could then select those CAs it trusts to administer its policy. (The reliance on CAs in our approach was not clear; we will update the approach to make it clear.)

Avoiding Bottlenecks

It should be noted that we are attempting to avoid bottlenecks in governance. A government can approve multiple CAs if it so chooses, avoiding the creation of a “healthcare CA monopoly.”

If a group of countries want to agree on a common set of policies and a common set of CAs that would be great. But we don’t want to make any one country wait for that process to play out.

We are aware that the notion of multiple governments certifying the domain name may not work, because they may not agree on a common set of policies. We are also aware that technologies and standards have been proposed and demonstrated for dynamic assertions of policy to be reconciled by “policy engines” operating in front of other services. Those approaches have a long way to go before they can be thought of as proven, ubiquitous Internet facilities. We are really hoping to avoid the roll out of such approaches being a bottleneck to the use of the Internet to improve healthcare.

For this reason we propose an approach specific to the U.S. for now and don’t assume that it will or won’t be adequate to other countries’ needs. As various countries develop and approve their approaches to governance we hope that the joint experience will lead to future proposals for common mechanisms for governance and, maybe some day, common governance.

Soap Box: The Term “Electronic Health Record”

Should anyone need a demonstration of the difficulties that delay reaching global agreements, consider that the term “EHR” has an idiosyncratic definition in the U.S. when compared to most of the world. In the U.S. the term refers to the record of patient information that is kept by an individual care delivery organization (CDO), with the proviso that there be some degree of interoperability. In most other countries that use the term it refers to some specific sharing of information that may be sourced from many places including but not limited to the electronic patient records of individual CDOs. In the U.S. it would literally take an “act of Congress” to change this and the same may be true in other countries. When thinking of urgent issues such as world hunger, nuclear arms, climate change, regulating financial institutions and whether my district gets potholes fixed I would rather my legislators spend their time on something other than clarifying the fine points of the term.

Additional Resources

View Free, Relevant Gartner Research

Gartner's research helps you cut through the complexity and deliver the knowledge you need to make the right decisions quickly, and with confidence.

Read Free Gartner Research

Category: healthcare-providers  interoperability  vertical-industries  

Tags: arra  ehr  emr  health-internet  health-it  healthcare-interoperability  healthcare-providers  meaningful-use  nhin  stimulus  

Wes Rishel
VP Distinguished Analyst
12 years at Gartner
45 years IT industry

Wes Rishel is a vice president and distinguished analyst in Gartner's healthcare provider research practice. He covers electronic medical records, interoperability, health information exchanges and the underlying technologies of healthcare IT, including application integration and standards. Read Full Bio

Thoughts on Simple Interop: Why We Don’t Seek a Top Level Domain Name

  1. Social comments and analytics for this post…

    This post was mentioned on Twitter by Les_Murphy: EHR Update – Simple Interop: Why We Don’t Seek a Top Level Domain Name

  2. Federal funding may be encouraging a move toward EHR, but there’s more to it than just installing systems. How can healthcare data pooling lead to a better system? More at

  3. Brian Ahier says:

    I agree that an illusion which provides any seeming assurance about the eligibility of a domain-name holder to anything in the syntax of the domain name could create the perception of security where none exists. This seems to me to be the serious argument against using this method but possibly there are means to mitigate the problem.
    As far as a TLD specific to the US, we have .gov – but this is a gTLD not a ccTLD. Two letter domains are established for countries or territories or their internationalized domain names, so I guess the thought of using .hc would not fit under the current structure. There would however be nothing stopping a three or more character TLD to be used specifically for healthcare in the United States.
    I am enjoying this discussion and think that whichever way this all shapes up, the Health Internet is going to be a good thing 🙂

Comments are closed

Comments or opinions expressed on this blog are those of the individual contributors only, and do not necessarily represent the views of Gartner, Inc. or its management. Readers may copy and redistribute blog postings on other blogs, or otherwise for private, non-commercial or journalistic purposes, with attribution to Gartner. This content may not be used for any other purposes in any other formats or media. The content on this blog is provided on an "as-is" basis. Gartner shall not be liable for any damages whatsoever arising out of the content or use of this blog.