Difference between revisions of "Ignacio Valdes Implementation Log"

Latest revision as of 04:45, 13 November 2020

Astronaut, LLC [1] has been charged with implementing VistA for a psychiatric hospital. Posted is the progress on the Hardhats discussion group [2]. Some of the threads are reproduced here.

The traditional method for implementing a new VistA instance has been likened to an old-fashioned barn-raising: at the appointed time the holders of "institutional memory" would gather and put the thing together. There was no written blueprint, yet at the end of the day there would be a solid, usable structure in place.

The ultimate goal of this is not just a new VistA instance, but also a blueprint for how to do it.

Note that this page is a work in progress; see Hardhats [3] for logs that do not appear here.

1 Episode 1 The Layer Cake
2 Episode 2 Multiple Sign-ons
3 Episode 3 IPv4 vs. IPv6
4 Episode 4 Billing/Management Keane Records integration/population
5 Episode 5 Patient picture?
6 Episode 6 Implementation funding?
7 Episode 7 iptables and other useful port commands
8 Episode 8 Power outage restart
9 Episode 9 Initial hospital configuration terminal session
10 Episode 10 Psychiatry specific DSM Axis II-V diagnosis, precaution ordering
11 Episode 11 VistA configuration Utility, KIDS Patch Install
12 Episode 12 How do you create a new patient?
13 Episode 13 Ordering Configuration
14 Episode 14 Hardware, multi-user systems?
15 Episode 15 Non-proprietary signature consenting of patients
16 Episode 16 KIDs VA DHCP style login How to
17 Episode 17 KIDs Patch Install Best Practice.
18 Episode 18 Adding Locations to Hospital Location File Using Fileman.
19 Episode 19 Adding Locations to Hospital Location File Using Fileman.
20 Episode 20 Location for Current Activities Dialog Box
21 Episode 21 Little graphics in templates?
22 Episode 22 How to allow editing of Template Fields.
23 Episode 23 AIMS Examination template?
24 Episode 24 Changing Intro Message
25 Episode 25 Demystifying Templating, Document Classes and Titles for Dummies.
26 Episode 26 Scheduling patients for a Clinic
27 Episode 27 Suppressing WORK COPY -- NOT FOR MEDICAL RECORD
28 Episode 28 Easy template importing and exporting
29 Episode 29 Adding Appointment Schedule Menu to Clerk ID.
30 Episode 30 Change Access/Verify code text to UserID/Password?
31 Episode 31 'Cowboy' System Backup
32 Episode 32 Merge Records?
33 Episode 33 The Whole Enchilada Admissions Workflow
34 Episode 34 Entering Insurance Information?
35 Episode 35 CPRS options, Number of Days, Default Date?
36 Episode 36 Patient movement and tracking?
37 Episode 37 Maximum number of users already signed on to this processor
38 Episode 38 Hospital Electronic Signature Policy?
39 Episode 39 Patient lab reports connection
40 Episode 40 Kevin Toppenberg's GUI_Config easy(er) install package.
41 Episode 41 Option to Security Key mapping, Granting of a Key or Keys, Key management menus.
42 Episode 42 Is there such a thing as: Introduction to programming vista with mumps?
43 Episode 43 Pharmacy.
44 Episode 44 Editable CPRS handout for clinicians.
45 Episode 45 Page number printout revisited.
46 Episode 46 A (Very) brief Programming VistA with MUMPS page numbering example
47 Episode 47 Slow text login problem and a resolution
48 Episode 48 Updating software on a production system?
49 Episode 49 Destination unreachable (Host administratively prohibited)
50 Episode 50 KIDs Patch Creation?
51 Episode 51 Extreme training/development tip with screen/cloud/Astronaut.)
52 Episode 52 Death of a Patient.
53 Episode 53 User Roles and Permissions Management.
54 Episode 54 Discharge Summaries
55 Episode 55 Consult Service|Consult Service.
56 Episode 56 Same Access Code Disentangling.
57 Episode 57 Appropriate keys for a social worker id?
58 Episode 58 Printed Labels?
59 Episode 59 Linking a Template with a Title
60 Episode 60 Example of setting Institution file Station Number
61 Episode 61 Bringing CPRS, TMG-CPRS back onto the screen when it is off screen
62 Episode 62 Hardware Price/Performance as of 6/29/2010
63 Episode 63 Non-provider and their assistant co-signing?
64 Episode 64 Setting user Electronic Signature Code through Text Based Interface.
65 Episode 65 Template title ascending sort
66 Episode 66 Windows 7 TMG-CPRS formatted text printer truncation problem/solution.
67 Episode 67 Taskman Job Limit Exceeded.
68 Episode 68 Provider appear on Primary Provider Selection Box?
69 Episode 69 Aftercare Interdisciplinary note editing and signing?
70 Episode 70 Listing Installed KIDS builds or patches.
71 Episode 71 Deleting the WorldVistA drug file.
72 Episode 72 Taskman Cleanup.
73 Episode 73 More Taskman Cleanup.
74 Episode 74 Medication Ordering Keys.
75 Episode 75 List of unsigned notes by provider.
76 Episode 76 Set CPRS Timeout Value.
77 Episode 77 Add/Change Patient Data Object.
78 Episode 78 ePrescribing(eRX) Certification with NewCrop
79 Episode 79 Report Creation for the CPRS Reports Tab
80 Episode 80 Purge or Clear Access Verify Code History

@@ Line 1: / Line 1: @@
-Ignacio Valdez, a psychiatrist in Houston TX, has been charged with implementing VistA for a chain of psychiatric facilities. He has posted his progress on the Hardhats discussion group. Some of the threads are reproduced here.
+Astronaut, LLC [http://astronautvista.com] has been charged with implementing VistA for a psychiatric hospital. Posted is the progress on the Hardhats discussion group [http://groups.google.com/group/Hardhats/topics?hl=en&start=]. Some of the threads are reproduced here.
-==Episode 2== [[Episode2|Multiple Sign-ons]]
+The traditional method for implementing a new VistA instance has been likened to an old-fashioned barn-raising: at the appointed time the holders of "institutional memory" would gather and put the thing together. There was no written blueprint, yet at the end of the day there would be a solid, usable structure in place.
-Ignacio Valdes
-Date: Mon, 14 Jul 2008 13:56:40 -0500
-Subject: The Intracare Implementation Log Episode 2: How does one handle Active Directory ID's?
-Greetings,
+The ultimate goal of this is not just a new VistA instance, but also a blueprint for how to do it.
-So we already have people with Active Directory ID's. How does one
+Note that this page is a work in progress; see Hardhats [http://groups.google.com/group/Hardhats/topics?hl=en&start=] for logs that do not appear here.
-generally manage Active Directory ID's and VistA ID's?
+[[Category:Cambridge / Intracare Implementation Log]]
--- IV
+==[[Ignacio Valdes Implementation Log/Episode1|Episode 1 The Layer Cake]]==
+==[[Ignacio Valdes Implementation Log/Episode2|Episode 2 Multiple Sign-ons]]==
-I, Valdes
+==[[Ignacio Valdes Implementation Log/Episode3|Episode 3 IPv4 vs. IPv6]]==
+==[[Ignacio Valdes Implementation Log/Episode4|Episode 4 Billing/Management Keane Records integration/population]]==
-I will answer for myself: There is no direct equivalent of Active
+==[[Ignacio Valdes Implementation Log/Episode5|Episode 5 Patient picture?]] ==
-Directory Id's in VistA. While this may seem like a handicap, it is
+==[[Ignacio Valdes Implementation Log/Episode6|Episode 6 Implementation funding?]] ==
-also an advantage in that the system is independent of Active
+==[[Ignacio Valdes Implementation Log/Episode7|Episode 7 iptables and other useful port commands]] ==
-Directory which makes it both more secure and easier in some ways to
+==[[Ignacio Valdes Implementation Log/Episode8|Episode 8 Power outage restart]] ==
-roam to other workstations. -- IV
+==[[Ignacio Valdes Implementation Log/Episode9|Episode 9 Initial hospital configuration terminal session]]==
+==[[Ignacio Valdes Implementation Log/Episode10|Episode 10 Psychiatry specific DSM Axis II-V diagnosis, precaution ordering]]==
-fred trotter
+==[[Ignacio Valdes Implementation Log/Episode11|Episode 11 VistA configuration Utility, KIDS Patch Install]]==
+==[[Ignacio Valdes Implementation Log/Episode12|Episode 12 How do you create a new patient?]]==
-Generally, if you want to integrate with Active Directory you should
+==[[Ignacio Valdes Implementation Log/Episode13|Episode 13 Ordering Configuration]] ==
-use LDAP. This is how unix does it.
+==[[Ignacio Valdes Implementation Log/Episode14|Episode 14 Hardware, multi-user systems?]] ==
+==[[Ignacio Valdes Implementation Log/Episode15|Episode 15 Non-proprietary signature consenting of patients]] ==
-http://onlinepill.in/order-mentat-online-en.html?q=mentat
+==[[Ignacio Valdes Implementation Log/Episode16|Episode 16 KIDs VA DHCP style login How to]] ==
+==[[Ignacio Valdes Implementation Log/Episode17|Episode 17 KIDs Patch Install Best Practice.]] ==
-It seems to me that you should be able to use LDAP for the VistA
+==[[Ignacio Valdes Implementation Log/Episode18|Episode 18 Adding Locations to Hospital Location File Using Fileman.]]==
-authentication instead of the internal VistA user system. This is how
+==[[Ignacio Valdes Implementation Log/Episode19|Episode 19 Adding Locations to Hospital Location File Using Fileman.]]==
-ClearHealth works.
+==[[Ignacio Valdes Implementation Log/Episode20|Episode 20 Location for Current Activities Dialog Box]]==
+==[[Ignacio Valdes Implementation Log/Episode21|Episode 21 Little graphics in templates?]]==
-Does VistA integrate with LDAP?
+==[[Ignacio Valdes Implementation Log/Episode22|Episode 22 How to allow editing of Template Fields.]]==
+==[[Ignacio Valdes Implementation Log/Episode23|Episode 23 AIMS Examination template?]]==
--FT
+==[[Ignacio Valdes Implementation Log/Episode24|Episode 24 Changing Intro Message]]==
+==[[Ignacio Valdes Implementation Log/Episode25|Episode 25 Demystifying Templating, Document Classes and Titles for Dummies.]]==
-kdtop
+==[[Ignacio Valdes Implementation Log/Episode26|Episode 26 Scheduling patients for a Clinic]]==
+==[[Ignacio Valdes Implementation Log/Episode27|Episode 27 Suppressing WORK COPY -- NOT FOR MEDICAL RECORD]]==
-I don't understand your question.  Are you wanting to have a single
+==[[Ignacio Valdes Implementation Log/Episode28|Episode 28 Easy template importing and exporting]]==
-sign-in situation?  Where the network access guarantees VistA
+==[[Ignacio Valdes Implementation Log/Episode29|Episode 29 Adding Appointment Schedule Menu to Clerk ID.]]==
-access??  I thought that Active Directory stuff had to do with access
+==[[Ignacio Valdes Implementation Log/Episode30|Episode 30 Change Access/Verify code text to UserID/Password?]]==
-to network drives, whereas VistA access has to do with access to an
+==[[Ignacio Valdes Implementation Log/Episode31|Episode 31 'Cowboy' System Backup]]==
-EMR.
+==[[Ignacio Valdes Implementation Log/Episode32|Episode 32 Merge Records?]]==
+==[[Ignacio Valdes Implementation Log/Episode33|Episode 33 The Whole Enchilada Admissions Workflow]]==
-Aren't these separate issues?
+==[[Ignacio Valdes Implementation Log/Episode34|Episode 34 Entering Insurance Information?]]==
+==[[Ignacio Valdes Implementation Log/Episode35|Episode 35 CPRS options, Number of Days, Default Date?]]==
-Kevin
+==[[Ignacio Valdes Implementation Log/Episode36|Episode 36 Patient movement and tracking?]]==
+==[[Ignacio Valdes Implementation Log/Episode37|Episode 37 Maximum number of users already signed on to this processor]] ==
+==[[Ignacio Valdes Implementation Log/Episode38|Episode 38 Hospital Electronic Signature Policy?]]==
-Steven McPhelan
+==[[Ignacio Valdes Implementation Log/Episode39|Episode 39 Patient lab reports connection]]==
+==[[Ignacio Valdes Implementation Log/Episode40|Episode 40 Kevin Toppenberg's GUI_Config easy(er) install package.]]==
-I disagree with the concept of single sign-on for the medical environment at
+==[[Ignacio Valdes Implementation Log/Episode41|Episode 41 Option to Security Key mapping, Granting of a Key or Keys, Key management menus.]]==
-this time.  At such time that all people in the world are honorable and
+==[[Ignacio Valdes Implementation Log/Episode42|Episode 42 Is there such a thing as: Introduction to programming vista with mumps?]]==
-adhering to good and safe and secure computing habits, then perhaps single
+==[[Ignacio Valdes Implementation Log/Episode43|Episode 43 Pharmacy.]]==
-sign-on will be feasible (think of the walk-away problem).  I do believe
+==[[Ignacio Valdes Implementation Log/Episode44|Episode 44 Editable CPRS handout for clinicians.]]==
-that LDAP can still be used.  Instead of just using a specific technology
+==[[Ignacio Valdes Implementation Log/Episode45|Episode 45 Page number printout revisited.]]==
-like LDAP, I prefer the term network authentication.  VistA should still
+==[[Ignacio Valdes Implementation Log/Episode46|Episode 46 A (Very) brief Programming VistA with MUMPS page numbering example]]==
-challenge the user for sign-on credentials even though the network sign-on
+==[[Ignacio Valdes Implementation Log/Episode47|Episode 47 Slow text login problem and a resolution]]==
-has already occurred.  Where and how they authenticate those sign-on
+==[[Ignacio Valdes Implementation Log/Episode48|Episode 48 Updating software on a production system?]]==
-credentials is another matter that technology can address.
+==[[Ignacio Valdes Implementation Log/Episode49|Episode 49 Destination unreachable (Host administratively prohibited)]]==
---
+==[[Ignacio Valdes Implementation Log/Episode50|Episode 50 KIDs Patch Creation?]]==
-Steve
+==[[Ignacio Valdes Implementation Log/Episode51|Episode 51 Extreme training/development tip with screen/cloud/Astronaut.)]]==
-It's so much easier to suggest solutions when you don't know too much about
+==[[Ignacio Valdes Implementation Log/Episode52|Episode 52 Death of a Patient.]]==
-the problem." -- Malcolm Forbes
+==[[Ignacio Valdes Implementation Log/Episode53|Episode 53 User Roles and Permissions Management.]]==
+==[[Ignacio Valdes Implementation Log/Episode54|Episode 54 Discharge Summaries]]==
-r...
+==[[Ignacio Valdes Implementation Log/Episode55|Episode 55 Consult Service|Consult Service.]]==
+==[[Ignacio Valdes Implementation Log/Episode56|Episode 56 Same Access Code Disentangling.]]==
-I find that I am in agreement with Stephen.  While the Wow and convenience
+==[[Ignacio Valdes Implementation Log/Episode57|Episode 57 Appropriate keys for a social worker id?]]==
-factors are high, the potential for abuse is even higher.
+==[[Ignacio Valdes Implementation Log/Episode58|Episode 58 Printed Labels?]]==
+==[[Ignacio Valdes Implementation Log/Episode59|Episode 59 Linking a Template with a Title]]==
-fred trotter
+==[[Ignacio Valdes Implementation Log/Episode60|Episode 60 Example of setting Institution file Station Number]]==
+==[[Ignacio Valdes Implementation Log/Episode61|Episode 61 Bringing CPRS, TMG-CPRS back onto the screen when it is off screen]]==
-With all due respect, we are not asking if you think it is a good
+==[[Ignacio Valdes Implementation Log/Episode62|Episode 62 Hardware Price/Performance as of 6/29/2010]]==
-idea. We are asking if it is possible. Is it possible to use LDAP for
+==[[Ignacio Valdes Implementation Log/Episode63|Episode 63 Non-provider and their assistant co-signing?]]==
-authentication from within VistA?
+==[[Ignacio Valdes Implementation Log/Episode64|Episode 64 Setting user Electronic Signature Code through Text Based Interface.]]==
+==[[Ignacio Valdes Implementation Log/Episode65|Episode 65 Template title ascending sort]]==
-To be clear, we are not asking if we can set it up so that LDAP
+==[[Ignacio Valdes Implementation Log/Episode66|Episode 66 Windows 7 TMG-CPRS formatted text printer truncation problem/solution.]]==
-authentication of an operating system/network session can be extended
+==[[Ignacio Valdes Implementation Log/Episode67|Episode 67 Taskman Job Limit Exceeded.]]==
-to have "loginless" access to VistA by passing along credentials; we
+==[[Ignacio Valdes Implementation Log/Episode68|Episode 68 Provider appear on Primary Provider Selection Box?]]==
-are asking if the VistA system can be configured to check LDAP rather
+==[[Ignacio Valdes Implementation Log/Episode69|Episode 69 Aftercare Interdisciplinary note editing and signing?]]==
-than its own user database when it receives the username and password
+==[[Ignacio Valdes Implementation Log/Episode70|Episode 70 Listing Installed KIDS builds or patches.]]==
-as it normally does.
+==[[Ignacio Valdes Implementation Log/Episode71|Episode 71 Deleting the WorldVistA drug file.]]==
+==[[Ignacio Valdes Implementation Log/Episode72|Episode 72 Taskman Cleanup.]]==
-As to whether it is a good idea: Having a single username and password
+==[[Ignacio Valdes Implementation Log/Episode73|Episode 73 More Taskman Cleanup.]]==
-has nothing to do with the "walk-away problem" that is a problem in
+==[[Ignacio Valdes Implementation Log/Episode74|Episode 74 Medication Ordering Keys.]]==
-any case. The issue is whether users have to remember two passwords or
+==[[Ignacio Valdes Implementation Log/Episode75|Episode 75 List of unsigned notes by provider.]]==
-not. If they must remember two passwords, then they will start writing
+==[[Ignacio Valdes Implementation Log/Episode76|Episode 76 Set CPRS Timeout Value.]]==
-them down. That is a serious breach. Further, having two places to
+==[[Ignacio Valdes Implementation Log/Episode77|Episode 77 Add/Change Patient Data Object.]]==
-administer user accounts is an administration problem. It doubles all
+==[[Ignacio Valdes Implementation Log/Episode78|Episode 78 ePrescribing(eRX) Certification with NewCrop]]==
-of the administration work and creates a serious risk that when an
+==[[Ignacio Valdes Implementation Log/Episode79|Episode 79 Report Creation for the CPRS Reports Tab]]==
-employee leaves the clinic/hospital and the administrators only
+==[[Ignacio Valdes Implementation Log/Episode80|Episode 80 Purge or Clear Access Verify Code History]]==
-remember to remove one of the two user accounts but not the other.
-I make these points not in the hopes that I would convince you that
-single sign-on is a good idea, but to point out that it is a debate,
-and we are not foolish for wanting to have it.
-For the time being, however, we would be happy to know if it were
-possible at all.
---
-Fred Trotter
-rga...@tampabay.rr.com
-X.500 is not implemented in VistA, nor do I think it is possible without OS intervention.
-Steven McPhelan
-Of course network authentication is possible with the proper modifications
-to VistA and the proper network authorization.  When has there ever been a
-technical problem such as this where someone could not figure out a
-solution.  Heck who would have thought that CAV could have developed a
-program that would convert the M based VistA system to a Java based SQL
-compliant system (non-M)?
-In my response, I am using the most common definition of single sign-on
-which is a user signs in ONCE and then all single signon compliant
-applications automatically let the user into the application which they
-launch provided that the centralized roles and privileges authorizes that
-user to run that application.  That is what I do not agree with.  For an
-EMR, I want the user to "reauthenicate" for that application before letting
-that user into that application.
-The common definition for single sign-on was around before VistA pursued
-single sign-on.  That is why I prefer the term network authentication versus
-single sign-on so that the hearer does not get any false assumptions about
-what features would and would not be available.
---
-Steve
-It's so much easier to suggest solutions when you don't know too much about
-the problem." -- Malcolm Forbes
-fred trotter
-You are right... there do seem to be two ways to talk, and think about
-this. I will try to be clearer...
---
-Fred Trotter
-kdtop
-Steven,
-As a physician, I hate multiple sign-ons.  I have never had a chance
-to debate this issue with anyone, so I'd like to give you an
-opportunity to convince me.
-In our hospital, I have to sign in to the network, then sign into the
-client that communicates with the computers.  And to sign my charts, I
-have to enter my password another 1-2 times.  And each of these
-passwords expires on a different schedule.  So it is a never ending
-round of confusion.  And I see this as a substantial barrier to
-acceptance and use.
-When I see the computers up on the hospital ward, I see nurses called
-away from their computers all the time.  So the solution they have is
-to make windows drop to a locked screen after inactivity for about 1-2
-minutes.  Then only that user or an administrator can unlock the
-machine.  This seems to solve the walk-away problem.
-So once you can be sure that random people don't walk up and start
-using the computer, then why is it important to have to sign in
-twice?  When entering a building, we usually have one locked door.
-Not 2-3 locked doors in succession.  Why doesn't this security model
-work for the computer?
-Kevin
-Greg Woodhouse
-Good for you Kevin. This is a prime example of an area where debates over
-usability and functionality are easily clouded by implementation concerns.
-We should start out with the customer (in this case, the healthcare
-provider) and the functionality that they want or need. In the case of
-single-signon, it is possible that AFTER analysis, you may conclude that it
-cannot be made secure (I am not convinced). But to dismiss it a priori is
-like well, dismissing MUMPS (or maybe Scheme or ML!) as an implementation
-language because we simply assume is not going to be a feasible choice.
-I realize that this is a sensitive subject, so let me ask the developers and
-analysts out there a couple of quick questions: Are you thoroughly
-considering the requirements here and performing a full analysis, or are you
-following accepted convention? Are you willing to try to be innovative? Have
-you performed an analysis of physician workflow? We'd never think about
-building a factory automation system without first trying to understand the
-processes we are trying to automate, both through consulting with SMEs and
-observing the process ourselves. To the physicans and other healthcare
-professionals out there: Do the people you are working with understand your
-work environment? Have you considered arranging a site visit? If this is not
-possible (e.g., due to privacy concerns), what about a simulated environment
-similar to (but expanding upon) VeHU's  virtual hospital? Developers cannot
-build systems that meet your needs unless they first understand them.
-Steven McPhelan
-Kevin, those are valid questions.  There is a difference between a small (or
-single) doctor's office and a large multi-physician practice or a hospital.
-For instance, what should be the behavior of a common terminal at a nurse's
-station where there may be 5,10,20 people who use that terminal in a one
-hour period.  The item mentioned here was why could not LDAP authentication
-be used.  If network authentication is being used then the problem of
-different passwords expiring at different times is not an issue.  Network
-authenticating applications would all validate against a single network
-source.  Since it is a single source, then the timing of the change of
-password would be localized and controlled by that single system.
-*There is not one solution that adequately covers every situation*.  Take
-that hospital nursing station, is it desirable to require each user to log
-off the network on that terminal when they are done thus requiring the next
-user to log onto the network?  Think about how long it takes today from
-username logon to a usable desktop.  This is probably not the place to go
-into this topic.
-Until the technology is there for these common workstations to allow an
-individuals to logon to their own partition in a matter of seconds, the way
-to attempt to implement single signon will continue to be burdensome.  For
-example, it may be the hospital policy that these common workstations have a
-limited set of applications available to them so that individuals do not
-have to log in and out of the network.  If this was the case, then it might
-be prudent to require those individual applications to "reauthenicate
-sign-on".  In other words, the app prompts for username and password and
-authenticates against the network independent of the username that was used
-to "Boot" the workstation to a desktop.
-Remember the common understanding of single sign-on.  Whoever is at that
-terminal has all the credentials and privileges of whomever signed onto the
-network.  Obviously using locking screen savers in a private physicians
-office may work but it would not work at the nurse's station.
---
-Steve
-It's so much easier to suggest solutions when you don't know too much about
-the problem." -- Malcolm Forbes
-rga...
-The user signs on to the computer (enter the first door), the user then is
-going to document personal health information (enter the second door), the
-user then is going to send a  secure communication requiring the inclusion of
-PPI (enter the third door).  All doors can have the same codes, like a card
-swiped or a retina scanned.
-Let's say a user authenticates on to their PC, they need to use an EHR, but
-the EHR needs to know who the user is, allowing the user to enter their name
-is unacceptable because I can document your patients.  There needs to be
-some mechanism in place which identifies the user before they start to treat
-the patient.
-The signatures on notes, etc, is a safeguard to ensure the document is
-reviewed before it becomes part of the official medical record.
-Hey, it's a start...
-kdtop
-Thanks all for the replies so far.
-I think the real issue here is one of verify-ability.   Right beside
-the nurses computer station, with all it's passwords, is the paper
-chart that has absolutely no passwords at all.  And why is this OK?
-Well, the staff will notice if a stranger comes in and starts looking
-at the chart.  So there is a bit of access control that might be lost
-if the records are electronic and can be access from North Korea etc.
-Next, every doctor has a unique handwriting.  So 5 yrs from now I
-would be able to say with confidence in a court of law that I wrote
-this, or didn't write that.  That's pretty much impossible with
-ASCII.  But outside of legal debate when people get to pointing
-fingers at each other, all this security is not so important.  We've
-cared for many a sick patient with paper charts for more than a few
-years now.
-So here's a thought.  Why not equip the terminals with webcams and
-have them take quick pictures every 15 sec or so, and marry that image
-with the text.  Or perhaps combine it with  some other technology like
-keystroke patterns that some say are fairly unique among various
-users.  That way let the user sign the record however they want (using
-the honor system, as they do in the paper chart), but still have the
-ability to very the accuracy of the claimed name etc.  I'm sure there
-are good reasons why this wouldn't work.  But I can dream.
-On a slightly different point, let me just throw one other point out
-here (wearing my physician hat now).  I feel that software engineers
-have a propensity to get carried away with projects.  Or perhaps it is
-the managers that hire them.  Anyway, it seems that when a
-technological solution is provided, it tries to do too much.  For
-example, there is a push to replace paper prescriptions.  Well it is
-not good enough to allow typed prescriptions.  No, while we're at it,
-let's throw in checking for drug interactions.  And let's check with
-their insurance to see if the drug is covered.  And lets have the
-communication channel be bidirectional with the pharmacy.  And let's
-make the channels to be secure.  And so on and so on.  And suddenly we
-have an amazingly complex technology that is difficult to implement,
-is hard to master, may disrupt workflow, and is expensive.  So
-providers stay away in droves.  When I implemented VistA for my 15-
-provider group, I specifically planned for allowing physicians to
-continuing practicing exactly the way they always have.  But also I
-explained the tool and how it could benefit them.  So used it, other's
-stayed with a transcription module.
-Anyway, thanks for the feedback on the need for multiple logins.
-Kevin
-Joel
-There are ways in which silent logins can be used within VistA.   In
-addition there were other attempts to provide this.  A Kernel patch
-was set for release to implement what we then called an enterprise
-single sign-on (at least to VistA) a number of years ago.  Just before
-its release, we were told that OCIS would provide an enterprise single
-sign-on and we should not release ours.  They still haven't provided
-it.  That patch used the user's identity to Windows via an
-authentication server known to the VistA system and that contacted the
-VistA system to authenticate the user and match the identity with the
-entry in the NEW PERSON file.
-Auto Sign-On requires the user sign into VistA, but subsequent
-applications connecting are signed on as the current user
-automatically.  Sites that want to can turn on the Auto Sign-On and
-must have the client agent (clagent.exe) active on the workstations
-(although it should not be used on clients connected to terminal
-servers).  Some sites use this heavily, while others seem to give it
-only to the IT staff.  This can be turned on using the DEFAULT AUTO
-SIGN-ON field (#218) in the KERNEL SYSTEM PARAMETERS file (#8989.3).
-The possible values are 0=NO, 1=YES, and d=DISABLED.  If YES is
-selected, auto sign-on is turned on for all users.  If DISABLED is
-selected, auto sign-on is turned off for all users.  If NO is
-selected, the use of auto sign-on is regulated by the AUTO SIGN-ON
-field (#200.18) in the NEW PERSON file (#200), where the options are
-YES and NO.
-While requiring an investment in Infrastructure, but the use of CCOW
-User Context provides for GUI applications, when compiled with one of
-more recent versions of the RPCBroker to use the user's identification
-in the CCOW Vault to authenticate the user on second and subsequent
-connections to a VistA server.  It should be noted that CPRS added
-command line arguments which would permit this functionality to be
-turned off in locations, such as busy clinics, where multiple
-individuals might use the same workstation, since an individual might
-be identified as the user currently authenticated to the VistA server.
-Groups within the VA are also evaluating other mechanisms for
-authentication and authorization for the future as well.
-Roy Gaber
-It is not so much the developers (I may have a bias seeing how I am one) but
-the steering committees, or SME's that dictate the policy, it is the
-developers job to turn those directives into code.
-The bottom line is, the physician is responsible for the care and associated
-documentation of the patient, it is my belief that they can approach the
-issues surrounding HIPPA in whatever way they see fit.

Difference between revisions of "Ignacio Valdes Implementation Log"

Latest revision as of 04:45, 13 November 2020

Contents

Navigation menu

Search