Difference between revisions of "Ignacio Valdes Implementation Log"

From VistApedia
Jump to: navigation, search
 
 
(167 intermediate revisions by 5 users not shown)
Line 1: Line 1:
Ignacio Valdez, a psychiatrist in Houston TX, has been charged with implementing VistA for a chain of psychiatric facilities. He has posted his progress on the Hardhats discussion group. Some of the threads are reproduced here.
+
Astronaut, LLC [http://astronautvista.com] has been charged with implementing VistA for a psychiatric hospital. Posted is the progress on the Hardhats discussion group [http://groups.google.com/group/Hardhats/topics?hl=en&start=]. Some of the threads are reproduced here.  
  
==Episode 2== [[Episode2|Multiple Sign-ons]]
+
The traditional method for implementing a new VistA instance has been likened to an old-fashioned barn-raising: at the appointed time the holders of "institutional memory" would gather and put the thing together. There was no written blueprint, yet at the end of the day there would be a solid, usable structure in place.
Ignacio Valdes 
 
 
Date: Mon, 14 Jul 2008 13:56:40 -0500
 
Subject: The Intracare Implementation Log Episode 2: How does one handle Active Directory ID's?
 
  
Greetings,
+
The ultimate goal of this is not just a new VistA instance, but also a blueprint for how to do it.
  
So we already have people with Active Directory ID's. How does one
+
Note that this page is a work in progress; see Hardhats [http://groups.google.com/group/Hardhats/topics?hl=en&start=] for logs that do not appear here.
generally manage Active Directory ID's and VistA ID's?
+
[[Category:Cambridge / Intracare Implementation Log]]
  
-- IV
+
==[[Ignacio Valdes Implementation Log/Episode1|Episode 1 The Layer Cake]]==
 
+
==[[Ignacio Valdes Implementation Log/Episode2|Episode 2 Multiple Sign-ons]]==
I, Valdes  
+
==[[Ignacio Valdes Implementation Log/Episode3|Episode 3 IPv4 vs. IPv6]]==
 
+
==[[Ignacio Valdes Implementation Log/Episode4|Episode 4 Billing/Management Keane Records integration/population]]==
I will answer for myself: There is no direct equivalent of Active
+
==[[Ignacio Valdes Implementation Log/Episode5|Episode 5 Patient picture?]] ==
Directory Id's in VistA. While this may seem like a handicap, it is
+
==[[Ignacio Valdes Implementation Log/Episode6|Episode 6 Implementation funding?]] ==
also an advantage in that the system is independent of Active
+
==[[Ignacio Valdes Implementation Log/Episode7|Episode 7 iptables and other useful port commands]] ==
Directory which makes it both more secure and easier in some ways to
+
==[[Ignacio Valdes Implementation Log/Episode8|Episode 8 Power outage restart]] ==
roam to other workstations. -- IV
+
==[[Ignacio Valdes Implementation Log/Episode9|Episode 9 Initial hospital configuration terminal session]]==
+
==[[Ignacio Valdes Implementation Log/Episode10|Episode 10 Psychiatry specific DSM Axis II-V diagnosis, precaution ordering]]==
fred trotter 
+
==[[Ignacio Valdes Implementation Log/Episode11|Episode 11 VistA configuration Utility, KIDS Patch Install]]==
 
+
==[[Ignacio Valdes Implementation Log/Episode12|Episode 12 How do you create a new patient?]]==
Generally, if you want to integrate with Active Directory you should
+
==[[Ignacio Valdes Implementation Log/Episode13|Episode 13 Ordering Configuration]] ==
use LDAP. This is how unix does it.
+
==[[Ignacio Valdes Implementation Log/Episode14|Episode 14 Hardware, multi-user systems?]] ==
 
+
==[[Ignacio Valdes Implementation Log/Episode15|Episode 15 Non-proprietary signature consenting of patients]] ==
http://en.wikipedia.org/wiki/Active_Directory#Integrating_Unix_into_A...
+
==[[Ignacio Valdes Implementation Log/Episode16|Episode 16 KIDs VA DHCP style login How to]] ==
 
+
==[[Ignacio Valdes Implementation Log/Episode17|Episode 17 KIDs Patch Install Best Practice.]] ==
It seems to me that you should be able to use LDAP for the VistA
+
==[[Ignacio Valdes Implementation Log/Episode18|Episode 18 Adding Locations to Hospital Location File Using Fileman.]]==
authentication instead of the internal VistA user system. This is how
+
==[[Ignacio Valdes Implementation Log/Episode19|Episode 19 Adding Locations to Hospital Location File Using Fileman.]]==
ClearHealth works.
+
==[[Ignacio Valdes Implementation Log/Episode20|Episode 20 Location for Current Activities Dialog Box]]==
 
+
==[[Ignacio Valdes Implementation Log/Episode21|Episode 21 Little graphics in templates?]]==
Does VistA integrate with LDAP?
+
==[[Ignacio Valdes Implementation Log/Episode22|Episode 22 How to allow editing of Template Fields.]]==
 
+
==[[Ignacio Valdes Implementation Log/Episode23|Episode 23 AIMS Examination template?]]==
-FT
+
==[[Ignacio Valdes Implementation Log/Episode24|Episode 24 Changing Intro Message]]==
 
+
==[[Ignacio Valdes Implementation Log/Episode25|Episode 25 Demystifying Templating, Document Classes and Titles for Dummies.]]==
kdtop
+
==[[Ignacio Valdes Implementation Log/Episode26|Episode 26 Scheduling patients for a Clinic]]==
 
+
==[[Ignacio Valdes Implementation Log/Episode27|Episode 27 Suppressing WORK COPY -- NOT FOR MEDICAL RECORD]]==
I don't understand your question.  Are you wanting to have a single
+
==[[Ignacio Valdes Implementation Log/Episode28|Episode 28 Easy template importing and exporting]]==
sign-in situation? Where the network access guarantees VistA
+
==[[Ignacio Valdes Implementation Log/Episode29|Episode 29 Adding Appointment Schedule Menu to Clerk ID.]]==
access??  I thought that Active Directory stuff had to do with access
+
==[[Ignacio Valdes Implementation Log/Episode30|Episode 30 Change Access/Verify code text to UserID/Password?]]==
to network drives, whereas VistA access has to do with access to an
+
==[[Ignacio Valdes Implementation Log/Episode31|Episode 31 'Cowboy' System Backup]]==
EMR.
+
==[[Ignacio Valdes Implementation Log/Episode32|Episode 32 Merge Records?]]==
 
+
==[[Ignacio Valdes Implementation Log/Episode33|Episode 33 The Whole Enchilada Admissions Workflow]]==
Aren't these separate issues?
+
==[[Ignacio Valdes Implementation Log/Episode34|Episode 34 Entering Insurance Information?]]==
 
+
==[[Ignacio Valdes Implementation Log/Episode35|Episode 35 CPRS options, Number of Days, Default Date?]]==
Kevin
+
==[[Ignacio Valdes Implementation Log/Episode36|Episode 36 Patient movement and tracking?]]==
 
+
==[[Ignacio Valdes Implementation Log/Episode37|Episode 37 Maximum number of users already signed on to this processor]] ==
+
==[[Ignacio Valdes Implementation Log/Episode38|Episode 38 Hospital Electronic Signature Policy?]]==
Steven McPhelan 
+
==[[Ignacio Valdes Implementation Log/Episode39|Episode 39 Patient lab reports connection]]==
 
+
==[[Ignacio Valdes Implementation Log/Episode40|Episode 40 Kevin Toppenberg's GUI_Config easy(er) install package.]]==
I disagree with the concept of single sign-on for the medical environment at
+
==[[Ignacio Valdes Implementation Log/Episode41|Episode 41 Option to Security Key mapping, Granting of a Key or Keys, Key management menus.]]==
this time.  At such time that all people in the world are honorable and
+
==[[Ignacio Valdes Implementation Log/Episode42|Episode 42 Is there such a thing as: Introduction to programming vista with mumps?]]==
adhering to good and safe and secure computing habits, then perhaps single
+
==[[Ignacio Valdes Implementation Log/Episode43|Episode 43 Pharmacy.]]==
sign-on will be feasible (think of the walk-away problem).  I do believe
+
==[[Ignacio Valdes Implementation Log/Episode44|Episode 44 Editable CPRS handout for clinicians.]]==
that LDAP can still be used.  Instead of just using a specific technology
+
==[[Ignacio Valdes Implementation Log/Episode45|Episode 45 Page number printout revisited.]]==
like LDAP, I prefer the term network authentication.  VistA should still
+
==[[Ignacio Valdes Implementation Log/Episode46|Episode 46 A (Very) brief Programming VistA with MUMPS page numbering example]]==
challenge the user for sign-on credentials even though the network sign-on
+
==[[Ignacio Valdes Implementation Log/Episode47|Episode 47 Slow text login problem and a resolution]]==
has already occurred.  Where and how they authenticate those sign-on
+
==[[Ignacio Valdes Implementation Log/Episode48|Episode 48 Updating software on a production system?]]==
credentials is another matter that technology can address.
+
==[[Ignacio Valdes Implementation Log/Episode49|Episode 49 Destination unreachable (Host administratively prohibited)]]==
--
+
==[[Ignacio Valdes Implementation Log/Episode50|Episode 50 KIDs Patch Creation?]]==
Steve
+
==[[Ignacio Valdes Implementation Log/Episode51|Episode 51 Extreme training/development tip with screen/cloud/Astronaut.)]]==
It's so much easier to suggest solutions when you don't know too much about
+
==[[Ignacio Valdes Implementation Log/Episode52|Episode 52 Death of a Patient.]]==
the problem." -- Malcolm Forbes
+
==[[Ignacio Valdes Implementation Log/Episode53|Episode 53 User Roles and Permissions Management.]]==
+
==[[Ignacio Valdes Implementation Log/Episode54|Episode 54 Discharge Summaries]]==
r...
+
==[[Ignacio Valdes Implementation Log/Episode55|Episode 55 Consult Service|Consult Service.]]==
 
+
==[[Ignacio Valdes Implementation Log/Episode56|Episode 56 Same Access Code Disentangling.]]==
I find that I am in agreement with Stephen.  While the Wow and convenience
+
==[[Ignacio Valdes Implementation Log/Episode57|Episode 57 Appropriate keys for a social worker id?]]==
factors are high, the potential for abuse is even higher.
+
==[[Ignacio Valdes Implementation Log/Episode58|Episode 58 Printed Labels?]]==
+
==[[Ignacio Valdes Implementation Log/Episode59|Episode 59 Linking a Template with a Title]]==
fred trotter 
+
==[[Ignacio Valdes Implementation Log/Episode60|Episode 60 Example of setting Institution file Station Number]]==
 
+
==[[Ignacio Valdes Implementation Log/Episode61|Episode 61 Bringing CPRS, TMG-CPRS back onto the screen when it is off screen]]==
With all due respect, we are not asking if you think it is a good
+
==[[Ignacio Valdes Implementation Log/Episode62|Episode 62 Hardware Price/Performance as of 6/29/2010]]==
idea. We are asking if it is possible. Is it possible to use LDAP for
+
==[[Ignacio Valdes Implementation Log/Episode63|Episode 63 Non-provider and their assistant co-signing?]]==
authentication from within VistA?
+
==[[Ignacio Valdes Implementation Log/Episode64|Episode 64 Setting user Electronic Signature Code through Text Based Interface.]]==
 
+
==[[Ignacio Valdes Implementation Log/Episode65|Episode 65 Template title ascending sort]]==
To be clear, we are not asking if we can set it up so that LDAP
+
==[[Ignacio Valdes Implementation Log/Episode66|Episode 66 Windows 7 TMG-CPRS formatted text printer truncation problem/solution.]]==
authentication of an operating system/network session can be extended
+
==[[Ignacio Valdes Implementation Log/Episode67|Episode 67 Taskman Job Limit Exceeded.]]==
to have "loginless" access to VistA by passing along credentials; we
+
==[[Ignacio Valdes Implementation Log/Episode68|Episode 68 Provider appear on Primary Provider Selection Box?]]==
are asking if the VistA system can be configured to check LDAP rather
+
==[[Ignacio Valdes Implementation Log/Episode69|Episode 69 Aftercare Interdisciplinary note editing and signing?]]==
than its own user database when it receives the username and password
+
==[[Ignacio Valdes Implementation Log/Episode70|Episode 70 Listing Installed KIDS builds or patches.]]==
as it normally does.
+
==[[Ignacio Valdes Implementation Log/Episode71|Episode 71 Deleting the WorldVistA drug file.]]==
 
+
==[[Ignacio Valdes Implementation Log/Episode72|Episode 72 Taskman Cleanup.]]==
As to whether it is a good idea: Having a single username and password
+
==[[Ignacio Valdes Implementation Log/Episode73|Episode 73 More Taskman Cleanup.]]==
has nothing to do with the "walk-away problem" that is a problem in
+
==[[Ignacio Valdes Implementation Log/Episode74|Episode 74 Medication Ordering Keys.]]==
any case. The issue is whether users have to remember two passwords or
+
==[[Ignacio Valdes Implementation Log/Episode75|Episode 75 List of unsigned notes by provider.]]==
not. If they must remember two passwords, then they will start writing
+
==[[Ignacio Valdes Implementation Log/Episode76|Episode 76 Set CPRS Timeout Value.]]==
them down. That is a serious breach. Further, having two places to
+
==[[Ignacio Valdes Implementation Log/Episode77|Episode 77 Add/Change Patient Data Object.]]==
administer user accounts is an administration problem. It doubles all
+
==[[Ignacio Valdes Implementation Log/Episode78|Episode 78 ePrescribing(eRX) Certification with NewCrop]]==
of the administration work and creates a serious risk that when an
+
==[[Ignacio Valdes Implementation Log/Episode79|Episode 79 Report Creation for the CPRS Reports Tab]]==
employee leaves the clinic/hospital and the administrators only
+
==[[Ignacio Valdes Implementation Log/Episode80|Episode 80 Purge or Clear Access Verify Code History]]==
remember to remove one of the two user accounts but not the other.
 
 
 
I make these points not in the hopes that I would convince you that
 
single sign-on is a good idea, but to point out that it is a debate,
 
and we are not foolish for wanting to have it.
 
 
 
For the time being, however, we would be happy to know if it were
 
possible at all.
 
--
 
Fred Trotter
 
 
rga...@tampabay.rr.com 
 
 
 
X.500 is not implemented in VistA, nor do I think it is possible without OS intervention.
 
 
 
Steven McPhelan 
 
 
 
Of course network authentication is possible with the proper modifications
 
to VistA and the proper network authorization. When has there ever been a
 
technical problem such as this where someone could not figure out a
 
solution.  Heck who would have thought that CAV could have developed a
 
program that would convert the M based VistA system to a Java based SQL
 
compliant system (non-M)?
 
 
 
In my response, I am using the most common definition of single sign-on
 
which is a user signs in ONCE and then all single signon compliant
 
applications automatically let the user into the application which they
 
launch provided that the centralized roles and privileges authorizes that
 
user to run that application.  That is what I do not agree with.  For an
 
EMR, I want the user to "reauthenicate" for that application before letting
 
that user into that application.
 
 
 
The common definition for single sign-on was around before VistA pursued
 
single sign-on.  That is why I prefer the term network authentication versus
 
single sign-on so that the hearer does not get any false assumptions about
 
what features would and would not be available.
 
 
 
--
 
Steve
 
It's so much easier to suggest solutions when you don't know too much about
 
the problem." -- Malcolm Forbes
 
 
fred trotter 
 
 
 
You are right... there do seem to be two ways to talk, and think about
 
this. I will try to be clearer...
 
 
 
--
 
Fred Trotter
 
 
kdtop
 
 
 
Steven,
 
 
 
As a physician, I hate multiple sign-ons.  I have never had a chance
 
to debate this issue with anyone, so I'd like to give you an
 
opportunity to convince me.
 
 
 
In our hospital, I have to sign in to the network, then sign into the
 
client that communicates with the computers.  And to sign my charts, I
 
have to enter my password another 1-2 times.  And each of these
 
passwords expires on a different schedule.  So it is a never ending
 
round of confusion.  And I see this as a substantial barrier to
 
acceptance and use.
 
 
 
When I see the computers up on the hospital ward, I see nurses called
 
away from their computers all the time.  So the solution they have is
 
to make windows drop to a locked screen after inactivity for about 1-2
 
minutes.  Then only that user or an administrator can unlock the
 
machine.  This seems to solve the walk-away problem.
 
 
 
So once you can be sure that random people don't walk up and start
 
using the computer, then why is it important to have to sign in
 
twice? When entering a building, we usually have one locked door.
 
Not 2-3 locked doors in succession.  Why doesn't this security model
 
work for the computer?
 
 
 
Kevin
 
 
Greg Woodhouse 
 
 
 
Good for you Kevin. This is a prime example of an area where debates over
 
usability and functionality are easily clouded by implementation concerns.
 
We should start out with the customer (in this case, the healthcare
 
provider) and the functionality that they want or need. In the case of
 
single-signon, it is possible that AFTER analysis, you may conclude that it
 
cannot be made secure (I am not convinced). But to dismiss it a priori is
 
like well, dismissing MUMPS (or maybe Scheme or ML!) as an implementation
 
language because we simply assume is not going to be a feasible choice.
 
 
 
I realize that this is a sensitive subject, so let me ask the developers and
 
analysts out there a couple of quick questions: Are you thoroughly
 
considering the requirements here and performing a full analysis, or are you
 
following accepted convention? Are you willing to try to be innovative? Have
 
you performed an analysis of physician workflow? We'd never think about
 
building a factory automation system without first trying to understand the
 
processes we are trying to automate, both through consulting with SMEs and
 
observing the process ourselves. To the physicans and other healthcare
 
professionals out there: Do the people you are working with understand your
 
work environment? Have you considered arranging a site visit? If this is not
 
possible (e.g., due to privacy concerns), what about a simulated environment
 
similar to (but expanding upon) VeHU's virtual hospital? Developers cannot
 
build systems that meet your needs unless they first understand them.
 
 
Steven McPhelan 
 
 
 
Kevin, those are valid questions.  There is a difference between a small (or
 
single) doctor's office and a large multi-physician practice or a hospital.
 
For instance, what should be the behavior of a common terminal at a nurse's
 
station where there may be 5,10,20 people who use that terminal in a one
 
hour period. The item mentioned here was why could not LDAP authentication
 
be used.  If network authentication is being used then the problem of
 
different passwords expiring at different times is not an issue.  Network
 
authenticating applications would all validate against a single network
 
source.  Since it is a single source, then the timing of the change of
 
password would be localized and controlled by that single system.
 
 
 
*There is not one solution that adequately covers every situation*.  Take
 
that hospital nursing station, is it desirable to require each user to log
 
off the network on that terminal when they are done thus requiring the next
 
user to log onto the network? Think about how long it takes today from
 
username logon to a usable desktop. This is probably not the place to go
 
into this topic.
 
 
 
Until the technology is there for these common workstations to allow an
 
individuals to logon to their own partition in a matter of seconds, the way
 
to attempt to implement single signon will continue to be burdensome. For
 
example, it may be the hospital policy that these common workstations have a
 
limited set of applications available to them so that individuals do not
 
have to log in and out of the network.  If this was the case, then it might
 
be prudent to require those individual applications to "reauthenicate
 
sign-on".  In other words, the app prompts for username and password and
 
authenticates against the network independent of the username that was used
 
to "Boot" the workstation to a desktop.
 
 
 
Remember the common understanding of single sign-on.  Whoever is at that
 
terminal has all the credentials and privileges of whomever signed onto the
 
network.  Obviously using locking screen savers in a private physicians
 
office may work but it would not work at the nurse's station.
 
 
 
--
 
Steve
 
It's so much easier to suggest solutions when you don't know too much about
 
the problem." -- Malcolm Forbes
 
 
rga...
 
 
 
The user signs on to the computer (enter the first door), the user then is
 
going to document personal health information (enter the second door), the
 
user then is going to send a  secure communication requiring the inclusion of
 
PPI (enter the third door).  All doors can have the same codes, like a card
 
swiped or a retina scanned.
 
 
 
Let's say a user authenticates on to their PC, they need to use an EHR, but
 
the EHR needs to know who the user is, allowing the user to enter their name
 
is unacceptable because I can document your patients.  There needs to be
 
some mechanism in place which identifies the user before they start to treat
 
the patient.
 
 
 
The signatures on notes, etc, is a safeguard to ensure the document is
 
reviewed before it becomes part of the official medical record.
 
 
 
Hey, it's a start...
 
 
 
 
kdtop
 
 
 
Thanks all for the replies so far.
 
 
 
I think the real issue here is one of verify-ability.  Right beside
 
the nurses computer station, with all it's passwords, is the paper
 
chart that has absolutely no passwords at all.  And why is this OK?
 
Well, the staff will notice if a stranger comes in and starts looking
 
at the chart. So there is a bit of access control that might be lost
 
if the records are electronic and can be access from North Korea etc.
 
Next, every doctor has a unique handwriting. So 5 yrs from now I
 
would be able to say with confidence in a court of law that I wrote
 
this, or didn't write that. That's pretty much impossible with
 
ASCII.  But outside of legal debate when people get to pointing
 
fingers at each other, all this security is not so important.  We've
 
cared for many a sick patient with paper charts for more than a few
 
years now.
 
 
 
So here's a thought.  Why not equip the terminals with webcams and
 
have them take quick pictures every 15 sec or so, and marry that image
 
with the text.  Or perhaps combine it with  some other technology like
 
keystroke patterns that some say are fairly unique among various
 
users.  That way let the user sign the record however they want (using
 
the honor system, as they do in the paper chart), but still have the
 
ability to very the accuracy of the claimed name etc.  I'm sure there
 
are good reasons why this wouldn't work.  But I can dream.
 
 
 
On a slightly different point, let me just throw one other point out
 
here (wearing my physician hat now).  I feel that software engineers
 
have a propensity to get carried away with projects.  Or perhaps it is
 
the managers that hire them.  Anyway, it seems that when a
 
technological solution is provided, it tries to do too much.  For
 
example, there is a push to replace paper prescriptions.  Well it is
 
not good enough to allow typed prescriptions.  No, while we're at it,
 
let's throw in checking for drug interactions.  And let's check with
 
their insurance to see if the drug is covered.  And lets have the
 
communication channel be bidirectional with the pharmacy.  And let's
 
make the channels to be secure.  And so on and so on.  And suddenly we
 
have an amazingly complex technology that is difficult to implement,
 
is hard to master, may disrupt workflow, and is expensive.  So
 
providers stay away in droves.  When I implemented VistA for my 15-
 
provider group, I specifically planned for allowing physicians to
 
continuing practicing exactly the way they always have.  But also I
 
explained the tool and how it could benefit them.  So used it, other's
 
stayed with a transcription module.
 
 
 
Anyway, thanks for the feedback on the need for multiple logins.
 
 
 
Kevin
 
 
Joel 
 
 
 
There are ways in which silent logins can be used within VistA.  In
 
addition there were other attempts to provide this.  A Kernel patch
 
was set for release to implement what we then called an enterprise
 
single sign-on (at least to VistA) a number of years ago.  Just before
 
its release, we were told that OCIS would provide an enterprise single
 
sign-on and we should not release ours.  They still haven't provided
 
it.  That patch used the user's identity to Windows via an
 
authentication server known to the VistA system and that contacted the
 
VistA system to authenticate the user and match the identity with the
 
entry in the NEW PERSON file.
 
 
 
Auto Sign-On requires the user sign into VistA, but subsequent
 
applications connecting are signed on as the current user
 
automatically. Sites that want to can turn on the Auto Sign-On and
 
must have the client agent (clagent.exe) active on the workstations
 
(although it should not be used on clients connected to terminal
 
servers).  Some sites use this heavily, while others seem to give it
 
only to the IT staff. This can be turned on using the DEFAULT AUTO
 
SIGN-ON field (#218) in the KERNEL SYSTEM PARAMETERS file (#8989.3).
 
The possible values are 0=NO, 1=YES, and d=DISABLED.  If YES is
 
selected, auto sign-on is turned on for all users. If DISABLED is
 
selected, auto sign-on is turned off for all users. If NO is
 
selected, the use of auto sign-on is regulated by the AUTO SIGN-ON
 
field (#200.18) in the NEW PERSON file (#200), where the options are
 
YES and NO.
 
 
 
While requiring an investment in Infrastructure, but the use of CCOW
 
User Context provides for GUI applications, when compiled with one of
 
more recent versions of the RPCBroker to use the user's identification
 
in the CCOW Vault to authenticate the user on second and subsequent
 
connections to a VistA server.  It should be noted that CPRS added
 
command line arguments which would permit this functionality to be
 
turned off in locations, such as busy clinics, where multiple
 
individuals might use the same workstation, since an individual might
 
be identified as the user currently authenticated to the VistA server.
 
 
 
Groups within the VA are also evaluating other mechanisms for
 
authentication and authorization for the future as well.
 
 
Roy Gaber 
 
 
 
It is not so much the developers (I may have a bias seeing how I am one) but
 
the steering committees, or SME's that dictate the policy, it is the
 
developers job to turn those directives into code.
 
 
 
The bottom line is, the physician is responsible for the care and associated
 
documentation of the patient, it is my belief that they can approach the
 
issues surrounding HIPPA in whatever way they see fit.
 

Latest revision as of 04:45, 13 November 2020

Astronaut, LLC [1] has been charged with implementing VistA for a psychiatric hospital. Posted is the progress on the Hardhats discussion group [2]. Some of the threads are reproduced here.

The traditional method for implementing a new VistA instance has been likened to an old-fashioned barn-raising: at the appointed time the holders of "institutional memory" would gather and put the thing together. There was no written blueprint, yet at the end of the day there would be a solid, usable structure in place.

The ultimate goal of this is not just a new VistA instance, but also a blueprint for how to do it.

Note that this page is a work in progress; see Hardhats [3] for logs that do not appear here.

Contents

Episode 1 The Layer Cake

Episode 2 Multiple Sign-ons

Episode 3 IPv4 vs. IPv6

Episode 4 Billing/Management Keane Records integration/population

Episode 5 Patient picture?

Episode 6 Implementation funding?

Episode 7 iptables and other useful port commands

Episode 8 Power outage restart

Episode 9 Initial hospital configuration terminal session

Episode 10 Psychiatry specific DSM Axis II-V diagnosis, precaution ordering

Episode 11 VistA configuration Utility, KIDS Patch Install

Episode 12 How do you create a new patient?

Episode 13 Ordering Configuration

Episode 14 Hardware, multi-user systems?

Episode 15 Non-proprietary signature consenting of patients

Episode 16 KIDs VA DHCP style login How to

Episode 17 KIDs Patch Install Best Practice.

Episode 18 Adding Locations to Hospital Location File Using Fileman.

Episode 19 Adding Locations to Hospital Location File Using Fileman.

Episode 20 Location for Current Activities Dialog Box

Episode 21 Little graphics in templates?

Episode 22 How to allow editing of Template Fields.

Episode 23 AIMS Examination template?

Episode 24 Changing Intro Message

Episode 25 Demystifying Templating, Document Classes and Titles for Dummies.

Episode 26 Scheduling patients for a Clinic

Episode 27 Suppressing WORK COPY -- NOT FOR MEDICAL RECORD

Episode 28 Easy template importing and exporting

Episode 29 Adding Appointment Schedule Menu to Clerk ID.

Episode 30 Change Access/Verify code text to UserID/Password?

Episode 31 'Cowboy' System Backup

Episode 32 Merge Records?

Episode 33 The Whole Enchilada Admissions Workflow

Episode 34 Entering Insurance Information?

Episode 35 CPRS options, Number of Days, Default Date?

Episode 36 Patient movement and tracking?

Episode 37 Maximum number of users already signed on to this processor

Episode 38 Hospital Electronic Signature Policy?

Episode 39 Patient lab reports connection

Episode 40 Kevin Toppenberg's GUI_Config easy(er) install package.

Episode 41 Option to Security Key mapping, Granting of a Key or Keys, Key management menus.

Episode 42 Is there such a thing as: Introduction to programming vista with mumps?

Episode 43 Pharmacy.

Episode 44 Editable CPRS handout for clinicians.

Episode 45 Page number printout revisited.

Episode 46 A (Very) brief Programming VistA with MUMPS page numbering example

Episode 47 Slow text login problem and a resolution

Episode 48 Updating software on a production system?

Episode 49 Destination unreachable (Host administratively prohibited)

Episode 50 KIDs Patch Creation?

Episode 51 Extreme training/development tip with screen/cloud/Astronaut.)

Episode 52 Death of a Patient.

Episode 53 User Roles and Permissions Management.

Episode 54 Discharge Summaries

Episode 55 Consult Service|Consult Service.

Episode 56 Same Access Code Disentangling.

Episode 57 Appropriate keys for a social worker id?

Episode 58 Printed Labels?

Episode 59 Linking a Template with a Title

Episode 60 Example of setting Institution file Station Number

Episode 61 Bringing CPRS, TMG-CPRS back onto the screen when it is off screen

Episode 62 Hardware Price/Performance as of 6/29/2010

Episode 63 Non-provider and their assistant co-signing?

Episode 64 Setting user Electronic Signature Code through Text Based Interface.

Episode 65 Template title ascending sort

Episode 66 Windows 7 TMG-CPRS formatted text printer truncation problem/solution.

Episode 67 Taskman Job Limit Exceeded.

Episode 68 Provider appear on Primary Provider Selection Box?

Episode 69 Aftercare Interdisciplinary note editing and signing?

Episode 70 Listing Installed KIDS builds or patches.

Episode 71 Deleting the WorldVistA drug file.

Episode 72 Taskman Cleanup.

Episode 73 More Taskman Cleanup.

Episode 74 Medication Ordering Keys.

Episode 75 List of unsigned notes by provider.

Episode 76 Set CPRS Timeout Value.

Episode 77 Add/Change Patient Data Object.

Episode 78 ePrescribing(eRX) Certification with NewCrop

Episode 79 Report Creation for the CPRS Reports Tab

Episode 80 Purge or Clear Access Verify Code History