| DESCRIPTION OF ENHANCEMENTS |
The State Prescription Monitoring Program (SPMP) Enhancement project was
After PSO*7*408 was released it was identified during the implementation
also to delete an existing SSH key pair. In addition, this new option will
provide an extensive help text on how the SSH keys are used in the
transmission process, which is shown below:
Select one of the following:
V View Public SSH Key
N Create New SSH Key Pair
D Delete SSH Key Pair
H Help with SSH Keys
phase that some states PDMPs had unique requirements that could not be
Action: V// H Help with SSH Keys
Secure SHell (SSH) Encryption Keys are used to automate the data
transmission to the State Prescription Monitoring Programs (SPMPs). Follow
the steps below to successfully setup SPMP transmissions from VistA to the
state/vendor server:
Step 1: Select the 'N' (Create New SSH Key Pair) Action and follow the
prompts to create a new pair of SSH keys. If you already have an
fulfilled by the functionality released in PSO*7*408 which caused the SPMP
existing SSH Key Pair you can skip this step. You can check
whether you already have an existing SSH Key Pair through the 'V'
(View Public SSH Key) Action.
Encryption Type: DSA or RSA?
----------------------------
Digital Signature Algorithm (DSA) and Rivest, Shamir & Adleman (RSA)
are two of the most common encryption algorithms used by the IT
industry for securely sharing data. The majority of SPMP servers can
handle either type; however there are vendors that accept only one
transmissions from sites in such states to be rejected. This patch
specific type. You will need to contact the SPMP vendor support to
determine which type to select.
Step 2: Share the Public SSH Key content with the state/vendor. In order
to successfully establish SPMP transmissions the state/vendor will
have to install/configure the new SSH Key created in step 1 for
the user id they assigned to your site. Use the 'V' (View Public
SSH Key) Action to retrieve the content of the Public SSH key. The
Public SSH Key should not contain line-feed characters, therefore
after you copy & paste it from the terminal emulator into an email
(PSO*7*451) will enhance the SPMP functionality to allow VHA to fulfill
or text editor make sure it contains only one line of text (no
wrapping).
4. View/Export Single Prescription [PSO SPMP SINGLE RX VIEW/EXPORT] option
-----------------------------------------------------------------------
This option was modified to highlight custom Data Elements and Segments
by changing the font color as well as by adding an '*' (asterisk) to the
right of the Data Element or Segment ID.
5. View/Export Batch [PSO SPMP BATCH VIEW/EXPORT] and Export Batch Processing
specific state requirements and successfully transmit data to those states
[PSO SPMP BATCH PROCESSING] options
--------------------------------------------------------------------------
When exporting a batch through one of these two options the users will now
have three different choices to execute the transmission: 'B' for
Background (via TaskMan), which queues the transmission to be performed in
the background through TaskMan; 'F' for Foreground, which executes the
transmission in the foreground as it did before this patch and 'D' for
Debug Mode (Foreground), which will execute the transmission in the
foreground however it will display the sFTP debug steps, which can be very
helpful for troubleshooting transmission problems.
PDMPs. This patch also enhances the security of Secure SHell (SSH) Keys
Before this patch the transmission was always executed in the foreground
which made it difficult to troubleshoot issues with the transmissions,
especially the scheduled transmissions, which are always executed in the
background. Below is a screen capture of the prompt for choosing the
transmission execution mode:
Select Item(s): Quit// EXP Export Batch
Indicate whether the transmission should be queued to run on the
Background via TaskMan, on the Foreground (Terminal Screen) or in Debug
management by streamlining the SSH Key creating and restricting user access
Mode (Foreground)
Select one of the following:
B Background
F Foreground
D Debug Mode (Foreground)
Running Mode: F//
to the Private SSH Key content. In addition, a few smaller miscellaneous
6. PSO SPMP NOTIFICATIONS Mail Group
---------------------------------
The existing mail group PSO SPMP NOTIFICATIONS released by PSO*7*408 will
be modified from type PRIVATE to PUBLIC.
7. SPMP Transmission Failed MailMan Message
----------------------------------------
The Mailman message generated by the SPMP Scheduled Background Job as well
as by the (B)ackground option mentioned above for exporting a batch to the
state was modified to include Operating System sFTP Log Information, as in
issues have also been addressed, which are described below.
this example from an OpenVMS environment:
Subj: NEW YORK Prescription Monitoring Program Transmission Failed [#99999]
02/29/16@12:44 26 lines
From: SPMP TRANSMISSION In 'IN' basket. Page 1
--------------------------------------------------------------------------
There was a problem with the transmission of information about Controlled
Substance prescriptions to the NEW YORK State Prescription Monitoring
Program (SPMP).
established to further enhance the VistA SPMP functionality released by patch
Batch #: 41
Period : 02/29/16 thru 02/29/16
Error : Secure FTP Transmission failed.
Please, use the option Export Batch Processing [PSO SPMP BATCH PROCESSING]
to manually transmit this batch to the state.
sFTP Log:
========
$ SET VERIFY=(PROCEDURE,IMAGE)
All the changes introduced by this patch were related to the options under
$ SET DEFAULT USER$:[SPMP]
$ sftp -"D3" -oIdentityFile="/USER$/SPMP/VMSSSHID." -"B" SPMP_FTP_201606021
6.INP -oUser=VATEST 54.175.203.159
debug( 2-JUN-2016 17:37:28.02): Ssh2/SSH2.C:1896: CRTL version (SYS$SHARE:D
SHR.EXE ident) is V8.3-01
debug( 2-JUN-2016 17:37:28.04): SshAppCommon/SSHAPPCOMMON.C:313: Allocating
bal SshRegex context.
debug( 2-JUN-2016 17:37:28.05): SshConfig/SSHCONFIG.C:3482: Metaconfig pars
stopped at line 4.
debug( 2-JUN-2016 17:37:28.05): SshConfig/SSHCONFIG.C:890: Setting variable
the State Prescription Monitoring Program (SPMP) Menu [PSO SPMP MENU] which
rboseMode' to 'FALSE'.
debug( 2-JUN-2016 17:37:28.06): SshConfig/SSHCONFIG.C:3390: Unable to open
/ssh2_config
debug( 2-JUN-2016 17:37:28.07): Connecting to 54.175.203.159, port 22...
not used)
debug( 2-JUN-2016 17:37:28.07): Ssh2/SSH2.C:2881: Entering event loop.
debug( 2-JUN-2016 17:37:28.12): Ssh2Client/SSHCLIENT.C:1655: Creating tra
protocol
debug( 2-JUN-2016 17:37:28.12): SshAuthMethodClient/SSHAUTHMETHODC.C:104:
"publickey" to usable methods.
is located under the Supervisor Functions [PSO SUPERVISOR] menu option.
%TCPIP-E-SSH_FC_ERR_DEST, destination is not directory or does not exist
...
debug( 2-JUN-2016 17:37:35.66): Ssh2/SSH2.C:327: locally_generated = TRUE
Disconnected; no more authentication methods available (No further authent
on methods available.).
debug( 2-JUN-2016 17:37:35.66): Ssh2Client/SSHCLIENT.C:1731: Destroying
debug( 2-JUN-2016 17:37:35.66): SshConfig/SSHCONFIG.C:2888: Freeing pki.
pki != NULL, user_pki = NULL)
debug( 2-JUN-2016 17:37:35.66): SshConnection/SSHCONN.C:2636: Destroying
debug( 2-JUN-2016 17:37:35.66): Ssh2Client/SSHCLIENT.C:1799: Destroying
completed.
debug( 2-JUN-2016 17:37:35.66): SshAuthMethodClient/SSHAUTHMETHODC.C:109:
oying authentication method array.
%TCPIP-F-SSH_FATAL, non-specific fatal error condition
8. PSO SPMP ADMIN Security Key
---------------------------
A new security key was created to restrict access to the following SPMP
The following functionality enhancements will be delivered by this patch:
functionalities:
- ASAP Definition Customization updates through the option View/Edit
ASAP Definitions [PSO SPMP ASAP DEFINITIONS]. Visualization of the
current ASAP Definition is not restricted.
- SPMP Parameters value updates through the option View/Edit SPMP State
Parameters [PSO SPMP STATE PARAMETERS]. Visualization of the current
SPMP parameters is not restricted.
- SSH Key generation or replacement through the option Manage Secure
SHell (SSH) Keys [PSO SPMP SSH KEY MANAGEMENT]. Visualization of the
current public key is not restricted.
9. Misleading "File Successfully Transmitted" message for Linux OS
---------------------------------------------------------------
The previous algorithm used to identify whether the SPMP sFTP data
transmission was successful was not 100% accurate for Linux Operating
Systems. A new algorithm has been created and it should reflect the
transmission status with much greater accuracy when transmitting data
1. View/Edit ASAP Definitions [PSO SPMP ASAP DEFINITIONS] option
from a Linux based environment.
10.SPMP Files Access Restrictions
------------------------------
The FILE ACCESS setting for the SPMP files below will be opened up so
users can use FileMan to view and search their content. The files were
unintentionally released in PSO*7*408 as restricted.
- SPMP ASAP RECORD DEFINITION (#58.4)
- SPMP EXPORT BATCH (#58.42)
-------------------------------------------------------------
11. Pharmacy DEA Number (ASAP Data Element PHA03)
---------------------------------------------
The Pharmacy DEA# was previously retrieved from the INSTITUTION file
(#4) through the RELATED INSTITUTION field (#100) in the OUTPATIENT
SITE file (#59). Now, the software will look for a DEA# for the
institution in NPI INSTITUTION field (#101) in the OUTPATIENT SITE
file (#59). If the DEA# for the NPI Institution is blank the software
will retrieve the DEA# for the Related Institution, like it was doing
before this patch.
Some extensive enhancements have been made to this option to allow full
PSO*7*408 back in September 2014. The SPMP VistA functionality is used to
user customization of the American Society for Automation in Pharmacy
(ASAP) data definition format (protocol) used to report outpatient
controlled substance prescription data to the states.
a) The term '/Edit' has been added to the external name of this option
and the term 'VIEW' was removed from the internal option name.
b) This option has been modified to include full customization capability
for the ASAP definitions 3.0 and later versions, which will allow sites
to fulfill states PDMPs' specific requirements. Moreover, sites will be
identify prescriptions for controlled substance drugs, Schedule 2 through 5,
able to create new ASAP versions by copying an existing one, which
will hopefully allow them to continue transmissions well into the
future as new ASAP versions are released and adopted by the states
PDMPs.
Below is a list of actions that have been added to this option:
CV Copy ASAP Version CE Customize Element ED Edit Delimiters
CS Customize Segment DC Delete Customization
dispensed by the Veterans Health Administration (VHA) Outpatient Pharmacy
For more information on these new actions see the Outpatient Pharmacy
Manager's User Manual in the State Prescription Monitoring Program
(SPMP) section.
c) Customized Data Elements and Segments will be identified by an '*'
(asterisk) displayed to the right of the Data Element or Segment ID.
2. View/Edit SPMP State Parameters [PSO SPMP STATE PARAMETERS] option
------------------------------------------------------------------
A few modifications have been made to this option to support the new
facilities and to create and transmit an export file containing this
functionality released by this patch.
a) The parameter WINDOWS/NT LOCAL DIRECTORY was removed from this option
because this module no longer supports this operating system due to
the increase in the complexity for handling SSH Keys and the fact that
VHA does not use WINDOWS/NT operating system for VistA database at any
of its sites.
b) The parameter REPORTING FREQUENCY IN DAYS was modified to allow a
maximum value of 30 days. Before this field allowed a maximum value of
information to the Prescription Drug Monitoring Program (PDMP) of each state
99 days.
c) A new parameter called RENAME FILE AFTER UPLOAD was added right after
the 'FILE EXTENSION' parameter. The current transmission creates and
sends the data file with the ".UP" file extension (for "upload"); once
the file is transmitted a command within sFTP (Secure File Transfer
Protocol) is issued to rename the file to ".DAT" (or ".TXT") file
extension. This new parameter will allow the site to control whether
they want to keep the existing functionality by setting this parameter
to 'YES' or if they would like to create and transmit the file without
on a daily basis.
renaming it by setting this parameter to 'NO'. The parameter will be
initially exported with a default value of 'YES', which is consistent
with the existing released functionality.
d) The parameters STATE SFTP SERVER IP ADDRESS and STATE SFTP SERVER
USERNAME had their maximum value lengths increased from 30 to 60 and
50 characters respectively to accommodate longer PDMP's DNS (Domain
Name System) names and the usernames they assign to VHA sites.
e) For security reasons the parameters SFTP PRIVATE KEY TEXT and SFTP
PUBLIC KEY TEXT have been removed from this option as the SSH
encryption keys content will be handled by a new option called Manage
Secure SHell (SSH) Keys [PSO SPMP SSH KEY MANAGEMENT], which is
described below.
3. Manage Secure SHell (SSH) Keys [PSO SPMP SSH KEY MANAGEMENT] option
-------------------------------------------------------------------
This new option was created to automate the management of SSH encryption
keys and to improve the security regarding their content. This new option
will allow sites to view the public SSH key, create a new SSH key pair and
|
