| OUTPATIENT PHARMACY |
|
SCHEDULING |
Added 4/25/25 effective with SD*5.3*899, for CPRS
providers to view VSE GUI software. If user has ORES and/or ORELSE and does
not have SDECZMenu, SECZMGR, or SD Supervisor then SCHEDULING will grant them
SDECVIEW.
VISS KERNEL, ISSO, and ISO all denied approval in accordance with
'zero-trust'. There is no transitive trust, for example, if VA trusts A, and A
trusts B, it doesn't mean VA automatically trusts B. B must meet or exceed
requirements of the security account management process. VistA identifies who
requested the access, who approved it and who assigned the key.
The denial was over-ridden and the ICR subscription was approved by the
Office of Executive Director, Health Portfolio, accepting the associated risk.
Risk Accepted POAM ID 1018541423476 documents the action plan.
This ICR allows skipping documentation about security key being assigned for
the Scheduling package use.
******THIS IS FOR A ONE TIME USE ONLY FOR PATCH SD*5.3*899.********
From Scheduling's perspective, VistA Account policy is to ensure people do
not get unauthorized access. But in this case, users already have OR key to
view individual appointment data, and this is just giving them the read-only
SDEC key to allow them to see aggregated view.
|
