Requirements Specification Document ... - Veterans Affairs



Secure Remote Access RequirementsOverviewCurrently, remote users access VA systems through a variety of network security services including traditional Virtual Private Networking (VPN), Secure Socket Layer (SSL) tunneling and Citrix terminal session capability. This BRD provides the structured and disciplined approach to identifying those conditions and functionalities needed from any remote access technology implementation necessary to adequately support the core business and healthcare operations of VHA.Customer and Primary StakeholdersThe primary stakeholders include individuals working in a wide variety of clinical settings as well as VHA employees working in non-clinical capacities.? ScopeThe BRD identifies business requirements for the remote access capabilities for employees, affiliates, and other agents of VHA.? The scope of this BRD does not include patient or caretaker access to VA systems.? The following fundamental needs of remote users have been identified and are addressed across the scope of this document:Remote user access to all clinical, financial, enrollment and administrative software applications and systems, as appropriate by user role/accessAcceptable response time to the end userVideo capabilitiesImaging capabilitiesAbility to transfer significant amounts of data within acceptable time frames to meet business needs for availabilityRobust operation across the full range of remote access end user network connectionsFor the purposes of measuring the ability remote access technology performance to meet the needs and of the requirements here within, the definitions of “connection”, “baseline connection” and “minimal connection” are provided below. These connections are not required of the user but rather will be used to evaluate requirements where testing boundaries are needed to ensure the remote access solution can be used within a wide range of remote access connection types (e.g., cellular, satellite, cable, fiber, other):Connection or Initial Connection: As a state of communications, is defined as the point where data exchange can be accomplished between the end user and the enterprise system with the VA network.Minimum Connection: Is defined as a cellular 3G or equivalent broadband connection operating at no less than 875 Kilobytes (Kb/s).Baseline Connection: Is defined as an open internet connection with no slower than 15 Megabyte (Mb) per second outbound and inbound transfer rates Goals, Objectives and Outcome MeasuresGoal/Objective and Desired OutcomeImpact/BenefitMeasurementProvide no significant impedance or additional obstacles to?normal?operations of VA software as compared to the same software performance over a wired Local Area Network (LAN) connection within the bona fide physical VA network. Users experience no perceptible difference between using a remote access connection and using a connection at a desk in a VA facility short of the difference in connection speed in their native remote access network vs. a VA hard wired onsite connection.Annual business user satisfaction survey shows favorable user satisfaction.The survey shows user satisfaction at 80% or higher specific to remote access functions.Meet capabilities and performance standards for remote end user access when used with a baseline connection.Technical solution for users to work remotely that meets or exceeds current One-VA VPN functionality and performance capabilities.Staff must be able to continue to work efficiently when working remotely.Initial remote connection through the remote access solution shall not incur any additional delay in contrast to the same connection using the One-VA VPN.Subsequent remote connections through the remote access solution shall not incur any additional delay in contrast to the same connection using the One-VA VPN.Secondary delay for launching an individual application when using the remote access solution shall not incur any additional delay in contrast to the same application launch using the One-VA VPN.Screen latency for mouse manipulations in remote Graphical User Interfaces (GUI) will be less than 300 milliseconds (ms).Availability will be 99.995%, measured at the remote access solution point of service.Enterprise Need/JustificationStaff must be able to continue to work efficiently when working remotely?while connected to the?remote access solution 24/7, 365 days a year from a variety of end-points.RequirementsBusiness Needs/Owner RequirementsRequirement NumberBusiness Need (BN)/Owner (OWNR) Requirement1Adhere to the Enterprise Level requirements as specifically addressed in this document.2Utilize nationally standardized terminology for all Secure Remote Access Requirements.2.1Provide the ability to express all content using nationally recognized reference and authoritative terminology standards (e.g., Logical Observation Identifiers, Names, and Codes [LOINC], Systematized Nomenclature of Medicine Clinical Terms [SNOMED CT], and others.2.2Provide the ability to record observations using standardized terms.2.3Provide the ability for users to submit a request to Standards and Terminology Services (STS) for new standardized terms (e.g., via New Term Rapid Turnaround [NTRT] process).2.4Provide the ability for STS to distribute the newly standardized terms to each instance of Secure Remote Access.3Provide Low Impedance: Provide the ability for users to experience no perceptible difference using a remote access connection to?normal?operations of VA software as compared to the same software performance over a wired LAN connection within the bona fide physical VA network.4All Platforms: Provide the ability for remote users to access secure systems using a variety of platforms, web browsers, and mobile (endpoint) devices.4.1Operating System (OS) Compatibility: Provide the ability to utilize a variety of current and future commercially available operating systems including but not limited to Windows, Mac OS X, Linux and Unix for remote user access to VA systems.,4.1.1Legacy Compatibility: Ensure compatibility with legacy operating systems. Specifically, the remote access solution must support Windows Server 2000, Windows XP, Mac OS X 10.6, and RedHat Linux 5.4.2Remote Desktop Non-Government Furnished Equipment (GFE) Users: Provide the ability for a user without GFE to either access a virtual remote desktops within the VA network or a actual computer within the VA network with appropriate credentials4.2.1Remote Desktop Use: Provide the ability for a remote access user to access all applications currently installed on a VA desktop computer image configuration. 4.3Remote Desktop GFE User: Provide the ability for a user with GFE to remotely access physical and/or virtual remote desktops within the VA network.4.4Mobile Devices: Provide the ability to use mobile (endpoint) devices to include, but not limited to, smart phones and tablet devices for remote user access to VA systems.5All User Access: Provide the ability for the remote user (VA employee, affiliates, and contract vendors) to connect to and effectively utilize all VA systems.5.1Tethered Cellular: Provide the ability for a remote user to access the VA network over cellular broadband (cellular 3G/4G/LTE)?while on travel or working remotely.? 5.2Provide the ability for remote users to access current VA specific applications to include, but not limited to, Veterans Information System Technology Architecture (VistA), Computerized Patient Record System (CPRS), VistAWeb, and other financial, enrollment, and administrative applications.5.2.1Future Web Apps: Provide the ability for remote users to access future browser-based applications currently under development.5.3Specialty Software: Provide the ability for remote users to utilize specialty software to include:Multi-User Shared Environment (MUSE) electrocardiogram (EKG) EKG softwareGastrointestinal (GI) software Electronic Medical Record (EMR) Documentation and Picture Archiving and Communication System (PACS) software Intensive Care Unit (ICU) Clinical Information System (CIS)/Anesthesia Record Keeper (ARK)Chemotherapy ordering softwareEye Clinic EMR (Documentation ?and PACS) softwareMUSE accessibility must be provided for MUSE version 7 and beyondVoice Recognition SoftwareCommercial-Off-The-Shelf (COTS) softwareView Bedside Waveforms in Real TimeNote: Bulleted list provides a minimum list of requirements.5.4Context Management: Ensure the ability for a remote user to maintain context management synchronization when using applicable VA applications to include, but not limited to:iMed ConsentMUSEVistA Imaging Other applications5.5Data Transfer: Provide the ability for remote users to perform data transfers from an external source to VA systems. Note: Preferably this characteristic should be controllable (allowed/disallowed) on a per user basis.? 5.6Access to Internet: Provide the ability for remote users to access online clinical reference resources provided either by VACO or locally by the VA/Veterans Integrated Service Network (VISN).5.7Personal Identification Verification (PIV): Provide the ability for remote users to access VA systegms using Personal Identification Verification (PIV) cards for initial authentication, Public Key Infrastructure (PKI), encryption, and digital signatures.5.8Network Volumes: Provide the ability for remote access users to access their VA Shared/Network drive. This should be automatically connected or mapped for them during the logon process.6External Collaboration: Provide the ability to support collaboration technologies (including but not limited to text messaging, micro blogging, screen sharing) between VA remote users and other external users to include, but not limited to, Department of Defense (DoD), university affiliates, and other business partners while connected to the remote access solution.6.1Text Messaging: Provide the ability for a remote user to send instant messages to other users while connected via remote access.Note: The intent here is to ensure messaging capability for all stakeholders, partners, and other entities such as Department of Defense (DoD) although the majority of remote users are other VA users who may be connected remotely or who are on the VA network.6.2Video Teleconferencing (VTC): Provide the ability for a remote user to perform VTC via a variety of computer modalties (laptop, desktop, mobile, etc) utilizing current and future VTC business applications including, but not limited to:Jabber FaceTime SkypeooVoo Vydio Clinical Enterprise Video conferencing Network (CEVN)6.3Screen Sharing: Provide the ability for a remote user to perform screen sharing, including shared screen control..6.4Web Conferencing: Provide the ability for a remote user to utilize web conferencing capabilities including :LyncWebExFuzeMeeting7Commercial Applications: Provide the ability for a remote user to use all VA-approved non-VA commercial applications.7.1Office Applications: Provide the ability for a remote user to access and utilize all office automation applications (such as word processing, slide presentations, and spreadsheets).?7.2Provide the ability for a remote user to access existing virtual workspaces where documents are stored regardless of the modality used to access VA systems.7.3Provide the ability for a remote user to securely transfer information/files inside and outside of VA systems by a means other than VA email. Note: Authorizing the user to do so should be controllable on a per-user basis.8508 Adaptive: Provide the ability for a remote user to view multimedia content.when connected to VA systems.8.1508 Sensory: Provide the ability for a remote user who is sensory impaired to access supportive technology when using VA systems.9Multimedia: Provide the ability for a remote user to view multimedia technology to include:PodcastsLive video streamingYouTube Prezi 9.1Provide the ability for a remote user to utilize high definition video, stereo sound displays, and teleconferencing while connected to VA systems. ?10Teleworkers: Provide the ability to accommodate the requirements of teleworkers.10.1Long Term Connection: Provide the ability for a remote user to connect to VA systems remotely for long-durations (10 or more hours.10.2Large Transfer: Provide the ability for remote users to perform tasks such as downloading software, large volumes of data, images, etc. 10.3Printing: Provide the ability for local network printing and local document storage on encrypted storage medium to support common telework functions. Approval for this should be controllable and authorized on a per user basis.11Provide the ability for remote users to view and interpret diagnostic images while remotely connected to the VA network.11.1Clinician Image Access:?Provide the ability for remote users to access diagnostic quality PACS systems and VistA Imaging images without loss of bit depth and picture resolution. 11.1.1Provide the ability for remote users to access all functionality associated with PACS systems without restriction. (Note:? PACS operations necessitate the use of multiple high resolution monitors, access to CPRS or VistA Web and voice recognition dictation, a fast display [see section 7.2 non-functional requirements for definition of “fast”] and window level control without loss of bit depth and picture resolution). 11.1.2Computerized Tomography (CT) Thumbnail: Provide the ability for remote users to view a 512 by 512 pixel CT image within 1 second of the baseline connection.11.1.3Instantaneous Scroll: Provide the ability for remote users to scroll through diagnostic quality radiology images once the images are loaded.11.1.4Window/Width Level PACS Functionality: Provide the ability for remote users to manipulate the view of diagnostic quality radiology images using various anatomic filters once the image has loaded.11.1.5Instantaneous Zoom and Contrast Change: Provide the ability for remote users to manipulate the view of diagnostic quality images by using zoom and contrast change mode once the image is loaded. 11.1.6Provide the ability for remote users to view diagnostic quality images at 24 bit color or greater.11.1.7Provide the abilityfor remote users to view an original diagnostic quality image without modifications due to data intervention (recompression artifacts in color, resolution, or other).11.1.8Provide the ability for remote user access to incur no more than 10% data transfer overhead when viewing diagnostic quality images as compared to baseline VPN using same carrier connection.11.1.9Provide the ability for remote users to access the same diagnostic quality images across a variety of operating system platforms.12Rapid User Add: Provide the ability to support the rapid addition of new users to the remote access system. New Users are defined as, but not limited to employees, students, interns, residents, fellows, other trainees, and contractors.*All listed requirements are needed by the business community. The Priority is merely a mechanism to suggest a sense of urgency and order to the technical community if the requirements are to be parsed into phases. The order of importance begins with those that are designated as High priority. Non-Functional RequirementsFunctional requirements describe what a system must be able to perform—that is, the system behavior. All other requirements are non-functional. This section describes the non-functional requirements from a business need perspective.Non-Functional Requirements (NONF) CategorySystem Performance Reporting RequirementsInclude instrumentation to measure all performance metrics specified in the Non-Functional Requirements section of the BRD. At a minimum, systems will have the ability to measure?reporting requirements for Responsiveness, Capacity, and Availability as defined in the non-functional requirements section of this document.Operational Environment RequirementsMaintenance, including maintenance of externally developed software incorporated into the EMR application(s), shall be scheduled during off peak hours or in conjunction with relevant maintenance schedules. The business owner should provide specific requirements for establishing system maintenance windows when planned service disruptions can occur in support of periodic rmation about response time degradation resulting from unscheduled system outages and other events that degrade system functionality and/or performance shall be disseminated to the user community within 30 minutes of the occurrence. The notification shall include the information described in the current Automated Notification Reporting (ANR) template maintained by the VA Service Desk. The specific business impact must be noted in order for OI&T to provide accurate data in the service impact notice of the ANR.Provide a real-time monitoring solution to report agreed/identified critical system performance parameters.Notification of scheduled maintenance periods that require the service to be offline or that may degrade system performance shall be disseminated to the business user community a minimum of 48 hours prior to the scheduled event. Unscheduled and non-routine maintenance should follow enterprise change management procedures and include notification to user community. Documentation RequirementsA technical training curriculum shall be developed and delivered to all levels of staff users. Updates shall be made, as necessary, to the applicable user manuals and Operations and Maintenance (OM) manuals located in the VA Software Documentation Library. If no User or OM documentation exists, it shall be produced.The training curriculum shall state the expected training time for primary users and secondary users to become proficient at using the secure remote access application.All training curricula, user manuals and other training tools shall be developed/updated by VA OI&T and delivered to all levels of users. Training tools will be available electronically 2-4 weeks in advance of the release of the enhancement. The curricula shall include all aspects of the enhanced Secure Remote Access application(s) and all changes to processes and procedures.The training curriculum developed by the Program Office shall state the expected task completion time for primary and secondary users.User manuals and training tools shall be developed. If they already exist, updates shall be made, as necessary, to them and they shall be delivered to all levels of rmation Technology (IT) will provide the level of documentation required to support the system and maintain operations and continuity. Documentation shall represent minimal programmatic and lifecycle operations support documentation artifacts as defined by VA standards in ProPath and as required by the VA Enterprise System Engineering Lifecycle and Release Management office for sustained operations, maintenance, and support () prior to approval by any VA change control board and release into production.Implementation RequirementsTechnical Help Desk support for the application shall be provided for users to obtain assistance with all enterprise remote access solutions.The IT solution shall be designed to comply with the intent of this BRD. The implementation of the approved solutions will be in place before legacy applications are disabled. Data Quality/Assurance RequirementsA monitoring process shall be provided to ensure that data is accurate and up-to-date and provides accurate alerts for malfunctions while minimizing false alarms.Reports: Provide the ability to create reports on usage and performance of remote access capabilities End to end.Usage Reports: Provide the ability to create reports of usage, bandwidth, and other variables as they pertain to measuring the capabilities of the remote access system.Performance Reports: Provide the ability to create other standard and ad hoc reports related to remote access system performance.Report Export: Provide the ability to export reports to standard file formats such as comma separated values (CSV), portable document format (PDF), or Excel. Provide the ability for any VA network user to view remote access statistics from a web browser in as near-real-time as possible.Reason For Outage (RFO): Provide a reason for outage report, modeled after a similar report available for DoD.User Access/Security RequirementsEnsure the proposed solution meets all VHA Security, Privacy, and Identity Management requirements including VA Handbook 6500 (see Appendix E).Factor Authentication: User logs into the remote access solution utilizing VA provided credentials including 2 factor authentication where applicable. High Availability: The remote access systems must be available 24 hours a day, 7 days a week, 365 days a year with an average up time of no less than 99.999% and with a reduced maintenance cycle capacity of no more than 25%. Six Sigma availability to match internal standards for mission critical functions. Large Transfer: Provide the ability to securely receive transfer of large files (in excess of 4 gigabyte [GB]) from an external source to VA systems.Profile Load Delay: The first load of a remote access oriented profile shall take no more than 45 seconds to complete on the control system.Capability Access Delay: Access to a functional capability (beyond remote access login) must not incur an additional 20 seconds on the control system. A connection to CPRS is defined as the point after the return key is pressed initiating log in to the point where the first character of data is returned from CPRS.Help Desk: The system must have a dedicated help desk solution available 24 hours a day, 7 days a week to assist all end users ensuring day-to-day operations.Note: This will be a staffed help desk and/or online help. Both are needed to ensure continuity of care and business operations.System Maintenance: System maintenance shall be scheduled during off peak hours, as determined by the affected organizationsDisaster Recovery Plan: A Disaster Recovery Plan and testable Continuity of Operations Plan (COOP) will be developed which will be invoked if the solution is unavailable due to technical issues/problems. Training: An interactive technical training curriculum shall be developed and made available on-demand and offline to all levels of users.Friendly: User prompts shall be included to guide use of the solution so that minimal technical support is needed by the user. Concurrent Use: The system must support a large number of concurrent users an average 50,000 number of concurrent users.Account Management: The system will provide a process for management and control of user access, including the ability to add, delete and modify user accountsAccount Audit: The system will provide a process for auditing user accounts.Dashboard: The system will provide a business user friendly webpage based dashboard to display system status. Example: Activity Monitor: The system will provide the ability to centrally monitor the system for user activity levels, outages, and other needs as may be deemed necessary, available via standards based web interface.Concurrent Data Rate: The data rate for a given connection shall minimally be able to sustain a constant 1.0 Mb/s for each concurrently connected user when system is operating at the 75th percentile loadConnection Delay: The system will incur no more than 3 seconds of additional delay for the end user in the process of connecting to any VA service, as compared to that same service connection using One-VA VPN.Burst Rate: The maximum potential burst throughput for a given single connection shall not be under 50Mb/sIpv4:The system must support Internet Protocol version 4 (Ipv4)Ipv6: The system must support Internet Protocol version 6 (Ipv6)Peronally Owned Equipment (POE) Online Privacy: When connected via a non-GFE device (personally owned device and/or Academic affiliate device), the user and/or external agency will be assured basic privacy rights for all non-VA related data and services on the OE device.POE Offline Privacy: When not connected to the VA network, the non-GFE remote access solution shall not perform any operation without prior consent of the user. Any data exchanged with VA shall only occur after the user has initiated a connection to VA.User Access LevelsThe table below defines the different levels of user access to the VistA Remote Access:NameDescriptionRemote AccessPrimary UsersClinical StaffRemote Access to Electronic Health Record (EHR) ApplicationsPrimary UsersNon-Clinical Staff such as management and teleworkersRemote access to administrative applications and duty functionsSecondary UsersAdministrative StaffAdministrative applications, duty functionsPerformance, Capacity, and Availability RequirementsPerformanceIf this is a system modification, how many users does the current system support?The requested system is intended to be either an enhancement to or a replacement of existing remote access solutions. Current number of users of the existing solutions is approximately 50,000. How many users will the new system (or system modification) support?The system must support a large number of concurrent users an average 50,000 number of concurrent users. This is expected to be the initial number of users of the new system, with additional staff being added going forward. .What is the predicted annual growth in the number of system users?The business owners expect to see at least a 10% increase in users, with a ‘surge’ in the earlier years of upto 25% until the growth levels off in later years or all VHA staff have remote access accounts.CapacityWhat is the predicted size (average) of a typical business transaction?The remote users are expected to use broad range of clinical and business applications over the remote connection solution. Thus an average or “standard” size cannot be accurately predicted. Expectations for this solution are that the data rate for a given connection shall minimally be able to sustain a constant 1.0 Mb/s for each concurrently connected user when system is operating at the 75th percentile load and that the system will incur no more than 3 seconds of additional delay for the end user in the process of connecting to any VA service, as compared to that same service connection using One-VA VPN . It will have the ability to securely transfer large files (in excess of 4 gigabyte [GB]) from an external source to VA systems and first load of a remote access oriented profile shall take no more than 45 seconds to complete on the control system.What is the predicted number of transactions per hour (day, or other time period)?The system must support a large number of concurrent users an average 50,000 number of concurrent users. This is expected to be the initial number of users of the new system, with additional staff being added going forward..Is the transaction profile expected to change (grow) over time?The business owners expect to see at least a 10% increase in users, with a ‘surge’ in the earlier years of up to 25% until the growth levels off in later years or all VHA staff have remote access accounts. What is the process for planning/adjusting capacity?When the remote access system capacity for supporting simultaneous users reaches an average of 75% of capacity, the system will be scaled in 25% increasing capacity increments within a 12 month timeframe.Does the update require a surge capacity that would be different from the base application?In the event of an abnormal influx of remote access users, such as a pandemic or natural disaster, the system must be capable of scaling to 2 times the designed capacity within 24 hours to support such influx. Additionally, during such events, all remote access users will be provided with any soft (e.g., cert) or hard assets (e.g., Smartcard reader) necessary to support two factor authentication if the remote access solution requires two factor authentication AvailabilityDescribe when the envisioned system will need to be available (business hours only, weekends, holidays, etc) to support the business. The remote access systems must be available 24 hours a day, 7 days a week, 365 days a year with an average up time of no less than 99.999% and with a reduced maintenance cycle capacity of no more than 25%. Six Sigma availability to match internal standards for mission critical functions. Known InterfacesNot Applicable as Remote Access is connectivity via the internet through commercial wired and wireless broadband services and a connection should not inhibit or change required application interfaces to dependent or component systems.Primary and Secondary UsersType of UserDescriptionResponsibilitiesPrimary UsersVA employees, affiliates, contractors, employees of other Federal agencies working within VARemotely access applications during the performance of their duties. Secondary UsersOI&T staffManage/maintain remote access.Enterprise RequirementsBelow is a subset of Enterprise-level Requirements that are of particular interest to the business community. Requirement TypeDescriptionSecurityAll VA security requirements will be adhered to. Based on FIPS 199 and National Institute of Standards and Technology (NIST) SP 800-60, recommended Security Categorization is High.The Security Categorization will drive the initial set of minimal security controls required for the information system. Minimum security control requirements are addressed in NIST SP 800-53 and VA Handbook 6500, Appendix D.PrivacyAll VA Privacy requirements will be adhered to. Efforts that involve the collection and maintenance of individually identifiable information must be covered by a Privacy Act system of records notice.508 ComplianceAll Section 508 requirements will be adhered to. Compliance with Section 508 will be determined by fully meeting the applicable requirements as set forth in the VHA Section 508 checklists (1194.21, 1194.22, 1194.24, 1194.31 and 1194.41) located at: or as otherwise specified. Checkpoints will be established to ensure that accessibility is incorporated from the earliest possible design or acquisition phase and successfully implemented throughout the project.Executive OrderAll executive order requirements will be adhered to. Identity ManagementAll Enterprise Identity Management requirements will be adhered to. These requirements are applicable to any application that adds, updates, or performs lookups on persons. Terminology ServicesApplication/services shall reference the Standard Data Services (SDS) as the authoritative source to access non-clinical reference terminology.Terminology ServicesApplication/Services shall use the VA Enterprise Terminology Services (VETS) as the authoritative source to access clinical reference terminology.Terminology ServicesApplications recording the assessments and care delivered in response to an Emergency Department visit shall conform to standards defined by the VHA-endorsed version of C 28 – Health Information Technology Standards Panel (HITSP) Emergency Care Summary Document Using Integrating the Healthcare Enterprise (IHE) Emergency Department Encounter Summary (EDES) Component.Terminology ServicesApplications exchanging data summarizing a patient’s medical status shall conform to standards defined by the VHA-endorsed version of C 32 – HITSP Summary Documents Using Health Level Seven (HL7) Continuity of Care Document (CCD) Component.Use Case ScenariosCase #1: Editing and Signing NotesIntended Task: Clinician needs to edit and sign electronic progress notes and consults in CPRS to meet requirement for <24hr completion and to make information available to all other providers involved in the patients’ care.?Software/App Required: CPRS within the VA networkExpected Outcome:Stable connectivity to CPRS, authentication input sign-on in less than 30 secondsNo complexity added to the utility of the technology beyond establishing a remote access session.Success Criteria:Non-FunctionalCapability Access Delay - No more than 20 seconds are required to establish a connection to CPRSCapability Access Delay - A connection to CPRS is defined as the point after the return key is pressed, initiating login to the point where the first character of data is returned from CPRSEndpoints using remote access for purposes of measurement will reside on a connection no faster than 1.2 Mb/s (Verizon 3G) internet connection to adequately test communications efficiency of the remote access solutionHigh AvailabilityHelp DeskFunctionalNote Tab or consult tab is accessed and progress note or consult is accessed and information returned is validated for appropriatenessClinician is able to edit progress notes without noticeable latency in keystrokes or mouse clicksClinician is able to complete signature task and verify for its completenessLow ImpedanceRemote Desktop UseLong Term ConnectionSupport Voice Recognition Medical Software?Case #2: Reviewing Imaging StudiesIntended Task: Clinician needs to review Imaging studies to determine need for procedure and urgency for scheduling. For example, suspicion of bone fractures or intracranial bleed, in order to make recommendations to the treatment team.Software/App Required: PACS Imaging software and "core" image manipulation functionalityExpected Outcome:Timely access via remote tools to Imaging softwareNo delays, instability, or disconnects while viewing of studiesNo complexity added to the utility of the technology beyond establishing a remote access sessionSuccess Criteria:Non-FunctionalImage retrieval at 24 bit color or greaterNo modification of images due to remote access solution data intervention (recompression artifacts in color or resolution, other)Incur no more than 10% data transfer overhead due to remote access solution as compared to baseline VPN using same carrier connectionDoes not limit functionality to a single platformLow ImpedanceRemote Desktop UseLong Term ConnectionHigh AvailabilityHelp DeskFunctionalClinician able to bring up radiological images for point of care interpretationClinician can change Window/Width levelClinician can scroll through CT image levels without noticeable latencyClinician can zoom and change contrast of CT images without noticeable latencySpecialty SoftwarePACS Access ?CT ThumbnailInstantaneous ScrollCase #2A: Viewing documents in VistA Imaging Display iMed ConsentPulmonary Function TestsGI Endoscopy reportCase #3: EKG Viewing via MUSE/VistA Imaging Display -Cardiology EKG InterpretationIntended Task: EKG interpretation (Cardiology/ICU/Ward MD)Software/App Required: MUSE Editor with Caliper FunctionalityExpected Outcome:Ability to access MUSE system to review EKGsNo complexity added to the utility of the technology beyond establishing a remote access session.Success Criteria:?Non-FunctionalEnd user accesses the COTS software to view EKGDoes not limit functionality to a single platformFunctional Requirement 1.1 – High AvailabilityLow ImpedanceRemote Desktop UseProfile Load DelayHelp DeskLong Term ConnectionFunctionalHigh Availability End user engages COTS software to talk to MUSE systemEnd user can use all functionality inherent in the software program (e.g. Caliper functionality)Specialty SoftwareRemote PrintingCase #4: Troubleshooting?Medical Device ServersIntended Task: Access for Biomed/OI&T staff and outside Vendor support staff to Medical Device Servers for support/troubleshooting applicationsSoftware/App Required: General Electric EchoPac or PaceArt, Provation GI, Software Query Language (SQL), etc.Expected Outcome:Rapid response support to clinical software needs to minimize downtime and unavailable data to cliniciansAbility to fully manage and troubleshoot remote medical device servers within the VA networkNo complexity added to the utility of the technology beyond establishing a remote access sessionSuccess Criteria:Non-FunctionalDoes not limit functionality to a single platformHigh AvailabilityLow ImpedanceRemote Desktop UseProfile Load DelayHelp DeskLong Term ConnectionFunctionalOperating System CompatibilityBrowser compatibilitySpecialty SoftwareData Transfer?Case #5: Continuous Telemetry and ICU MonitoringIntended Task: Monitoring of patients on continuous Telemetry – need to see changes due to clinical change in patient status or request to remove monitoring.? Monitoring of ICU patients - determine changes in care, vent settings, pressors, and procedural needs especially off-tours.Software/App Required: Full Disclosure Telemetry monitoring?and? ICU CIS.Expected Outcome:Ability to view the continuous cardiac tracings to determine need for intervention or change in level of care (move to ICU/surgery/pacemaker)Ability to view the continuous ICU tracings and data/vitals to determine need for intervention or change in level of careNo complexity added to the utility of the technology beyond establishing a remote access sessionSuccess Criteria:?Non-FunctionalDoes not limit functionality to a single platformHigh AvailabilityLow ImpedanceRemote Desktop UseProfile Load DelayHelp DeskLong Term ConnectionFunctionalAccess to COTS software and view Bedside Waveforms in Real TimeMobile DevicesSpecialty SoftwareCase #6: Clinical Procedure?Study InterpretationIntended Task: Read, interpret, and document Pulmonary Function Tests (PFT), Endoscopy, Ophthalmology studies.Software/App Required: PFT software or Endoworks/Provation.?Expected Outcome:Ability to view the numeric and graphic data from Pulmonary Function Testing, Endoscopy studies, or Ophthalmology and?enter interpretation/resultsNo complexity added to the utility of the technology beyond establishing a remote access sessionSuccess Criteria:Non-FunctionalDoes not limit functionality to a single platformHigh AvailabilityLow ImpedanceRemote Desktop UseProfile Load DelayHelp DeskLong Term ConnectionFunctionalSpecialty SoftwareTelework??Case #7: Chemo OrderingIntended Task:Write/enter Chemotherapy for patient who is admitted off tour /weekendEnter changes to patient treatment that have to be executed off tour (e.g., dose changes, schedule changes, etc.)Enter orders for any patient that is being treated with chemo at a remote facility using tele-oncologySoftware/App Required: VistA Chemotherapy Manager (VCM) softwareExpected Outcome:Ability to view the numeric?lab results from VCM and enter Chemotherapy orders?No complexity added to the utility of the technology beyond establishing a remote access sessionSuccess Criteria:Non-FunctionalDoes not limit functionality to a single platformHigh AvailabilityLow ImpedanceRemote Desktop UseProfile Load DelayHelp DeskLong Term ConnectionFunctionalSpecialty SoftwareAccess to InternetCase #8: Access to Medical Reference ResourcesIntended Task: Refer to current clinical references online to identify best diagnosis, treatment plan, and medications?- used by all clinicians but especially in ER,?ICU, and Primary Care.Software/App Required: Visual DX (Dermatology), Micromedex, UpToDate, StatRefExpected Outcome:24/7 Immediate Access to online resourcesNo complexity added to the utility of the technology beyond establishing a remote access sessionSuccess Criteria:Non-FunctionalDoes not limit functionality to a single platformLow ImpedanceRemote Desktop UseProfile Load DelayHelp DeskLong Term ConnectionFunctionalHigh AvailabilityAccess to InternetRemote Printing?Case #9: Remote Radiology - TeleradiologyIntended Task: Remote radiology reading of imaging studies for off-tours and weekendsSoftware/App Required: National Teleradiology software with core?image manipulation functionalitiesExpected Outcome:Ability to download Digital Imaging and Communications in Medicine (DICOM) image file from the Medical Center PACS Image Server to a remote endpoint device to be interpreted using user's proprietary PACS viewer application, without onsite radiologists during weekend/evening/holiday hoursNo complexity added to the utility of the technology beyond establishing a remote access sessionSuccess Criteria:?Non-FunctionalDoes not limit functionality to a single platformHigh AvailabilityLow ImpedanceRemote Desktop UseProfile Load DelayHelp DeskLong Term ConnectionFunctionalData TransferLarge TransferPACS Access?CT ThumbnailInstantaneous ScrollCase #10: Echocardiogram Study - Transfer of "Large" data files?Intended Task: Echocardiogram Studies >500 mb?in order to be read and interpreted by contracted staff on GFE laptop. Study would be acquired at home VA site but interpreted at a remote site. Or COTS software to Attach directly to ImageVault server database remotely.Software/App Required: GE EchoPac?Expected?Outcome:Resolution of acceptable grade such that clinical diagnoses can be made with confidenceStable connectivity to complete review of the study without degradation, latency, or disconnectAbility to manipulate the images with functionalities to augment review speed and image contrast, and complete quantitative measurementsNo complexity added to the utility of the technology beyond establishing a remote access sessionSuccess Criteria:?Non-FunctionalDoes not limit functionality to a single platformHigh AvailabilityLow ImpedanceRemote Desktop UseProfile Load DelayHelp DeskLong Term ConnectionEfficient DownloadFunctionalData TransferLarge TransferPACS Access?Case #11: Real Time Data - Video TeleconferencingIntended Task: Establish and maintain a telehealth video teleconference and education session with a patient with the patient being external to the VA network and clinician internal, utilizing online meeting/video teleconferencing cloud services technology.?Sessions are performed under a variety of circumstances involving technologies that are defined both internal to VA and external with VA business partners such as academic affiliates, commercial vendors, and non-VA medical facilities.Software/App Required: FuzeMeeting cloud service and software. Adobe Connect (DoD branded as DCO).Expected Outcome:Resolution of acceptable grade such that clinical therapy & diagnoses can be performed with confidenceStable connectivity to complete treatment and diagnosis without degradation, latency, or disconnectAbility to share a variety of media including recorded audio, recorded video, still images, and the clinician's screenVideo, audio, and media quality are limited only by the patient's end network connection characteristicsNo complexity added to the utility of the technology beyond establishing a remote access sessionCase #12: Demand Driven Video Teleconferencing Therapy SessionIntended Task: Provide spontaneous therapy session to patient via point to point video teleconference as an advanced form of the typical telephone/cell phone call (the video phone call).Software/App Required: Skype, ooVoo, FaceTimeExpected?Outcome:Connecting with patient?on the patient's terms is seamless and easy for both clinician and patientVideo and audio quality are limited only by the patient's end network connection characteristicsNo complexity added to the utility of the technology beyond establishing a remote access sessionCase #13: Podcasting from National Institutes of Health – Non-Vendor Specific - Data Transfer CaseIntended Task: Clinician is engaged with business partners in?information transfer and training. ?VA Clinician is directed to industry standard video podcast training materials that are provided by the remote non-VA entity for long term session consumption (1 hour video).Software/App Required: iTunes (Windows, Mac, iPad, iPhone, iPod), AntennaPod (Android),?Zune WP7. Expected Outcome:Clinician can consume long term video podcast without interruption or presentation degradation due to remote access system performance issuesClinician is not required to disconnect from VA network resources in order to perform this use caseCase #14: Multimedia - Flash/HTML5 site (TMS like, Visual Interactive, Library)Intended Task: Clinician is directed to receive training in the Talent Management System (TMS). During the training in TMS, the clinician must monitor email for My HealtheVet secure messaging. ?Clinician will commonly suspend training to address the emergency patient situation and then resume training once the situation is resolved.?The nature of this scenario is to maintain the training session in-between higher priority interruptions. Systems like TMS commonly will require the user to restart their training should a session become disrupted by network changes. ?The end cloud service cannot be expected to work around the remote access constraints.Software/App Required: TMS cloud serviceCase #15: STAT Notification - Instant Messaging (IM)Intended Task: Clinician connects to university affiliate partner from VAMC to engage in internet style instant messaging to exchange quick fire information. ?A federated instant messaging system or access to commercial systems that federate to the affiliates is instrumental in this connection.Software/App Required: (including but not limited to) GoogleTalk, DKO Instant Messaging, iMessage (Apple/Mobile), Lync for internal IM.Expected Outcome:Business users can transparently employ the solutions they use from within the VA network todayBusiness users can transparently employ the solutions they use from the internet they use todayCase #16: Privacy of Remote End-User Personally Owned DeviceNetwork packet sniffer shows?communications occurring between the Cisco network appliance and the Cisco AnyConnect client when the user is not connected to the VA network. The Cisco AnyConnect client initiates the communication to the Cisco ASA and trades data with VA without permission of the user or notifying the user in any way. Testing should involve all VA provided software for remote access.Intended Task: Clinician has home system. Clinician can successfully use home system to connect to the VA network during off hours or prime time to reach VA resources including client-server apps from their local desktop.Software/App Required: "SMC" inclusive of Cisco AnyConnect, CAG with Citrix Receiver.Expected Outcome:End user's personally owned machine and privacy thereof is not violated in any wayNo Personally Identifiable Information of any sort is transferred from the end user's personally owned system without their knowledge and permissionVA software resident on personally owned devices does not make unsolicited connections to VA systemsAcronyms and AbbreviationsOI&T Master Glossary: Term Definition ACOSAssociate Chief of StaffANRAutomated Notification ReportingARKAnesthesia Record KeeperBDOCBed Days of CareBNBusiness NeedBRDBusiness Requirements DocumentCAGCitrix Access GatewayCARMClinical Application Response MetricsCCDContinuity of Care DocumentCEVNClinical Enterprise Video conferencing NetworkCHPSECertified HIPAA Privacy Security ExpertCISClinical Information SystemCMIOChief Medical Informatics OfficerCOOPContinuity of Operations PlanCOTSCommercial-Off-The-ShelfCPRSComputerized Patient Record SystemCSVComma Separated ValueCTComputerized TomographyDCIODeputy Chief Information OfficerDCOAdobe Connect (DoD)DICOMDigital Imaging and communications in MedicineDODDepartment of DefenseEDESEmergency Department Encounter SummaryEHRElectronic Health RecordEKGElectrocardiogramEMRElectronic Medical RecordEREmergency RoomFIPSFederal Information Processing StandardGBGigabyteGFEGovernment Furnished EquipmentGIGastrointestinalGUIGraphical User InterfaceHIHealth InformaticsHITSPHealth Information Technology Standards PanelHL7Health Level SevenICUIntensive Care UnitIECInternational Electrochemical CommissioniEHRIntegrated Electronic Health RecordIHEIntegrating the Healthcare EnterpriseIHSIndian Health ServiceIMInstant MessengerIPInternet ProtocolIPv4Internet Protocol version 4IPv6Internet Protocol version 6ISOInternational Organization for StandardizationITInformation TechnologyKb/sKilobytes/secondLANLocal Area NetworkLOINCLogical Observation Identifiers, Names, and CodesMbMegabyteMsMillisecondMUMeaningful UseMUSEMulti-User Shared Environment NISTNational Institute of Standards and TechnologyNISTIRNational Institute of Standards and Technology Interagency Reportnonf or nfNon-Functional RequirementNSRNew Service RequestNTRTNew Term Rapid TurnaroundOHIOffice of Health InformationOIAOffice of Information and AnalyticsOI&TOffice of Information and TechnologyOMOperations and MaintenanceOMBOffice of Management and BudgetONCHITOffice of the National Coordinator for Health Information TechnologyOSOperating SystemOWNROwner RequirementPACSPicture Archiving and Communication SystemPAOProgram Administration OfficePDFPortable Document FormatPFTPulmonary Function TestPIVPersonal Identification VerificationPKIPublic Key InfrastructureRDMRequirements Development and ManagementReqProRational? RequisitePro?RFOReason For OutageSDSStandard Data ServicesSIMStrategic Investment ManagementSMESubject Matter ExpertSNOMED CTSystematized Nomenclature of Medicine Clinical TermsSQLSoftware Query LanguageSSLSecure Socket LayerSTSStandards and Terminology ServicesTMSTraining Management SystemUATUser Acceptance TestingUCDUser Centered DesignUIUser InterfaceVADepartment of Veterans AffairsVACOVA Central OfficeVAMCVA Medical CenterVBAVeterans Benefits AdministrationVCMVista Chemotherapy ManagerVETSVA Enterprise Terminology ServicesVHAVeterans Health AdministrationVISNVeterans Integrated Service NetworkVistAVeterans Health Information Systems and Technology ArchitectureVPNVirtual Private NetworkVTCVideo TeleconferencingWSCWorkforce Development Co-Lead ................
................

In order to avoid copyright disputes, this page is only a partial summary.

Google Online Preview   Download