VA accelerates ESSO database app

VA accelerates ESSO database app

Anthony J. Principi wants to make VA medical records more accessible, but the single sign-on is only the first step.

Anthony J. Principi, now secretary of the Veterans Affairs Department, underwent hip replacement surgery several years ago at a VA hospital in northern California, but he couldn't get the stitches removed after he returned home to San Diego.

VA doctors there had no records of the surgery or anything else about the combat-decorated Vietnam veteran, said Edward Meagher, VA's deputy CIO and deputy assistant secretary for IT.

Principi 'has said many times to many people that he wants to fix that,' Meagher said.

About two years ago, VA commissioned the National Institute of Standards and Technology to develop an application to connect the records networks of 172 VA hospitals nationwide under Microsoft Windows NT. The goal was to give a VA doctor access to all patient files through one personal identification number and password instead of having different codes for each hospital.

NIST came up with Enterprise Single Sign-On, or ESSO, which has been under test since September at VA hospitals in Seattle; Oakland, Calif.; and Washington.

Now the developers are deciding how to deploy the application and to which hospitals.

'Developing is one thing, testing is another, deploying is the big step,' said Bill Majurski, ESSO's project manager at NIST. 'It's a very big step.'

ESSO works with NT's Remote Procedure Call Broker, which mediates network requests. It will let VA doctors exchange digitally signed documents and view images from a patient's file.

To run ESSO, VA hospitals will need three things: the Veterans Health Information Systems and Technology Architecture (VISTA), an authentication proxy server and a client workstation. The VISTA system must have RPC Broker installed but does not have to run under NT.

The authentication proxy server must run in an NT environment, connect to the VISTA system and be part of a Veterans Integrated Service Network domain.

The client workstation must run NT and be part of a local hospital's NT domain or a VISN domain.

The client-server VISTA, key to the success of ESSO, supports daily operations at VA health facilities. It ties together workstations, interfaces and software developed by local medical staff.

Within about five years, authorized doctors at any VA hospital nationwide might be able to open files using a smart card with some biometric identifier, Meagher said.

'In the longer term, a single biometric log-on would have a digital signature and authorization access control,' he said. He called ESSO the first 'baby steps' toward efficient and secure access.

A VA patient 'shouldn't have to be a stranger and go through more paperwork,' he said.

Majurski called patient access 'a very human-intensive process. Imagine going on vacation in California and needing to go to a VA hospital there while your records are in Baltimore's hospital.' But, he said, 'You have to do things gradually and in a sane way.'

Before doctors can enjoy the luxury of one PIN and password for everything, VA hospitals will have to change their policies for file access.

The Health Insurance Portability and Accountability Act of 1996 requires health care administrators to standardize electronic data interchange for records. The act also requires that organizations such as VA hospitals observe patient privacy standards.

Reader Comments

Please post your comments here. Comments are moderated, so they may not appear immediately after submitting. We will not post comments that we consider abusive or off-topic.

Please type the letters/numbers you see above