Technologies must be operated and maintained in accordance with Federal and Department security and privacy policies and guidelines. More information on the proper use of the TRM can be found on the TRM Proper Use Tab/Section.
|Website:||Go to site|
|Description:||Clinical Video Teleconference (CVT) Into the Home (CVTH - previously called Video Anywhere) is a custom video teleconference solution that allows patients to participate in video appointments from their home with a VA clinician. The solution is comprised of Cisco hardware and software components and custom Iron Bow applications running on two Microsoft Hyper-V virtual machine (VM) Internet Information Services (IIS) systems. The custom Iron Bow middleware applications include:
Scheduling Web Application: VA personnel approved for scheduler access log into this site to create new appointments or to view/edit existing appointments. Creating a new appointment results in an email sent to the patient with a link to confirm the meeting and instructions for retrieving temporary credentials. The email also provides instructions regarding how to launch the Jabber client and how to use the username and password from the confirmation page to log into Jabber at the time of the meeting. Providers receive a copy of the patient appointment email for verification.
Software Download Web Application: The patient appointment email contains a link to this site with instructions for downloading the Windows or Mac Jabber client.
Confirmation Web Application: The patient appointment email contains a link to this site with instructions for confirming the appointment and receiving their temporary credentials.
Service Middleware Application (VidAnySrvc.exe): Sends out a copy of the reservation email the day before the meeting as a reminder. The service also accesses a proxy IIS app on the Cisco TelePresence Management Suite (TMS) server to create a temporary account in TMS for the patient the morning of the meeting, and then removes it after the meeting. The account is currently valid from midnight to midnight on the appointment day.
Proxy Application: This application runs on the TMS server and uses TMS API calls to add/remove the temporary patient accounts to the TMS server to permit the scheduled video conferences.
|Section 508 Information:||The Implementer of this technology has the responsibility to ensure the version deployed is 508 compliant. Section 508 compliance may be reviewed by the 508 Office and appropriate remedial action taken if necessary. For additional information or assistance regarding Section 508, please contact the Section 508 office at Section508@va.gov.|
|Decision Constraints:||Due to National Institute of Standards and Technology (NIST) identified security vulnerabilities, extra vigilance should be applied to ensure the versions remain properly patched to mitigate known and future vulnerabilities. The local ISO can provide assistance in reviewing the NIST vulnerabilities.
Veterans Affairs (VA) users must ensure VA sensitive data is properly protected in compliance with all VA regulations. All instances of deployment using this technology should be reviewed by the local ISO (Information Security Officer) to ensure compliance with VA Handbook 6500.
Per the May 5th, 2015 memorandum from the VA Chief Information Security Officer (CISO) FIPS 140-2 Validate Full Disk Encryption (FOE) for Data at Rest in Database Management Systems (DBMS) and in accordance with Federal requirements and VA policy, database management must use Federal Information Processing Standards (FIPS) 140-2 compliant encryption to protect the confidentiality and integrity of VA information at rest at the application level. If FIPS 140-2 encryption at the application level is not technically possible, FIPS 140-2 compliant full disk encryption (FOE) must be implemented on the hard drive where the DBMS resides. Appropriate access enforcement and physical security control must also be implemented. All instances of deployment using this technology should be reviewed to ensure compliance with VA Handbook 6500 and National Institute of Standards and Technology (NIST) standards. It is the responsibility of the system owner to work with the local CIO (or designee) and Information Security Officer (ISO) to ensure that a compliant DBMS technology is selected and that if needed, mitigating controls are in place and documented in a System Security Plan (SSP).
|Decision Source:||TRM Mgmt Group|
|Decision Process:||One-VA TRM v16.1|
|Introduced By:||TRM Request|
|Vendor Name:||Iron Bow Technologies|