============================================================================= Run Date: JUL 12, 2024 Designation: MAG*3*363 Package : MAG - IMAGING Priority: Mandatory Version : 3 SEQ #256 Status: Released Compliance Date: AUG 12, 2024 ============================================================================= Subject: INGEST, RHAPSODY, CROSS ORIGIN RESOURCE SHARING (CORS) Category: - Informational Description: ============ This patch addresses the following issues and new capabilities: Unless noted otherwise, each change applies to CCIA. 1. Enhancement (IMAG-4491) Commercial off-the-shelf (COTS) package updates for VA Technical Reference Manual (TRM) compliance. 2. Defect (IMAG-4506) Requests for echocardiogram (ECG) images no longer return error code 500 (Internal Server Error). 3. Enhancement (IMAG-4510) Obtain Oracle Cerner internal person identifiers (IDs) from Fast Healthcare Interoperability Resource (FHIR) Person service. 4. Defect (IMAG-4514) Set site name/location to empty if the FHIR encounter location is missing. 5. Enhancement (IMAG-4515) Reduce Central Processing Unit (CPU) utilization when loading studies with a large number of images. 6. Defect (IMAG-4519) Remove Release of Information (ROI) and Image Quality Assurance (QA) external links from the CCIA Viewer. 7. Enhancement (IMAG-4520) Bring in additional changes from the C/VIX code base. 8. Enhancement (IMAG-4527) Support Cross-Origin Resource Sharing (CORS) in the CCIA Viewer. 9. Enhancement (IMAG-4529) Enable association of encounter information with supported media for CCIA Ingest. 10. Enhancement (IMAG-4555) Remove VixCache webapp. Patch Components: ----------------- N/A Files & Fields Associated: File Name (Number) Field Name (Number) New/Modified/Deleted ------------------ ------------------- -------------------- N/A Forms Associated: Form Name File Number New/Modified/Deleted --------- ----------- -------------------- N/A Mail Groups Associated: Mail Group Name New/Modified/Deleted --------------- -------------------- N/A Options Associated: Option Name Type New/Modified/Deleted ----------- ---- -------------------- N/A Protocols Associated: Protocol Name New/Modified/Deleted ------------- -------------------- N/A Security Keys Associated: Security Key Name ----------------- N/A Templates Associated: Template Name Type File Name (Number) New/Modified/Deleted ------------- ---- ------------------ -------------------- N/A Remote Procedures Associated: Remote Procedure Name New/Modified/Deleted --------------------- -------------------- N/A Parameter Definitions Associated: Parameter Name New/Modified/Deleted -------------- -------------------- N/A Additional Information: ----------------------- Blood Bank Team Coordination: N/A New Service Requests (NSRs): N/A Patient Safety Issues (PSIs): N/A Defect Tracking System Ticket(s) & Overview: (IMAG numbers are from VA Jira) 1. Enhancement (IMAG-4491) Commercial off-the-shelf (COTS) package updates for VA Technical Reference Manual (TRM) compliance. Problem: -------- COTS packages required an upgrade in accordance with the TRM. Resolution: ----------- Now the CCIA Installer has a pre-requisite of the Visual C++ Redistributable which ensures the latest supported version (currently 2015-2022) is installed. The Java version in MAG*3.0*361 was 8u371 and upgraded to 8u391 in accordance with the TRM. The Apache Tomcat version in MAG*3.0*361 was 9.0.75 and upgraded to 9.0.83 in accordance with the TRM. The LibreOffice version in MAG*3.0*361 was 7.3.5 and upgraded to 7.6.2 in accordance with the TRM. The PowerShell version in MAG*3.0*361 was 7.2.4 and upgraded to 7.3.9 in accordance with the TRM. If the changes to CCIA are not approved, then CCIA will not have necessary security releases. 2. Defect (IMAG-4506) Requests for echocardiogram (ECG) images no longer return error code 500 (Internal Server Error). Problem: -------- Requests for echocardiogram (ECG) images return error code 500 (Internal Server Error). Resolution: ----------- CCIA now returns ECG images on request and users no longer receive an error. 3. Enhancement (IMAG-4510) Obtain Oracle Cerner internal person identifiers (IDs) from Fast Healthcare Interoperability Resource (FHIR) Person service. Problem: -------- CCIA currently uses an OAuth1 and MSVC service, proxied by Rhapsody, for patient ID translations from VA Integration Control Number (ICN) to Cerner internal IDs. There was desire to replace the use of Rhapsody and the services it proxies for internal patient ID resolutions to reduce the number of external dependencies, remove duplicate authentication, and consolidate on FHIR services. Resolution: ----------- Now CCIA obtains the patient ID translations from VA ICN to Cerner internal IDs via FHIR. If the changes to CCIA are not approved, then CCIA will continue to use Rhapsody and the services it proxies for internal patient ID resolutions. 4. Defect (IMAG-4514) Set site name/location to empty if the FHIR encounter location is missing. Problem: -------- The siteName is not being populated correctly into the response name for CVIX when the FHIR encounter location is missing and this results in the patient data request failing. Resolution: ----------- The FHIR encounter is used as the source for the siteName, and if not available the siteName now remains empty, and this populates the siteName using the site service lookup by the corresponding site number city and state of the CERNER migrated site. If the changes to CCIA are not approved, then CCIA will continue to have the patient data request failing for CERNER migrated sites when the encounter location is missing. 5. Enhancement (IMAG-4515) Reduce Central Processing Unit (CPU) utilization when loading studies with a large number of images. Problem: -------- Each image request requires loading of cached study metadata, which when done concurrently caused excessive CPU utilization; this was observed with studies with a large number of images loading into the CCIA Viewer. Resolution: ----------- CCIA now wraps the study-object in a buffer input stream and the utilization for concurrent loading of a study in the CCIA Viewer is significantly lower. If the changes to CCIA are not approved, then CCIA will continue to have high CPU utilization for concurrent loading of a study in the CCIA Viewer. 6. Enhancement (IMAG-4519) Remove Release of Information (ROI) and Image Quality Assurance (QA) external links from the CCIA Viewer. Problem: -------- The external links menu on the CCIA Viewer page included unused links: ROI Status, ROI Submission, Image QA, and Image QA Report. Resolution: ----------- The external links menu in the CCIA Viewer page now omits the following unused links: ROI Status, ROI Submission, Image QA, and Image QA Report. If the changes to CCIA are not approved, then the CCIA Viewer page will continue to have the ROI Status, ROI Submission, Image QA, and Image QA Report links. 7. Enhancement (IMAG-4520) Bring in additional changes from the C/VIX code base. Problem: -------- CCIA did not include some recent installer changes from the C/VIX code base. It was possible to have multiple Installer Wizards installed on the same server potentially causing problems with the install. The ListenerTool listening on port 9200 was no longer used but was installed with the install. Java library dependencies were split between two directories, and it was possible to have file handles left open to them during installations which could cause interruptions. Further, unlike C/VIX, CCIA did not require authentication for queries against the "/Study/restservices" endpoint. Resolution: ----------- CCIA has been updated to overlay and merge in additional installer C/VIX code and enhancements. Now the Graphical User Interface (GUI) version of the CCIA Installer does not proceed if another Installer Wizard is installed and if this occurs, an error message appears informing the user to uninstall the other Installer Wizard(s). Now the CCIA Installer uninstalls the ListenerTool. In addition, the CCIA Installer places and updates CCIA to use Java library dependencies only within the Tomcat installation folder. Further, authentication with a security-token is now required for queries against the "/Study/restservices" endpoint, and without authentication, will return 500 responses (Internal Server Error). If the changes to CCIA are not approved, CCIA will not receive some of the latest enhancements. 8. Enhancement (IMAG-4527) Support Cross-Origin Resource Sharing (CORS) in the CCIA Viewer. Problem: -------- The CCIA Viewer supported CORS in Internet Explorer (IE), but this is being retired by Cerner/Oracle. The CCIA Viewer does not support CORS in Edge or Chrome, resulting in cross-site scripting violations and AJAX call failures to the token2 and studyquery endpoints. Resolution: ----------- The CCIA Viewer now returns appropriate CORS headers in token2 and studyquery responses, thus enabling a CORS request in Edge and Chrome. 9. Enhancement (IMAG-4529) Enable association of encounter information with supported media for CCIA Ingest. Problem: -------- The Encounter ID is beneficial for creating media for Oracle APIs. Some clients - such as Parable Wound Care - are not able to provide an Encounter ID during CCIA ingest to Cerner/Oracle. Additionally, a lack of metadata like the Encounter ID and grouping at the patient level makes navigation and retrieval of media difficult for the end-user. Resolution: ----------- Within the CCIA Ingest API, a field named consultUrn has been modified to allow either an Encounter ID or a Financial ID Number (FIN). If CCIA sees that an ID was passed as a FIN, a FHIR call to the Encounters endpoint is made, allowing the FIN to be mapped to an EncounterID which can be passed to Oracle APIs for creating media. 10. Enhancement (IMAG-4555) Remove VixCache webapp. Problem: -------- The VIX Cache Web App was infrequently used and exposed a file system security vulnerability. Resolution: ----------- The VIX Cache Web App and references have been removed. Software and Documentation Retrieval Instructions: ---------------------------------------------------------------------- This release includes software files. File Title File Name ---------------------------------------------------------------------- Cerner CVIX Integration Adapter (CCIA) Installer MAG3_0363_CCIA_SETUP.MSI Documentation describing the new functionality is included in this release. Documentation Title File Name ---------------------------------------------------------------------- Cerner CVIX Integration Adapter (CCIA) Installation Guide MAG3_0363_CCIA_INSTALLATION_GUIDE.PDF Patch Installation: ------------------- Pre/Post Installation Overview: N/A Pre-Installation Instructions: For pre-installation instructions, please see the MAG3_0363_CCIA_INSTALLATION_GUIDE.PDF for more detail. Installation Instructions: This is an informational patch. Successful CCIA installation can be verified by following the instructions in the MAG3_0363_CCIA_INSTALLATION_GUIDE.PDF. Post-Installation Instructions: For post-installation instructions, please see the MAG3_0363_CCIA_INSTALLATION_GUIDE.PDF for more detail. Rollback, Back Out, or Uninstalling MAG*3.0*363 MSI -------------------------------------------------- If it is necessary to uninstall the MAG*3.0*363 CCIA MSI, use the Uninstall option from Windows Control Panel to uninstall: "CCIA Service Installation Wizard 30.363.1.3485". Then install the previous version of CCIA, which was included in MAG*3.0*361. To back out the CCIA and replace it with the prior version, please see the MAG3_0P363_CCIA_INSTALLATION_GUIDE.PDF for more detail. The versions should be validated during uninstall, rollback or back-out if necessary. Routine Information: ==================== No routines included. ============================================================================= User Information: Entered By : Date Entered : OCT 31, 2023 Completed By: Date Completed: JUL 11, 2024 Released By : Date Released : JUL 12, 2024 ============================================================================= Packman Mail Message: ===================== No routines included