============================================================================= Run Date: FEB 22, 2021 Designation: EAS*1*196 Package : EAS - ENROLLMENT APPLICATION SYSTEM Priority: Mandatory Version : 1 SEQ #168 Status: Released Compliance Date: MAR 25, 2021 ============================================================================= Subject: ENROLLMENT SYSTEM (ES) 5.15 RELEASE Category: - Informational Description: ============ The purpose of this informational patch description is to announce the release of the Enrollment System (ES) 5.15. This release, developed in Java technology, contains Enrollment System Modernization (ESM) Phase 3 development and upgrade efforts. This release includes enhancements and defect fixes to support Enrollment System Community Care (ESCC), Electronic Health Record Modernization (EHRM), and ES Sustainment. ES 5.15 was successfully deployed on Sunday, February 21, 2021. The following functionality is updated in this ES 5.15 release: Enrollment System Modernization (ESM) 1. ES is enhanced to ensure mailings are stopped for deceased Veterans by setting the Stop Communications indicator when a Date of Death is entered. The tax-related 1095B form and the Affordable Care Act (ACA) letter are exceptions - these communications will be mailed to deceased Veterans at the beginning of a calendar year if the Date of Death was the previous year, and then are stopped for the years following. 2. ES 5.13 was updated to begin capturing historical data for Collateral of Veteran changes. ES 5.15 is updated to display this historical data on the Person Search > Eligibility screens. 3. ES is updated to introduce a new Agent Orange Exposure Location called Blue Water Navy (BWN). Processing rules will be the same for BWN as they are today for Viet Nam. A new reason for pending eligibility status is implemented to indicate verification of eligibility is awaiting receipt of a Blue Water Navy 7131 form. Electronic Health Record Modernization (EHRM) 1. Currently, ES receives unverified Other Health Insurance (OHI) information from the Community Care Network (CCN) contractor. ES transmits this insurance information to Veterans Health Information Systems and Technology Architecture (VistA) and Cerner for processing by the Insurance Verification staff. ES is enhanced to allow for the identification and suppression of specific incoming OHI information from transmitting to the VistA Insurance Buffer. This change will improve the workflow process and decrease inefficiencies. 2. ES is enhanced to allow users to export a person's change details by adding an "EXPORT" button next to the "VIEW DATA" button on "View History" for the following screens: - Eligibility History - Demographics > Personal History - Demographics > Associates History - Military Service History - Financials History - Enrollment History Operational Decision Manager (ODM) Under ODM, the 71 iLOG rule sets were transferred from iLOG to ODM. A Mediation Framework was established to allow the system administrators to switch between the iLOG and ODM rules sets as the rules sets are integrated into the ES application. Once the migration is fully completed to ODM, the rules will not be switched back to iLOG unless there is a systemic issue with ODM. ES 5.15 supports integration of the Process Financial Information and Handle Undeliverable Mail rule sets. ES Production Defect Fixes: VES-642 Adding/updating "Rated Incompetent" should trigger a Z05 (existing Production behavior) VES-9874 Document Management: Null pointer exception is thrown when accessing Document Management screens VES-10228 A record goes into locked status during Add a Person (AAP) VES-10301 Modify and remove system parameter VES-10688 Prevent Hardship Request and Generate Hardship batch job scrolling issue VES-10798 Expire Hardships batch process needs to be scheduled to run on January 1 ES Sustainment Defect Fixes: VES-542 Browser Compatibility: Chrome & Edge - On the Add/Edit Address > Demographics > Addresses screen, the address field names do not appear as greyed out VES-556 Browser Compatibility: Internet Explorer (IE) and Chrome - Issue between IE and Chrome on Hardship screen VES-565 Browser Compatibility: Edge and Chrome (not IE) - An error is thrown when adding a new phone number on the Address screen VES-566 Browser Compatibility: Edge and Chrome error message "0: Unable to get property 'value' of undefined or null reference" VES-644 Cleanup legacy batch processes (obsolete jobs) VES-1305 The "ACA 800" letter was sent when Stop Communications was set VES-1306 Health Eligibility Center (HEC) reject reason is not always displaying for letters in "Reject at HEC" status VES-1358 Duplicates are sent in CCN daily file VES-4173 An application error occurs when the Eligibility link is clicked from the breadcrumb VES-8122 Site Verified Eligibility is not updating correctly VES-9200 5.14.0 Fortify: Log Forging - 2 issues VES-9201 5.14.0 Fortify: Null Dereference - 3 issues VES-9203 5.14.0 Fortify: Portability Flaw: Locale Dependent Comparison - 2 issues VES-9346 ES is sending a pseudo Social Security Number (SSN) in the add correlation VES-9549 Loss of Veterans Choice Eligibility (VCE) Hardship, N State and Urgent Care with Manual Override VES-9745 Application error on View Transmission Details on Third-Party Administrator (TPA) Message log if there is wait-time data in the database VES-9786 VCE date shows record modified date from VCE eligibility table for CCN and TPA transmission log VES-9953 Add check for "addPreferredTreatingFacility" (APTF) Social Security Number (SSN) site validation during "proxy_vista" VES-10079 Hardship VCE expiration should be based on most recent hardship consult VES-10149 Section 508: In the timeout modal, the name and role of the close button cannot be understood VES-10797 OHI files are not received from Region 4 VES-11083 Invalid Bad Address Indicator (BAI) exists in the CCN eligibility file VES-11084 Names are missing in the CCN eligibility file VES-12043 ES is defaulting the "temporary address active" field to "true" regardless of temporary address status VES-12078 Patients cannot be added by using HCA/VOA request with SOAP UI in Stage 1A VES-12079 Fortify: On line 768 of HistoryDAOImpl.java, execute() uses Hibernate to execute a dynamic SQL statement built with input coming from an untrusted source VES-12080 Fortify: Privacy violation from SystemParameterServiceImpl.java:1008 VES-12081 Fortify: The method preProcessIncomeTestDateAndSource() in FinancialInfoRuleServiceImpl.java can crash the program by dereferencing a null pointer on line 348 VES-12082 Fortify: The method getKeyPosition() in HistoryAction.java can crash the program by dereferencing a null pointer on line 817 VES-12083 Fortify: The method processMessage() in VET360InboundProcessService.java can crash the program by dereferencing a null pointer on line 197 VES-12084 Fortify: The call to equals() on line 776 causes portability problems because it has different locales which may lead to unexpected output VES-12085 Fortify: The method hasCombatVeteranChanged() in PersonSubmittedAdvice.java mishandles confidential information VES-12086 Fortify: The function resourceLookup() in FileUtils.java sometimes fails to release a file handle allocated by JarFile() on line 179 VES-12087 Fortify: Attackers can control the file system path argument to FileOutputStream() at Financials1010EZApplication.java VES-12386 Expire Hardships job does not update VAMC tests Patch Components: ----------------- N/A Files & Fields Associated: File Name (Number) Field Name (Number) New/Modified/Deleted ------------------ ------------------- -------------------- N/A Forms Associated: Form Name File # New/Modified/Deleted --------- ------ -------------------- N/A Mail Groups Associated: Mail Group Name New/Modified/Deleted --------------- -------------------- N/A Options Associated: Option Name Type New/Modified/Deleted ----------- ---- -------------------- N/A Protocols Associated: Protocol Name New/Modified/Deleted ------------- -------------------- N/A Security Keys Associated: Security Key Name ----------------- N/A Templates Associated: Template Name Type File Name (Number) New/Modified/Deleted ------------- ---- ------------------ --------------------- N/A Remote Procedures Associated: Remote Procedure Name New/Modified/Deleted --------------------- -------------------- N/A Parameter Definitions Associated: Parameter Name New/Modified/Deleted -------------- -------------------- Additional Information: New Service Requests (NSRs): N/A Patient Safety Issues (PSIs): N/A Defect Tracking System Ticket(s) & Overview: Jira: Bug # Problem / Resolution: -------- --------------------- ES Production: VES-642 Problem: Adding/updating "Rated Incompetent" should trigger a Z05 (existing Production behavior). Resolution: Updated code to properly trigger the Z05. VES-9874 Problem: Document Management: Null pointer exception is thrown when accessing Document Management screens. Resolution: Updated the document management screens to present an error message in the event that the Data Access Service (DAS) is down at the time they are accessed. VES-10228 Problem: A record goes into locked status during Add a Person (AAP). Resolution: Updated code so that during AAP, the Overview page will be displayed and a user will be able to continue AAP. VES-10301 Problem: System parameter modification and removal is needed. Resolution: Updated "Temporary Address Enabled" system parameter to "Temporary Mailing Address Enabled" and removed Registration Date system parameter. VES-10688 Problem: Prevent Hardship Request and Generate Hardship batch job scrolling issue. Resolution: Modified code to retrieve all records from the database instead of performing an incremental retrieve. VES-10798 Problem: Expire Hardships batch process needs to be scheduled to run on January 1. Resolution: Scheduled the batch process to run on January 1. ES Sustainment: VES-542 Problem: Browser Compatibility: Chrome & Edge - On the Add/Edit Address > Demographics > Addresses screen, the address field names do not appear as greyed out. Resolution: Updated code to grey out inputs on the Addresses screen. VES-556 Problem: Browser Compatibility: Internet Explorer (IE) and Chrome - Issue between IE and Chrome on Hardship screen. Resolution: Updated code so that Hardship comments match for IE and Chrome. VES-565 Problem: Browser Compatibility: Edge and Chrome (not IE) - An error is thrown when adding a new phone number on the Address screen. Resolution: Fixed error message in Edge and Chrome when adding a phone number on the Address screen. VES-566 Problem: Browser Compatibility: Edge and Chrome error message "0: Unable to get property 'value' of undefined or null reference". Resolution: Fixed JavaScript errors and truncated buttons on the affected pages. VES-644 Problem: Cleanup legacy batch processes (obsolete jobs) . Resolution: Legacy batch processes that are no longer needed were removed from the system. VES-1305 Problem: The "ACA 800" letter was sent when Stop Communications was set. Resolution: Updated letter rules to properly generate and cease generation of letters. VES-1306 Problem: Health Eligibility Center (HEC) reject reason is not always displaying for letters in "Reject at HEC" status. Resolution: Resolved by fixing an issue with "PREVIOUS_ENROLLMENT_STATUS_NOT_REJECTED_BELOW_EGT". VES-1358 Problem: Duplicates are sent in CCN daily file. Resolution: Modified the query that acquires the list of CCN file data to retrieve one record per person. VES-4173 Problem: An application error occurs when the Eligibility link is clicked from the breadcrumb. Resolution: Updated the breadcrumb properties to resolve the issue. VES-8122 Problem: Site Verified Eligibility is not updating correctly. Resolution: Updated messaging to accept "Verified" status on a new Veteran. VES-9200 Problem: 5.14.0 Fortify: Log Forging - 2 issues. Resolution: Added "CommonNamehelper,Encode" to the log statement in order to resolve the log forging issues. VES-9201 Problem: 5.14.0 Fortify: Null Dereference - 3 issues. Resolution: No code changes were required for these issues; justification has been provided to the software analysis team in the ES 5.15 submission. VES-9203 Problem: 5.14.0 Fortify: Portability Flaw: Locale Dependent Comparison - 2 issues. Resolution: No code changes were required for these issues; justification has been provided to the software analysis team in the ES 5.15 submission. VES-9346 Problem: ES is sending a Pseudo Social Security Number (SSN) in the add correlation. Resolution: Updated code to send a null SSN instead of stripping off the "P" for Pseudo SSN. VES-9549 Problem: Loss of VCE Hardship, N State and Urgent Care with Manual Override. Resolution: Updated ILOG rules so that no data is lost when recalculating the VCE. VES-9745 Problem: Application error on View Transmission Details on TPA Message log if there is wait-time data in the database. Resolution: Removed wait-time from the TPA hibernate configuration as it is not part of the TPA file. VES-9786 Problem: VCE date shows record modified date from VCE eligibility table for CCN and TPA transmission log. Resolution: Updated code to use record created date for VCE effective date for CCN/TPA. VES-9953 Problem: Add check for APTF SSN site validation during "proxy_vista". Resolution: Updated code to add exception catch for SSN site validation during APTF and to present a message on the user interface to inform the user of the specific error. VES-10079 Problem: Hardship VCE expiration should be based on most recent hardship consult. Resolution: Updated code to base hardship expiration date on the consult with the latest expiration date. VES-10149 Problem: Section 508: In the timeout modal, the name and role of the close button cannot be understood. Resolution: Updated code to remove close link element. VES-10797 Problem: OHI files are not received from Region 4. Resolution: OHI filename saved to the Administrative Data Repository (ADR) so that the filename will be read while retrieving the OHI file attachment and can be viewed in "CCN Transmissions" in the ES user interface. VES-11083 Problem: Invalid Bad Address Indicator (BAI) exists in the CCN eligibility file. Resolution: Added check for BAI reason and set the BAI to character code to resolve the issue. VES-11084 Problem: Names are missing in the CCN eligibility file. Resolution: Updated CCN batch to check for null name fields and look them up in the ADR before writing the record to the CCN file. VES-12043 Problem: ES is defaulting the "temporary address active" field to "true" regardless of temporary address status. Resolution: Set the temporary address indicator based on the end date setting. VES-12078 Problem: Patients cannot be added by using HCA/VOA request with SOAP UI in Stage 1A. Resolution: Resolved by the latest Extensible Markup Language (XML) from the pre-production account. VES-12079 Problem: Fortify: On line 768 of HistoryDAOImpl.java, execute() uses Hibernate to execute a dynamic SQL statement built with input coming from an untrusted source. Resolution: Analysis found that this is a false positive; no code changes are required. VES-12080 Problem: Fortify: Privacy violation from SystemParameterServiceImpl.java:1008. Resolution: Analysis found that although Fortify detected this as a privacy violation. no confidential information is included in the code; no code changes are required. VES-12081 Problem: Fortify: The method preProcessIncomeTestDateAndSource() in FinancialInfoRuleServiceImpl.java can crash the program by dereferencing a null pointer on line 348. Resolution: Analysis found that this is a false positive result; no code changes are required. VES-12082 Problem: Fortify: The method getKeyPosition() in HistoryAction.java can crash the program by dereferencing a null pointer on line 817. Resolution: Modified HistoryAction.java to resolve the issue. VES-12083 Problem: Fortify: The method processMessage() in VET360InboundProcessService.java can crash the program by dereferencing a null pointer on line 197. Resolution: Analysis found that this is a false positive result; no code changes are required. VES-12084 Problem: Fortify: The call to equals() on line 776 causes portability problems because it has different locales which may lead to unexpected output. Resolution: Analysis found that no code changes are required; since the default is "English," there is no need for locale in the code. VES-12085 Problem: Fortify: The method hasCombatVeteranChanged() in PersonSubmittedAdvice.java mishandles confidential information. Resolution: Analysis found that this is an incorrect finding; the method is using a different class than that reported. VES-12086 Problem: Fortify: The function resourceLookup() in FileUtils.java sometimes fails to release a file handle allocated by JarFile() on line 179. Resolution: Updated FileUtils.java to resolve the issue. VES-12087 Problem: Fortify: Attackers can control the file system path argument to FileOutputStream() at Financials1010EZApplication.java. Resolution: Analysis found that this is a false finding; no code changes are required. VES-12386 Problem: Expire Hardships job does not update VAMC tests. Resolution: Updated code to exclude execution of financial validation for Expire Hardships batch process. Test Sites: ----------- Health Eligibility Center (HEC) Software and Documentation Retrieval Instructions: -------------------------------------------------- Documentation describing the new functionality is included in this release. Documentation can be found on the VA Software Documentation Library at: https://www.domain.ext/vdl/. Documentation can also be obtained at https://download.vista.domain.ext/index.html/SOFTWARE. Documentation Title File Name ------------------------------------------------------------ ES 5.15 Release Notes ES_5_15_RN.PDF ES 5.15 User Guide ES_5_15_UG.PDF Patch Installation: ES will be installed at the Austin Information Technology Center (AITC). ****** This is an informational patch ONLY. ****** ****** There is NO install to be done by sites. ****** Pre/Post Installation Overview: ------------------------------- N/A Pre-Installation Instructions: ------------------------------ N/A Installation Instructions: -------------------------- ES will be installed at the AITC only. ****** This is an informational patch ONLY. ****** ****** There is NO install to be done by sites. ****** Post-Installation Instructions: ------------------------------- N/A Back-Out/Roll Back Plan: ------------------------ N/A Routine Information: ==================== No routines included. ============================================================================= User Information: Entered By : Date Entered : NOV 23, 2020 Completed By: Date Completed: FEB 22, 2021 Released By : Date Released : FEB 22, 2021 ============================================================================= Packman Mail Message: ===================== No routines included