overview (1K)

Comparing Technologies
This is a very brief, over-simplified discussion of the three technologies currently employed to access remote data in VHA. We will take them in chronological order, i.e., the order in which they were developed.

WebTop

It should first be noted that this is the current WebTop design, not the original. Little explanation is required. The user interface is Internet Explorer. It of course communicates with IIS which in turn uses JRun Java servlets to communicate with VistA. The links between "WebTop" and the various VistA sites are direct links, from the web server to each VistA. WebTop is limited to a participating collection of sites, and to participate a site must contribute a generic VistA account. This has a few drawbacks, the two most significant being:

The second issue is most noticeable on sensitive patient accesses. CPRS, when the user passes the sensitive patient warning, issues a bulletin to VistA that puts the user's identifiers into a log inside VistA. This does not happen with WebTop. To compensate, WebTop has the ability to email the relevant ISOs in response to this event. Of course, this requires the maintenance of a table of enterprise ISOs, who must then manage the data received in some way.

An interesting feature of WebTop is that all communication between the servlets and VistA is accomplished with a single RPC that uses varying sets of parameters.

CPRS Remote Data Views (RDV)

The first thing to notice with RDV is that it communicates only with the local VistA, which in turn communicates with the remote VistAs. Here's how it works:

  1. RDV asks the local VistA for remote data;
    the local VistA adds some user identifiers to the request and passes it on to the remote VistAs;
    the local VistA returns a handle to CPRS.
  2. While the remote VistAs assemble the date, via HL7, CPRS iteratively asks the local VistA if the data is ready yet.
  3. When all the data has been returned from the remote VistAs, the local VistA answers CPRS's next query with a YES, and CPRS issues the third and final RPC to get the data.
This is a sort of laundry ticket approach. The local VistA gives CPRS a "claim stub" and then CPRS asks the local VistA every 10 seconds if the data is ready. At the remote sites, RDV uses "visitor" accounts. These are accounts, in the New Person File (NPF), that have no access or verify codes, no menu options, and are aliased as "VISITOR". Notice that such accounts, since they have no menu options, are context-less. That is, no user can authenticate against them (since they have no access, verify codes), nor can a user be authorized against them (since they have no contexts). What that boils down to, is you cannot directly connect to them and get data via CPRS RPCs.

Or can you?

VistaWeb with MDO

As with WebTop, the VistaWeb user interface is Internet Explorer and the web server is IIS. Instead of JRun servlets however, VistaWeb uses uses Medical Domain Objects (MDO) to communicate with VistA. And, as with WebTop, communication between the web server and the various VistAs is direct. The big difference, though, is MDO is able to use VistA visitor accounts. It can do this because it "knows" how to give a visitor account the CPRS context as a secondary menu option. So it combines the security of visitor accounts with the speed of direct communication and adds the ability to fetch patient data from any VHA site.

One may object that such a visitor account is not so secure once it has a context, but remember, there's still no access or verify code. So if you could log onto such an account you would indeed be authorized to execute CPRS RPCs, but you can't log on. What's more, the user must have CPRS authorization at the local site to begin with since the RPCs MDO uses to set the context in the remote sites cannot be executed otherwise.