1 / 19

DEA CSOS Pilot Conference Call

DEA CSOS Pilot Conference Call. June 20, 2002. Agenda. Pilot Overview: Pilot Organization and Scope Phase II: Status Phase III: Work in Progress Phase III: Philosophies/Goals Phase III: Getting Started – Test Factors Phase III: Test Objectives

dillan
Download Presentation

DEA CSOS Pilot Conference Call

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript

  1. DEA CSOS Pilot Conference Call June 20, 2002

  2. Agenda • Pilot Overview: Pilot Organization and Scope • Phase II: Status • Phase III: Work in Progress • Phase III: Philosophies/Goals • Phase III: Getting Started – Test Factors • Phase III: Test Objectives • Phase III: Test Objective Scenarios (Proposed) • Phase III: Approach • Phase III: Timeline • Phase III: Action Items • Questions…

  3. Proposed Pilot Organization and Scope

  4. Phase II: Status • 7 CSOS Certificates Issued to-date (2 - Butler,1- Mallinckrodt, 1- Baxter, 1 -McKesson, 2 –McQuery) • 3 Applications Received – In adjudication (3 – North Carolina Mutual Drug) • 2 completed test plans received • Issues identified during testing: • Notarization – external vs. internal • Internal simplification of end-user processes. • Adjudication issues – POA letters need to be formatted to DEA standards • Completed test plans due by July 5!

  5. Phase III: Work in Progress • Milestones: • 850 Transaction Sets Worksheets - Completed • 850 committee decision on signature approach (external to orders vs. wrapped around orders) – Completed • 850 Meeting at HDMA – 7/26 • Future Process Flow Draft - ECD 7/15/02 • Phase III testing to follow completion of Process Flow draft • Work In Progress: • Tom Turner (Abbott) contacting participants to determine trading partnerships for Phase III testing. • HDMA Survey to determine who is presently using EDI INT or other solutions

  6. Phase III: Philosophies/Goals • Philosophies: • Divide and Conquer • EDI 850-oriented, but not exclusive of other technologies • Goals • Leverage Existing Systems • Identify Anticipated Production Deployment Costs • Identify Cost Savings - Capture Workflow Time to Complete

  7. Phase III: Getting Started – Test Factors Test Factors: • Correctness – transactions and processes meet anticipated standards • Error-handling – no “gotchas” later on, tests designed to confirm that systems are catching expired certificates, invalid certificate information, etc. • Interoperability - compatibility between trading partners • Economic - development/process times

  8. Phase III: Test Objectives • Test Objective 1: Key Exchange Process • Test Objective 2: E-222 Generation Process • Test Objective 3: Transmission Process • Test Objective 4: E-222 Receipt Process • Test Objective 5: Order Validation Process • Test Objective 6: Receiving Process

  9. Phase III: Test Objective Scenarios (Proposed) • Test Objective 1: Key Exchange Process • Certificate (or Certificate S/N is received by trading partner • Certificate is properly validated • Certificate is imported into PKI application • Test Objective 2: E-222 Generation Process • PO contains all DEA required fields • PO is uniquely identified (attempt to use same PO # on 2 orders) • Order is digitally signed, purchaser’s system controls access to private key activation correctly • PO is translated properly EDIINT packet is created • Purchaser’s system is enabled with a 10-minute timeout activity period

  10. Phase III: Test Scenarios • Test Objective 2: E-222 Generation Process (Continued) • Purchaser’s system removes private key from memory after log-off • Purchaser’s system syncs time with trusted time source within 5 minutes of NIST’s time • Orders are archived after transmission • Test Objective 3: Transmission Process • EDIINT packet is sent to the receiver without error • In event that transmission process is disrupted, order is rolled-back

  11. Phase III: Test Scenarios • Test Objective 4: E-222 Receipt Process • EDIINT packet is archived • Certificate is validated against the CRL • Expired certificate is used (error handling) • Revoked certificate is used • Digital signature is verified • The CA digital signature on the certificate is verified • Certificate is sent from unauthorized CA (error handling) • The PO is correctly translated by the X.12 translator • Supplier’s system utilizes trusted time source as above

  12. Phase III: Test Scenarios • Test Objective 5: Order Validation Process • DEA extension data and other certificate data is validated • Wrong ship to address is sent • Wrong schedules are ordered • Hash is not SHA-1 • Modified order is detected • Order is sent with no supplier DEA number or cites an incorrect DEA number, but a link to the correct DEA number can be created (correctness)

  13. Phase III: Test Scenarios • Test Objective 5: Order Validation Process (continued) • Order contains incorrect business activity classifications (error-handling) • Order includes all DEA Form 222 information • The order can be placed on hold and discrepancies can be manually resolved • Orders can be split – however only one supplier name is cited on the order • Order contains the name of the controlled substance product • Order can have the NDC added by the supplier after the order has been received, linking to the original • Supplier can link number of packages shipped to order • Order can accommodate an “unlimited” number of items

  14. Phase III: Test Scenarios • Test Objective 5: Order Validation Process • Order can accommodate schedules III through IV as well as 1 and II • Order includes complete ship to address of the supplier • Order contains the date the order is submitted to the supplier • Order contains the name of the controlled substance product • Supplier can link ship to date to order • Test Objective 6: Receiving Process • Purchaser can link number of packages received to order • Purchaser can link items to order

  15. Phase III: Approach • Divide workflow into teams – working with your existing trading partners and vendors • Team A: Purchaser: • Test Objective 1: Key Exchange Process • Test Objective 2: E-222 Generation Process • Test Objective 3: Transmission Process • Test Objective 6: Receiving Process • Team B: Supplier: • Test Objective 4: E-222 Receipt Process • Test Objective 5: Order Validation Process

  16. Phase III: Approach • Leverage existing infrastructure and tools • Decide which process you think you’d be able to develop and test with your partner • Create “Strawman” signed 850 • Results will document “Lessons Learned”

  17. Phase II/III Timeline

  18. Phase II: Action Items • HDMA survey • Tom Turner (Abbott) mapping processes • Survey vendors for FIPS compatibility • Vendor participation in Pilot?

  19. Questions

More Related