TLS used by SPM & PHM

Some modules in SPM & PHM (e.g. Field Forms & importing patient registration forms) connect to external resources (Azure storage containers), require TLS encryption.

If you need to add new encryption protocols to your server, the following article is useful: https://learn.microsoft.com/en-us/mem/configmgr/core/plan-design/security/enable-tls-1-2-server or use a utility tool called IIS Crypto (recommended).

The SchUseStrongCrypto setting allows .NET to use TLS 1.1 and TLS 1.2. The SystemDefaultTlsVersions setting allows .NET to use the OS configuration.

1. Edit the Registry Key: HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SecurityProviders\SCHANNEL\Protocols\TLS 1.2  (& possibly TLS 1.0)
   Export the Registry key first to backup the existing data.
   The 'Enabled' node for both Client and Server needs a value of 1
   
   
   Ideally, from a security point-of-view, SSL 2.0, SSL 3.0 should be removed or disabled (Enabled = 0), but do not do this until you have checked what effect it might have on other applications using the server.
   
   DO NOT remove TLS 1.0 if you have not enabled the secure encrypted connection feature in SQL Server, as the TLS 1.0 protocol is needed for unencrypted connections to the Incisive SQL databases.
   If changes have been made to the Server key you will need to reboot the server.
   
   
2. Edit the Registry Keys for:

• • HKLM:\SOFTWARE\Microsoft\.NetFramework\v4.0.30319
  • HKLM:\SOFTWARE\Wow6432Node\Microsoft\.NetFramework\v4.0.30319

For each Key add the following DWord nodes:

• • SchUseStrongCrypto            (value of 1)
  • SystemDefaultTlsVersions     (value of 1)

Or run the following Powershell scripts:

Set-ItemProperty -Path 'HKLM:\SOFTWARE\Microsoft\.NetFramework\v4.0.30319' -Name 'SchUseStrongCrypto' -Value '1' -Type DWord
Set-ItemProperty -Path 'HKLM:\SOFTWARE\Wow6432Node\Microsoft\.NetFramework\v4.0.30319' -Name 'SchUseStrongCrypto' -Value '1' -Type DWord
Set-ItemProperty -Path 'HKLM:\SOFTWARE\Microsoft\.NetFramework\v4.0.30319' -Name SystemDefaultTlsVersions ' -Value '1' -Type DWord
Set-ItemProperty -Path 'HKLM:\SOFTWARE\ Wow6432Node\Microsoft\.NetFramework\v4.0.30319' -Name SystemDefaultTlsVersions ' -Value '1' -Type DWord

TLS used by InTOUCH & inPATIENT apps

The inTOUCH and inPATIENT mobile apps require TLS 1.2 encryption on the web server to allow it to authenticate and also to connect to the storage container to securely transfer photos.

On the server that is hosting the inTOUCH app, can you check to see that you have the TLS 1.2 protocol enabled, at the Client and Server level.

Use https://www.ssllabs.com/ssltest/ to produce a report informing you of the encryption protocols that you have enabled on your server.

Add the required TLS protocols using the scripts in point 2 above.

Access to Port 445 (SMB) is needed by the inTOUCH app and SPM/PHM to access Azure Blob containers.  

inTOUCH uses it to reference the intouch-firebase-key token

SPM/PHM uses it to upload and download files from various blob containers.

Windows

Enable Telnet Client from ControlPanel > ProgramsFeatures > WindowsFeatures or
open Command prompt as Administrator and type in:   dism /online /enable-feature /featurename:telnetclient 

Open the Run command and type cmd to open the command prompt. Type the command in the image and press Enter.  

It is successful if the resulting screen is blank 

iPhone

Download iNetTools Free app and use the PortScan option

Enter the sever name such as   inclouddemo.file.core.windows.net  and the port name of 445 
Protocols and slashes are not needed.  The above address can be used for the test

Troubleshooting - options to test port access

See https://incisive.atlassian.net/l/cp/KkVXUbue 

Changing the amounts charged for Clinical Services Contracts:

The amounts you claim from ACC for your Clinical Services Contracts can be entered in one of two places if you are bulk-billing the services by way of a schedule.

When you edit your schedule (see above), note whether the schedule is set to use Invoice Items or Schedule Items:

Schedule Items

Note, that if you are set to use Schedule Items, these codes are shared by other providers in your database. Before making any changes to the amounts, please check that all secretaries have completed claiming for services up to 30 June before you change the amounts. Do not enter any claims for services dated from 1 July until you have updated your prices.

• Setup > Financial > Charges > Schedules > Third Party Schedule Claim Item
• Change existing codes using edit, change the Amount.
  Note, the rates entered here are GST inclusive.
• For new Service Items, select New.
  Note, the ACC Service Code or Alias Code needs to be entered in the Item # field. This is what is transmitted to ACC.
  The Code does not have to be the same as the Item #.

Invoice Items

• Setup > Financial > Charges > Invoice Items
• Change existing codes using edit, change the Amount.
  Note, the rates entered here are either entered GST inclusive or GST exclusive depending on the switch against the provider.
  If you are unsure, check via Setup > Provider > Config. 2 > Edit
  

Check List for Clinical Services

• Enter all services up to 30 June.
• Process / advance your schedule(s).
• Update all rates as applicable prior to entering any services dated on or after 1 July 2023.

Cost of Treatment Regulations (CoTR)

The Cost of Treatment Regulations Amendment was effective from 1 May 2023 and have not changed since.

If you have any queries please create a ticket at http://www.incisivesupport.com or send an email to help@incisivesupport.com

Anaesthetists and Assistants are able to use the inTOUCH phone app to have remote access to the patients and their clinical records, that they are going to be seeing with the surgeon.  This means they are able to review their list at any time, without having to wait for it to be sent to them and then possibly request clinical notes regarding a patient.

As soon as any changes are made to the list by the practice staff, they will become visible within the inTOUCH app.  They can also add notes to the patient's records and upload photos.

By linking the anaesthetist or assistant to an operating session it allows the inTOUCH app to filter the operating sessions, to only display their operating lists and the patients on the list.  They are not able to view operating sessions and patients that they are not linked to.  When a patient is selected, they can then see their contact details as well as their clinical records.

There are two steps required to enable access to the inTOUCH app

1. Install the inTOUCH app on their phone and provide an email address to Incisive, which will be used to provide access to the app and authenticate them each time they log on.
   
   
2. Configure the operating session(s) in SPM/PHM so that the anaesthetist/assistant are selected from a list and are then linked to the session.  The link can occur as a default for a particular type of appointment Session or can be entered for each individual session (if there is variability)
   See Share an Op list with Anaesthetist or Assistant 

The Windows 'Language-Bar' pop-up may appear floating on the screen when SPM or PHM is run on an Apple Mac via Remote Desktop or RemoteApp.  It can cause a problem when Checking Dictation because it keeps grabbing the mouse focus away from the Incisive application and it requires extra mouse-clicks to get the check-dictation process to work as expected.

The following steps will hide the Language Bar.

1. With the Incisive application running, click on the downward arrow on the right side of the floating Language Bar
   
   Choose 'Settings'
   
   
2. In the 'Switching Input Methods' section, uncheck both the;
      - Let me set different input method for each app window, and;
      - Use the Desktop Language bar.
   
   or on Server 2022, go to Settings > Devices > Typing > Advanced 
   
   
   
3. Click Save if the button is visible.

You are probably already aware of the requirements from the Medical Council of New Zealand about managing patient records, but the relevant points are listed below:

• How long patient records should be retained
  Doctors in private practice:
  a) Must retain health information for a minimum of 10 years and 1 day from the date of the last consultation with the patient.
  b) Should consider retaining the records for longer than the minimum 10-year and 1-day period in some situations. Examples
  include children with significant health problems, or patients with long-term medical conditions.
  
  
• How patient records should be stored
  Patient records should be stored securely and away from public areas. They should be easy to retrieve when there are
  requests for copies.  Computer files must be protected by password and have backups in case of technical difficulties. You
  should access patient records only when there is an appropriate reason, for example, if that patient is under your care.
  
  
• Leaving a practice or planning for retirement
  Well before you leave a practice or retire from it, you should:
  a) arrange with another doctor to accept responsibility for your patients’ records (for example, through a power of attorney)
  b) let your patients know if they need to collect their records from the practice
  c) inform the practitioners who have referred patients to you (if you are a specialist in private practice).

In addition to the above, you most retain your financial records for a minimum of 7 years.

If you are keeping a copy of the data, then you will need to ensure that this is backed up at the time you cease practice.  You need to ensure that this backup is in a format that can be recovered at a later date, if your hardware fails.  A cloud backup system is ideal for this.  Your IT people will be in a better position to advise.  You need to ensure that the SQL database files are properly backed up.  Some backups do not backup open files and may 'skip' the database files, as these are normally open.

If you have not arranged for another doctor to be responsible for your records, and you are keeping a copy of the data on a computer at home, the Incisive application will need to be installed on this computer, along with Microsoft SQL Express (for the database).  You will still have the same issues with Windows updates interfering with the Incisive program files, but we will ensure that you have the icon to re-register the program files.  In the event that your computer hardware fails and / or your upgrade your home computer, the Incisive application and database would need to be reinstalled on the new computer.  Occasionally updates to the operating system (Windows) may mean that some of the older program components will no longer work, and this may mean that you will require an (Incisive) update to be able to keep running the program.

To search the contents of a file to particular text:

Content:abcdefg

It only does the search on file extensions that Microsoft thinks are documents (txt, rtf, doc, etc).

Specifically, it won’t search in *.hl7, for instance.

Files will other extensions will need to be renamed.

A Windows update is required to correct this.  Please refer to the Windows Support article:

https://support.microsoft.com/en-nz/help/4284848/windows-10-update-kb4284848

“Addresses issues with the Remote Desktop client in which pop-up windows and drop-down menus don't appear and right-clicking doesn't work properly. These issues occur when using remote applications. “

 This update is mentioned in the discussion linked below (in later messages).

(1)    Open each table and identify a timestamp column.

HicReportResult has hicr_DateEntered

EventLogging has evl_Timestamp

(2)    Compose queries.

DELETE FROM HicReportResult WHERE hicr_DateEntered < ‘1 sep 2018’

DELETE FROM EventLogging WHERE evl_Timestamp < ‘1 sep 2018’

 
These MAY be able to be executed via Winflex – database – execute. They can PROBABLY be executed from SQL Management Console. However, they will probably trigger a timeout unless host computer is fairly capable.

(3)   If necessary, the query can be executed in 'chunks' with Winflex. 

• Make sure HicReportResult is selected.       (Very important)
• Utilities – clean data – apply sql in blocks
• Block size = 5000 [OK]
• Select [Wipe] - this clears the previous entry.
• Type in query above DELETE FROM HicReportResult … 2018’
• Select [OK]
• Form caption at top of Winflex will show records being processed.

 (4)    Repeat for step 3 for the other table(s).  

The barcode on the prescription is using the Code128 barcode type which is available from the Code128nWin.ttf font.  The font is provided with the Incisive application.

1. Check the font is installed in Control Panel > Fonts
   
   
2. To install the font:
   1. Login as an Administrator
   2. Right-click on the code128bwin.ttf file
   3. Choose 'Show more options'
   4. Choose 'Install for All Users'
3. Complete the installation
4. Logout or restart to load the font file.

You can check that it has been correctly installed by looking for the Code128bwin key in Registry Editor

Computer\HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Fonts

The errors

• System.I.O.FileNotFoundException    or
• Could not load file or assembly txtools.dll

can occur if the TX25 controls (from April 2018) are used on older operating systems such as Vista or Small Business Server 2011.

This has been found in the Message Centre when trying to send an email and from the email hyperlink from the Patient Header - also when sending an email.

To fix, download and install  Visual C++ Redistributable Packages for Visual Studio 2013 -  install both x86 and x64

https://www.microsoft.com/en-us/download/details.aspx?id=40784

If you have turned on the option for the Message Centre to access files from either Dropbox or OneDrive, when you start the Message Centre you need to complete the login process to either Dropbox or OneDrive within three minutes otherwise the connection window is stopped.  

If you try to use the login to Dropbox or OneDrive after the three minute period you will receive an 'Unable to Connect' or similar notification.

To enable the connection, close the browser tab, and refresh the 'My Mail' tab in the Message Centre by clicking on it, or restart the Message Centre.  You will then be again presented with the opportunity to login to Dropbox or OneDrive again.

The function in SPM/PHM to turn on the ability to connect to Dropbox or OneDrive is available in Setup > Personnel > Operators > Message Options.

If site has issues with Find Postcode you may need to re Index 3rd Parties.  Utilities - Repair - Index 3rd Parties.

Error message produced on trying to start up Message Centre for some logins (operator ID).  This is caused by the operator setting 'Message seen after xxx sec' being set to a large number.

Edit the operator settings and set to something sensible, i.e. 3600.