Tuesday, September 15, 2009

How to make your IVANS Medicare Submissions Less Painful

FISS, IVANS, whatever you call it, Medicare submissions don't seem to go as well as we would hope.  Slow often doesn't begin to describe the process.  It seems like the PasyDES (also known as Passport IP) just won't work.  It won't connect.  It hangs.  It . . . doesn't work.

First up, if you haven't already, get a VPN account and use the VPN connection  - see my previous post on this subject.  Alright, everyone's using the VPN?  Great - next, check that you have the latest AT&T Global Network Client.  OK, now that you're ducks are in a row, let's figure out which servers actually work.


  1. Connect to AT&T and wait for Passport IP to open.  
  2. Hit Escape and abort the connection attempt.
  3. Go to Start -> Run -> and type cmd and click OK.  A command prompt will open.
  4. Now ping the 1st Chicago server by typing ping 204.146.91.80 and then pressing enter.
  5. Do you get a reply, or does it time out?  If it times out, you can try the next IP.  If it replies, congrats, you have a working server  - make a note of it and keep on trying until you get a second one.
Here are the server IP ranges:


Chicago: 204.146.91.80 - .88
Los Angeles: 204.146.91.148 - .154
New York: 204.146.91.50 - .58

Don't give up until you have two of them!  Enter your two addresses into the Connection Setup window, and enjoy a connection that works!  If it begins to behave badly, you can repeat the process and find another working server.  Happy submitting!
Update 26-Aug-10
Ivans is doing away with the Passport IP system and is instead opting for a system called Lime.  They've used Blue Zone for a while, and the users have really liked it, so Ivans has repackaged Blue Zone in a Web interface and is calling it Lime - you may already be able to use it.
Connect with your AT&T Global Client (Ivans Connect), open you web browser then visit https://limecportal.ivans.com.  When prompted input your user ID and password - if it proceeds you know you have it.  If it doesn't work, call Ivans (or even better go to their Support Chat) and get a new contract.

Friday, September 11, 2009

Internet Usage by Residents in Long Term Care

As our ever more technically inclined population are aging they are bringing their technical skill set and favorite leisure activities with them into the long-term care facilities.  Among these is a desire to use a computer and access the Internet.

The Internet has proven to be a valuable link for nursing home residents and their families.  Phone calls and visits in the day room are increasingly replaced by emails and online chats.  Boredom is combatted and lives enriched by allowing residents to while away the hours pursuing information about their favorite hobbies, reading the news, or just playing games.

What could possibly go wrong?  A Q&A with myself on this subject:


Could a staff members or visitor use a resident's computer to steal their identity or otherwise negatively influence them?

This is a big issue.  Many of us save our usernames and passwords to our favorite online haunts in our browser, allowing us to enter them conveniently without the hassle of authenticating each time.  However, if it isn't the computers' owner accessing the site we have a situation where someone has successfully masqueraded as the computers' owner.  The potential exists for an unauthorized individual to acquire personal and financial information about the resident, or to even manipulate the resident's banking and finances.
Residents who own their own computer should be encouraged to password protect their computer.  Furthermore they should be encouraged to lock their computer with a password if they will be leaving it unattended.


What level of service must we offer? Can we ethically prioritize our own Internet traffic over the residents'?

I believe that a minimal commitment of hardware and resources to resident Internet access is all that is necessary.  What is more necessary is keeping the business and healthcare functions going at full-speed - not only is this good business, but it is necessary for the staff to be as efficient as possible.
This situation is avoidable if a second Internet connection is established solely for use by residents - an expensive option.  What is more affordable, and certainly keeps the business and medical data more secure, is setting up a second network that is logically separate from the facility's business/medical network.  If you are using an IPCop you would set up your wired business network in the Green Zone and your wireless resident network in the Blue Zone.


Is it ethical, maybe required, to filter or monitor resident Internet usage?

It depends.  One good argument against filtering and monitoring is that we're dealing with free-willed adults.  So long as the equipment and time is theirs they should be allowed to do as they please so long as it doesn't do any harm.
But there is a lot of harm that we may prevent by filtering and monitoring access.  Many facility administrators have felt that the Internet access restrictions that apply to the staff should, in large part, be applied to the residents with a couple of notable exceptions:  online chat and social networking.
Blocking access to shopping, gambling, and potentially dangerous sites serving up viruses and spyware are certainly desirable.  Many are in long-term care because they don't have all of their mental faculties - they could drain their life savings if they could shop or gamble online and never realize what they've done.


How prevalent will pornography be?

Probably not very.
I'm certain that we will need to address the social and biological interests of our more amorous residents, as well as the well-being of our staff - the orientation of a resident's computer monitor will be very important.  So long as the equipment and time are theirs they should be allowed to do as they please so long as it doesn't do any harm.
I've heard of many residents possessing and viewing a personal store of pornography, and in one case a female resident has regularly provided pornographic DVD's for group viewing by her male peers.  The staff did not feel that this resulted in a sexually charged atmosphere or any undesirable public behavior.  These are adults with the vices and desires common to most of us.
That said, it is still up to the facility administrator.  I've had almost every one that I work with say that they did not feel comfortable allowing access to pornography using the facilities computer network.  If they want pornography they'll have to get it elsewhere.

Will our staff be expected to provide technical support the residents' computers?

Absolutely not!  In fact it should be actively discouraged.  All interaction between staff and the residents' computer equipment should be discouraged.  There are so many problems that can arise from good-intentioned assistance with a minor technical issue that the mind boggles.  The door to potential ill feelings and financial headaches opens wide if there is a problem and it is blamed on the facility staff.  So: Aide Frances helps Mrs. Cardigan install a new game; congratulations Aide Frances, you are now the proud owner of every problem that computer will ever have going forward.  Mrs. Cardigan knows that she didn't do anything to it, it must be what you've done.
Residents must seek help from family or paid technical staff from outside of the organization.  We can't get involved - there's too much risk.


Are there potential income opportunities for the facility, such as a setup fee or monthly fees?

I've wondered at this long and hard and think that it's not a bad idea.  The facility is investing in the well-being of its residents.  That investment should pay off.
While additional fees may not be appropriate, it is a feature that will appeal to many residents and will help to fill beds.


What liabilities can this incur? What happens if a resident has equipment that is damaged or stolen?

I'm certain it will matter if the damage is from a staff member, another resident, visitor, or act of God.  I'm afraid that every issue could be blamed on the facility staff.  It's just the nature of computer users to look for an issue beyond themselves as the cause of their problems.
A comprehensive set of policies will be needed to avoid these pitfalls.  Residents that bring computers should be informed that the facility is in no way liable for their computer or the information that it contains.  Period.  Stick to this line, it will be all that you have.
The facility staff need to make sure to keep themselves from becoming liable - a housekeeper who drops a laptop while cleaning a room is in a bad position indeed.
And what about when another resident breaks the computer?  Facility administrators will need to be prepared for this eventuality.  If you figure out a good answer to this one, drop me a line!

What if the residents computer is used for criminal activity?

The facility and the residents both would be best served by devoting every reasonable resource to exposing the criminal, the extent of the crime, and prosecuting the offender to the fullest extent of the law.  Whether a resident is guilty of using their computer for criminal hacking or possessing child pornography, or another person had used a resident computer to perpetrate a crime or fraud, society's best interests are served by involving law enforcement and seeing that justice is served.  Just try to keep it away from the press - no nursing home needs bad publicity, the press is already out to get them.

What about wireless networks – won't the homes and businesses adjoining the facility may be able to join open networks?

The operative word here is Open.  Basic WEP or WPA encryption is enough to keep all but the most skilled and determined attackers away.  Sure it's inconvenient, but security is never convenient.  Your wireless password should be an open secret - shared with anyone who asks.  This makes it convenient for residents and visitors to use the valuable and convenient service that you are offering.  Since you're keeping the resident's network separate from the business network there will be little gained from attacking the wireless residents network.

What about resident computers provided by the facility in the common areas?

Computers in common areas of the nursing homes will need special treatment so as to avoid issues of ownership, suitability for a particular use, appropriate usage, resident tolerance of frustration, time sharing, software installation, spyware, adware, viruses, etc.  Be sure to use a technology such as Microsoft Steady State to prevent as much headache as possible.  Even better, ditch Windows and use a Linux LiveCD like Hospitality Machine

Trouble with URLFilter Addon for IPCop (Like, it quit working!)

So a customer called me with a complaint about being blocked from legitimate sites, saying simply that a critical banking web site had been blocked.  However, there are several ways that one is "blocked" from a web site:  a simple issue of old web links or bookmarks, adware in your local computer, network congestion, an active block by your IPCop's URLFilter Addon, or OpenDNS blocking due to restricted content.  Each of these gives an error message that is unique to its condition (with the exception of adware, it's meant to be misleading) - unfortuantely this person couldn't remember the content or color of the block message.  I suggested they take a photo of the block message with their cell phone and text it to me the next time this happens.  Windows does NOT make sending screenshots as easy as it should be.

So another person at the customers' site calls and says that there is no filtering on the system.  Wow, two people from the same site with opposite problems?  What a puzzle!

While I can't exactly figure out person 1's issue, person 2's issue was that the URLFilter just did not work.  It had failed open - allowing access to everything that OpenDNS didn't block.  The Advanced Proxy was still working as it was still dutifully logging web site visits - you'll know the AdvProxy has quit and it's just NAT if you have logging turned on but nothing is being logged.

I tried stopping and restarting the URLFilter, the AdvProxy, then the whole IPCop, but it still didn't work.  I tried reinstalling the URLFilter over itself so as not to lose my settings and blacklists - no luck.  I had to uninstall the URLFilter, reboot the IPCop, the reinstall the URLFilter to make it start working.  I had copied all of the settings into textedit, so I was able to put everything right back into place with the exception of the blacklist.

An interesting note:  removing and reinstalling the URLFilter component periodically may do some desireable housekeeping:  it arranged my blocked sites categories alphabetically (they were a mess prior to that), it seemed to drop some categories that I didn't use anyway, and it seemed to improve the browsing speed.