My Original Design Notes for the Security System for VistA and CHCS

Today is the 33rd anniversary of the 1978 Oklahoma City kickoff meeting for what was then called the CASS (Computer Assisted Systems Support Staff), later to be called Decentralized Hospital Computer Program, which today is called the VistA EHR.  We had groups from the VA, DoD, Indian Health Service, and other academia.  This is where we laid out the basic structure of the metadata (Data Dictionary), File Manager, the basic utilities (a common date routine, for example, that was Y2K compatible.)....

I programmed this security model into the VA’s system, and it was reviewed by the federal Computer Security Center (using what was called the Rainbow security guidelines.)  I remember flying to San Francisco to spend two days with men in black suits who wouldn’t identify the agency they worked for… The system passed with flying colors, and they were very complimentary about the design.   Then, about 7 years later, as we were porting the system to the DoD as the CHCS system, I repeated the validation process, only with a larger group of DoD, GAO, and more mysterious men.  They didn’t bring thumbscrews to test me with, but it was quite a nerve-wracking experience.  We passed that  inquisition, too...