Computerized Patient Record System (CPRS)

Obtaining CPRS (and access to other VA resources) Remotely

In order to have access to the CPRS computer system from outside of the VA network, faculty and residents should apply for  Citrix Access Gateway (CAG) remote  access. You must log in every  90 days or you will have to re-apply. *You will receive an inactivity reminder at the email addresses you provide in your remote access (primary email will be va.gov mailbox + other/secondary email address provided in portal – recommend this be your univ email)

Request Remote/VPN Access from a VA computer.  Your remote access account will need to be annually re-reviewed and approved by Approving Official, you will receive email notices of this action and should follow up to ensure it is done or you will have to re-apply for access if it lapses.

You will need to upload the following certificates (downloaded from TMS) or your account will be denied:

  • Mandatory Training for Trainees (residents and academic affiliates only. This is alternate acceptable training for VA Privacy and Information Security Awareness and Rules of Behavior)
  • VHA Privacy & Information Security and Rules of Behavior
  • Privacy & HIPAA 

To find out your service line contact for assistance in accessing CPRS at home email ATGADPCoordinator@med.va.gov

Citrix Access Gateway (CAG)

Citrix Access Gateway allows access to almost all VA internal resources.  VA uses a single website that  can be used to access VA Citrix farms from internal VA computers or from non-VA internet connected endpoints.  Two factor authentication is required to access VA resources remotely (VA smartcard and/or OTP/Mobile Pass).

Accessing the VA CAG website from the internet sends you to the  VA CAG logon page.  Once you successfully pass the Access Gateway authentication you will be sent to the VA Citrix StoreFront web page (this page is the same whether accessed internally or externally).

Once you authenticate, StoreFront presents you with a  FAVORITES page in addition to the APPS and DESKTOPS tabs . Storefront also:

  • Aggregates all Citrix environments into a single interface so users configured for access on more than one Citrix farm Provides a seamless PIV authentication experience from Windows, macOS, and Google Chromebook computers (with smartcard readers)
  • For access from computers where no smartcard reader is present or possible (such as university or other hospital computers) a request for network account exemption from smartcard required AND enrollment in OTP/MobilePass App is required. *If user does not own a smart device they can request a physical OTP/MobilePass physical token.

If you have questions or want to learn more about VA Citrix, endpoint media, configuration, and guide , documentation can be found on the VA Remote Access Information and Media Portal (accessible both internal and externally to the VA network). In addition, Enterprise Help Desk assistance for Citrix can be obtained by calling (855) 673-4357 or Teletypewriter (TTY) Relay Number: (844) 224-6186.

ISOs are no longer involved in granting remote access; approving official is normally supervisor, contractors and WOCs it is their VA contract officer.  At some facilities clinical trainees are all done by the academic affiliations sponsor – if you can give me the name of one of your current residents I can look at their approving official.

There is no longer a specialty remote access desk (where Option 6 used to take you) or the ability to open tickets via email.

Encrypted Email (PKI=Public Key Infrastructure)

Encrypted email is needed to email any patient information and should be sent from/to VA mailbox.  ! PHI/PII should never be included in subject line of email !

There are two methods to encrypt VA email

  • S/MIME, lock for encryption and ribbon for digital signing icon in the email ribbon, An VA smartcard must be inserted in the computer used to send encrypted email AND published to the VA address book.  Publishing only needs to be done once per issues smartcard and repeated only if a new card is issued (lost/stolen/expired re-issues too).  From any VA computer or Citrix environment, click on Start Menu, Run/Search, “Publish My email certs”.  This method will only work when smartcard is plugged into endpoint (if OTP/Mobile Pass is being used for authentication to VA Citrix remotely you will not be able to read or send encrypted messages nor perform other actions that require VA smartcard).  If you attempt to send an email to another user inside the VA and receive a message that they do not have valid published certificates you should not send the message as they will not be able to open it, but can remove the lock and use RMS instead.
  • Rights Management (RMS), ‘do not enter’ icon in email ribbon.  Encrypt only or additional templates can be selected.  This method is only valid between VA user accounts.

For further assistance or problems with this you can contact the VA’s Enterprise Service Desk at (855) 673-4357 or Teletypewriter (TTY) Relay Number: (844) 224-6186