Technical Guidance – Getting Started
SecurMed UK, through our IT Service Provider Arvato Systems, provide an IT Solutions Developers Toolkit (SDK) for IT software providers and departments to enable them to create interface (web-services) connections to the UK MVS. A Baseline Testing process is available where software suppliers can test and verify their own solutions.
To register for the SDK and find supporting documentation please visit the NMVS Software Supplier Portal: www.sws-nmvs.eu
The following are the technical standards to which the 2D codes should conform;
- Data Matrix standard is Higher than ECC200, ISO/IEC 16022:2006 is presumed to conform
- Printed Quality must be rated 1.5 or better according to ISO/IEC 15415:2011
- Coding of the Unique Identifier conforms to ISO/IEC 15418:2009
- For multiple coding schemes, Unique Identifiers conform to ISO/IEC 15434:2006
- Coding of the Product code conforms to ISO/IEC 15459-3:2014 or ISO/IEC 15459-4:2014
Manufacturers can obtain the AMPP codes for its products by contacting the dm+d team at email@example.com
It is essential to present a unique certificate, as well as a unique username and password, as the use of multi-factor authentication is mandated by the Delegated Regulation.
The certificate is only available for download for 60 days after its creation. You should make sure that you store a local copy of the certificate together with its passphrase.
Password & Certificate Renewal processes are included in the transaction set of the UK MVS and software solutions should be designed to trigger renewal of passwords and security certificates automatically. SecurMed UK will configure an appropriate password renewal frequency carefully balancing security and practical considerations.
We have no plans currently to utilise the sub-user functionality within the UKNMVS. Adding a sub-user ID may limit the ability to recommission an item so this field should be left blank.
If you are designing a software solution connection to the NMVS, following consultation with UK national competent authorities, we can provide the following clarification on connection methodologies:
- Software solutions for the wholesaler and dispensing communities must provide for transparency of end-user locations (i.e. physical location, place of business, registered premises) and therefore direct connection to the NMVS where the certificate is stored on the terminal, is the preferred methodology.
- Where thin-client/aggregator/concentrator type architecture is used, alignment between certificate and location may be maintained via a centralised certificate-management application. Compliant operation of this type of system will rely on accurate association of credentials (User-ID, Password and Certificate) with a single Location.
- For clarity, ‘Hiding’ of locations behind a single connection to a central system (User ID obscured to the NMVS) will not be compliant.
Mixed Bulk Transactions
The mixed-bulk transaction is a bulk of individual transactions as opposed to a single transaction type to be applied to a bulk of packs. It is only for the purpose of running cached individual transactions when connectivity has been interrupted; it is not intended for bulk processing of transactions and therefore not available to wholesalers.
The G195 – Submit Mixed Bulk, process is used to submit a cache of individual transactions that have buffered while connection to the NMVS has been interrupted. The G195 is an asynchronous process and the result of the individual transactions it contains are obtained by using the corresponding G196 – Request Mixed Bulk Transaction Result process. An example scenario would be where a pharmacy system has encountered an Internet connectivity issue but dispense activities are continuing for patients and those dispense activities are stored by the pharmacy system until the connection is restored, when the G195 will be played.
SecurMed manage the process via a web-facing registration page, accommodating registration for single locations and a bulk registration process for organisations registering multiple locations.
Under Article 37(b) of the Delegated Regulation, SecurMed is obliged to verify the identity, role and legitimacy of all users. SecurMed will provide a set of credentials (User Name, Password and Certificate) for each location of a particular type; e.g. Pharmacy, Hospital, Wholesaler location. The credentials will be provided in two parts; the first via e-mail and the second sent separately to the location.