Kick off for VA Notify

[oddball-lindsay]

Background

After a user downloads their completed form (appoint-rep/download page) and clicks "Continue":

1. All users will be routed to the final page in the flow, titled "your next steps" (appoint-rep/next-steps).
2. Authenticated users with an email on file will receive an email notification, confirming the form completion and reiterating next steps.

Content for the email notification has been provided by CAIA, but in order to send out this email notification, we need to partner with the VA Notify team.

Open questions:

1. Who is our Privacy Officer to review our email notification content? ~Marvis Harvey~ ~Rochelle Foxworth~ Gina Siefert
2. Can we include a completed PDF in this email notification for re-download? We could store the PDF itself, or the information to generate the PDF.
3. What system will kick off the notification? Please note the system should be inside the VA or have an ATO. (ex., BVA hearing reminders are kicked off from Caseflow) Will create a request in vets-api that will create a Sidekiq job to engage VA Notify's code to send out the email notification.
4. Would we prefer to provide contact information for the recipients or should VA Notify look this up by Veteran ID? If by ID, please let us know what identifier is used in your system. (ex., VAPROFILEID, PID, BIRLS, ICN, etc.) The Sidekiq job should be able to provide the email address, so we will provide contact information.

VA Notify resources:

1. VA Notify playbook
2. VA Notify intake form

3. va-notify-public Slack channel is available for questions about the API

Tasks

• [x] Answer open questions
• [x] Submit a VA Notify Intake Form and request a kick off call -- include dev representation on the call
• [x] Schedule a kick off call
• [x] Outline next steps for the ARM team to make email notifications a reality (could be similar to the General Steps in the VA Notify Playbook)

Acceptance Criteria

• [x] The ARM team has presented their need for email notifications to VA Notify, and has a grasp on what remaining tasks are required to make this a reality for our MVP.

[oddball-lindsay]

From Jen:

OCTO doesn't have a dedicated privacy officer. Matt Larson suggests we list the following VBA privacy officer (there are many, many privacy officers at the VA): Harvey, Marvis Primary PO marvis.harvey@va.gov 202-461-8401 VBA Central Office - Office of the Deputy Under Secretary for Policy & Oversight

Reached out to Marvis via email, suggesting we meet to review the prototype and email notification.

[oddball-lindsay]

Intake ticket for VA Notify: https://github.com/department-of-veterans-affairs/va.gov-team/issues/84313

[oddball-lindsay]

Including a download link in the email notification, that confirms form completion and reiterates next steps:

1. We could consider a download link, it would need to point to a place for a user to sign in and then they can download the form.
2. Burials team is including a link, where a user will then sign in to view the form AND sign the form.
3. Patient check in has users enter pieces of info to validate their identity, without needing a full sign in. This would likely need a different endpoint, but we can use the same code for generating the PDF.
4. We could also consider a temporary pass code that's sent to the email, unsure if this is something that exists with VA today.

Locating a Privacy Officer for approval of our notification content:

1. Perhaps Parker knows, or can ask our contract COR.
2. Can also try the Privacy collab cycle folks to see if they have a contact.
3. Patrick Bateman from the OCTO side can also speak from the collab cycle perspective.

Next steps when we're ready to move forward:

1. Get onboarded to VA Notify's self-service portal, which has self-service documentation for using the APIs.
   1. Send a list of users' VA emails, that require access to the self-service portal. Login will be with PIV.
   2. Get API key to the Staging/Production environment.
   3. Build our email notification and trigger, referencing templates and the API documentation.
   4. There's a reusable model in vets-website.
2. The Strike Team (Samantha Jennings is the PM) can help us if we get stuck.
   1. They can also help us with the actual build of the notification content and trigger, would need 2-4 weeks (1-2 sprints) of lead time.
3. Intake ticket is fine for ongoing collaboration.

[oddball-lindsay]

Connected with Holden and we might as well request access to the self-service portal now. Will see who on the team would like access.

As for the download link in the email notification, we're not sure the work is worth the return and are leaning towards saving this for future iteration (not MVP). Will run this by the team and see what they think. Here's a loose idea of the work:

• Setup another table to save data for forms that are no longer in progress
  • Replace user data if the user completes a new form
• New endpoint to access the new table
• New frontend page and URL on VA.gov for downloading outside of Save in Progress
• Unauth may not have a login so would need
• If we want to explore unauthorized access, will need to think about one time passwords via email/text

[oddball-lindsay]

No word from the Privacy Officers I reached out to, asking Parker and also Platform Security if they have any recommendations. Security recommended reaching out to OITPrivacy@va.gov

Also asked the team who wants access to the self-service portal.

Open question: Do we want VA Notify's help building out the trigger? Will ask Samantha Jennings what info the Strike Team needs to support us, if we do decide we want their help.

[oddball-lindsay]

Secured a Privacy Officer and received core team access to VA Notify's self-service portal! We also have a good idea of what's needed to engage VA Notify if we do decide to accept their offer to help -- mentioned over in the intake ticket:

we would need the notification template ids from Staging and Production and the personalizations you are wanting to pass. We would also have to know when you anticipate releasing this and coordinate the release together. We could set up weekly meetings, in order to plan how we can accommodate this seamlessly, especially in regard to the staged rollout/feature flag piece.

Will pursue additional work in separate, more specific tickets. Our order of operations seems to be:

1. Meet with Privacy Officer to get sign-off on email content
2. Decide if we want to include the download link in this first iteration
3. Decide if we want VA Notify's help