The Situation Report | September 5, 2023
The state Department of Health (DOH) has issued an update to a previous communication (May 18, 2023) to inform network administrators, particularly firewall and proxy security administrators in organizations that need to access the Health Commerce System (HCS), that it has finalized the timeline to implement the new HCS network requirements to be October 18, 2023.
This means that connectivity must be ensured on or prior to October 18, 2023.
The DOH update primarily focuses on the network requirements of accessing HCS from Internet browser via HTTPS. Most organizations deploy an internet firewall, or internet proxy and firewall, to restrict and control the HTTP based traffic that leaves and enters their network. Agencies should follow the firewall and proxy guidance below to enable access to HCS from their network.
Agencies should first conduct a test; DOH’s User Acceptance Testing (UAT) HCS website is accessible at https://uatcommerce.health.state.ny.us/. There is no need to login/authenticate if you can reach the login page of the UAT HCS website. If you are not able to reach the UAT HCS login page, follow the instructions in the guidance.
If you are using a firewall only, note that filtering HCS traffic using IP addresses is NOT recommended, as the IP addresses used by HCS are dynamic and may change at any time. The IP addresses also are not used exclusively by HCS but also by other customers of our service provider.
If your firewall supports URL filtering, configure the firewall to allow the HCS destination URLs listed here. An * shown at the beginning of a URL (e.g., *.health.ny.gov) indicates that services in the top-level domain and all subdomains must be accessible, which will also help to ensure that users in your organization can access other DOH systems in addition to HCS.
If your firewall does not support URL filtering and must use IP filtering, you should configure the firewall to allow the HCS destination IPs listed here, but notice that the IP addresses used by HCS are dynamic and may change at any time, therefore you need to continuously review and update your firewall accordingly.
Any questions or issues can be directed to hcsoutreach@health.ny.gov.