Trending
$50B is the ceiling for the National Institutes of Health’s CIO-SP4
VA continues EHR pause for six more months
contract. Bids were due Aug. 20.
Mike Bost (R-Ill.), ranking member of the committee, and Rep. Frank Mrvan (D-Ind.), chairman of the Technology Modernization Subcommittee, have introduced the VA Electronic Health Record Transparency Act, which aims to consolidate cost accounting for the project and keep Congress apprised of expenditures on an ongoing basis.
Takano is also seeking clarity on changes to the project’s governance structure. As revealed in oversight reports and as discussed at the hear- ing, the Veterans Health Administra- tion did not play a key role in making decisions about clinical workflows and training in advance of the deployment at Mann-Grandstaff.
The Department of Veterans Affairs plans to continue its pause on the deployment of its $21 billion electron- ic health record moderniza-
tion effort for at least six months, a top official testi- fied during a House hearing in July.
Dr. Carolyn Clancy, an
assistant undersecretary
for health at the VA, told lawmakers that by the
end of the calendar year, a
new deployment schedule
will be in place — one that differs from the planned geographic progression that was initially developed for the project.
She said VA officials would conduct a review of the IT and physical infra- structure “at every facility in our sys- tem \[and\] subsequently deploy based on which sites are in the greatest state of readiness.” Clancy was in charge of the project as the VA’s acting deputy sec- retary until Donald Remy was recently confirmed and sworn in to serve as the agency’s No. 2 official.
Rep. Mark Takano (D-Calif.), chair- man of the House Veterans’ Affair Committee, noted at the hearing that lawmakers had asked to hear from a representative of the VA’s Office of Elec- tronic Health Record Modernization, but none was made available.
The planned six-month pause comes after a 12-week strategic review was conducted at the behest of VA Secre- tary Denis McDonough. That review examined problems with the initial go- live deployment of the Cerner EHR sys- tem at the Mann-Grandstaff VA Medical Center in Spokane, Wash., in 2020. Mul- tiple oversight reports identified issues with training and aging infrastructure that hindered the adoption of the new system and may have put VA patients at risk.
Clancy also told lawmakers that VA officials planned to seek an independent estimate of the entire life cycle cost of
the 10-year project, which was initially tabbed at $16 billion but has ballooned to $21 billion based on a review of needed physical infrastructure upgrades that were not included in the overall cost of the project when it was first budgeted.
“We are starting from scratch,” Clancy said, add- ing that the production of a full life cycle
estimate “will take close to a year.” Leaders of the House committee want to make cost transparency a require- ment of the project. Takano, Rep.
Dr. Carolyn Clancy
CISA crowdsources vulnerability disclosures
The Cybersecurity and Infrastructure Security Agency is fielding a bug-report- ing system as a shared service that fed- eral civilian agencies can use to gather information on potential vulnerabilities in their websites and software.
The Department of Homeland Secu- rity, CISA’s parent agency, signed on as an early adopter of the Vulnerabil- ity Disclosure Policy (VDP) Platform. The Interior and Labor departments also intend to use the system, which invites cybersecurity researchers to submit reports about potential flaws in internet-accessible government systems.
“The VDP Platform provides a sin- gle, centrally managed online website for agencies to list systems in scope for their vulnerability disclosure poli- cies, enabling security researchers and members of the general public to find vulnerabilities in agency websites and
submit reports for analysis,” according to a CISA news release.
The agency partnered with Bugcrowd and EnDyna to provide the platform, and employees of those companies will conduct the initial assessments of the vulnerability reports. The news release states that the approach will “free up agencies’ time and resources and allow agencies to focus on those reports that have real impact.”
As the cybersecurity shared-services provider for the federal civilian govern- ment, CISA has taken the lead in offer- ing access to cybersecurity services. Agencies that choose to participate in the VDP will have their own profiles in the platform that will give them access to submissions and statistics. Accord- ing to CISA, the paying of bug boun- ties is optional and up to the individual agencies.
— Adam Mazmanian
— Adam Mazmanian
August 2021 FCW.COM 33