David Bowen: DHMSM infrastructure, sustainability a top priority [Q&A]

While health IT and military pundits alike are waiting with bated breath for the Department of Defense to end speculation and announce the winner of its coveted $11 billion Defense Healthcare Management System Modernization contract, the heavy lifting is just starting for the Defense Health Agency.

The agency, according to CIO David Bowen, currently is in the process of building up infrastructure to handle the electronic health record system on the front end. Following deployment, DHA's role will be sustainment of the system.

"We've got to be the advanced guard," Bowen told FierceHealthIT. "There's a very aggressive plan for deployment, and once that's satisfactory to the military treatment facilities [MTFs], we'll then pick up sustainment, which will consist of things like continuing educational efforts, making configuration changes and working to deploy subsequent releases of the software."

In an interview at the Healthcare Information and Management Systems Society's annual conference in Chicago, Bowen also discussed DHA's ongoing efforts to consolidate health IT services across the Army, Navy and Air Force, as well as cybersecurity and the cloud.

FierceHealthIT: DHA is consolidating health IT services across the Army, Navy and Air Force; how is the transition is going?

David Bowen: The transition is going remarkably well. Two critical areas that you need to focus on when you do these kinds of consolidations are HR and communications.

Regarding HR, we're putting together Army, Navy, Air Force and the TRICARE Management Activity health plan people, and all of those people are on different performance systems, different evaluation systems and different HR policies. We have to synchronize all of that, as well as fill open positions and establish our leadership positions at the organization. How we do that is very important to the success of the transition. We've taken very deliberate steps to ensure, a.) we're recruiting from inside the organization, and b.) that we give all of our current staff every opportunity to apply for those leadership positions.

Regarding communications, we've got a job of communicating to our leadership internally. We've also got to do a good job of communicating with our external stakeholders--Congress, the press, the service organizations--and we have to communicate down to the MTFs. The latter is more of a challenge because the separate services run those organizations. We've now conducted standing conference calls with the leadership of the organizations to be able to start establishing those communication channels and letting them know what's coming up.

FHIT: What are your top priorities over the next 12 months?

Bowen: Regarding EHR infrastructure, the plan will be that deployment will start at an initial operating site in the Pacific Northwest somewhere around 2017; to that end, we've got to have the infrastructure ready and we're planning to have the infrastructure complete by the end of this calendar year.

We're also focused on accelerating funding to support the EHR effort.

FHIT: With cybersecurity top of mind for providers in the private sector, how are you ensuring the safety of health information?

Bowen: I think generally we hold ourselves--because we run on Department of Defense networks--to a higher security standard than what they do in the commercial world. We absolutely have very rigorous processes and procedures around the security of our systems, how they connect, what our vulnerabilities are. We have a very structured process for re-evaluating and recertifying those systems no less than every three years (and if there's a major change, even more frequently than that.)

One of the things we've done is, we've assigned a single designated accreditation authority--a single authority for the Defense Health Agency--so that as all of the systems move on to the DHA network, we can accredit a given piece of medical equipment or systems at a given facility, and then it would be accredited to go anywhere in the system. That's not what happens now; currently, you have to get service-specific accreditation three separate times.

I think we do a good job of security for data in motion, as well. We've got some pretty knowledgeable people in this space. I ran information security for the Federal Aviation Administration, and we ran our own security organization, so I know a little bit about cyber. And certainly the guys in the DoD are as good or better than anything else you'd find almost anywhere.

FHIT: Talk about moving more into the cloud. What has been the impetus for the DoD's decision to be more open in that regard?

Bowen: Cloud is an area that the DoD is starting to get involved with pretty extensively. We have a number of vendors that are in the process of receiving their certification to be cloud providers at certain levels of security. One or two of them have it already, and we've got a bunch of them lined up. It won't be very much longer before, as an agency, we'll be able to look across a vendor landscape and probably be able to take advantage of a number of cloud offerings.

We're still kind of cautious about putting PHI on the cloud, but with the right kind of certification and security, that may not be too far away. We're looking at that now as an evolving topic. One of our problems is getting the policies out to support cloud because the technology is moving faster than we can develop the policies.

I may be putting words in the mouth of my Defense Department CIO, but I think from an IT standpoint, the DoD folks want to focus on systems that really are mission critical. 

Editor's Note: This interview has been condensed for clarity and content.