VA needs IT, security assurances to regain credibility

Ensuring the reliability and security of current and future IT systems will be key to helping the U.S. Department of Veterans Affairs regain some of the credibility it has lost in the wake of the ever-growing scheduling controversy.

In addition to the scheduling mess, the VA is simultaneously dealing with cybersecurity threats, according to HealthcareInfoSecurity. Just prior to the resignation of Eric Shinseki as secretary, the VA inspector general issued its Federal Information Security Management Act audit for fiscal 2013, which stated that the agency's security programs suffered from "material weakness."

What's more, a recent Government Accountability Office report echoes previous calls for several federal agencies--including the VA--to improve their cyber incident response practices. Of six agencies scrutinized in the report, only the VA did not address the issue of consistent role-based training. Additionally, GAO reports published in April and January chastised the VA for poor and inconsistent responses to data breaches.

Last month it was reported that the Phoenix VA hospital from which the avalanche of allegations originated was one of the last VA hospitals to adopt electronic waitlist technology that had been deployed elsewhere in the system since at least 2002. The waitlist was built into VistA technology and designed to eliminate "ad hoc" wait lists.

As part of the VA's response to the incident, Acting Secretary Sloan Gibson announced on Thursday that the agency will release results from its nationwide audit, as well as patient access data for all medical centers on June 9. "The data will demonstrate the extent of the systemic problems we have discovered," Gibson said.

In a perspective piece published June 4 in the New England Journal of Medicine, former VA Under Secretary for Health Kenneth Kizer and Ashish Jha, a staff physician at the Boston VA Healthcare System, call for the agency to design a new access strategy "that draws on modern information and advanced communications technologies" to improve connectivity between patients and caregivers.

"Facility-by-facility assessments should determine whether VA facilities are using technology to leverage the best possible 'care delivery return on investment' and whether personnel are working at the top of their skills," Kizer and Jha say.

To learn more:
- read the HealthcareInfoSecurity article
- here's the FISMA audit (.pdf)
- check out the NEJM perspective