VA in talks to introduce more accountability to Oracle Cerner EHR contract: official
The Department of Veteran Affairs is negotiating the addition of new accountability and enforcement mechanisms to its $10 billion electronic health record software contract with Oracle Cerner, according to a senior official.
The agency is seeking to introduce new penalty measures to its contract with the technology giant as part of discussions to exercise a five-year option for Oracle Cerner’s Millennium EHR platform.
“One of the key items we’re looking at is improving the frustration…around the limited enforcement mechanisms of the May 2018 contract. It’s very restrictive,” Michael Parrish, VA’s chief acquisition officer, told lawmakers at a Senate hearing earlier this week. “What we are renegotiating with the Oracle team is to strengthen and add more enforcement mechanisms especially around service level agreement.”
Concerns over the impact of the system on patient care have been expressed by frontline medical staff, lawmakers and oversight bodies. Earlier this year, the VA’s Office of Inspector General published a trio of reports that identified major concerns about care coordination, ticketing and medication management associated with the EHR program launch.
The implementation of the VA’s new EHR system is expected to be delayed from its original estimates by at least one to two years while the cost has ballooned by billions.
Sen. Jon Tester, D-Mt., the chairman of the Senate Veterans Affairs Committee, tore into Oracle Cerner during the Wednesday hearing saying that he wanted to see “tougher” terms in a renegotiated VA EHR contract with “severe penalties for poor performance.” Tester added that “if Oracle won’t agree to those terms, then the VA should be prepared to…renegotiate an entirely new contract or find a different team of partners.”
Top House Republicans leading the charge to scrutinize the Oracle Cerner EHR system, like Rep. Matt Rosendale, R-MT., say the tech giant’s contract should be ended and the money returned to the government.
Audit identifies ‘ineffective’ active directory security controls at FDIC
An audit of cybersecurity measures at the Federal Deposit Insurance Corp. has identified multiple “ineffective” controls within the agency’s active directory.
In a report published on Thursday commissioned by the FDIC’s inspector general, examiners set out seven separate weaknesses found during a probe of the department’s systems.
According to the investigation, multiple privileged system users reused their passwords and shared passwords across multiple accounts. Other privileged users at the agency violated security protocols by failing to change passwords for over a year, auditors found.
In addition, the probe identified incorrect account configurations and found that in over 900 cases the accounts of users were not removed after they exceeded the required thresholds for account inactivity.
The report also found that three FDIC IT account users held privileged access for almost a year after the access was no longer required for their positions.
Microsoft’s Windows Active Directory is used by the agency for the central management of all IT system user credentials.
As a result of the audit findings, the FDIC IG has made 15 recommendations to the agency for improving security controls, which include providing password training and the removal of unnecessarily elevated domain privileges.
Details of the cybersecurity concerns come as the financial regulator receives heightened attention following the failure of Silicon Valley Bank.
The audit also follows a report published last month by its Office of Inspector General, which found that the FDIC is not doing enough to monitor cyber risks within the institutions it regulates.
At the time, the watchdog found that information used in FDIC’s cyber risk assessment program, known as InTREx, was outdated and that in some cases agency examiners were not completing tests.
The FDIC agreed with the audit findings and said it plans to take corrective actions in response to the concerns by March 31 next year.
GAO sustains protest of $242M file conversion contract award to GovCIO
The Government Accountability Office has sustained a bid protest brought by tech contracting giant GDIT over a $241.5 million file conversion contract awarded by the Department of Veterans Affairs.
GDIT, which is the incumbent contractor for veterans’ personnel records and benefits claim records management and file conversation services, argued that the VA improperly awarded a task order to GovCIO, according to bid protest documents.
According to the documents, GDIT argued the agency should not have made the award because although GovCIO was charging a lower price, its proposal had a lower technical rating.
GAO sustained GDIT’s bid protests filed over the VA’s approach to evaluating GovCIO’s past performance and price. However, the audit agency denied GDIT’s arguments that the VA’s evaluation of GDIT’s proposal was flawed, and that the agency failed to adequately document the award process.
“We conclude that the VA’s evaluation of GovCIO’s proposal was unreasonable with regard to the past performance and technical factors. We also conclude that the agency’s award decision was unreasonable because it relied on the flawed evaluation of GovCIO’s proposal under the past performance and technical factors,” the GAO said in its decision.
“We further find that GDIT was prejudiced by these errors because the protester’s proposal was more highly rated than the GovCIO’s proposal under the more heavily-weighted non-price factors, and because the flawed evaluation supported the agency’s decision to award the task order to GovCIO based on its lower-priced, lower technically rated proposal,” the GAO added.
The GAO recommended that the VA reevaluate GovCIO’s proposal and make a new award decision that ensures a fair comparison of GDIT and GovCIO’s proposals based on the solicitation’s award criteria.
GAO also recommended that the VA reimburse the GDIT’s reasonable costs associated with filing and pursuing the protest including attorneys’ fees.
The VA originally issued the solicitation in September 2022, seeking proposals to provide file conversion services for the Veterans Benefits Administration (VBA) as part of its efforts to improve the veterans benefits and claim processes.
The VA received proposals from two offerors, GDIT and GovCIO, and the agency’s technical evaluation panel (TEP) for this procurement evaluated that GDIT’s proposal had a stronger technical factor, ranked as “good”, than GovCIO’s which was ranked as “satisfactory.” However, GovCIO was charging $241.5 million in their award proposal compared with GDIT’s $399.6 million.
The VA awarded the task order to GovCIO in November 2022, because the source selection authority (SSA) said there were “no significant advantages or disadvantages between the offers to justify the payment of the price difference associated with GDIT’s offer, given the level of technical competence available at GCIO’s lower price.”
GDIT and GovCIO declined to comment on the matter.
CISA: Federal civilian agency hacked by nation-state and criminal hacking groups
VA electronic health record system linked with 6 cases of ‘catastrophic harm’ including 4 deaths
Senate committee staff were briefed Tuesday by Department of Veterans Affairs officials that six incidents of “catastrophic harm” — including the deaths of veterans — have been tied to the agency’s new electronic health record system, according to a senior lawmaker.
Speaking at a Senate Committee on Veterans’ Affairs hearing focused on the future of the department’s EHR system, Sen. Richard Blumenthal, D-Conn., said his staff had been informed of the cases, of which four resulted in the death of veterans.
It is the first time that cases of catastrophic harm have been publicly linked to the VA’s electronic health record system since a watchdog report last July identified one case of such harm. The Veterans Health Administration (VHA) defines catastrophic harm as death or permanent loss of function.
“My staff was told yesterday that there were six catastrophic events related to a feature of the health record modernization program in the last couple of years,” Sen. Blumenthal said. “Four of the events resulted in a fatality, one for Spokane and three from Columbus, Ohio.”
Responding to a question, Dr. Neil Evans, chief officer for the Office of Connected Care within the VHA, said: “We take every episode where there is harm and we evaluate it carefully to try and understand why. It’s never good, we are never satisfied when it happens.”
“Yes, there have been cases that have found that frankly with both our EHR on the VistA side as well as with the Oracle Cerner EHR, that the EHR has been a potential contributor to that harm,” he said.
During the hearing, lawmakers expressed their exasperation about the continued failures of the VA’s electronic health record modernization program, which is built on Oracle Cerner’s Millennium platform.
Committee Ranking Member Sen. Moran, R-Kan., said lawmakers, the agency and Oracle Cerner needed to work together more effectively to solve problems with the system and questioned what criteria would be used to assess readiness as the VA looks to roll out the system to further locations in July.
“[W]e’re here again to discuss the challenges of the VA electronic health record modernization program,” Moran said. “I emphasize the word again – we’ve done this numerous times. The VA aims to create a unified health record for service members and veterans enabling more consistent health care.”
He added: “It’s frustrating that the opposite has happened. The five medical centers that are using this system are struggling with delays, disruptions and rising costs. Only yesterday we found out that the system has been a factor in the loss of veterans’ lives.”
Testifying at the hearing, Oracle executive Mike Sicilia defended the company’s track record of working to improve the medical records system since completing its acquisition of Cerner in June.
“When I last testified before you, Oracle was just over a month into its acquisition of Cerner. I made several commitments about adding resources, bringing new engineering and technical expertise, and making VA’s EHRM program Oracle’s most important priority,” Sicilia said. “Since then we have done that, and delivered significant improvements in a short amount of time. The technical fixes we have made to the system have resulted in meeting the 99.9% availability requirement in five of the last six months. Average downtime minutes dropped from 345 minutes per month prior to the acquisition to 21 minutes per month in January and February.”
Coding for the future of U.S. national defense
Hock Tan is President and CEO of Broadcom Inc. He also serves as a member of The President’s National Security and Telecommunications Advisory Committee.
Since we announced our intent to acquire VMware last year, customers have expressed to me their excitement about VMware’s momentum around cloud-native software applications in its Tanzu business. Tanzu is a central part of VMware’s software portfolio and its multi-cloud strategy and will remain that way after Broadcom’s acquisition of VMware closes.
The future of enterprise IT is multi-cloud — the ability to distribute applications and services across a combination of clouds. A combined Broadcom-VMware will empower customers, including federal government agencies, to modernize and architect their IT infrastructure with large-scale, secure, and reliable yet flexible solutions.
The move to multi-cloud is changing the way modern software applications are designed and built. Kubernetes clusters, which VMware’s Tanzu business enables, have become a core component of modern software applications, making them more resilient, easier to manage, and capable of running in internal environments and between different clouds. As a result, government agencies can accelerate the speed and agility of innovation within their organizations in a multi-cloud environment.
VMware-enabled software factories
VMware customers are leveraging Tanzu to run some of the most mission-critical cloud-native applications in the world, including applications used by government agencies that are essential to national security. The battlefields of tomorrow are digital domains, which means the tools essential to a country’s national defense have to be both physical and virtual.
That vision gained significant momentum in December when the U.S. Department of Defense (DOD) announced a $9 billion investment in a multi-cloud infrastructure across all domains and classification levels. Even before this major move to multi-cloud, VMware’s Tanzu Labs has already been at work assisting DOD in building its digital defense capabilities by going cloud-native, engaging in workforce reskilling, and developing software. VMware Tanzu Labs partners with organizations worldwide to accelerate the delivery of software and modernize legacy apps while reducing operating costs and risk, working side by side with customers to build capabilities, transfer skills and knowledge, and instill a process that shows immediate and lasting impact. In a short time, Tanzu Labs has made an immediate and lasting impact on DOD’s efforts to use all its tools, virtual and physical, to protect U.S. interests.
That impact began seven years ago in response to the growing potential of digital confrontations with adversaries. Tanzu Labs sought to work with DOD to improve speed and agility in software development, starting with increasing the digital proficiency of U.S. soldiers and service personnel. With no existing footprint of tools, practices, or personnel, DOD and Tanzu Labs were starting from scratch when they first stood up a VMware-enabled software factory within the U.S. Air Force — and did it in only 120 days.
Today, the U.S. Air Force Software Factory is now self-sustaining, employing more than 1,200 people who build mission-critical systems that will increasingly leverage a multi-cloud strategy. The DOD has followed suit by standing up additional software factories within the U.S. Space Force and the U.S. Army. Tanzu’s methods of enablement helped create a learning environment within the factories that provide foundational knowledge to soldiers, airmen, sailors, guardians and government civilians. The mission objective is self-sustaining factories that can continuously deliver enterprise-grade software into the hands of constituents.
Building on VMware Tanzu’s work with DOD
DOD’s software factories are just scratching the surface when it comes to cloud-native application development and the future of virtual national defenses. With its multi-cloud strategy very much in the initial stages of development, DOD is building and deploying more modern applications every year.
Modernizing legacy systems as part of DOD’s move to multi-cloud is a national security imperative. Through its partnership with Tanzu Labs, DOD is poised to succeed by continuing to invest in software factories that build, secure, and deploy cloud-native applications for its national defense and warfighting capabilities. It’s a model that is also drawing the attention of other U.S. government agencies similarly embracing multi-cloud environments. Upon the close of Broadcom’s acquisition of VMware, we will remain committed to this partnership with DOD. We look forward to building similar mission-critical collaborations across the U.S. government.
Learn more about Broadcom’s innovations for the federal government here.
National Science Foundation looking at use cases for ChatGPT
The National Science Foundation is starting to experiment internally with appropriate use cases for popular generative AI chatbots like ChatGPT while also building safe guardrails for government use of such technology.
The Foundation’s Chief Information Officer, Dorothy Aronson, said Wednesday that the independent agency, which supports and funds major science and engineering research across universities and institutions in the U.S., has started considering the role ChatGPT and other such AI tools could play within the agency.
“We are building a set of use cases for our appropriate use of ChatGPT so that we can have pros and cons in our guardrails,” Aronson said during FedScoop’s ITModTalks on Wednesday.
“So the tool is amazing. But right now, for example, we’re very careful about the way we ask questions, because we don’t want to release privileged information into the wild without really understanding where it’s going,” she added.
Major AI developer OpenAI in November released its ChatGPT tool, allowing users to interact with an artificial intelligence chatbot which has astounded users, writing short college essays, cover letters, unique poetry, and a weirdly passable Seinfeld scene in which Jerry needs to learn the bubble sort algorithm.
OpenAI yesterday released a powerful new image- and text-understanding AI model, GPT-4, which the company calls “the latest milestone in its effort in scaling up deep learning.”
ChatGPT does not represent a revolution in machine learning as such but is significant in regards to how users interact with it. Previous versions of OpenAI’s large language models require users to prompt the model with an input. ChatGPT, which relies on a tuned version of GPT-3.5, OpenAI’s flagship large language model, makes it far easier to interact with that model by making it possible to carry a fluid conversation with a highly trained AI.
The National Science Foundation is excited about ChatGPT’s potential use within the agency, Aronson said, but highlighted that federal employees and citizens who use it for government services need to be careful about what information they feed highly sophisticated AI tools.
“So our main concerns about ChatGPT are what data you provide it in questions. And in general, we would prefer people be conservative in their use of it, so we’ve got a few guardrails set up like you can’t determine an NSF grant award winner using chat GPT,” Aronson said.
Prior to her time at NSF, Aronson served as the Director for the Office of Management Operations for the Defense Advanced Research Project Agency (DARPA) which is the agency where the internet and AI first made major breakthroughs.
Aronson was speaking at ITModTalks, which was hosted in Washington D.C. by FedScoop.
Former White House digital service adviser picked to lead Beeck Center
State Department using RPA to slash financial statement processing time, says CIO Kelly Fletcher
The U.S. Department of State has used robotic process automation to cut the processing time for its monthly financial statement from two months to two days, according to CIO Kelly Fletcher.
Speaking Wednesday at FedScoop’s ITModTalks, Fletcher said financial reporting was one of several areas where the agency is using AI to improve the efficiency of back-office operations. State’s federated structure and global mission can make the process especially challenging, according to the IT executive.
“To make a monthly financial statement was making two months … [u]sing RPA we’re now doing it in a couple of days,” she said.
The CIO also cited the organization of COVID-19 repatriation flights as another area where State has deployed robotic process automation (RPA) to great effect. Previously, diplomats requiring return flights to the United States had to fill out forms by hand, which were subsequently typed up by other State Department employees.
Fletcher said that in this example, RPA had helped reduce the number of staff needed to carry out the mundane task of data duplication and had also increased the speed at which staff are being reimbursed for expenses incurred while abroad.
She said also that while State has used the two automation initiatives to create more efficient business operations, the agency is ultimately focused on giving United States diplomats the highest quality data wherever they are.
“Our core mission is diplomacy for that mission, our biggest asset is the data we have. This is often in the form of narratives that diplomats have been writing for decades,” Fletcher said.
Cultivating a data-focused culture and piloting and scaling AI and machine learning applications to accelerate decision-making are core goals of the State Department’s three-year data strategy, which was made public in September 2021.
Speaking last April, then-CIO of the State Department’s Bureau of Intelligence and Research Dom Cussatt said data streaming the use of new cloud programs to ensure diplomats’ devices have the highest quality data “could be a gamechanger.”
Rep. Derek Kilmer to issue new bill pushing Congress to incorporate data and evidence into policymaking
Rep. Derek Kilmer, D-Wash., says he will soon introduce legislation that would create a commission on “evidence-based policymaking” within Congress to ensure policymaking is based more on federal data and facts rather than opinions.
Kilmer, who is the ranking member of the new House Administration Subcommittee on Modernization and the former chair of the House Select Committee on the Modernization of Congress for the past four years, will shortly introduce the new legislation, which already has two Democratic and two Republican co-sponsors.
The bill would establish a commission and convene experts to review, analyze, and make recommendations to Congress in an effort to better incorporate federal data and evidence-based policymaking throughout the legislative process.
“The goal was for it to give more power to data and evidence. Part of the challenge in Congress is oftentimes policy gets made based on what people think and opinions, not what the facts are,” Kilmer told FedScoop during an exclusive interview.
“We’re trying to put more emphasis on having decisions baked in and grounded in fact and evidence. I think that would serve our constituents better,” he added.
It’s not clear yet how the experts on the commission would be chosen or how “evidence” would be defined.
The new legislation will build upon a non-binding resolution Kilmer introduced in November to encourage evidence-based policymaking, which was co-led by Reps. William Timmons, R-S.C., David Joyce, R-Ohio, and Dean Phillips, D-Minn., all members of the Modernization Subcommittee.
It also comes after Congress in 2018 passed the Foundations for Evidence-Based Policymaking Act, which similar to this new measure required federal agencies to base new policy on data and created chief data officer roles responsible for cultivating agency data strategies.
Kilmer did not disclose the Republican and Democratic members who are in support of the upcoming legislation and are co-sponsors, but his staff said they have had prior support from data advocacy and civic organizations like the Lincoln Policy Network, Results for America, BPC, Data Foundation, and USA Facts, which are also expected to support the bill.
When asked about potential opposition to the bill, Kilmer said: “I don’t know who would be against having evidence-based policymaking?”
“I don’t know, if you think about when this idea was first worked on several years ago it was people like [Republicans] Paul Ryan, it was Patty Murray. It was a pretty interesting ideological mix of people,” said Kilmer.
Public opinion trends in the U.S. over the last three decades suggest an overwhelming lack of trust in government, regardless of which political party is in control, according to Gallup polls.
A significant cause for this mistrust is the gridlock in Congress where there are many policy areas where most Republicans and Democrats disagree on how to measure or interpret performance and effectiveness, ranging from healthcare access and immigration policy to tactics for keeping the economy strong, according to a Pew Research Center report from 2015.
A 2018 study by the Bipartisan Policy Center said: “A recent analysis suggests that members of Congress increasingly rely on one-sided information. This suggests that information processing has become increasingly complex, challenging, and partisan within Congress.”
Kilmer’s bill, which is bipartisan and is expected to get a Senate companion as well, aims to take a stab at the problem of one-sided opinions in Congress by re-engineering the process of policymaking around facts and evidence through a non-partisan lens.