Treasury awards its final EIS task order

The Treasury Department awarded the last of its six planned Enterprise Infrastructure Solutions task orders to AT&T, the telecommunications company announced Tuesday.

The 12-year, $231 million task order covers modernization of the Treasury‘s voice and data networks and cybersecurity as the department looks to enable its increasingly mobile workforce of more than 100,000 employees across about 700 locations.

Lawmakers initially expressed concern Treasury wasn’t keeping pace with the $50 billion EIS contract’s final deadline of Sept. 31, 2022, for transitioning off its predecessor Networx, but the department’s transition is now more than three-quarters complete.

“Hats off to the technology leadership and team at Treasury for making a deliberate and comprehensive commitment to network modernization,” said Chris Smith, a vice president with AT&T Public Sector. “We look forward to working with Treasury to help transform its communications capabilities and help ensure it is future-ready for further innovation.”

Work is already underway with Treasury poised to obtain EIS technology and cost savings quickly, according to AT&T‘s announcement.

AT&T’s last big EIS task order award was a 10-year, $311 million contract with the National Oceanic and Atmospheric Administration in November to prepare for 5G and edge computing by consolidating the agency’s networks into one Internet Protocol-based network.

DOD at risk of not meeting its own electromagnetic spectrum goals, experts tell Congress

The Department of Defense might know that it needs to put in more work to better manage its use of the electromagnetic spectrum — but so far that work has been lacking, according to expert testimony Friday.

The DOD still needs to empower high-ranking leaders to push spectrum initiatives, a key goal of the department’s spectrum strategy published in September, according to Joseph Kirschbaum, director for the Government Accountability Office’s Defense Capabilities and Management Team.

The Pentagon developed its spectrum strategy hoping to claim “superiority” in building and defending robust networks after two decades of warfare with low-tech adversaries. That lack of a need to use spectrum atrophied much of DOD’s EMS muscles, senior leaders have said. As the military starts measuring its readiness to fight a large-scale, great power war, it has acknowledged it needs to play catch up.

“The Department uses the electromagnetic spectrum for situational awareness, communicating with friendly forces, identifying enemy capabilities, directing strikes, navigation, and countless other tasks … the military is facing unseen challenges in the electromagnetic spectrum right now,” Rep. Jim Langevin, D-R.I., said during Friday’s hearing. Langevin is chairman of the newly created House Armed Services Subcommittee on Cyber, Innovative Technologies, and Information Systems.

Kirschbaum highlighted previous recommendations of a GAO report from December for the department to create a long-term oversight mechanism to ensure the spectrum strategy gets implemented during his testimony.

“The United States can no longer be assured of superiority in the spectrum,” Kirschbaum said. Previous strategies have not been fully implemented due to “bureaucratic and organizational hindrances,” and the current one could meet the same fate without action, he warned.

Strategic competitors like China and Russia have been hard at work developing weapons to disrupt U.S. networks and communications using spectrum, the hearing’s witnesses told lawmakers. The ability to disrupt DOD’s networks would be damaging in a battle now, and even more devastating in the future as the DOD turns to rely more and more on spectrum to run operations.

“The greatest risk I see today is continuing to apply a legacy strategy to the strategic realities of today,” William Conley, former director for electronic warfare in the Office of the Secretary of Defense, told lawmakers.

Developing new tools in spectrum management crosses into the DOD’s software goals since much of it is based on software-defined radios. Instead of working with antennas and other hardware, the latest research involves coding advanced algorithms and artificial intelligence to instruct the hardware to jump between frequencies, avoid jamming and finding innovative ways of communicating.

“That merging of the software and the hardware world I think will be very exciting,” Bryan Clark, a senior fellow at the Hudson Institute, told lawmakers at the hearing.

Missing E-Tran controls saw SBA issue $692M in duplicate pandemic relief loans

The Small Business Administration issued $692 million in duplicate pandemic relief loans because it failed to add the proper controls to its electronic application system, according to its Office of Inspector General.

E-Tran didn’t always prevent duplicate Paycheck Protection Program (PPP) loans made between April 3 and Aug. 9, when the loans were disbursed. Reasons included the computer script for detection stopped working, lender submissions used employer identification numbers and Social Security Numbers interchangeably, and some buyers applied via multiple lenders, according to SBA OIG‘s report.

The House Select Subcommittee on the Coronavirus Crisis requested the report, in part, because it wants to ensure E-Tran vulnerabilities are addressed before the remaining $150 billion in PPP loans are disbursed.

“Loans given to ineligible borrowers place taxpayer funds at risk of financial loss and delayed the amount of available critical capital needed for eligible businesses to withstand the effects of the pandemic during the first round of PPP funding,” reads the report.

Congress appropriated $659 billion, all told, for PPP loans intended to cover struggling small businesses’ payroll, rent and utilities.

About 4,260 borrowers received multiple PPP loans, despite SBA working with lenders to implement E-Tran controls in May. OIG found SBA temporarily turned off those controls between June 23 and 30 to resolve duplicate loans already identified with lenders, leading to more duplicate loans being made during that time.

OIG recommended SBA review potential duplicate loans and recover improper payments, review E-Tran controls to ensure those loans aren’t forgiven, strengthen controls for future PPP-type programs, and improve guidance for lenders — all of which SBA agreed to do.

“The inspector general’s report is consistent with the select subcommittee’s findings last year that billions of dollars in PPP loans issued by the prior administration may have been diverted to fraud, waste and abuse,” Rep. Jim Clyburn, a Democrat from South Carolina who chairs the subcommittee, said in a statement. “Today’s report is yet more evidence of the Trump Administration’s poor implementation of PPP, which ignored the intent of Congress by failing to get vital assistance to the neediest small businesses.”

SBA argued it was unlikely that borrowers intentionally exploited E-Tran’s initial vulnerabilities because only lenders have access, but OIG was quick to point out fraud still occurred.

The agency’s loan review plan states PPP loans are subject to automated screening. But software company Giant Oak ran the Department of Justice‘s first 57 PPP loan fraud defendants through its GOST screening platform and found 25% of them had committed fraud previously that should have barred them from receiving relief, CEO Gary Shiffman, who’s also a Georgetown professor, told FedScoop.

“That’s a very strong indication that they weren’t doing screening,” Shiffman said. “And in their statements, they were trying to get the money out quickly, so they were relying on the investigation as the deterrent.”

Most fraudsters assume the odds of an investigation into a loan less than $150,000 is low, and investigating fraud after the fact is “incredibly inefficient” compared to deterring it all together with screening, he added.

SBA did not respond to multiple requests for comment.

Fraud occurred 16% of the time when the Federal Emergency Management Agency disbursed relief after hurricanes Katrina and Rita, which in PPP’s case could mean as much as $105.4 billion in jeopardy, Shiffman said.

If SBA is committed to screening now, it will need to abandon static lists of past criminal convictions in favor of machine learning that examines patterns of fraudulent behavior, he said.

Machine-learning models can create prioritized lists of the highest to lowest threats, and if SBA vets the top 1%, then they’ve done a “phenomenal job,” Shiffman said.

New industry partnership promises to strengthen authentication security

Andrew Whelchel is a certified principal sales engineer at Okta, specializing in enterprise security architecture, identity risk, data privacy, cloud, mobile and API security.

The pandemic is speeding up plans of most organizations to embrace the cloud and meet new needs of a remote and hybrid workforce. But for federal agencies, even though the structure of the workplace has changed, federal regulations setting access and identity verification standards have not.

Cloud’s ability to bring greater speed, agility and security to the mission is within reach, as long as agencies can find provide access to cloud-based applications which meet Federal Identity, Credential and Access Management (FICAM) policies.

That’s been a challenge for many agencies. But it’s also the promise of a new partnership between Okta and Amazon Web Services. Okta Identity Cloud is now available through Amazon Marketplace, to give agencies access to a FedRAMP-approved cloud identity platform that supports their modernization goals.

Access tools that minimize cyber risk

The uptick in security threats — like recent ransomware attacks and compromised supply chains — continue to put agencies at risk. Systems are increasingly interconnected. That makes FICAM more than a just a check box to meet federal security regulations. FICAM lays the groundwork for agencies to implement modern identity and access controls and ultimately paves a path forward to architecting a zero-trust environment.

The remote and hybrid workforce increases agencies’ cyber risk as long as employees are not working inside government buildings. It is critical that federal IT infrastructure moves away from traditional credential validation, like PIV and CAC, and traditional remote access security such as VPN, to an access solution that solidifies a zero-trust security posture.

Those organizations which have already fallen victim to a ransomware attack learned that in the event of a breach or attack, IT security teams can benefit from segmentation, to isolate threats quickly. But at the same time, multiple accounts create more access complexity. Organizations with hundreds and thousands of users will exponentially increase the number of accounts per person.

Without a tool like Okta’s Identity Cloud, users have to remember a lot of passwords and credentials. Consequently, IT administrators need to be mindful that with segmentation also comes the need to take a heightened management posture for access and identity verification controls.

Okta’s single sign-on and multifactor authentication solutions comply with a number of FICAM policies — not just for access controls, but for logging, auditing and even providing attestations that someone should continue to have the rights that they have. The universal directory consolidates users, groups and devices into a single directory, giving administrators the ability to manage the lifecycle of users’ access.

Additionally, Okta Identity Cloud operates both on-premises and in cloud environments and supports agencies’ moves to embrace either hybrid or multi-cloud infrastructure. Ultimately, the goal is to create a more resilient infrastructure against cyber threats that doesn’t complicate the user’s experience.

Testing the waters with pilot projects

Using Okta with AWS’ cloud infrastructure offers both speed and agility of access that agencies are looking for their applications today and in the future. By getting users approved for certain capabilities, and then mirroring those attributes inside of AWS, agencies can have certainty that the right people are the right privileges to access federal data. That includes employees, contractors, partners and citizens who interact with the government at different levels.

Those who are hesitant to move forward need only test this concept with a pilot program to get started. Those who’ve already begun testing workloads related to home connectivity, zero-trust connectivity, ticketing management or automation software are seeing the benefits almost immediately. And because these pilot tests are managed in the cloud, there are no setup costs and no provisioning to spin up a Okta’s tool inside AWS.

Once agencies understand how easy it is to move their data and connect their identity to that cloud, it doesn’t take long to begin moving a lot more projects and workloads to the cloud.

Okta is a leader in the identity space, and its broad network of application integrations simplifies the deployment and management of cloud apps, services and infrastructure for those organizations migrating to the cloud.

Also, read more from leaders about how state and local agencies are modernizing identity authentication.

Learn more about the availability of Okta Identity Cloud and its products in AWS Marketplace.

VA creating new digital platform to modernize GI Bill benefits

The Department of Veterans Affairs is building a new platform to centralize GI Bill-related benefits processing, a long-desired modernization effort to help veterans receive the higher education benefits they’re entitled to.

The VA awarded a contract to Accenture Federal Services on March 11 to start building the “Digital GI Bill” platform as a means to ease communications between veterans, schools and the government.

The idea of modernizing the VA’s benefits system been talked about for years following the passage of legislation in 2017 requiring an update to the way veterans can receive tuition and other benefits for higher education. Those changes, though, caused glitches in the existing system, which led to years of working on a long-term fix.

Momentum picked up modernizing the program last fall when the department asked Congress to reprogram COVID-stimulus funding for the IT project and made meaningful progress updating outdated systems and processes as required by the 2017 law.

Introduced under landmark legislation during World War II, the GI Bill allows veterans to earn funding to cover their education after service and has seen several updated laws to tweak its administration. 

“[T]his platform will enable VA to call, email, text and chat with GI Bill beneficiaries, grant the Veterans Benefits Administration (VBA) immediate access to beneficiary records and respond to questions from colleges and universities instantaneously,” according to a press release. It described the platform as “an end-to-end systems management perspective to ensure proper compliance and oversight of GI Bill programs, and the use of data and business intelligence tools to track, monitor and measure school and student outcomes.”

It is yet another digital modernization push in the VA, which has faced challenges in modernizing some of its other major programs like electronic health records modernization.

The platform will be a product of both the VBA and the Office of Information Technology, according to the VA. The two will be using $243 million of reallocated money from the CARES Act, the initial round of stimulus passed by Congress in March of 2020.

Air Force updates Digital University with new career tracks

The Air Force‘s platform to upskill its workforce got some major new additions, with new career pathways and course designs to organize users’ learnings around specific technical skill sets.

The Digital University platform’s initial launch in summer opened up thousands of lessons from contractors Udemy, Pluralsight and Udacity without much direction for the learner. The latest updates push the platform closer to what many companies in the private sector have embraced to keep their workforces sharp on the latest technology skills, with specific career paths and customizable tracks for particular skills.

“Technical training typically isn’t done well in the Air Force, so there is a demand to upskill our technical airmen for the jobs we need. DU was built to be that central hub,” said 1st Lt. Peyton Cleveland, who built much of the backend of the new course paths.

Digital University is managed by the Air Force’s Business and Enterprise Systems Product Innovation office (BESPIN). The team told FedScoop in September that it plans to “constantly [update] digital training” on the DU platform, made evident by the new pathways and customization available in the latest release.

“The goal was to completely transform the way we think about digital training,” Cleveland said about DU.

The first Digital University users were cybersecurity specialists and technical professionals looking to stay up-to-date on the latest coding techniques — the type of tech professionals who might already know what lessons to look for in the library. From there, DU leaders hope to expand the user base to curious airmen and Space Force guardians who recognize the benefits of technical skills in their roles but would need more guidance on where to begin — hence the newly coded career paths.

Some hope that senior leaders will also jump on the platform, just like Chief of Space Operations Gen. Jay Raymond said he has done. Raymond also said previously that digital literacy will be a requirement for new Space Force members, who can take Digital U coursework and other tech training to develop new skills.

So far, the platform seems to have taken hold, DU officials say.

“A lot of the feedback has been really positive,” Cleveland told FedScoop. “People love what we are doing and want more of it.” Even the Army is jumping onboard with a pilot of the platform, Cleveland said.

Digital University has been praised by Air Force and technology leaders as a way to help turn the greater Department of Defense into a more-digital organization. With the decades it takes for young, tech-native people to rise through the ranks of the military, Digital University’s leaders hope the program can start to turn those already in senior roles into leaders who recognize the value of digital skills in the modern military.

HHS data collection and sharing continues to evolve with the pandemic

COVID-19 data collection and sharing has changed throughout the pandemic at the Department of Health and Human Services to meet the needs of agencies, hospitals, industry and the public, said Kevin Duvall, acting chief data officer, Thursday.

The Office of the Assistant Secretary for Preparedness and Response supports hospitals with personal protective equipment like masks and medicine. So when it had issues distributing the drug remdesivir in July, HHS began asking hospitals to report their supply.

HHS further made its COVID-19 Community Profile Report, an internal tool originally, available to the public in December as a “highly consumable” PDF, as well as an .xlsx file for deeper analysis, said Duvall, who was instrumental in the effort.

“The data had to evolve with how the government was responding to the pandemic,” Duvall said. “Over time, as we got more comfortable with datasets and felt that the quality of the data was good and sound, there was more and more release of open data.”

HealthData.gov‘s look changed in the past week as HHS migrated it to a new platform with additional capabilities — namely machine-readable, API-accessible interfaces for every dataset to assist researchers, companies and journalists.

The separate HHS Protect Public Data Hub and Centers for Disease Control and Prevention COVID Data Tracker represent a year of work.

The hub includes hospital use reporting and data on what therapeutics like Lilly and Regeneron they’ve received. The tracker meanwhile combines CDC guidance with data and links to HealthData.gov.

The downloadable COVID-19 Community Profile Report on HealthData.gov is updated daily. And the PDF contains data on case positivity, deaths and hospital admissions, while the .xlsx breaks things down by states, regions and counties.

Search analytics revealed state data was particularly popular, so HHS now offers a state profile view as well.

Before opening datasets up HHS has to consider the legality, for which general counsel is consulted, and the potential effect on hospitals.

“What is the appropriate level of granularity into what’s going on [without] show[ing] too much that would then be detrimental to hospitals, as well as the patients that are in the facility,” Duvall said. “That’s a hard challenge for the pandemic.”

DDS 2.0: The Pentagon digital team’s journey from startup to full-fledged firefighter

When the Pentagon chartered its digital services team — the Defense Digital Service — in 2015 as a branch of the White House’s U.S. Digital Service, the mission was simple: Embed the nation’s top tech talent within the Department of Defense for a brief tour of duty to rectify the military’s tech woes with an innovative and agile mindset.

While that core formula — calling on the nation’s brightest to serve and bring the Pentagon’s IT into the 21st century — is still there, in the five years since, DDS has matured and transformed. Today, DDS exists as more of a digital first-response force, often working hand-in-hand with service members on the operations side when the department faces a “fire” that requires tech help — these days, pretty much any major challenge in the national security space.

Perhaps the best and freshest example of this is the team’s many supporting roles during DOD’s response to COVID-19. It started with aiding the USS Teddy Roosevelt in Guam when the aircraft carrier experienced a widespread outbreak of the coronavirus and was ordered to stop its movement. The team created a symptom tracking app for the sailors on board to keep tabs on who had the virus and who had been exposed to stop the spread.

And more recently, the service assisted Operation Warp Speed — the federal vaccine delivery effort — working in tandem with the NSA to secure critical data and systems involved.

In between those “sentinel” efforts, as DDS Director Brett Goldstein described them, the team stayed busy with COVID-19 expanding the symptom tracking app department-wide, improving virtual hiring and onboarding during the pandemic, and supporting Navy medical ships by detecting and guarding against drones flying in their airspace.

“That’s when I realized that we had taken this team from being a generator of good ideas and good feedback to rapid response solution delivery — this vision of a SWAT team of nerds, but a SWAT team of nerds that delivers left and right,” Goldstein told FedScoop.

But it wasn’t always that way. When Goldstein arrived as director of DDS in early 2019, he was handed an organization still in its “early stages” that hadn’t figured out how to sustain its growth — it hadn’t figured out yet how to deliver outcomes.

“I saw lots and lots of good ideas,” he said. “But we hadn’t really conquered the sustainable piece, or ensuring the outcome, or the commitment to stay with something when it went from sexy and shiny to kind of boring but still critical.”

Shortly thereafter, an old friend and colleague in Katie Olson joined him as deputy director of DDS, and the two began to consciously “sit down and…start to rethink where should this organization go,” he said. The two worked together for the City of Chicago about a decade ago.

Olson saw it too: “I think part of what we both immediately recognized is the stage DDS was in, it was a sort of a startup trying to move into steady-state operations.”

One thing was missing. Goldstein said he’d hear it over and over again when he joined during his initial meet and greets with DDS’s partners. “A theme that kept on coming up was, ‘You folks will come in for a tiny period of time, we’d hear about all the things that we’re doing wrong. But then wouldn’t know how to get to a better outcome.'” he said. “And this is something that really resonated with me because I don’t want to go around just telling people you’re doing it wrong. I want us to get it right.”

Leapfrogs and fires

It’s not always immediately apparent what constitutes a project fit for today’s Defense Digital Service. It’s really an amalgamation of things, centering on a couple common threads. Most often, the team is called upon when “something horrible happens, like some critical system breaks, and no one else can fix it,” Goldstein said.

“I really do love the example of the USS Teddy Roosevelt [COVID-19 response]. Literally, it started with a phone call in my house,” he continued. “And 24 hours later we were delivering. I don’t know anyone else, any other technical component that can deliver like that.”

In addition to putting out those “fires,” DDS wants to be the team that thinks big, initiating “leapfrog” projects — things that dramatically move a technology or concept forward in a quick and actionable way.

“I think where we’ve landed in terms of the type of work we’ll do is we should be doing things that are giant leapfrogs, you know, things like [counter-unmanned aircraft systems],” said Olson. “On the other hand, we are there to be the department’s kind of crisis management group and to be solving fires.”

Cybersecurity is a leapfrog that keeps Goldstein up at night.

“Every night, I wake up in the middle of the night worried about cybersecurity, cyber capability, and our national security,” he said. “I am not interested in talking about 10-year plans. I’m interested in what are the things we can do to leapfrog a capability in that space and accelerate change and the application of that?”

So, DDS has expanded its cybersecurity work, beyond just the bug bounty success it’s had with Hack the Pentagon to take a more holistic approach to “help the department think about their cyber hygiene,” said Olson. Also, the team has created tools like Clone Wars that scans “see if any of our code is leaked out” and Crossfeed, a continuous monitoring tool that scans DOD’s public-facing assets for vulnerabilities.

Peppered between the leapfrogs and fires, DDS also takes on pilot projects, starting small with modern tech concepts that could be of great benefit to the wider department.

“We have moved to repeatable processes and projects that we can test out, instead of saying, you know, let’s get the entire department on one cloud,” Olson told FedScoop. “Looking at something like [what] the Air Force is doing with Cloud One or Platform One. Let’s shift people into this idea of developing and cloud architecture and scale up from there.”

This is a marked difference from the DDS of the past — the one that was responsible for developing the concept behind the Pentagon’s controversy-ridden $10 billion Joint Enterprise Defense Infrastructure (JEDI) contract to acquire a single, end-to-end cloud solution.

Ownership of JEDI was transferred to DOD’s Office of the CIO in 2018, and while this gave DDS more time to focus its attention on new projects, it also marked a natural point for some original team members, done with their work on this all-consuming program, to plan their exits.

New team, new DDS

Within a year after the transfer of JEDI, founding DDS Director Chris Lynch departed to start his own company, Rebellion Defense. Many of the Defense Digital Service’s early members followed Lynch to Rebellion, leaving the team with a slimmed-down staff when Goldstein arrived in mid-2019.

Around this time, DDS also gained independence from USDS. “Going back to the original conceptions behind USDS, the idea was to create organizations within the agencies that could be sustainable on their own,” Goldstein said. “So DDS has accomplished that.”

These moments together birthed an opportunity for Goldstein and Olson to build a hand-picked team from near-scratch.

“A lot of people were, I think, done with their time with DDS, either because their terms expired or they just had worked really hard on JEDI” and saw that as a natural conclusion, Olson said. “We had to immediately start rebuilding the team.”

But because of the fresh start, “we could recruit the skill sets that we felt were needed or missing,” she said, adding that more than 60 members have been brought on since then.

Typically, USDS led recruiting and hiring for DDS. But now the two were split, and it was up to DDS on its own to rebuild. Goldstein and Olson took the lead, and because of that, “I know everyone’s name. I know everyone’s story. I know their capability. I can say that Katie and I have screened every single person and can attest to their skills and their abilities,” Goldstein said. For this reason, he never wants the team to be much bigger than it is now at roughly 80 members.

They brought on new skillsets and a more diverse team focused on security engineering and data science, as those were strategic areas DDS hoped to expand its work in, Olson said. They also doubled down on “engineers, designers, and product managers, and what we used to call bureaucracy hackers, you know, people who are in the front office, who know their way around acquisitions and legal and communications and all of these important skillsets to help the team function.”

Even during the pandemic, DDS continued hiring when many DOD teams struggled to traverse the need to do so remotely. The team took the lessons learned from that and passed them on across the department in a toolkit for how to hire digital talent in this new environment, helping answer questions like “what was the experience like for people when they finally did start…making sure everybody had delivered laptops all over the country, and making sure that we still had good cyber hygiene.”

“The majority of the team at this point has onboarded in or around the pandemic,” Olson said. “There’s a good percentage of the team I’ve never met in person. It’s kind of wild.”

Goldstein doesn’t see this changing. DDS will continue to hire talent where it is, pandemic or not, he said, “because we go where the work is, and where the need is, and so on.”

The future of DDS

Under a new administration with a new secretary of Defense, the Defense Digital Service will undoubtedly continue to evolve. Likely, that will mean new focus areas in line with the DOD’s similarly evolving mission set.

Olson pointed to things like continued support in cybersecurity, public health response and, perhaps, climate change as areas the DOD could look to DDS for help.

“We have a lot of real estate and a lot of bases,” Olson said of the military’s role in climate change. “And it’s kind of interesting to think about bases being like small cities, and how can you pilot some things like renewables. But then we’re also a huge consumer of energy. And so I think there’s potential to make different choices to make a dent in that.”

For Goldstein, it’s all about staying in lockstep with Pentagon leadership “on what are the things that keep them up at night? What are the evolving threats that are exhibited in the [National Defense Strategy] and how do we ensure that we’re that technical component that is able to step in immediately, not with a one-year plan, not with a big vision, but there’s a need and we go and execute.”

He also values staying in lockstep with his deputy in Olson.

“At DDS, the way we structured it from day one is more of a partnership than the director and the deputy,” Goldstein said. “And that’s allowed us to grow and scale in ways that were potentially harder. She and I share critical decisions, we develop strategy together. And the beauty behind that is, when one of us is off on an operation out of the country, any of those pieces, the other is able to step in. I think this relationship has been critical to allowing us to double the organization in size, but also take on really, really critical missions. I think that’s been a cornerstone in our successful growth. And I’m really happy that she and I were able to collaborate again.”

Regardless of what the future might bring for DDS, one thing remains essential to the team’s mission, Goldstein said.  “There’s been a bit of acceptance that technology is going to be behind in government or this concept of ‘good enough for government work.’ None of that is acceptable to me. And none of that should be acceptable going forward. So as we go into the future, we need to bring the very best in technical talent, technical delivery, technical capability into our national security and into the fight.”

Improve data security and interoperability for public health agencies

The healthcare industry continues to look for better ways to share information to improve the quality of patient care. However, implementing patient portal systems — and the processes behind them — presents several technical challenges when information needs to pass across different organizations, including health agencies in government.

“Health care agencies need to consider [the use cases] for each of their main user populations — patients, partners, and government employees — and how identity and access management can help them excel,” say experts in a recent whitepaper from Okta.

The whitepaper explores some of the principal challenges surrounding data security and user access and how a modern identity and access solution can help public health organizations improve interoperability of patient and health data.

Low patient portal adoption

Value-based care is a model that seeks to provide patients with the highest quality of care possible. That advent of portals was intended to help improve the ongoing relationship between patient and provider.

The report, however, indicates a number of barriers are slowing the adoption of portals, including lack of trust, poor user experience and portal overload. The report cites a brief from the Office of the National Coordinator (ONC) for Health Information Technology that “found that 25% of patients who do not access their online medical records do so because of security or privacy concerns.”

But modern identity and access management tools, which incorporate automation and API capabilities, can improve the experiences of health partners and patients and close security gaps without burdening the IT department.

“Automation can authenticate any individual needing to access records, ensuring that person is who he says he is, and then authorize which specific information can be accessed and how it may be used,” says the report.

Identity as the foundation for patient portal engagement

Earning user trust in portals requires striking the right balance between robust security and positive user experience, according to the report.

“A single sign-on (SSO) process removes friction by allowing patients to use one set of credentials to securely access all their health-related resources,” the report says.

“Choosing an identity solution with customizable, out-of-the-box functionality can help healthcare organizations create a modern onboarding experience without extensive time or resources from their IT team. An identity provider who is able to unify web, mobile and omni-channel experiences will also further decrease friction and enhance the user experience for patients.”

Interoperability of care when multiple organizations are involved

With organizations all using their own portal system, overcoming the challenge to provide access to information, while ensuring security and data privacy, has proven particularly difficult.

A modern identity and access management system, like Okta’s platform, uses an interoperable healthcare API standard called SMART on FHIR (Fast Healthcare Interoperability Resources) to enable different applications to access health records in a secure way.

“A cancer patient’s primary care physician would need access to the information maintained by the NCI on the clinical trial, for example, and would probably also want to be able to upload routine patient information such as blood work,” the report notes.

The report goes on to explain how Okta’s platform is designed to be the foundation for a modern zero-trust security architecture — a necessity for the healthcare industry — and how it further helps customers maintain and prove adherence to healthcare security regulations like HIPAA and EPCS.

Learn more about how a modern identity and access solution can help public health organizations modernize patient care.

This article was produced by FedScoop for, and sponsored by, Okta.

New VA secretary to review EHR modernization program after troubling reports

New Secretary of Veterans Affairs Denis McDonough announced a “strategic review” of his department’s electronic health record modernization program Friday, a move welcomed by lawmakers.

The review comes after the VA previously rejected a call from the Government Accountability Office to pause the system’s rollout to fix critical issues and a congresswoman sent a letter this week to VA leadership detailing medical issues caused by the transition.

The recent reports of issues with the program stem from the October go-live of the EHR system at the Mann-Grandstaff VA Medical Center in Spokane, Washington, the first center to launch the new Cerner-built EHR system.

“A successful EHR deployment is essential in the delivery of lifetime, world-class health care for our Veterans,” McDonough said in a release. “After a rigorous review of our most-recent deployment at Mann-Grandstaff VA Medical Center, it is apparent that a strategic review is necessary. VA remains committed to the Cerner Millennium solution, and we must get this right for Veterans.”

The plan to next roll out the system in Columbus, Ohio, is still on track, but schedule changes are on the table following the review, the VA announced. It’s unclear what else might change after the 12-week review, but the recent GAO report pointed to several technical issues that need to be tested and addressed.

With new scrutiny of the $16 billion, 10-year modernization program developed during the Trump administration, some members of Congress are questioning the continuation of the contract with Cerner Millennium.

“It is more important for VA to get EHRM right than to rush it and put veterans’ health at risk,” House Veterans Affairs Committee Chairman Mark Takano, D-Calif., said in a statement. “This strategic review comes at a critical time, and I’m hopeful that it will ensure Secretary McDonough has an opportunity to examine the prior administration’s handling of the project and course correct if necessary.”

Republicans also welcomed the review while questioning the entire continued existence of the program. Rep. Cathy McMorris Rodgers, a Republican congresswoman from Spokane, Washington, described staffing shortfalls and issues with prescription refills as “dangerous and unacceptable” in a letter to McDonough Wednesday.

The top Republican on the committee’s Technology Modernization Subcommittee echoed a similar sentiment.

“It is not too much to ask that the Cerner electronic health record pass a simple test, that proves it will help doctors and nurses deliver quality and timely care to veterans, before it can be deployed anywhere else,” Rep. Matt Rosendale, R-Mt., said in a statement. “If it cannot do that, we should not continue to spend on the contract.”