Vote today for the 2025 FedScoop 50 awards.

Cast your vote!

SBA addressing information security issues amid coronavirus response efforts

The Small Business Administration is working to improve its information security program, even as it launches telework and loan capabilities to aid small businesses during the coronavirus crisis.

An SBA Office of Inspector General report released last month found persistent weaknesses in the agency’s risk, configuration and identity and access management.

Now the agency is working to address such issues while supporting a portal for the new Paycheck Protection Program (PPP) and scaling the Economic Injury Disaster Loan (EIDL) program — both of which received a large amount of COVID-19 stimulus funding.

The agency’s security operations team is conducting penetration testing and applying SBA Connect authentication for new capabilities, CIO Maria Roat said during an AFFIRM webinar Thursday.

But there are external threats as well.

“My security team, they live for this stuff because — when you look at small businesses, security, what’s going on in the entire financial space — we’ve taken down, working with [the Department of Homeland Security], eight fraudulent websites and two Twitter accounts that were imitating our administrator,” Roat said.

The eight websites were taken down in the last few weeks and the Twitter accounts a week and a half ago, amid the coronavirus pandemic.

CIO’s office supports SBA pandemic response

SBA had to build things “very quickly” to accommodate disbursing funding for small businesses in the Coronavirus Aid, Relief, and Economic Security (CARES) Act and subsequent stimulus packages, Roat said. While it’s been 50 days since the agency stood up its COVID-19 task force, it had to wait for the legislation particulars to put PPP and EIDL business rules in place.

The PPP offers loans to help businesses keep their workforces employed during the pandemic, while EIDL issues an up-to-$10,000 advance for businesses experiencing temporary difficulties.

SBA stood up a lender gateway for the Paycheck Protection portal in eight days for small lenders and community and midsize banks the agency hasn’t worked with before. The portal itself is for about 18,000 lenders SBA works with regularly.

Meanwhile, SBA launched a software-as-a-service platform for EIDL applicants in a week.

Both loan portals were geofenced to the U.S. and its territories for added cybersecurity, Roat said.

The projects haven’t gone without issue. An agency spokesperson revealed earlier this month that personally identifiable information from a “limited” number of EIDL applicants was “potentially” exposed to others in the portal.

SBA disabled the portion of the website at issue and relaunched the portal. But the cause of the problem, data exposed and length of time it was available were unclear.

In addition to tripling staff, SBA needed to automate the process of assigning about 10,000 daily incoming emails from small business owners to call workers — now in its fourth iteration.

About 93,000 people visited SBA.gov when President Trump recently tweeted about it, and the site scaled 825% immediately, Roat said.

With every new capability SBA releases, Roat’s team issues references where employees can find training, as well as shortcuts and tips for telework tools like Skype or Microsoft Teams.

For the last three years, SBA has been implementing collaboration tools and digital signatures — though the agency still has “a lot” of paper — meaning the shift to telework was only a matter of scaling, Roat said.

The agency only approved four printer requests, due to the cyber risks associated, and has seen a “huge uptick” in the use of collaboration tools, she said.

“We flipped over seamlessly to telework,” Roat said.

How the U.S. Digital Service is helping during the coronavirus pandemic

You may not have heard much about the U.S. Digital Service‘s role as the nation battles the spread of the coronavirus, but the federal government’s tech surge team has had its hands in some of the administration’s most pressing efforts behind the scenes.

The USDS has some team members embedded in the White House Coronavirus Task Force, Administrator Matt Cutts said last week during a Partnership for Public Service webinar.

“So whenever you see Ambassador [Deborah] Birx presenting slides and showing data sometimes going down to a county level, oftentimes that data is derived from or even prepared by the U.S. Digital Service,” Cutts said. “So in terms of deciding allocations of things like [personal protective equipment] or ventilators, those sorts of things.”

The U.S. Digital Service was founded after the 2013 Healthcare.gov website rollout fiasco as an injection of tech talent into government to solve big problems that affect the critical services Americans depend on. So it’s no surprise that during the pandemic, the team is staying very busy.

Cutts said the team has also been assisting the Centers for Disease Control and Prevention with overhauling some of its website architecture as it publishes important information and data on the spread of the coronavirus.

The team is also working with the Small Business Administration as it delivers loans to companies affected by the economic downturn. The SBA has had its hands full after nearly 8,000 companies looking for relief may have had their personal information exposed through the agency’s loan portal.

On top of that, USDS has team members “slotted in” at the Department of Veterans Affairs, the Center for Medicare & Medicaid Services, and the Department of Homeland Security “helping people do remote work,” Cutts said.

“COVID has revealed that government needs to be effective and efficient and it needs to be able to move fast,” Cutts said. He continued: “It is really important for government to work well right now.”

USDS is pitching in at the state and local levels, too.

“People are getting an unprecedented number of applications for unemployment insurance at the state level,” Cutts said. “And so we’ve even been able to help talk to several states about, ‘OK, what can we do to help improve this particular system? How can we make it scale a little bit better?'”

This week, a group of senators called for congressional leadership to make it easier for USDS and its General Services Administration counterpart 18F to work with state and local entities, which tend to be most afflicted by the impacts of the pandemic. “Unfortunately, both the USDS and the TTS are hindered by regulatory hurdles that slow down or prevent them from supporting state and local governments,” reads a letter from 16 senators. “During this national emergency, when speed is vital for millions of Americans, this red tape is preventing the federal government’s skilled technologist from helping the state and local agencies that need them most.”

Cutts said he’s been on calls with those state and local governments “and they were like, ‘Yeah, having some of this technology expertise would make a huge amount of difference.'”

During the webinar event, the Partnership for Public Service released a report on the importance of tech talent in the 21st-century federal government, particularly during this current crisis.

“If we look at how our world has really changed in the past month, in the past six weeks from an increased need for remote work to seeing our technical and our human infrastructure strain, under the weight of things like unemployment claims or health care delivery, the COVID-19 pandemic is laying bare the fact that modern technical and digital leaders are going to be vital to our country’s recovery,” said Jennifer Anastasoff, executive director of the Tech Talent Project and a former founding member of the USDS.

VA’s head of modernization departing after three years in post

The head of modernization in the Department of Veterans Affairs, Surafeal Asgedom, is departing the post after three years of working to improve collaboration and innovation within the department.

Asgedom had the task of optimizing services the VA offers to millions of military veterans. His job description in the Office of Enterprise Integration had a long list of challenging objectives, including “streamlining” and “integrating” disparate initiatives, promoting cross-agency work and “rapidly executing” leadership priorities. In a farewell note obtained by FedScoop he said his time at the department was “a chance of a lifetime.”

“It is an opportunity that I will hold with genuine gratitude for the rest of my life,” he wrote. “VA’s noble mission of serving our heroes is unmatched.”

In an email to FedScoop, he said his crowning achievement was improving collaboration within the VA on modernization efforts. Increased transparency in those partnerships was one of the critical parts to his successes, he said. He didn’t point to a specific collaboration, instead referring to broader management-style changes in VA.

“I am very proud to say I helped create an integrated change management ecosystem — a system designed to deliver a stronger future for our Veterans,” he wrote to FedScoop.

At the recent 2020 FedScoop IT Modernization Summit, Asgedom said his office was working to modernize services to meet the changing needs of younger veterans who are more accustomed to tech-based services. Finding better ways to integrate with mobile applications and commercial-off-the-shelf technology were among his priorities, he said.

“Our demographics have changed, as well as expectations,” Asgedom said during the March 12 summit. He later added that “our approach is really commercial off-the-shelf for all of our products.”

Asgedom came to the VA from leadership positions in the health care industry in New York. His last day at the VA will be April 24, according to his email to staff. He told FedScoop he intends to take some time off before venturing back into the private sector.

“I leave my position with great respect for government workers, especially leaders like yourself that are so obviously committed to VA’s noble mission.”

DHS still finding a balance between enterprise architecture and CDO functions

Structural issues have made it hard for the Department of Homeland Security to balance its enterprise architecture and chief data officer functions since the passage of the Evidence Act.

The Foundations for Evidence-Based Policymaking Act became law in January 2019 and required all 24 CFO Act agencies, DHS included, to appoint nonpolitical CDOs.

With the added publication of the Federal Data Strategy, a growing number of DHS agencies have appointed CDOs, which has proven difficult for such a federated department, said Chris Campbell, acting chief enterprise architect and deputy CDO.

Campbell’s boss, CTO Brian Teeple, was also made CDO to comply with the Evidence Act. Campbell became deputy CDO.

Many of the larger agencies within DHS — the Federal Emergency Management Agency, Transportation Security Administration and Immigration and Customs Enforcement — already have “strong” chiefs of enterprise architecture who similarly were dual-hatted as CDOs, Campbell said.

“I know that there’s going to be more and more CDOs cropping up across our agencies, and it’s going to be potentially impacting the enterprise architecture shops,” Campbell said during a Digital Government Institute webinar Wednesday. “And so I thought it would be a great idea to bring together the chief data officers, or people acting in that role, and talk in front of the enterprise architecture community about where these places are where we have potential overlap, the unfortunate potential for conflict, and the hopefully positive potential for synergies and value add.”

The CDO and DCDO at headquarters have found themselves in a “coordination role,” focusing on data governance and fostering collaboration while giving agency CDOs the freedom to focus on data gathering, analytics and artificial intelligence, he added.

DHS also needs to improve communication around implementing the Federal Data Strategy and keep the focus on the data community, rather than department policymakers and lawyers — some of whom are out of the loop, Campbell said.

“I would like to say that we have a really solid, unified strategy on how we’re attacking this, but the truth of the matter is we have a Data Governance Council, where we have our data-centric representation from across the department,” Campbell said. “And we’re going through the Federal Data Strategy, and we’re looking at the things that we want to try to accomplish.”

KPMG scores DISA OTA to prototype new access management system

The Defense Information Systems Agency issued an other transaction agreement to multinational auditing and professional services firm KPMG to consolidate its access management systems.

The new identity, credential and access management (ICAM) prototype system the company is helping to build will consolidate and update a number of existing login systems and could eventually be expanded to use by agencies throughout the Department of Defense, KPMG said in a news release.

The prototype also aims to give administrators more abilities to review user access to systems. The prototype OTA was valued a $600,000.

The company will use cloud and on-premise software for access management and authentication, “helping assure that only authorized individuals gain access to DISA computer systems and information. It would also provide increased auditability so officials could better evaluate user system access,” KPMG says.

“KPMG is excited to support DISA with this innovative and strategic effort that will help empower ICAM-based services for DISA and its stakeholders,” said Brenda Walker, lead partner for KPMG’s Department of Defense consulting services. “We are delighted to have been chosen and look forward to submitting our prototype.”

KPMG is developing the prototype with the support of UberEther and in part using commercial-off-the-shelf software licensed from vendors including Ping Identity, SailPoint, and Radiant Logic, the company said in its release.

Since May 2019, DISA has said it will be using the OTA contract vehicle more often to quickly issue contracts and find prototypes for technology challenges. Identity management systems were one of the big targets for the agency in its use of OTAs. DISA also said it wants to experiment with are zero trust architecture, browser isolation and assured identity biometrics.

“Our vision is to eliminate passwords,” DISA Director Vice Adm. Nancy Norton said last May during an AFCEA event. “Continuous multifactor authentication will run seamlessly in the background allowing access through biometric data distinct to each user.”

For federal CIOs, telework boom shows how existing IT investments pay off in new ways

As telework has taken root during the coronavirus pandemic, federal CIOs have rapidly shifted their focus to ensure the workforce has the tools and network capacity to continue functioning as normally as possible. Although the scale-up happened suddenly, CIOs say the story started years earlier.

Agencies have been able to continue operations without major disruptions in large part because of the progress they made on IT modernization well before 2020’s global health crisis, several CIOs told FedScoop.

“We’ve been making a lot of investments across all the agencies,” Federal CIO Suzette Kent told FedScoop of recent federal IT modernization efforts — things like the adoption of cloud services, collaboration tools, digitized forms and more. “What the performance we’re seeing shows is that many of those investments are paying off.”

The Environmental Protection Agency, for instance, has been ramping up its telework-readiness over the past decade, CIO Vaughn Noga said.

“We’ve been preparing the workforce for a long time for telework. I joined the agency in 2008,” Noga said. “And over the last 12 years, we’ve been moving folks from desktops to laptops. So a good portion — 95% — of our computers are laptops.”

Preparations such as these “have put us in a position where we haven’t seen the significant IT [shifts] across the board” during the pandemic, he said. “But as this progresses, one of the things that we’re looking at is what additional resources do we need.”

“Our job is to make sure the EPA and the employees EPA can do their jobs. That’s our single focus,” Noga said.

For the last three years, the Nuclear Regulatory Commission has been locked-in on its IT modernization efforts. It has paid great dividends during the move to full-scale telework, CIO David Nelson told FedScoop.

“We went through just last year and finished up a complete refresh of all of our laptops. So everybody has new laptops with Windows 10,” Nelson said.  “Two years ago, we moved up into the cloud with Office 365 and the whole set of collaborative tools. We did a voice over IP upgrade to all of our [telecom] equipment. So really we were in a pretty good place. All that planning was around both modernizing and trying to get the agency ready to really do continuity of operations which we can do operating things up in the cloud or virtually much better than it ever has before.”

Because of this, Nelson said, “we’ve been able to handle all the traffic. We pretty much have everybody in the agency working remotely. And our capacity and network are able to handle it easily.”

Processes that the average American citizen may take for granted — like moving forms to digital and enabling e-signatures — have made a world of difference in limiting personal contact during the pandemic.

To be clear, the situation hasn’t been perfect, and there have been bumps in the road for some agencies. But if some of these prior modernization efforts hadn’t happened, “we would be in a very different place,” Kent said.  “We would be extremely limited, and in a pandemic situation, we would be putting people potentially in situations where person-to-person contact is critical for continuity … the investments in the citizen-facing services are helping continue continuity — telehealth, interviews on the phone, and more.”

“We were already focused on mission-critical things, but we would have been having a much more narrow conversation if we weren’t in a place to support delivery of citizen services and business exchange across the federal government in a virtual manner,” Kent said. “Modernization has paid off in this situation.”

IT modernization, accelerated

Some CIOs are using the pandemic — and, in some cases, its injection of emergency funding — as an opportunity to accelerate modernization that will stick around long after federal workers return to their desks around the nation.

“We accelerated a couple of modernization initiatives that were already underway — deployment of an electronic document routing/signature system and a new virtual collaboration tool — to enhance our distributed operating model,” National Science Foundation CIO Dorothy Aronson told FedScoop. She emphasized that the new distributed style of work “gave us an opportunity to move to a true digital signature in place of the print, sign, scan process” NSF had been using.

Even in the massive IT operating environment that is the Department of Defense, agency CIOs have been nimble in scaling up critical services in days rather than weeks and months. As each of the military services experienced triple-digit surges in teleworking, DOD CIO Dana Deasy led the department to boost its network capacity and launch the Commercial Virtual Remote (CVR) Environment, a software-as-a-service platform based on Microsoft’s Teams collaboration tool.

Deasy said the telework capabilities the DOD has developed in the past month “will be sustained at the end of COVID-19.”

The Air Force specifically has used the crisis as an opportunity to move more quickly in some areas to scale up cloud usage and supply airmen with the devices and applications they need.

“So the COVID-19 crisis, if we do this right, it allows us to address some of the digital modernization needs, the increase in mobility and cloud utilization and cybersecurity — they very much align with what we’ve already put in place. It’s just starting to accelerate,” said Bill Marion, the outgoing deputy CIO of the Air Force.

In fiscal 2020, the Army Corps of Engineers already had planned a major effort to “untether the end-user from their desktop,” CIO Dovarius Peoples said. The corps kicked off that work with fortuitous timing just as the coronavirus was beginning to spread across the globe.

The pandemic “expedited a lot of our momentum,” Peoples said. “So we are now trying to expand the digital footprint within the corps … really empowering the end-user to be able to access a lot of the mission-critical applications. …We are geographically dispersed, and having those users out in the field, being able to access their applications, being able to stand up some of the COVID-19 efforts for some of the assisted living facilities and those types of things, we’re definitely enhancing how we do business.”

Change management

Prior to the pandemic, some agencies had telework policies in place for an eligible portion of their workforces. But few if any were ready for something of this scale, leaving CIOs in late March scrambling to get personnel ready to work remotely for the foreseeable future. And though many agencies may have had the tech in place to support such a shift, the change management of it all took some extra finesse to make personnel feel comfortable.

A week before the federal government moved to mass telework to combat the spread of the coronavirus, the NRC set up a sort of IT help desk in the lobby of its Rockville, Maryland, headquarters. Nelson and his team made themselves available to answer any questions, train people on new collaboration tools and make sure NRC staff were comfortable with the unprecedented plunge into telework they were about to take.

“We focused completely on making sure any of the agency’s employees that weren’t familiar with using the new capabilities had an opportunity to come by,” Nelson said. “We would set them down and actually install things on their laptops. If they weren’t installed, things like a [virtual private network], we walk them through how they work and how to use it.”

Then, the Friday before the workforce would be told to work remotely until further notice, Nelson and his team asked NRC personnel to voluntarily telework to not only stress-test the VPN and network capacity, but also to expose any challenges that employees might face.

Fortunately, Nelson said, NRC already had the tools in place. “We just had to help people really understand how they could be used. And it’s amazing when you’re forced to use these how quickly people start to understand how to use them very efficiently. It’s just that whole change management thing — when you offer the tools, and people don’t have to use them, your adoption just kind of moves along not at a very fast pace. But when you’re just thrust into that kind of situation, people have adapted very well.”

EPA accelerated its adoption of Microsoft Teams when the pandemic hit. “We’ve engaged the workforce, and they’ve embraced working with us on trying out these new technologies,” Noga said. “And I think they recognize the situation may not be perfect and there may be lessons learned. But I would say, certainly on the IT community, they’ve embraced working with us on rolling out to new technologies.”

Before this, the historical reference point for surge capacity and shifting to telework was a severe snowstorm in the D.C. metro area, Kent said, with a few days of telework max. The comparison just isn’t close. But “now that somebody’s [teleworked], and they’ve done it every day for 30 days, it’s not scary anymore,” she said.

This crisis, Kent said, has “shown people that we can successfully work differently.”

“The federal agencies are able to stay connected to the workforce, the workforce is able to be responsive and support mission continuity,” she said. “Those are great outcomes… It’ll make both our business people inside government more comfortable with those processes. And it will demonstrate to citizens that they can still have a fulfilling, accurate, fair experience electronically.”

Ready for a different kind of normalcy

The Federal CIO Council now meets daily — compared to its regular monthly cadence — as agencies are saturated with new IT guidance on a daily basis during this novel time, Kent told FedScoop.

“We have a constant inbox and a constant dialogue going back and forth,” she said. “We’ve had guidance come out almost every single day.”

That sort of crisis communication won’t last forever. The White House issued guidance this week for how agencies should begin to shift back to working in the office. Things will at some point return to some state of normalcy; CIOs, too, will turn back to larger modernization projects they had to put aside to focus on IT services needed to support mission continuity during the pandemic.

But still, an air of uncertainty remains for what CIOs have in the days ahead of them — and how this period of time will come with lessons learned that may forever change federal technology operations.

“I think we’re over a big hump,” Kent said. “But we are going to have to look at what does business continuity look like, continue to tweak it based on the duration and the sets of activities, and however we might need to move people for activities.”

NSF’s Aronson said: “As time goes on, it is likely our needs will change, and we will have to pay attention to our next new requirement and remain agile and responsive.”

In some cases, the pandemic has obviated the IT areas that need the most support. The importance of continuity-of-operations IT support systems, telework and capacity testing has never been more apparent.

“I learned just how important it is,” Nelson said. “Our agency did take that pretty serious even before this particular event. And it’s something we’ve always done, but I can’t imagine what it’s been like for some of the private sector companies that don’t put that kind of rigor into it.”

It also showed IT officials the great partners they have in the private sector.

Based on the telework test NRC performed, “we were able to quickly put in some orders with our carriers to up our bandwidth,” Nelson said. “I’m telling you all the carriers were doing a fantastic job and they still are helping the agencies in that way. They were able to move quickly and help us put a lot more bandwidth in place.”

Kent echoed that praise: “One of the things I’ve been really happy about is that vendor partners have been incredibly responsive. They’ve been flexible. And they worked with us on solutions, not just coming to the table with, ‘Hey, here’s this thing.’”

CIOs often tend to describe modernization as a continual evolution rather than an end state. And in Kent’s case, she acknowledges that “there are still things where we need more digital capabilities. There are still opportunities to create a more resilient workforce. And those are the investments we need to continue with.”

“It took an event of forced acceptance to get comfortable” with working in this digitally-dependent manner, Kent said. “And, I only hope that we will knock out all the bad things in this situation as quickly as possible, but we’ll also take some of the learnings, the resiliency and the open eyes to what can be done in a digital and virtual environment and save those and use them as a spring for the future.”

Palantir goes to space, inking first deal with Space Force

Silicon Valley big-data company Palantir inked its first contract with the nascent Space Force to deliver data integration tools to help track objects in space.

Through the contract — a one-year, $10 million other transaction agreement — Palantir will prototype a “data backbone” for building a common operating picture of space, according to the company. The Space Force will use the company’s Foundry Suite to better understand what is orbiting the earth, be it satellites, space debris or incoming hostile projectiles.

Palantir “will take the data and convert it into knowledge,” said Col. Jennifer Krolikowski, head of the space command and control modernization program nicknamed Kobayashi Maru.

Space might be a dark void where no one can hear you scream (so the movies say), but it’s full of data. And much of it is captured by sensors operated by the Air Force, which houses the new Space Force, Krolikowski said.

Palantir has years of aerospace experience working with airlines on data-driven projects, but working in space is new territory for the company, Doug Philippone, Palantir’s head of global defense told Fedscoop.

“It is very exciting,” he said. “With your first contract with any service, you have to do an amazing job.”

But in its raw form, space sensor data doesn’t offer the military much, which is where Palantir comes in. The company will provide a “data-as-a-service layer” to create a clearer picture of what is happening above the earth, the colonel said.

Named after a Star Trek training simulation, Kobayashi Maru was created to improve the software acquisition for space systems, much like the Air Force’s Kessel Run. In the past, it would take the Air Force space organization 10 years to buy code — a process Gen. John Hyten, vice chairman of the Joint Chiefs of Staff, described as a “nightmare.”

Kobayashi Maru has cut down the contracting time to a few months, Krolikowski said. It works through a consortium of innovative technology companies called the Space Enterprise Consortium (SpEC) to solicit bids on contracts and start software prototyping. Palantir is one of the more than 300 members.

“It is really a way to attract startups and nontraditional defense companies,” Krolikowski said of the SpEC.

Space Force is a “clean slate” opportunity to redesign much of the Department of Defense’s antiquated acquisition process to better suit the highly technical force, the force’s inaugural leader Gen. Jay Raymond told Congress.

Since the prototype contract lasts only a year, Krolikowski said it’s essentially a test of Palantir to ensure they can deliver on what the Space Force needs.

But for Palantir, the contract represents a big opportunity to get in at the ground floor with the budding Space Force. Palantir has of late been working to expand its defense contracting business and received more government clearances in late 2019.

“There is a lot of great innovation and technology that is out there in industry,” Krolikowski said. “I’m looking forward to working with Palantir specifically but lots of other innovative tech companies that can help bring what my warfighter needs.”

State Department’s Center for Analytics thriving in a time of telework

The current telework environment has accelerated the State Department’s reliance on its new Center for Analytics for geography-independent collaboration, according to the department’s CIO.

Stuart McGuigan, speaking during an AFCEA Bethesda webinar, said the department typically assembled a cross-functional task force in response to major world events like a change in national leadership.

The task force would read papers, debate and ultimately publish guidance.

“Today, using groups like our Center for Analytics, we develop predictive models that assess the likelihood that there might be a change in government,” McGuigan said. “And if the model predicts a statistically high likelihood, we might trigger that task force before anything’s happened.”

If an expert on, say, South America is off doing a tour issuing visas, that person can still collaborate around the clock using videoconferencing or other telework tools, he added.

The State Department launched its Center for Analytics in January to outfit about 75,000 employees across 200 posts worldwide with data tools and training to make better foreign policy decisions.

With such a dispersed workforce, the department “almost naturally pivoted to a more agile, DevOps environment,” McGuigan said.

In 2019, without knowing a coronavirus pandemic was on the horizon, the department moved every employee to the cloud and Microsoft Office 365 while centralizing identity management. Now about 90% of its employees are teleworking, and the department continues to add capabilities based on feedback — without compromising controls or security posture, McGuigan said.

The State Department has started to consider the daily cost of delaying information technology decisions during telework, along with more traditional metrics like return on investment. If a major system upgrade would make your operation 10% more effective, you can calculate 10% of your labor cost every day you don’t act.

That practice of calculating “cost of delay” will continue when normal work resumes, McGuigan said.

“The cost of delay in a crisis is we’re not in business, but under normal circumstances there is a cost of delay,” he said. “You can put that in place and create this sense of urgency.”

A budget injection from the Coronavirus Aid, Relief, and Economic Security (CARES) Act aside, the State Department has achieved between one to two years of scaling in a matter of weeks, McGuigan said.

The CIO credits faster clearances of upgrades during remote meetings, rather than via traditional, paper-based channels. While that won’t stand for everything when things return to normal, approving project direction and guiding principles over the phone could become the model going forward, McGuigan said.

“Speed is not inherently a limitation at the Department of State,” he said. “It’s just alignment.”

Inside the HHS system informing White House coronavirus decisions

The Department of Health and Human Services created a system housing 187 datasets in nine days to support White House Coronavirus Task Force efforts to track and mitigate COVID-19’s spread.

Dubbed HHS Protect, the health insight platform pulls data from federal agencies, all 50 states, health care facilities and academia with contributions from private industry.

The HHS Office of the Chief Information Officer manages and continues to scale the platform, currently used by about 200 decision-makers and responders, José Arrieta, CIO and interim chief data officer, told FedScoop by email. Dr. Deborah Birx, Coronavirus Task Force coordinator, receives a nightly report on county-level COVID-19 cases nationwide compiled and analyzed in HHS Protect, which some documents have referred to as “HHS Protect Now.”

“Most importantly, the HHS OCIO team created a modern, flexible mechanism for transferring data and authenticating users within a short period of time,” Arrieta said. “We do not believe this would have been possible without the legal authorities provided to cabinet-level agency CIOs.”

HHS Protect has an authority to operate at the Federal Information Security Management Act moderate level — housing data that would have a serious adverse impact on agencies or people if compromised.

That data includes:

The White House charged HHS’s OCIO with operating the support systems providing information products to the Coronavirus Task Force, which in turn decides what additional data is needed for understanding the environment and coordinating resources. In essence, the task force is the product owner and HHS OCIO the scrum master and developers, Arrieta said.

HHS leadership and personnel are embedded with the task force, and the department works closely with the Federal Emergency Management Agency’s National Response Coordination Center and its own Centers for Disease Control and Prevention to identify new data sources.

“HHS is a large organization, and we have vast datasets to pull from,” Arrieta said. “Our challenge is to maintain laser focus on the most valuable datasets to continue providing high fidelity information to the White House, FEMA and HHS decision makers.”

Last month, the Trump administration requested about 4,700 hospitals begin reporting COVID-19 testing data to HHS daily. The health care community has been a “tremendous partner” in providing visibility into the frontlines of coronavirus response, Arrieta said.

But just how many hospitals have heeded the call remains unclear.

“As far as I’m aware, there haven’t been any public data releases from that request,” said Nick Hart, CEO of the Data Coalition. “So there is still uncertainty about what level of reporting is happening there, as well as the availability of information for researchers or the public.”

The VA’s role in sharing data

Hospitals are but one component of HHS’s data-gathering efforts. The Department of Veterans Affairs is closely sharing data on normal health care operations and the pandemic from the 1,243 facilities where the Veterans Health Administration has a presence.

The VA collects data on diagnostics, lab results, imaging, and medications through its electronic health record (EHR) and other reporting systems.

“VA is transitioning from a manual reporting methodology using lab tests and self-reported data to a real-time bio-surveillance methodology utilizing medical records to create a real-time COVID-19 surveillance tool to track cases, admissions and outcomes,” said VA CDO Kshemendra Paul in an email. “The change in methodology further strengthens the overall timeliness and accuracy of the data, reporting and analytics.”

That system will feed data to partners like the CDC’s National Health Surveillance Network, FEMA and the Department of Energy, which will process it with supercomputing to assist Food and Drug Administration researchers developing therapeutic treatments.

The process of moving EHR data to national data warehouses for reporting and analytics is “mature,” and VA is working on integrating data from non-veteran populations not previously served directly, Paul said.

Paul is also part of the CDO Council COVID-19 Data Coordination Working Group.

“In this workgroup, federal agencies’ CDOs are coming together to share the current and planned work within their agencies, identify collaboration opportunities, and to share data resources,” Paul said. “This is an unprecedented collaboration for the federal government, and we are very proud of it.”

As a result of the working group, VA is partnering with the Department of Defense, HHS’s National Institutes of Health and private industry on COVID-19 diagnosis, prognosis, treatment and outcome studies.

The VA is also developing standardized national databases of demographic and clinical data, treatments and outcomes for all its patients infected with COVID-19 to facilitate rapid research. External organizations must meet VA’s privacy and security requirements before data is shared.

Meanwhile, HHS enabled “robust” permissions allowing data owners to grant access to non-public datasets on an individual basis, Arrieta said.

Adding additional datasets into HHS Protect allows data scientists to conduct more sophisticated modeling and generate clearer common operating pictures — like the one Birx receives every evening — of diagnostics, testing, virus spread, case data, and resource allocation. Data scientists also get a better idea of how multiple variables interplay, Arrieta said.

“Given the evolving nature of responding to COVID-19, we continue to advance and optimize our approaches to data gathering,” Arrieta said. “Speed of delivery is our critical success factor, as minutes and hours matter in what we are up against.”

Needed to fight COVID-19: A program for data on social determinants of health

The COVID-19 crisis has led to an explosion of data analysis and data-driven debate, perhaps more than any other event in recent history. Government agencies, nonprofits, news organizations and ordinary citizens have collected data, published it widely and done myriad analyses to help guide decision-making about the pandemic. While these models have been valuable, most of them have left out a critical component: the impact of social context on illness and its relevance to COVID-19.

A growing body of evidence shows that the social determinants of health (SDOH) have a major influence on an individual’s health status — perhaps as much as, or even more than, the standard epidemiological measures that have been the basis of most COVID-19 models. A much-quoted study by the Kaiser Family Foundation identified six categories of social determinants: economic stability, neighborhood and physical environment, education, food, community and social context, and the health care system.

These social factors can vary widely from community to community. As researchers have said, your ZIP code may be as important as your genetic code in determining your health. In the case of COVID-19, social determinants can be critical in predicting how many people will suffer symptoms severe enough to require hospitalization, and where they will risk overwhelming their local hospitals’ capacity.

We are now seeing the importance of social factors in COVID-19 through an alarming set of statistics: the unusually high risk that African Americans infected with COVID-19 will be hospitalized or die of the disease. A likely explanation is that race in America is associated with social factors, including structural inequalities in access to medical care and economic and employment instability, that lead to a poor prognosis with COVID-19. Not only African Americans, but other Americans with high-risk SDOH profiles may be especially vulnerable to the virus as well.

State health departments, health care companies and academics are beginning to use SDOH data to predict COVID-19 risk in the populations they serve. The University of California-San Francisco has published a Health Atlas for the state of California showing social factors that impact health by geographical location. The population health management company ZeOmega is developing artificial intelligence models for risk prediction using SDOH data and flu infection records, and will apply those models to COVID-19 as more cases occur in the medical claims they manage for tens of millions of Americans. The nonprofit Center for Open Data Enterprise (CODE), which is a consultant to ZeOmega on the use of public SDOH data, recently co-published a white paper on applying SDOH data with the company. The analytics firm Socially Determined, which analyzes SDOH data at a highly localized level, is using its data to help health plan clients and the State of Maryland plan for COVID-19 care.

Organizations like these face a dual challenge: They need better data on the social determinants of health, and they need better data on the individuals who contract COVID-19, in order to develop AI models that use SDOH data for its predictive power. A combination of public and private efforts may provide the best solutions on both fronts.

The Centers for Disease Control and Prevention’s data on COVID-19 cases is an initial basis for tracking and analyzing the spread of COVID-19, but it is not enough. AcademyHealth and the Robert Wood Johnson Foundation have just launched a project to fill gaps in the CDC’s “missing or incomplete data” on “serious or underlying health conditions, hospitalization status, ICU admission, death, and age [or] any data stratified by race and ethnicity.” Their new collaborative initiative is bringing together researchers and health systems to “create an open COVID-19 patient data registry network.”

There are similar gaps in the availability of good SDOH data, and the federal government is well-positioned to lead the way to improve that data for public use. CODE recently partnered with the U.S. Department of Health and Human Services (HHS) Office of the CTO to explore ways to improve SDOH data, and published several recommendations for doing so. CODE’s report recommended that HHS create a national SDOH Data Strategy to improve the methodology for collecting SDOH data, support state and local data-gathering efforts, and establish data standards and mechanisms for data governance. Through the Office of the National Coordinator, HHS could also work with local decision-makers who can use their access to SDOH data at the state, county, or city level.

At the same time, healthcare companies, foundations, and nonprofits have a major opportunity to work with government sources, and with each other, to improve SDOH data and its use. The newly launched COVID-19 Healthcare Coalition is a highly collaborative national model. To identify vulnerable populations, the Coalition has used government data from the CDC, the U.S. Department of Housing and Urban Development, and the U.S. Census Bureau, among other sources. Their analysis captures social risk (along with medical and health care resource risks) through data on poverty levels, access to insurance, migration, and homelessness in American communities.

These strong beginnings can lead the way to new collaborations between government, industry, academia, and the nonprofit community to accelerate the use of SDOH data for public health. The Center for Open Data Enterprise is committed to promoting the use of SDOH data as a public resource. We welcome ideas for collaboration. This critically important data can make an immediate difference in the fight against COVID-19, and have a long-term impact on prevention, treatment, and diagnosis across American healthcare.

Joel Gurin is the President and Founder of the Center for Open Data Enterprise (CODE), a nonprofit based in Washington, DC whose mission is to maximize the value of open government data for the public good. He can be reached at joel@odenterprise.org.