The House Veterans’ Affairs Subcommittee on Technology Modernization held its first hearing of the year today with hopes of getting a baseline reading from the Department of Veterans Affairs’ Office of Information and Technology (VA OIT) – but with no OIT representation, the committee went ahead and discussed the department’s challenges with panelists from VA’s Office of the Inspector General (OIG) and the Government Accountability Office (GAO).
While the subcommittee invited VA CIO James Gfrerer to the hearing, the agency declined the invitation because Gfrerer will testify before the full committee later today. However, the VA also declined to send a deputy CIO to this morning’s hearing, irking members at the hearing.
“I want to be clear that we won’t stand on ceremony in this subcommittee – we want to engage with knowledgeable management and staff, no matter their title to better understand these challenges and figure out the solutions,” said subcommittee Chairwoman Susie Lee, D-Nev.
“I understand Mr. Gfrerer will be testifying before the full committee this afternoon, but I was surprised and frankly disappointed that not only was he unable to appear this morning, but VA declined to send any witness in his place from OIT,” said ranking member Jim Banks, R-Ind.
With no OIT representation, Banks offered his view on the challenges for OIT.
“VA’s number one IT problem, before we even get into specific programs, is that operation and maintenance of legacy systems and fixed infrastructure costs consume almost all of the OIT budget. When I joined this committee, that percentage was about 80%, and now it is approaching 90%,” he said. “I see a natural tension here between adding new systems that are necessary to VA’s mission and retiring old systems to bend that cost curve,” he added.
The witness panel of oversight professionals offered their view on the past challenges they had examined within VA as well.
Carol Harris, director of IT acquisition management issues at GAO, noted that VA’s IT management continues to be classified as high-risk, progress on IT issues is uneven across the department, and more work needs to be done to ensure cybersecurity. She also touched on the VA’s electronic health record (EHR) modernization effort, emphasizing the need for a joint governance structure between VA and the Department of Defense.
“I think that this is actually the most important recommendation we have made for the EHRM program. If VA and DoD cannot formalize a process for how they are going to adjudicate these really tough issues, they are going to fail again in this fourth attempt at integrating their systems,” she said.
Rep. Banks added that he is circulating a draft bill that would grant more power to the Interagency Program Office to solve issues between VA and DoD.
VA Deputy Secretary John Byrne said at a prior hearing that he intended to appoint a “purple person” to oversee conflicts between VA and DoD on EHR interoperability issues, but Banks’ bill would expand the structure beyond EHR to address all aspects of interoperability between VA, DoD, and the Office of the National Coordinator for Health Information Technology.
The issue of leadership at OIT also came up as a challenge, with Rep. Lee noting that VA has seen five CIOs over the last four years. Although the agency finally got Senate confirmation on a permanent CIO in January, Brent Arronte, deputy assistant inspector general for the VA, highlighted one of the main areas of concern in OIT’s management – a lack of strong leadership.
“What happens, and this seems to be a common theme, is when it’s time to make final decisions about an initiative or an application, there’s nobody there to do that … I think they struggle with program management across the board when it comes to IT initiatives,” he said.
Arronte also described improvements from the establishment of VA’s IT Operations and Services (ITOPS) program as “marginal,” and despite the creation of the Enterprise Cybersecurity Strategy Team, OIG continues to see similar deficiencies.
Michael Bowman, director of the IT and Security Audits Division within VA OIG, touched on specific challenges with password requirements and poor FITARA (Federal Information Technology Acquisition Reform Act) implementation.
“Although our draft report is under development, we’re seeing that the CIO is not actively involved in the planning and budgeting of IT within all administrations across the enterprise. I think that has a real adverse effect, and then you combine that with the frequent turnover, it’s a recipe for disaster,” said Bowman.
As an example, Bowman noted that the Veterans Health Administration has a line item for IT, because they feel that working through OIT is too slow for important needs.