VA CISO Details Modernization, EHR Implementation Efforts

Veterans Affairs VA Vets

While the Department of Veterans Affairs is approaching IT modernization with a strong desire to improve systems, especially when it comes to electronic health records (EHR), the agency is taking care not to shut down existing systems too early, said deputy CIO and chief information security officer Dominic Cussatt during an episode of Government Matters that aired on Sunday.

“I think all of the work that we did in the last three years has positioned us nicely,” said Cussatt. “Doing all of this has set us up nicely to ingest the huge application we’re about to bring in to our very massive network,” he added, referencing the new EHR program that Cerner is developing for the agency.

However, VA is not putting VistA–its legacy EHR system–out to pasture just yet, a decision that is very much deliberate.

“VistA has been a very successful and important system for us. I sometimes compare it to a Christmas tree, it was there and we’ve hung a lot of ornaments on it over the years. It had an infrastructure that was amenable to adding applications and functionality that would extend across our huge enterprise. We’re very cognizant of that, and we’re taking a lot of time to account for everything that’s out there, all the capabilities that it’s bringing to our workforce and our veterans,” said Cussatt. “We want to be careful that we don’t break things along the way.”

Retiring legacy systems is just one of five main goals for VA’s IT department, said Cussatt.

On the subject of cloud, Cussatt said that VA aims to be aggressive–the agency has moved “several dozen” apps and is looking to move more, starting with “the lower hanging fruit.” He also noted that VA is focused on using FedRAMP-approved products.

Digitization of business processes, another one of VA’s goals, also has seen success, winning the VA U.S. Digital Service team a Sammie award. Cussatt pointed to the creation of a strategic sourcing arm and an account management office as beneficial to digitization efforts.

On the cybersecurity front, Cussatt explained that VA’s enterprise cybersecurity strategy has “35 plans of action, decomposed into over 3,000 line items in an integrated master schedule.” He also pointed to the creation of a strategy branch within the CISO’s office as a key factor to prevent backsliding on the agency’s security posture.

Finally, Cussatt highlighted VA’s efforts to improve data management.

“When it comes right down to it, we want to be able to use the massive amounts of data that VA has to better serve our veterans,” he said. “We’re working very hard on data visualization, data analytics tools, and even using some supercomputing capabilities to go through that data and tell us things we were never privy to.”

Recent