The Situation Report: 3-D Guns, Teleworking, and EHRs–What Could Go Wrong?

airport scanner

3-D Printing Future Threats

The Transportation Security Administration last week discovered 68 firearms in carry-on bags around the nation. Of those, 59 were loaded and 21 had a round chambered.

Gun made with 3-D printed components. (Photo: TSA)

But one of those loaded guns was different. One of the loaded weapons discovered by TSA screeners at Reno-Tahoe International Airport was constructed of parts made with a 3-D printer.

“While it was a realistic replica, it was loaded with live ammunition,” the TSA said in a blog post this week. “This was a good catch from the TSA team at Reno (RNO)! While firearms are permitted in checked baggage, we strongly suggest making yourself familiar with local laws prior to flying with a printed firearm.”

It’s not illegal to make your own firearm using a 3-D printer–a process that takes less than 24 hours using today’s high-end printers. But my West Coast listening post has learned that California Gov. Jerry Brown signed a law last month that requires makers of 3-D printed guns and other homemade firearms to apply for an official serial number from the Department of Justice, a process that requires a background check.

Teleworking @USPTO

The U.S. Patent and Trademark Office has fully embraced the concept of telework. My USPTO surveillance station reports that as of the fourth quarter of 2015, up to 93 percent of USPTO’s workforce was eligible for teleworking one or more days per week–that’s more than 10,000 employees.

USPTO takes pride in the fact that the agency provides all of the equipment and systems necessary for their employees to do everything at home that they normally would in the office. But an intercepted intelligence report from USPTO’s inspector general shows that the agency has some challenges when it comes to keeping tabs on that equipment and the employees that have too much.

All hoteling equipment is tracked in the agency’s Enterprise Asset Management System (EAMS). But according to the IG, USPTO hasn’t been conducting physical inventories of the equipment. Instead, the agency was relying on employees to self-certify the existence of the equipment. And that has led to a few problems.

lost laptopThe average teleworker is issued several standard pieces of equipment: a Universal Laptop, Virtual Private Network (VPN) connection, Cisco Voice over Internet Protocol (VoIP), Microsoft Lync, webcam, Cisco WebEx, and a small office/home office (SOHO) router. But the IG discovered that some employees had been issued multiple laptops, routers, and monitors. Investigators also discovered that when some of those teleworkers separated from the USPTO, they did not certify that the equipment they had been issued had been returned to the agency.

And remember that EAMS database I mentioned? USPTO also unwittingly gave at least one employee read and write privileges, allowing that person to make changes to the inventory system without independent review or approval. USPTO officials also gave this employee additional responsibilities, putting him in charge of PCs and simultaneously making him a member of the review board responsible for investigating incidents of lost or stolen equipment.

“As a result, this particular staff member was directly responsible for property control and served on the board that decides financial responsibility for lost or damaged property.”

VA Moving Closer to Commercial EHR?

My Vermont Avenue listening post has picked up strong signals that the Veterans Administration is actively pondering what it will require to manage transitioning from its legacy electronic health record, known as the Veterans Information Systems and Technology Architecture (VistA), to a commercial EHR.

You’ll recall in April that Congress was not happy when it learned that the Veterans Health Administration had not yet made a decision on whether to move forward with a commercial scheduling system or to continue putting money into its own VistA enhancements. The Situation Report, however, has intercepted a VHA request for information that is seeking “guidance and recommendations on all aspects of the change management associated with this VHA COTS EHR acquisition and transition.”

ehr2According to the RFI,  the new commercial EHR “would support clinical workflow, evidence-based practice, and patient safety.  It would provide clinicians, patients, and administrators the data, analytic power, and user interfaces required to monitor the effectiveness of care and improve veteran care over time.  The modernized VHA system of systems of the future will include more than just a COTS EHR in order to facilitate and automate business processes that support access and veterans care.”

The RFI is good news, but it doesn’t mean VHA is going to pull the plug on VistA anytime soon. According to a senior VA official, who spoke to MeriTalk on background, VHA has endorsed the Digital Health Platform strategy developed by VA’s chief information officer, but it has not yet made a decision on the future of VistA. That strategy provided VHA options to continue using VistA or to move to a commercial EHR.

“VHA endorsed the strategy including the option to move to COTS, but the fact that it’s an endorsement of a strategy is important context,” the official said. “A decision to move forward and procure a COTS EHR is still a pending decision–one which will be informed by findings from RFI(s), cost estimating, and other planning efforts,” the official said. “Finally, I’d highlight that we are continuing our current VistA 4 (i.e. VistA Modernization) plans through FY18.”

Dan Verton
About Dan Verton
MeriTalk Executive Editor Dan Verton is a veteran journalist and winner of the First Place Jesse H. Neal National Business Journalism Award for Best News Reporting -- the highest award in the nation for business/trade journalism. Dan earned a Master's Degree in Journalism and Public Affairs from American University in Washington, D.C., and has spent the last 20 years in the nation's capital reporting on government, enterprise technology, policy and national cybersecurity. He’s also a former intelligence officer in the United States Marine Corps, has authored three books on cybersecurity, and has testified on critical infrastructure protection before both House and Senate committees.
No Comments

    Leave a Reply


    Archives