ANTHONY J. PRINCIPI
DEPARTMENT OF VETERANS AFFAIRS
SUBCOMMITTEE ON OVERSIGHT AND INVESTIGATIONS
COMMITTEE ON VETERANS' AFFAIRS
U.S. HOUSE OF REPRESENTATIVES
April 4, 2001
Thank you Mr. Chairman, Mr. Snyder, and members of the subcommittee for this opportunity to come here today to address the issues you have raised concerning VA's Information Technology (IT) program and specifically VA's integrated systems architecture, VETSNET, our information security posture, and the Veterans Health Administration's (VHA) Decision Support System. I would also like to take this opportunity to give you my personal commitment that we will reform the way we use information technology at VA.
I first want to restate my pledge that we will not spend any new funds on IT until we have defined an Enterprise Architecture that ends "stove-pipe" systems design, incompatible systems development, and the collection of data that do not yield useful information. I have instructed my staff to convene a panel of world experts in the area of systems architecture to team with key business unit decision makers in each of our Administrations and staff offices to develop a comprehensive Integrated Enterprise Architecture Plan. I am well aware of your concern about this serious problem. I have assigned it the highest priority, and I expect to be able to deliver this plan to you in a matter of months.
The other issue that has my immediate attention is our IT security posture. I want you to know that I take very seriously the privacy and security of the information that we use and collect. As we become more and more sophisticated in the use of information technology, we must never lose sight of what is really at stake. Our veterans entrust us with the most private, the most sensitive information imaginable. Good medicine is dependent upon good communication. Our veterans must be assured that we will honor that trust by ensuring that no unauthorized person has access to this information. Similarly we must be able to ensure that financial transactions are scrupulously protected and that the networks and systems that we have come to depend on are secure and available.
I am pleased to be able to report that we have made significant strides recently in improving our overall IT security posture. But as the reports of the U. S. General Accounting Office and our own Inspector General demonstrate, in truth, we still have much to do. I have made it clear to my staff that I will hold all senior managers accountable for ensuring strict compliance with our security directives. I am pleased to report that we have created a Senior Executive Service level "Cyber-Security" Director position. We have selected a highly qualified candidate from a rich talent pool to fill the position. He will be an important member of my IT management team. We have also made a series of critical decisions to enforce our policies that will result in a more secure, a more private environment. We cannot afford to lose the trust of veterans concerning the privacy of their medical information or the Congress concerning our stewardship of the resources that have been provided. We appreciate that trust and we will not lose it.
In regard to the two specific programs, VETSNET and VHA's Decision Support System, as you are very aware, each of these programs has had a troubled history. Let me tell you what I currently know, and more importantly, how I intend to proceed with each program.
VETSNET has been under development for far too long. Its development was delayed as new technologies and technical approaches came and went. Over time it has suffered from a lack of focus, the absence of clear goals, and at some points inadequate management. These problems are behind us. The current VETSNET management plan addresses these problems. What began as a modernization program to automate all of VBA's business lines has evolved into a replacement system for the Compensation and Pension (C&P) claims processing system that was developed in the 1960's and 70's. However, I am still concerned about critical issues of performance and effective systems integration. Therefore, I have directed that before we proceed to a fully operational status on VETSNET, we will conduct an independent audit of the overall system. This audit will provide us with the assurance that this system will meet all of the security, functional, and performance requirements we have set for it. If it passes these tests, we will go forward with its implementation on the current schedule. If not, we will develop a plan to extend the life of the current systems and immediately begin the development of a replacement system.
Let me make a few things clear. We will not throw good money after bad. If this current version of VETSNET doesn't meet our needs for the next several years, we will terminate its development. Conversely, if it does meet our needs, we will not hold past failures against it, and we will go into production with the system. I have been assured that VETSNET is being developed in an open architecture to facilitate eventual integration into a future system and that it should fit within the framework of the Enterprise Architecture I have previously discussed. That system will be part of an integrated, whole solution to the needs of our veterans.
As for VHA's Decision Support System (DSS), we have made a significant investment in both time and resources in the implementation of DSS. Since its implementation at the end of FY 1998, VHA has made significant strides to improve the data quality and access. A number of significant changes and applications of DSS are underway in VHA.
VHA has extended access to DSS data from beyond the production system by developing National DSS extracts. These enable users at both the Veterans Integrated Service Network (VISN) and VA Medical Center (VAMC) levels to develop customized reports needed to manage costs and understand workload. DSS data are now being used for the development of FY 2002 VERA allocations. The DSS use for VERA allocations is a clear indication that VHA is committed to using DSS to support some of the most critical decisions that VHA makes. Also, the Practice Management Advisory Board is using DSS data in their work in practice profiling. VISN Directors now have two DSS performance measures and a total of 14 DSS-based performance measures are being used to ensure that facilities move towards data based decision making. Most importantly, to further integrate DSS use in financial management and day-to-day operations, the DSS program was transferred to the VHA Office of Finance on March 11, 2001.
To address concerns about the quality of DSS data, standardization audits have been developed and will be deployed to ensure that a standard structure is used at all levels. Additional efforts are underway to improve access and use of DSS data. While many of the implementation issues that once faced VHA have been addressed and resolved, I believe our focus must be on the future and on better use of DSS in our day-to-day business and management decision processes. DSS still faces challenges to full implementation and significant efforts will be necessary to ensure an appropriate return on our investment.
Thank you for this opportunity to discuss these very serious IT issues. I will be happy to answer any questions I can.