A new take on the paperless office
The goal of a paperless office often seems elusive, but the Social Security Administration recently completed a proof-of-concept project that could lay the groundwork for an all- electronic agencywide environment.
The project, involving medical records related to disability claims, focused on a major obstacle many agencies face: how to create a system that provides both the technical features needed to digitize a paper-intensive process and the privacy and security controls needed to work with sensitive information.
Along with a group of private-sector organizations that bill themselves as the eSTORM (Secure Technology for Object and Repository Management) team, SSA showed how commercial off-the-shelf technology could be used to build a data clearinghouse that employees can access based on their security profiles.
Since completing the project last winter, the eSTORM team has been working to promote the concept across the federal market. The team demonstrated eSTORM technology for Mark Forman, associate director of information technology and e-government at the Office of Management and Budget, for possible use in OMB's e-government initiatives.
Since then, the eSTORM consortium has received more calls from agencies for presentations, said Scott Godfrey, an account manager with marketing responsibility for SSA at Science Applications International Corp., the systems integrator for the eSTORM team. The eSTORM approach has also attracted attention from the private sector, particularly from the insurance industry, he said.
But eSTORM was more than a technical proof-of-concept. The project also gave SSA officials an idea of the changes the agency must make for such a system to work.
"The beauty of [the eSTORM] presentation was its simplicity, particularly in the way it showed how currently available technologies can be made to work together," said Tony Trenkle, deputy associate commissioner of SSA's Electronic Services. "But the devil is in the details. The SSA is used to doing things internally and in certain ways, so we will need to change how we do things."
Most of the problems associated with the paperless process do not involve technology, he said, but instead revolve around operational and policy considerations, especially when dealing with sensitive data.
"To that end, this becomes more of a change-management exercise," Trenkle said.
The eSTORM solution is based on the use of electronic folders to consolidate individual customers' records. The system controls access to the folders by assigning privileges to individual employees, enabling some employees to read and modify records, while others can only read them.
Overarching security is provided by public-key infrastructure technology, which combines digital certificates, encryption software and other technologies.
Members of eSTORM include Computer Associates International Inc., AT&T, Mellon Financial Corp., Lexmark International Inc. and SAIC. InterSystems Corp., which provides database systems for Web applications, was an early participant but dropped out.
The project focused specifically on the collection and management of medical records related to disability claims, but the core approach is considered applicable to many other government processes and records, SSA officials said.
In particular, eSTORM was designed to take a "holistic" approach to the paperless environment, said John Sabo, manager of security, trust and privacy initiatives for Computer Associates and a former SSA employee.
"We showed that we have technology that can scale, and we needed to show that the various technologies we used could be integrated with" one another, Sabo said. "Then we needed to show what were the policy and business issues that have to be addressed, and how we could properly establish that the contents of the electronic folders are correct."
Demonstrating how to electronically replicate the trust that is now invested in paper records, through the use of such tools as PKI and digital signatures, is an important result of those kinds of projects, he said.
The "logistics nightmare" of replicating that paper-based trust process is what keeps many organizations from developing a paperless environment, according to Avi Hoffer, chief executive officer of Metastorm Inc., a leading provider of "e-work" solutions to government and commercial organizations.
"The other part of the problem is that organizations don't think wide enough to solve the problem," he said. "They follow just one piece of an electronic form around and don't think of what other processes are needed. If just one person reverts to using paper, that breaks the chain of references you need for the digital process to work. You have to automate everything, end-to-end."
Because of the Paperwork Reduction Act of 1995, all agencies are trying to cut their use of paper, Hoffer said.
But a successful demonstration of the process by an organization as large as SSA would go a long way toward solving problems, he said.
Other agencies will likely adopt the process SSA uses if it is effective, he said.
"The resistance in agencies [to paperless processes] is breaking down," said John Dyer, who is in charge of SAIC's business development for public-sector enterprise health solutions and was previously SSA's deputy commissioner and chief information officer. "It's much more now about how to do it."
Trenkle also thinks there is a high demand for what SSA is trying to develop. Now that homeland security is such a major issue, the federal government urgently needs a way to share data securely and on a real-time basis among disparate organizations, he said.
SSA officials are now looking at ways to develop all-electronic pilot projects using live data, he said, though no decision has been made about whether or when to go ahead with them. n
Robinson is a freelance journalist based in Portland, Ore. He can be reached at firstname.lastname@example.org.
Putting it together
The goal of the Secure Technology for Object and Repository Management is to develop active electronic repositories with large collections of multimedia objects — text, images and video — and that provide secure but easy access for users.
The easy part is critical. Because users will have varying degrees of expertise with computers, the user interface must be simple, intuitive and capable of automatically adapting to different rules and functions. The use of commercial software is also considered critical, because the paperless systems will have to interoperate with other systems both within and across departmental borders. Proprietary solutions are out.