IG concludes that VistA outage compromised vets' health care

23-hour outage March 16 prevented access, updates to digital patient records

The Veterans Affairs Department needs to make patient safety a higher priority as it deals with outages and the aging infrastructure of its electronic health record system, according to a new report from VA’s Office of Inspector General.

VA’s Veterans Health Information Systems and Technology Architecture (VistA) experienced a 23-hour outage March 16 that had a major effect on patient care for VA’s entire North Texas Health Care System, according to the IG’s Dec. 3 report. Digital patient records were unavailable during that time, except on a read-only basis via a contingency program. Paper records were used in the interim.

“We found that patient care had been significantly impacted by the loss of this critical medical system during this outage,” wrote Dr. John Daigh, VA’s assistant inspector general for health care inspections, in the report. “Many clinicians felt that the risks to patient safety increased dramatically as the outage continued.”

The IG also found indications that between 334 and 666 VistA outages might have occurred in the past two years, but the evidence was incomplete and inconclusive. The IG was unable to describe a pattern or trend to the VistA outages because VA did not collect the relevant data.

However, the IG criticized VA’s handling of the outages, in particular the lack of ongoing risk assessments and the withholding of an internal VA report on the causes of the outage in Texas.

That internal after-action report should have been distributed much more broadly to the Veterans Health Administration and other patient care units, the IG wrote.

“The report brought to light aging infrastructure issues [and] the need to survey system configurations, and identified higher-risk single points of failure,” Daigh wrote. “The fact that this root cause report, with implications for patient care and safety, had such a limited distribution and did not include VHA raises the highest concern.”

VA has been addressing VistA reliability concerns by focusing efforts on building additional regional data processing centers. However, providing more support to regions 2 and 3 is at least two years away.

Roger Baker, VA’s assistant secretary for information and technology, outlined plans to improve VistA’s backup system.

“VistA was not architected for 100 percent uptime,” Baker wrote in an appendix to the IG’s report. “Provision of a second VistA system within the same data center as the original will avoid only one outage scenario, while not addressing a myriad of other issues that can also cause VistA availability outages. As it is in line with current [Office of Information and Technology] plans to improve VistA system availability at all hospitals, OIT agrees that it should expedite the installation of the VistA read-only platform at all hospitals not yet supported by a regional data processing center.”

The IG made five recommendations for improvements, and VA officials agreed with them.

VA recently established established an industry group to help officials weigh options for expanding VistA’s distribution in the private sector. The 20-year-old open-source platform is one of the first electronic health record systems.

About the Author

Alice Lipowicz is a staff writer covering government 2.0, homeland security and other IT policies for Federal Computer Week.


  • Defense
    Ryan D. McCarthy being sworn in as Army Secretary Oct. 10, 2019. (Photo credit: Sgt. Dana Clarke/U.S. Army)

    Army wants to spend nearly $1B on cloud, data by 2025

    Army Secretary Ryan McCarthy said lack of funding or a potential delay in the JEDI cloud bid "strikes to the heart of our concern."

  • Congress
    Rep. Jim Langevin (D-R.I.) at the Hack the Capitol conference Sept. 20, 2018

    Jim Langevin's view from the Hill

    As chairman of of the Intelligence and Emerging Threats and Capabilities subcommittee of the House Armed Services Committe and a member of the House Homeland Security Committee, Rhode Island Democrat Jim Langevin is one of the most influential voices on cybersecurity in Congress.

Stay Connected


Sign up for our newsletter.

I agree to this site's Privacy Policy.