IG concludes that VistA outage compromised vets' health care

23-hour outage March 16 prevented access, updates to digital patient records

The Veterans Affairs Department needs to make patient safety a higher priority as it deals with outages and the aging infrastructure of its electronic health record system, according to a new report from VA’s Office of Inspector General.

VA’s Veterans Health Information Systems and Technology Architecture (VistA) experienced a 23-hour outage March 16 that had a major effect on patient care for VA’s entire North Texas Health Care System, according to the IG’s Dec. 3 report. Digital patient records were unavailable during that time, except on a read-only basis via a contingency program. Paper records were used in the interim.

“We found that patient care had been significantly impacted by the loss of this critical medical system during this outage,” wrote Dr. John Daigh, VA’s assistant inspector general for health care inspections, in the report. “Many clinicians felt that the risks to patient safety increased dramatically as the outage continued.”

The IG also found indications that between 334 and 666 VistA outages might have occurred in the past two years, but the evidence was incomplete and inconclusive. The IG was unable to describe a pattern or trend to the VistA outages because VA did not collect the relevant data.

However, the IG criticized VA’s handling of the outages, in particular the lack of ongoing risk assessments and the withholding of an internal VA report on the causes of the outage in Texas.

That internal after-action report should have been distributed much more broadly to the Veterans Health Administration and other patient care units, the IG wrote.

“The report brought to light aging infrastructure issues [and] the need to survey system configurations, and identified higher-risk single points of failure,” Daigh wrote. “The fact that this root cause report, with implications for patient care and safety, had such a limited distribution and did not include VHA raises the highest concern.”

VA has been addressing VistA reliability concerns by focusing efforts on building additional regional data processing centers. However, providing more support to regions 2 and 3 is at least two years away.

Roger Baker, VA’s assistant secretary for information and technology, outlined plans to improve VistA’s backup system.

“VistA was not architected for 100 percent uptime,” Baker wrote in an appendix to the IG’s report. “Provision of a second VistA system within the same data center as the original will avoid only one outage scenario, while not addressing a myriad of other issues that can also cause VistA availability outages. As it is in line with current [Office of Information and Technology] plans to improve VistA system availability at all hospitals, OIT agrees that it should expedite the installation of the VistA read-only platform at all hospitals not yet supported by a regional data processing center.”

The IG made five recommendations for improvements, and VA officials agreed with them.

VA recently established established an industry group to help officials weigh options for expanding VistA’s distribution in the private sector. The 20-year-old open-source platform is one of the first electronic health record systems.

About the Author

Alice Lipowicz is a staff writer covering government 2.0, homeland security and other IT policies for Federal Computer Week.


  • Comment
    customer experience (garagestock/Shutterstock.com)

    Leveraging the TMF to improve customer experience

    Focusing on customer experience as part of the Technology Modernization Fund investment strategy will enable agencies to improve service and build trust in government.

  • FCW Perspectives
    zero trust network

    Why zero trust is having a moment

    Improved technologies and growing threats have agencies actively pursuing dynamic and context-driven security.

Stay Connected