Legacy Systems

Auditors want VA to better track VistA costs

Shutterstock ID: 133503068 By ESB Professional

The Department of Veterans Affairs plans to move forward on a multibillion-dollar contract with Cerner for a new commercial electronic health record system next year. But before that happens, auditors at the Government Accountability Office want VA officials to finish fully mapping the scope and costs of the old system.

According to a July 25 audit, VA officials tracked a combined $2.3 billion in costs for VistA, its legacy health records system, between 2015 and 2017. However, the department currently "does not have a comprehensive definition for the system" and thus is not able to fully capture the total associated costs. Of the costs that were tracked, only about $1 billion were considered "reliable," which GAO defined as costs that are accurate, well-documented, credible and comprehensive.

Part of the problem can be attributed to the age of the system -- VistA is more than 30 years old -- and to the numerous customized versions of the software developed over the years, including at least 130 for more than 1,500 VA medical centers, outpatient clinics, community living centers and veteran centers across the country.

"While defining a complex IT system can be challenging, having an adequate understanding of its characteristics will better position the organization to comprehensively project and account for costs over the life of a system or program as well as identify specific technical and program risks," auditors wrote.

VistA supports health care for about 9 million veterans and their families every year and doubles as a time-and-attendance, asset management, library and billing system. Officials said the 130 custom versions of VistA will be replaced by a single commercial solution when Cerner's system goes online next year. But that transition is expected to last at least a decade, and GAO wants the agency to better account for costs for VistA in the meantime.

Auditors recommended that VA develop a comprehensive methodology for reliably reporting those costs, including how to define the system.

"In conclusion, although VA is not likely to be positioned to retire VistA for at least another 10 years, the department lacks the comprehensive and reliable cost information needed to make critical management decisions for sustaining the system," the report stated.

According to the report, the department concurred with the recommendation and agreed to provide an action plan for developing such a framework within six months.

About the Author

Derek B. Johnson is a senior staff writer at FCW, covering governmentwide IT policy, cybersecurity and a range of other federal technology issues.

Prior to joining FCW, Johnson was a freelance technology journalist. His work has appeared in The Washington Post, GoodCall News, Foreign Policy Journal, Washington Technology, Elevation DC, Connection Newspapers and The Maryland Gazette.

Johnson has a Bachelor's degree in journalism from Hofstra University and a Master's degree in public policy from George Mason University. He can be contacted at [email protected], or follow him on Twitter @derekdoestech.

Click here for previous articles by Johnson.


  • FCW Perspectives
    zero trust network

    Can government get to zero trust?

    Today's hybrid infrastructures and highly mobile workforces need the protection zero trust security can provide. Too bad there are obstacles at almost every turn.

  • Cybersecurity
    Rep. Jim Langevin (D-R.I.) at the Hack the Capitol conference Sept. 20, 2018

    NDAA process is now loaded with Solarium cyber amendments

    Much of the Cyberspace Solarium Commission's agenda is being pushed into this year's defense authorization process, including its crown jewel idea of a national cyber director.

Stay Connected


Sign up for our newsletter.

I agree to this site's Privacy Policy.