Legacy Systems

Auditors want VA to better track VistA costs

Shutterstock ID: 133503068 By ESB Professional

The Department of Veterans Affairs plans to move forward on a multibillion-dollar contract with Cerner for a new commercial electronic health record system next year. But before that happens, auditors at the Government Accountability Office want VA officials to finish fully mapping the scope and costs of the old system.

According to a July 25 audit, VA officials tracked a combined $2.3 billion in costs for VistA, its legacy health records system, between 2015 and 2017. However, the department currently "does not have a comprehensive definition for the system" and thus is not able to fully capture the total associated costs. Of the costs that were tracked, only about $1 billion were considered "reliable," which GAO defined as costs that are accurate, well-documented, credible and comprehensive.

Part of the problem can be attributed to the age of the system -- VistA is more than 30 years old -- and to the numerous customized versions of the software developed over the years, including at least 130 for more than 1,500 VA medical centers, outpatient clinics, community living centers and veteran centers across the country.

"While defining a complex IT system can be challenging, having an adequate understanding of its characteristics will better position the organization to comprehensively project and account for costs over the life of a system or program as well as identify specific technical and program risks," auditors wrote.

VistA supports health care for about 9 million veterans and their families every year and doubles as a time-and-attendance, asset management, library and billing system. Officials said the 130 custom versions of VistA will be replaced by a single commercial solution when Cerner's system goes online next year. But that transition is expected to last at least a decade, and GAO wants the agency to better account for costs for VistA in the meantime.

Auditors recommended that VA develop a comprehensive methodology for reliably reporting those costs, including how to define the system.

"In conclusion, although VA is not likely to be positioned to retire VistA for at least another 10 years, the department lacks the comprehensive and reliable cost information needed to make critical management decisions for sustaining the system," the report stated.

According to the report, the department concurred with the recommendation and agreed to provide an action plan for developing such a framework within six months.

About the Author

Derek B. Johnson is a senior staff writer at FCW, covering governmentwide IT policy, cybersecurity and a range of other federal technology issues.

Prior to joining FCW, Johnson was a freelance technology journalist. His work has appeared in The Washington Post, GoodCall News, Foreign Policy Journal, Washington Technology, Elevation DC, Connection Newspapers and The Maryland Gazette.

Johnson has a Bachelor's degree in journalism from Hofstra University and a Master's degree in public policy from George Mason University. He can be contacted at djohnson@fcw.com, or follow him on Twitter @derekdoestech.

Click here for previous articles by Johnson.


  • Congress
    Rep. Jim Langevin (D-R.I.) at the Hack the Capitol conference Sept. 20, 2018

    Jim Langevin's view from the Hill

    As chairman of of the Intelligence and Emerging Threats and Capabilities subcommittee of the House Armed Services Committe and a member of the House Homeland Security Committee, Rhode Island Democrat Jim Langevin is one of the most influential voices on cybersecurity in Congress.

  • Comment
    Pilot Class. The author and Barbie Flowers are first row third and second from right, respectively.

    How VA is disrupting tech delivery

    A former Digital Service specialist at the Department of Veterans Affairs explains efforts to transition government from a legacy "project" approach to a more user-centered "product" method.

Stay Connected


Sign up for our newsletter.

I agree to this site's Privacy Policy.