LaVerne Council drills in on her to-do list

The VA CIO sat down with FCW to discuss her agency’s reform efforts, new initiatives and relationship with Congress.

LaVerne Council, CIO, Dept. of Veterans Affairs

The VA CIO sat down with FCW to discuss her agency’s reform efforts, new initiatives and relationship with Congress

This interview ran in the May 15 print edition of FCW

When Robert McDonald was named secretary of the Department of Veterans Affairs, all eyes were on his choice for a top technology leader. The assistant secretary for information and technology at VA leads a $4 billion enterprise, one of the largest in civilian government. The post is one of only a handful of agency CIOs jobs that are subject to Senate confirmation. And it was well known that when McDonald was CEO of consumer goods giant Procter and Gamble, he relied heavily on his CIO Filippo Passerini.

About a year ago, after her Senate confirmation hearing to become VA's CIO, LaVerne Council said she suspected Passerini had suggested her for the job. "He knows I like hairy problems," Council told FCW at the time.

It's hard to imagine a hairier problem in government than running the IT shop at VA. Council is responsible for delivering technology to a workforce of about 345,000 employees. The Office of Information and Technology manages some 450,000 computers and 16,000 servers and is responsible for defending a nationwide network that spans major hospital centers and local clinics and offices.

VA also manages medical care for 9.2 million veterans, making it the largest integrated system in the United States. VA tracks patient data on its homegrown, open-source electronic health record system VistA, a program that has struggled to connect and share data with Defense Department systems and those in the private sector.

Council stepped into a department that had been under the management of acting CIO Steph Warren for two-and-a-half years. She moved quickly to fill key leadership roles and address some of the most pressing issues, including tackling dozens of long-standing security weaknesses identified by the agency's inspector general and meeting the requirements of the fiscal 2014 National Defense Authorization Act that the VistA system be certified as interoperable with DOD systems.

That hasn't left time for much else, but Council said she plans to go the distance. "When the president leaves, that will be my last day as well," Council said in an April 6 interview. "That was my commitment. I will keep it."

This is a transcript of that conversation; it has been edited for length and clarity.

Cloud

VA's April 4 cloud procurement request for information seems like a big deal. What's cloud going to do for VA?

The RFI went out because this is part of our new strategy of "buy first," in particular to reduce our complexity. As you may or may not be aware, we have over 365 data centers within the VA and 800-plus custom applications. The amount of data storage, the locations of those things, all those things say: "Wow, we need to simplify, and we also need to secure." We are looking at the cloud as our way of bringing on some new [buying] capability.

Productivity tools are moving us away from this aligned service structure to more of a virtual capability. The cloud is one of the ways that we will get there. We also are really interested, as much as we can, to partner with other agencies within the federal government.

Our requirements may be a little more extreme than some, but certainly, if there's an opportunity where we can [partner], we will. We think that our buying power helps everybody.

One of the big traps in government is paying for modernization because you've got to run the old stuff while you spin up the new stuff. How are you addressing that with cloud?

It's always interesting because there is that tight line on sustainment, and so one of the strategies that I have my principal deputy, Ron Thompson, working on is what are the right things to go first, second, third and fourth that could give us the savings, which could then go into parlaying the pay-for.

That's how the priority is being looked at, looking at those things that are less risk, easier to do, proven to do. And that, frankly, will help not only the workforce within the VA, but also help us move forward as we look at our material weaknesses and [how to eliminate] them.

Future of VistA

You were asked on Capitol Hill recently about your decision to tap the brakes on VistA modernization. Why did you decide to do that, and how is it going? Has a group been tasked with looking more widely at potential solutions?

Everyone says it's like tapping the brakes. That's not how we see it. VistA Evolution is still going. VistA Evolution was four core parts, and the team is now working on VistA Four. VistA Four was to be completed in 2018. There has been really no change in what VistA Four was going to do.

Dr. [David] Shulkin, who heads up the [Veterans Health Administration], and myself, after reviewing our business case and also after seeing a number of changes that are happening in the environment around women veterans, about care in the community and transformation in technology…we wanted to leave the organization with a strategy for the future beyond 2018. That's really what we're doing.

My organization, under my leadership, is really coming up with the next digital health platform. Working with Dr. Shulkin and his team, they're looking at it and understanding the viability, what would make sense for them [and] how far, with the different options that we've laid out, they would want to consider [going]. Then based on that, we would put forward what the change strategy would be for the organization.

It doesn't necessarily say there will be no such thing as VistA because you always have to have an [electronic health record] as a component. It does say that we are moving to or thinking about health as a platform and thinking about all the things that you need to do to provide good health care.

Is there a path — and is it a desirable one — to get to the point where you have just one instance of VistA? Even as far back as your confirmation hearing, data interoperability was a big issue for you. It seems you wouldn't choose to build it from scratch.

Right, and frankly, that's the look that Dr. Shulkin and I wanted to have. If we didn't have limitations, what would we do? The need to have semantic interoperability is real. That's what we've got to really reach for. How do we do that?

The instance issue itself is always hard because we are the largest integrated health system…. No one scales to that level. The question is: How well does the data work? How well does the data flow? That's really being addressed with our [joint DOD/VA interoperability program office] currently [and] our interoperability plan, which will state that we will be interoperable [by the end of April].

Then moving on with what we call eHMP [Enterprise Health Management Platform], which gives us some flexibility and views of data very differently, getting a soft launch in August of this year, with full rollout next year. I think the real question for us is functionality and thinking about how we provide holistic health care for our veterans.

How do we ensure care in the community? [How do we ensure] that we have an accurate electronic health record? How do we also ensure that it's a secure health record and that a veteran can get care anywhere at any time? Those are the key drivers, in addition [to], as we said, the number of women veterans, ensuring that the care is there.

What's your role in making sure that VA can work with DOD's new system? What activity is taking place at VA to accommodate that?

The [joint interoperability program office] was set up to really drive this link between the DOD and the VA. It was purposely set up to create really a flow of data. A flow of data requires a lot of things. It requires that you're using the same expectation and definition for the data. It requires that we've all agreed as to what the dataset is — all these things. That's what the IPO was set up to do: to ensure a holistic record.

Is the current work on interoperability going to pay off when the Pentagon switches to its new commercial system? Or will that work be lost?

It's not lost. It totally feeds. What we've got to do is ensure what we're doing with eHMP and what we do in the next generation will also continue to keep that feed and that we take advantage of technology.

The veteran to us and the veteran data is not just health data. It's the holistic set of all the things that they have rights and that their family has rights to. People forget that. All of those things really make up the veteran's information, not just the health care side.

For the first time, there are things that just aren't health-related that will be flowing in to create this holistic record. That to me is ultimate legacy. That's where I get excited.

Coping with Congress

What would you tell a private-sector colleague who is interested in moving into government about how to deal with congressional oversight?

Most people who have been in C-suite jobs in corporate America are used to oversight. It's called a board. Then it's called your boss, and there are auditors. Much of the oversight that's here is very similar except for the political element of it.

I would say...that I'm probably a little...I don't want to say unaffected by it, but I'm not hair-on-fire about it. They have constituents that we touch. My objective is to make sure they have the most accurate information probable and possible.

I would tell any other private person to realize this is just keeping another constituent up-to-date as to what you're doing and being open about it.

The political aspect is different, though.

It's funny. I can clearly say that, when I put the staffers and everyone in the same room, I can't tell what political party they're associated with. I really can't. Maybe I don't want to [laughs], or maybe it's not as important to me as sharing the information. That's probably it. I really try to make sure they understand what our strategy is.

I really want them to understand what it means to the people, to the process, to what kind of technology we're using. I want them to understand how we're leveraging the resources that they've been willing to advocate on our behalf for. They generally want to know what they can do to help.

Do you think you are getting what you need from Congress?

At this point, yes. When they ask, I do tell them what I think. I think there needs to be some different flexibility and some different ways to hire, to engage and to compensate for some of the skills that we're asking for. The competitive landscape in IT is aggressive, and we need to be able to compete on some levels. It's hard — harder than it should be. They understand that.

What about the lawmakers or staffers who are not necessarily as tech-savvy? Does that make your job harder?

The majority of the time, because I consider myself a business leader who represents technology, I talk about technology in a business way. That way I can communicate with you. If I start talking bits and bytes, what's the point? That's not really what they're interested in. What they're interested in is the outcome.

If I'm talking technology to you, I'm not doing my job. This is really a business process just like every other business process that happens to leverage technology.

Cybersecurity

The first Federal Information Security Management Act report of your tenure came out recently. The headline is, "Material Weaknesses Remain." What are your next steps?

The FISMA report wrapped in May, about two months before I was confirmed. But the big thing that I always look for in any kind of audit like that is repeat issues. The conversation I'm having with the team and the leadership as we go through this next cycle of audit is, "Guys, come on. We can't have repeat issues. Why are these repeat issues? Why aren't we addressing [them]? What's going on? Is it funds? Is it scale? What is the issue?"

We're really going head-on at it. I think with the five new leaders who have been added, they're putting fresh eyes on it. They have expectations that are the same if not more [focused] than mine, and I think we're going to see some differences this year. We have to. This is a serious matter, and we take it that way. I wish there were some surprises that were positive, but everything that was [listed among the security weaknesses] we had in our cyber strategy and more so.

Thirty percent of our material weaknesses will be closed this year, 2016 [and] the rest by the end of 2017. We're going to stay focused. The entire team has this as a core goal. Every single leader has this as a core goal. We're going to do what we have to do to change it. It's not just changing it for the report's sake. It's changing it for security's sake. We've got to do it.

On the funding front, are you getting what you need?

The thing that I know having done cybersecurity now for almost 20 years is that you can't always be sure you've got it exactly right until you go through an execution cycle. What I mean by that is upgrading the things you really need to upgrade, figuring out what is causing some pain that has sometimes nothing to do with security but could be an input or could be something you want someone to have.

In our case, [consider] two-factor authentication and really driving the use of the [personal identity verification] card. To use the PIV card, you've got to have good processes. You've got to have good application software to do that. You've got to have good background technology to do that.

We look at these dollars as ways to help to make sure that all those things are happening, not just what you would call normal cyber, but all the things that give you good health, what I call good housekeeping as it relates to security.

As it stands right now, I figure the cost of this is enough, but if it's not, we will adjust when we get our second bite on the fiscal 2018 budget. But I see this investment as something where you go up and sort of level out. [The current requested increase] is our going up to level out. If we have to continue year over year over year to ask for the same amount, you've got to ask a tough question: What's happening outside of us, or what aren't we doing?

NEXT STORY: FCC wants a chief data officer

X
This website uses cookies to enhance user experience and to analyze performance and traffic on our website. We also share information about your use of our site with our social media, advertising and analytics partners. Learn More / Do Not Sell My Personal Information
Accept Cookies
X
Cookie Preferences Cookie List

Do Not Sell My Personal Information

When you visit our website, we store cookies on your browser to collect information. The information collected might relate to you, your preferences or your device, and is mostly used to make the site work as you expect it to and to provide a more personalized web experience. However, you can choose not to allow certain types of cookies, which may impact your experience of the site and the services we are able to offer. Click on the different category headings to find out more and change our default settings according to your preference. You cannot opt-out of our First Party Strictly Necessary Cookies as they are deployed in order to ensure the proper functioning of our website (such as prompting the cookie banner and remembering your settings, to log into your account, to redirect you when you log out, etc.). For more information about the First and Third Party Cookies used please follow this link.

Allow All Cookies

Manage Consent Preferences

Strictly Necessary Cookies - Always Active

We do not allow you to opt-out of our certain cookies, as they are necessary to ensure the proper functioning of our website (such as prompting our cookie banner and remembering your privacy choices) and/or to monitor site performance. These cookies are not used in a way that constitutes a “sale” of your data under the CCPA. You can set your browser to block or alert you about these cookies, but some parts of the site will not work as intended if you do so. You can usually find these settings in the Options or Preferences menu of your browser. Visit www.allaboutcookies.org to learn more.

Sale of Personal Data, Targeting & Social Media Cookies

Under the California Consumer Privacy Act, you have the right to opt-out of the sale of your personal information to third parties. These cookies collect information for analytics and to personalize your experience with targeted ads. You may exercise your right to opt out of the sale of personal information by using this toggle switch. If you opt out we will not be able to offer you personalised ads and will not hand over your personal information to any third parties. Additionally, you may contact our legal department for further clarification about your rights as a California consumer by using this Exercise My Rights link

If you have enabled privacy controls on your browser (such as a plugin), we have to take that as a valid request to opt-out. Therefore we would not be able to track your activity through the web. This may affect our ability to personalize ads according to your preferences.

Targeting cookies may be set through our site by our advertising partners. They may be used by those companies to build a profile of your interests and show you relevant adverts on other sites. They do not store directly personal information, but are based on uniquely identifying your browser and internet device. If you do not allow these cookies, you will experience less targeted advertising.

Social media cookies are set by a range of social media services that we have added to the site to enable you to share our content with your friends and networks. They are capable of tracking your browser across other sites and building up a profile of your interests. This may impact the content and messages you see on other websites you visit. If you do not allow these cookies you may not be able to use or see these sharing tools.

If you want to opt out of all of our lead reports and lists, please submit a privacy request at our Do Not Sell page.

Save Settings
Cookie Preferences Cookie List

Cookie List

A cookie is a small piece of data (text file) that a website – when visited by a user – asks your browser to store on your device in order to remember information about you, such as your language preference or login information. Those cookies are set by us and called first-party cookies. We also use third-party cookies – which are cookies from a domain different than the domain of the website you are visiting – for our advertising and marketing efforts. More specifically, we use cookies and other tracking technologies for the following purposes:

Strictly Necessary Cookies

We do not allow you to opt-out of our certain cookies, as they are necessary to ensure the proper functioning of our website (such as prompting our cookie banner and remembering your privacy choices) and/or to monitor site performance. These cookies are not used in a way that constitutes a “sale” of your data under the CCPA. You can set your browser to block or alert you about these cookies, but some parts of the site will not work as intended if you do so. You can usually find these settings in the Options or Preferences menu of your browser. Visit www.allaboutcookies.org to learn more.

Functional Cookies

We do not allow you to opt-out of our certain cookies, as they are necessary to ensure the proper functioning of our website (such as prompting our cookie banner and remembering your privacy choices) and/or to monitor site performance. These cookies are not used in a way that constitutes a “sale” of your data under the CCPA. You can set your browser to block or alert you about these cookies, but some parts of the site will not work as intended if you do so. You can usually find these settings in the Options or Preferences menu of your browser. Visit www.allaboutcookies.org to learn more.

Performance Cookies

We do not allow you to opt-out of our certain cookies, as they are necessary to ensure the proper functioning of our website (such as prompting our cookie banner and remembering your privacy choices) and/or to monitor site performance. These cookies are not used in a way that constitutes a “sale” of your data under the CCPA. You can set your browser to block or alert you about these cookies, but some parts of the site will not work as intended if you do so. You can usually find these settings in the Options or Preferences menu of your browser. Visit www.allaboutcookies.org to learn more.

Sale of Personal Data

We also use cookies to personalize your experience on our websites, including by determining the most relevant content and advertisements to show you, and to monitor site traffic and performance, so that we may improve our websites and your experience. You may opt out of our use of such cookies (and the associated “sale” of your Personal Information) by using this toggle switch. You will still see some advertising, regardless of your selection. Because we do not track you across different devices, browsers and GEMG properties, your selection will take effect only on this browser, this device and this website.

Social Media Cookies

We also use cookies to personalize your experience on our websites, including by determining the most relevant content and advertisements to show you, and to monitor site traffic and performance, so that we may improve our websites and your experience. You may opt out of our use of such cookies (and the associated “sale” of your Personal Information) by using this toggle switch. You will still see some advertising, regardless of your selection. Because we do not track you across different devices, browsers and GEMG properties, your selection will take effect only on this browser, this device and this website.

Targeting Cookies

We also use cookies to personalize your experience on our websites, including by determining the most relevant content and advertisements to show you, and to monitor site traffic and performance, so that we may improve our websites and your experience. You may opt out of our use of such cookies (and the associated “sale” of your Personal Information) by using this toggle switch. You will still see some advertising, regardless of your selection. Because we do not track you across different devices, browsers and GEMG properties, your selection will take effect only on this browser, this device and this website.