What's wrong with IT at Veterans Affairs?

The Department of Veterans Affairs has been on the hot seat in recent months over its backlog of compensation claims and slow progress on an expensive joint health records system with the Defense Department. Both projects have significant IT components, but multiple assessments suggest that VA's Office of Information and Technology (OIT) is ill-equipped to deal with the problems.

Formal reports include a "deep dive" internal review of OIT by Deloitte that was completed in December but not released to the public, and several Government Accountability Office and VA Office of Inspector General investigations. FCW also interviewed a dozen current and former VA officials, several of whom spoke on condition of anonymity.

Combined, the information reveals dysfunction at the highest echelons of the VA OIT: botched and duplicative IT projects burning through billions of dollars, significant turnover among senior IT executives, a lack of official accountability, and a serious disconnect between rank-and-file employees and OIT leaders.

Big project problems

VA's backlog of veterans' disability claims is a black eye for the department by any measure. According to VA figures dated April 20, the number of claims pending for more than 125 days was 613,469, while the total number of pension and entitlement claims was 886,345. In recent months, lawmakers on Capitol Hill, GAO and veterans' groups have condemned the bottlenecks, which VA Secretary Eric Shinseki has repeatedly said are a top priority.

"For years, VA has struggled with an increasing workload of disability compensation claims," a December 2012 GAO report states. The department is "currently taking steps to improve the timeliness of claims and appeals processing; however, prospects for improvement remain uncertain."

In his April testimony on the fiscal 2014 budget proposal, Shinseki said his agency "remains focused on eliminating the disability claims backlog in 2015 and processing all claims within 125 days at a 98 percent accuracy level."

Even larger questions surround the joint health records effort between VA and DOD. The White House's proposed budget for fiscal 2014 seeks $344 million for the Integrated Electronic Health Record (iEHR) program, which includes $252 million for development via the VA/DOD Interagency Program Office.

The iEHR program is designed to achieve a single, integrated platform for sharing health information between the two largest federal agencies, but it stalled in February following a shift in strategy announced by Shinseki and then-Defense Secretary Leon Panetta. Shinseki testified before Congress that VA would move forward with iEHR, but Pentagon officials said they are reviewing their approach.

"Until I get my arms around this, I'm not going to spend any more money on this," Defense Secretary Chuck Hagel told lawmakers on April 16.

One of the biggest issues is DOD's reluctance to use VA's Veterans Health Information Systems and Technology Architecture as iEHR's core IT platform. VistA is an internally developed system that dates back to the 1980s. However, DOD also wants to do away with its own system, called AHLTA. DOD was set to release a request for proposals for a replacement in March, but Hagel halted the RFP pending further review.

The problems with the iEHR program -- already a failure to some -- did not come as a surprise to VA insiders, who believe their agency attempted to talk the talk with DOD but could not afford to walk the walk.

"The iEHR demise was expected by all, accordingly," one VA source said. DOD officials "outspend, outtalk and outlast us at every engagement. We try to emulate much of their process-based decision-making as if we could afford to. We can't. The overhead is crippling, and we are not funded equivalently."

Org chart challenges

The problems with those programs go beyond IT, but both show signs of the organizational challenges that have been identified elsewhere. The December 2012 Deloitte report, reportedly commissioned by acting assistant secretary for information and technology and acting CIO Stephen Warren, found several trouble zones in VA's OIT. Among them are a disconnect between facility staff and leadership, low data quality, a poor organizational structure that leads to inefficient resource deployment, duplicative functions across multiple organizational pillars, no standardized processes or supporting technology, a lack of customer understanding of how OIT works, and the fact that many OIT organizations are not measuring the right metrics.

"It's a leadership issue. The problem with OIT leadership is that they all are out for themselves, trying to promote careers and do what's best for them," a regional VA source said. "When you don't have good leadership, you don't have people at the lower levels making things happen by working together. When is the last time anyone came out to a VA hospital to see how doctors are getting things done? Things keep getting worse; there's been no significant progress in the last five years."

Deloitte's report also highlighted shortcomings in OIT's organizational structure, which was centralized in recent years. That led to an influx of management and administrative functions even as IT continued to be understaffed. Fewer than 8,000 IT staffers support VA's 320,000 employees, or about one IT staffer per 40 employees -- a ratio that is much lower than the rest of the government, according to Deloitte.

In addition, Deloitte concluded that multiple management layers have stunted OIT's ability to deliver services efficiently or effectively. There are currently nine layers between the CIO and the IT staff at medical facilities, but industry best practices recommend no more than five to seven layers of management. "The layers have created disconnects in communication between OIT senior leadership and facility IT staff as messages get lost in the long chain," the report states.

Not everyone agrees with Deloitte's findings. According to the regional VA source, the findings were based on Warren's agenda to get rid of the layered regional system, which underwent reorganization in 2010, in favor of one that is even further consolidated under national regulation.

"Warren is trying to use this paper to reorganize in the way he wants to do it," the source said. "The regional directors wanted the ability to comment on the report. Warren won't take anyone's comments. He's presented it as if written by God himself. And now he's trying to find friends inside who also didn't like the reorganization to support him."

Throughout VA's various layers, the low morale is palpable. Deloitte's critiques paled in comparison to longtime IT staffers' criticism of IT management at the agency.

"It's gotten to the point where it is embarrassing to say you're at VA," said one former official who keeps close tabs on the agency. "The press releases say the Veterans Benefits Management System is about to have a huge breakthrough, but from what I see and hear, it's slowing down and has a lot of problems, both in IT platforms and the amount of work it takes to use. VA had a period of excellence, and that period is long gone."

"IT says yes only after all variations of no are disproved," said a VA source who works in OIT. "Our IT managers are increasingly self-serving and barely grasp the mission of the VA anymore. We call it trench warfare mentality or circling the wagons. Say no until all options precluding yes have been exhausted."

Another source who spoke to FCW on background admitted that OIT's shortcomings were significant but defended its progress under CIO Roger Baker, who stepped down early this year and is now chief strategy officer at Agilex.

That source, who worked at VA during Baker's four-year tenure, said VA "got its priorities straight, making sure strategy matched budget allocations" through the use of the Project Management Accountability System (PMAS), which feeds data into a broader IT dashboard that the Office of Management and Budget has used as a template for governmentwide use.

"The organization Roger inherited was broken, dysfunctional, screwed up, you name it," the source said. "We made a lot of progress in the deficient areas [mentioned by Deloitte], and Roger did a lot of it, but that doesn't mean there isn't still more to do."

Yet several former VA officials were not impressed with the department's progress even as leaders like Baker were lauded for their work in the past four years. "During the time of Steph [Warren] and Roger [Baker], the inventory of positive accomplishments would start with PMAS," one such official said. "By my count, that's where it would end."

The tech issues

In early March, VA's IT operations once again got caught in the watchdog crosshairs. VA admitted to security violations that potentially exposed information to hackers and misuse. The department was using an unencrypted telecommunications carrier network to transfer sensitive data, including veterans' EHRs and internal IP addresses, among certain VA medical centers and outpatient clinics.

OIT leaders said they had accepted the security risk of the potential loss or misuse of the sensitive information. Baker and Dr. Robert Petzel, VA's undersecretary for health, had signed security waivers to "delay implementing encryption controls in the near term, while acknowledging the risks associated with the lack of technical configuration controls," the IG report states.

VA's OIT has been criticized in the past for its lack of standardized processes, but IT security holes are the bigger threat, said one source with extensive knowledge of OIT's security protocols.

"Bandwidth is an active threat. Hacking the medical record [system] or establishing bastion hosts within the perimeter is a potential threat for which we have other safeguards," the source said. "If the links get saturated, however, we are toast. If Baker signed a waiver, money was likely the driver."

The insider said Baker should not shoulder all the blame because he had "inherited a mishmash of varying vintages bought with no strategic plan when money was distributed" to the Veterans Integrated Service Networks.

"We rarely put encryption devices on those [systems] unless it was direct to a medical provider, and even then...I do not recall seeing anything more than a firewall on most," the source said. "Some encryption on point-to-point links is built into the router, so I think in cases where the data was definitively sensitive, we would turn that on. As to end-to-end [hardware] encryption on a [wide-area network] with so many endpoints? The scope is just mind-boggling for me. I frankly do not think we will ever do that, but we might do it in the router. Sorting out which can or can't and upgrading old tech will take years."

Other problems persist, too. Help-desk times remain poor outside Washington, D.C., and VA sources said a rift has emerged between IT and other parts of the department.

"The natives are more than restless about the abysmal service we get outside the Beltway, and help-desk wait times have grossly increased. IT has never been less connected to the VA's mission," the source said, adding that it does not bode well for the success of many of the agency's major IT-intensive priorities.

Bob Woods, a former IT executive at VA and now founder and president of Topside Consulting Group, said IT offices open themselves up to criticism when they lose sight of the overall agency mission.

"IT shops have to be connected to the mission, period, and when a mission seems to be going the other way, you're going to get criticism for it," Woods said. "You're going to get oversight and critical review and negative things said. That's not to say you're not doing your job, but in the long run, you can't have processing times [for claims] go the wrong way and mission things not go the right way."

Another former senior IT leader at VA said the agency's technical problems were exacerbated when IT staff moved from the Veterans Health Administration to its own department led by a CIO with budget authority. That centralization, which took place from 2004 to 2006, was great for giving the CIO authority over major IT initiatives, but it moved health care professionals and clinicians away from IT decision-making processes and added several layers of bureaucracy to those decisions, the source said. Clinicians in top leadership positions at VA are now a rarity, and IT decisions that should involve health care professionals often do not, the source said.

"VA faces a health care delivery problem," the source said. "Technology is an enabler, but it's people, workflow and a complex adaptive system that involves people, not just technology, that are the keys to health care delivery. VA has been decimated by bureaucracy, and that's just one consequence of the reorganization."

VA might have simply bitten off more than it could chew, admitted one former OIT employee. The agency's strategic plan lists 16 priority initiatives, each of which is a major undertaking. They include ending homelessness among veterans, automating GI Bill benefits, transforming health care through health informatics and improving veterans' mental health.

"Any CEO will tell you that if everything is a priority, nothing is a priority," the source said.

Trouble at the top

At a time when strong IT leadership is desperately needed at VA, OIT has seen extensive turnover in recent months.

Former CIO Baker, Chief Technology Officer Peter Levin and Jerry Davis, deputy assistant secretary for information security, all vacated their positions in early 2013. Jeanie Larson, OIT's director of risk management and incident response, resigned effective March 15. Jeff Shyshka, deputy CIO for service delivery and engineering, retired recently after 35 years with the department. Eric Raffin, executive director of field operations at OIT, left the department after about two years of service, and several other high-level OIT positions have been similarly vacated. Still other top OIT officials are planning their exit strategies, according to one VA source.

Chief of Staff John Gingrich left the agency in March after decades in public service. His exit came months after lawmakers called for his removal in the wake of an IG report noting VA's over-the-top conference spending. And at press time, Deputy Secretary Scott Gould had announced plans to leave the agency in late May.

When you're driving change, some people are going to decide they don't want to be a part of that change. -- Former VA CIO Roger Baker

An October 2012 OIG report stressed that OIT needs to improve its workforce management. One of the problems, the investigators found, was that OIT has not created a succession plan to provide continuity of leadership or conducted leadership and workforce competency gap analyses to identify skill gaps and strategies to improve employees' skill sets.

With regard to the turnover at OIT, Baker told FCW that it's nearly impossible to please every individual in an 8,000-person organization that is undergoing widespread change.

"When you're driving change, some people are going to decide they don't want to be a part of that change," Baker said. "It's unfortunate, but not everybody is going to want to be part of the new organization. There has been a lot of driving change over the past four years at VA, and it isn't a matter of good people or bad people. You set a certain organizational approach and place you want to get to, and people may decide that isn't something they want to be a part of. That's not all bad."

What is troubling to outsiders, though, is the criticism leveled at Warren by outgoing OIT employees who cite a hostile work environment and poor leadership.

"OIT is not a pleasant place to work. There's a lack of leadership, and it seems to zero in on Steph [Warren], and why that is, I can't explain," a former VA official said. "All the people I've talked to who've left essentially said the same thing or showed the same behavior by parting, and there's an indictment of style when a bunch of [senior executives] quit because they're not putting up with this crap. These are people who got where they are by putting up with a lot of crap."

Warren was also named in an equal employment opportunity complaint filed earlier this year by Davis, now CIO at NASA's Ames Research Center. At the time, Warren was principal deputy assistant secretary for information and technology. The complaint is the focus of two separate VA OIG investigations, according to a VA insider. One investigation concerns Warren's directions to Davis to reauthorize authority-to-operate (ATO) checklists for 545 systems in the VA inventory in January that the source said compromised the integrity of VA's certification and accreditation process.

The second investigation is looking into allegations that Warren attempted to coerce Davis into falsely certifying ATOs as a condition of being released from VA to work at NASA, according to the source. FCW obtained several email exchanges between Davis and other VA employees in which Davis outlined his professional concerns and unwillingness to engage "in a low-value, static and sunsetting ATO process in any way, shape or form that is diametrically contrary to the way the U.S. government requires departments and agencies to manage system risks."

The VA insider said VA's Office of General Counsel "quickly intervened and overrode Warren's refusal to release Davis" when it got wind of the situation, though Davis' start date at Ames was delayed two weeks. Davis declined FCW's request to talk about the EEO complaint or his last months at VA. Ultimately, the source said Davis signed off on some of the ATOs but with "conditions of serious reservation." Warren also declined FCW's requests for an interview.

A VA spokesperson told FCW that OIT's workforce, including management, "is committed to VA's mission of serving veterans and has continued its high level of performance and productivity." The spokesperson said VA would not comment on specific complaints raised by FCW.

"VA appreciates the hard work and commitment of our dedicated IT employees to the mission of serving veterans," the official said. "Much of VA's IT work supports the technology that directly affects our ability to deliver services our veterans deserve. Change is never easy, but our talented staff is meeting the challenge and succeeding."

It is unclear how the turmoil in VA's OIT will affect the agency's overall mission to care for veterans. What is certain, though, is that employees within the department are unhappy with leadership, technical capabilities and progress on any of a number of key initiatives.

"Right now, the personality of the people at the top is just toxic," said one VA source with nearly a decade of experience at the agency. "From Day One, it's been dysfunctional, but right now, it's circular firing squad stuff."

Amber Corrin and former FCW staff writer Camille Tuutti contributed to this report.