Getty Images

GAO: Some Progress, But Changes Still Needed For The Department of Veterans Affairs HIT System

GAO released its latest findings on the VA in a July 1 report.

The Department of Veterans Affairs has made some progress over the past 20 years but more changes need to be implemented to update its antiquated health information technology system, according to a newly published report. 

The US Government Accountability Office’s July 1 report, stated that the “lack of key cybersecurity management elements” at the VA is “concerning given that agencies’ systems are increasingly susceptible to the multitude of cyber-related threats that exist.” 

Carol C. Harris, Director, Information Technology and Cybersecurity for the Government Accountability Office (GAO) recently testified before the House of Representatives. Harris gave an update on the VA’s efforts to modernize and update the aging system, known as the Veterans Health Information Systems and Technolgy Architecture (VistA.)  

Over the last two decades, the VA unsuccessfully attempted to update VistA, however, the fourth attempt has shown some progress but more revisions are needed, according to the GAO report. 

 In February 2021, GAO said the VA needed to address “all critical severity test findings (that could result in system failure)” in order to roll out the new, electronic health record system at all locations.  

The VA is still struggling “to secure information systems and associated data; implement information security controls and mitigate known security deficiencies; establish key elements of a cybersecurity risk management program; and identify, assess, and mitigate the risks of information and communications technology supply chains. GAO has made numerous recommendations to VA to address these areas. Many of those recommendations have been addressed, but others have not been fully implemented.”  

Harris testified as part of a hearing on the VA’s Fiscal Year 2022 IT budget. The Fiscal Year 2022 budget request is at $4.8 billlion for the Office of Information and Technology, she stated. About $2.7 billion is for the electronic health record modernization (EHRM.)  

That use of IT is “crucial to helping VA effectively serve the nation's veterans,” she stated.  

“In conclusion, VA has long struggled to overcome IT management challenges, which have resulted in a lack of system capabilities needed to successfully implement critical initiatives related to modernizing its health information system and financial and acquisition systems,” Harris stated in the report.  

The GAO has made numerous recommendations to help the VA, however, if “the department continues to experience the challenges that we have previously identified and does not take actions to address our recommendations, it may jeopardize its ability to effectively support the EHRM...programs,” Harris stated in the report. “Further, the lack of key cybersecurity management elements at VA is concerning given that agencies’ systems are increasingly susceptible to the multitude of cyber-related threats that exist.”  

Next Steps

Dig Deeper on Cybersecurity strategies