Washington, DC – VA’s information technology infrastructure, as well as the joint electronic health record that is being planned between VA and DoD, will be primarily based on open-source software, officials revealed last month.
Open-source software permits users to study, change, and improve it, and is frequently developed collaboratively, as opposed to proprietary software, which is strictly licensed and forbids modification.
According to VA officials, open-source is the best way to ensure that VA’s electronic health record (EHR) system will adapt and improve at a pace with the private sector. However, this sweeping change in VA’s IT infrastructure has raised concerns about the agency’s ability to not only accomplish such a large task, but to do so while keeping veterans’ information secure.
VA’s track record in information security is one characterized by general competence punctuated by massive, public failures. The most memorable was in 2006, when a laptop belonging to a VA analyst and containing various types of personal data for over 20 million individuals was stolen from a Maryland home.
It was these kinds of security problems that prompted VA to consolidate its IT infrastructure—a process that began only three years ago and is still in process.
A Joint Open Source Solution
The first public revelation that VA would be exploring open-source engineering was at the beginning of April, when the agency issued a draft Request for Proposal (RFP) seeking a custodial agent to design open-source versions of the software used in the Veterans Health Information Systems and Technology Architecture (VistA), the current VA IT system.
“Over the past year, we have followed a deliberative process to examine the implications for open source for VistA, and we are convinced that this is the best approach for VA,” said VA IT chief Roger Baker at the time of the RFP’s release. “Our primary goal is to re-ignite the innovative processes that made VistA such a great EHR system. We also want to ensure that vendors of proprietary products can easily and confidently integrate their products with VistA to make them available for VA to purchase and use.”
At a teleconference with reporters later that month, Baker further explained VA’s decision to go with open-source engineering. He also revealed that, moving forward with the joint EHR, both VA and DoD would end up with the same solution.
“Open-source, especially in the government marketplace, is something I have to explain a lot about. But it’s a pretty tried and true approach from the private-sector standpoint,” Baker said. “Both DoD and VA recognize that the private sector is moving EHR systems forward very, very quickly—faster than the pace the government can do it anymore. Both of our goals are to bring in as many private sector modules as possibly and choose the same thing to run between VA and DoD, so we end up with a single common EHR.”
Open source will allow the agencies to choose among the maximum number of commercial software products and provide ease of plugging those products into the joint EHR, Baker said. “So when we determine the need for a new package, for example, scheduling, we’d love to define the standards in such a way so that seven different vendors can come to us and say, ‘My scheduling package is compatible right now’.”
Should this project succeed, it would be the first case of a large federal system moving to open source.
“I don’t think there’s anything like this from a scale standpoint out there in government,” Baker declared.
Choosing A Slow Evolution Over Replacement
VA’s current IT structure is not small or simple but a complex, entrenched ecosystem. Asked how VA plans to make the switch over to an open-source environment, Baker said that the ideal plan would be for the switch to work like sleight of hand, with the users never realizing that it had taken place.
“My objective is to have minimum disruption in the hospitals as we evolve from VistA to the joint EHR. We’ll replace modules, do incremental upgrades, and eventually evolve this to the point we need it to be,” Baker said during the teleconference. “Five or ten years from today, there might not be one line of code left from VistA, but in my ideal world, the users will have no idea we made any changes.”
The RFP included a very short turn-around time of three weeks, and the date set for the first production of open source code is currently July 1. The contractor, not yet determined, will propose a mechanism to take the first delivery of existing code from VA’s systems, and another mechanism to deliver the reworked, open source code from the contractor back to VA for fielding in VA hospitals.
“Clearly we care more about quality than the specific date in this case,” Baker said.
Defending the move to open source at a House VA Subcommittee on Oversight and Investigations hearing last month, Baker said he firmly believes it is the right way to go if the federal government wants to avoid an inevitable outdating of its systems and a massive bill to upgrade them in the future.
“We run one of the best electronic health record systems in the country right now. But we have proven that the normal methods of government to improve that system are not going to keep up with the rate of improvement in the private sector,” Baker said. “In five or ten years time, if we do not substantially improve our system, my successor will be back here asking for something around $16 billion to replace VistA in our hospitals.”
The move to open source will allow VA to use private sector methods to improve VistA as it needs improving. “We will forestall or completely avoid having to pay a massive bill to replace it. If we can improve VistA, the costs for that are incrementally minimal, and we can avoid a huge out-year expense for replacing it.”