Federal government, healthcare at the same tech crossroads
Whether information technology is increasingly making an impact on both the federal government and healthcare, the result is the same, believes Tony Scott. Given full freedom, IT will “blow up the org chart,” forcing change in the way things have always been done.
Scott, as chief information officer in the U.S. Office of Management and Budget, should know. As the highest ranking CIO within the Obama administration, he’s been leading the charge for increasing the transformative use of technology by the federal government.
From his experiences, Scott can sympathize with healthcare CIOs, he said at the CHIME 16 Fall CIO Forum in Scottsdale, Ariz. “The digitization of the enterprise is a transformation that is taking place in almost every country around the world,” he says. “In the federal government, it is both a great challenge and a phenomenal opportunity.”
That’s where Scott sees the experience within the federal government and healthcare running on parallel tracks. Technology has been put in place, but it really hasn’t changed things radically enough to make a difference.
“Much of the money we’ve spent is on automating manual processes,” Scott told attendees at the annual fall meeting of the College of Healthcare Information Management Executives. “The workflow hasn’t changed much; we’ve just used computers to speed things up. Now, we have a chance to reinvent how things get done.”
And as workflows haven’t changed, neither has the basic foundation of IT, Scott contends. “We have been building systems pretty much the same way for the last 40 years—even the cloud follows that same paradigm. We’ve focused on a design principle (for IT) that’s served us really well.”
Scott cites strict adherence to the organizational chart as a basic reason for the lack of homogeneity that could bring more benefits to technology users. As an example, he notes that many federal agencies have moved to using the cloud for email, and are relying on applications such as Microsoft 365 to save work to the cloud. That should be a good omen for collaboration between those agencies—except that it’s not.
“The ugly side of that is that we have over 2,000 different implementations of Office 365 across the entire government,” Scott says. “Agencies can’t communicate with each other because they don’t share the same platform. We’re in the process of fixing this now.”
As another example, Scott cited the lack of adherence to known security standards within the federal government as the underlying cause for the data breach of the Office of Personnel Management, announced in June 2015. Records of some 20 million individuals were affected by the hack.
Scott says the breach could have been avoided if the agency had adhered to broader use of two-factor authentication. But only 40 percent of federal workers were using two-factor authentication when the breach occurred—and that took 12 years to reach that level.
Six weeks after the breach, at the urging of his office, adoption ramped up quickly, and nearly 80 percent of federal workers were using two-factor authentication only six weeks later. And 100 percent of federal workers in sensitive position were using two-factor authentication within the same time period. That type of change can occur rapidly if executives place high value on change and demand that it occur, describe the importance to staff, and publicize who’s conforming and who’s not.
Scott is leading the charge within the federal government on a cybersecurity risk framework, which he believes will have implications for improving cyber security within the healthcare industry. He foresees that it will take an approach similar to that of the Baldrige Awards, which helped improve quality by shining a light on organizations that are high performers.
“We can take some of those same techniques and tools” used to measure quality, Scott says. “As far as cyber security is concerned, a breach is a defect in information systems. We’re having a conversation around what lessons have we learned about quality, and how can we apply those quality messages to a different space.”
Getting ahead of technology trends, instead of scrambling to catch up, will lead to the greatest changes, Scott believes. And the government is getting better at understanding how regulations impact disruptive change. Many rules simply need to be revisited to see if they are producing the desired results that lawmakers intended.
“A current project is to undo some of the guidance and rules that we’ve put out. We’ve done a good job of putting stuff out over the years,” he adds. “But we’ve not done a good job of cleaning up after ourselves. For example, we still have rules on the books for Y2K.”