standardizing, modernizing, securing health information ... · standardizing, modernizing, securing...

of 23 /23
1 Standardizing, Modernizing, Securing Health Information Technology (IT) Session 9, February 12, 2019 Mr. T “Pat” Flanders, Military Health System (MHS) Chief Information Officer (CIO)

Upload: others

Post on 22-May-2020

11 views

Category:

Documents


0 download

TRANSCRIPT

Page 1: Standardizing, Modernizing, Securing Health Information ... · Standardizing, Modernizing, Securing Health Information Technology (IT) Session 9, February 12, 2019 ... or governance

1

Standardizing, Modernizing, Securing Health Information Technology (IT)

Session 9, February 12, 2019

Mr. T “Pat” Flanders, Military Health System (MHS) Chief Information Officer (CIO)

Page 2: Standardizing, Modernizing, Securing Health Information ... · Standardizing, Modernizing, Securing Health Information Technology (IT) Session 9, February 12, 2019 ... or governance

2

Mr. Thomas “Pat” Flanders, SES

Defense Health Agency (DHA) Chief Information Officer (CIO)

Deputy Assistant Director Information Operations (DAD IO)

Has no real or apparent conflicts of interest to report

Conflict of Interest

Page 3: Standardizing, Modernizing, Securing Health Information ... · Standardizing, Modernizing, Securing Health Information Technology (IT) Session 9, February 12, 2019 ... or governance

3

• Enterprise overview

• Role of DAD IO/J-6

• Standardization

• How we get there

• Questions

Agenda

Page 4: Standardizing, Modernizing, Securing Health Information ... · Standardizing, Modernizing, Securing Health Information Technology (IT) Session 9, February 12, 2019 ... or governance

4

• Describe the important changes and direction of MHS health IT

• Discuss how DAD IO/J-6 works to ensure the right information is accessible to the right customers at the right time and in the right way

• Describe how DAD IO/J-6 is supporting partnerships among the Services, DHA, the Department of Veterans Affairs (VA) and Industry to implement and sustain a protected health IT environment

Learning Objectives

Page 5: Standardizing, Modernizing, Securing Health Information ... · Standardizing, Modernizing, Securing Health Information Technology (IT) Session 9, February 12, 2019 ... or governance

What is the MHS?

Page 6: Standardizing, Modernizing, Securing Health Information ... · Standardizing, Modernizing, Securing Health Information Technology (IT) Session 9, February 12, 2019 ... or governance

6

A Week in the Life of the MHS

6

Page 7: Standardizing, Modernizing, Securing Health Information ... · Standardizing, Modernizing, Securing Health Information Technology (IT) Session 9, February 12, 2019 ... or governance

What IT is Involved?

7

Page 8: Standardizing, Modernizing, Securing Health Information ... · Standardizing, Modernizing, Securing Health Information Technology (IT) Session 9, February 12, 2019 ... or governance

MHS Future State

8

Page 9: Standardizing, Modernizing, Securing Health Information ... · Standardizing, Modernizing, Securing Health Information Technology (IT) Session 9, February 12, 2019 ... or governance

9

Hyper Variance … We Own “One of Everything”

Page 10: Standardizing, Modernizing, Securing Health Information ... · Standardizing, Modernizing, Securing Health Information Technology (IT) Session 9, February 12, 2019 ... or governance

Health IT: Reform Objective & Mission

10

Page 11: Standardizing, Modernizing, Securing Health Information ... · Standardizing, Modernizing, Securing Health Information Technology (IT) Session 9, February 12, 2019 ... or governance

11

Our Target For SavingsHistory: Since 2014, DHA and the Services have undergone comprehensive IT Reform

analysis and are executing plans to achieve required savings …

Four Areas Identified For Efficiencies:

–Creation of Shared Services: Includes reengineering IT management, help desks,

and portfolio rationalization (FY15-19)

–Medical Network Modernization: IT optimization including Infrastructure, Cyber,

Microsoft Windows Active Directory (FY17-21)

–Electronic Health Record (EHR) Modernization: MHS GENESIS replacement of

legacy systems (FY18-22)

–Reduce Manpower: Reduction in IT staffing footprint, elimination of duplicative IT

systems, and consolidation of infrastructure and support capabilities (FY19-23)

MHS IT Reform Manpower Decrement By Component ($M)*

Component FY19 FY20 FY21 FY22 FY23FYDP

Total

Services -16.6 -95.2 -148.5 -150.3 -107.2 -517.8

DHA -9.5 -89.8 -241.5 -299.6 -390.8 -1,031.1

Total Decrement -26.0 -185.0 -390.0 -450.0 -498.0 -1,549.0

Page 12: Standardizing, Modernizing, Securing Health Information ... · Standardizing, Modernizing, Securing Health Information Technology (IT) Session 9, February 12, 2019 ... or governance

12

Health IT Implementation Plan

12D2D: Desktop to Datacenter

Three lines of effort will reduce duplicative IT services and systems, reduce the IT manpower footprint and standardize IT business processes and workflows

Page 13: Standardizing, Modernizing, Securing Health Information ... · Standardizing, Modernizing, Securing Health Information Technology (IT) Session 9, February 12, 2019 ... or governance

13

Centralized Services

13

D2D program provides centralized, standardized core infrastructure capabilities that

collectively enable healthcare operations including the deployment of the Department of

Defense’s (DoD’s) new electronic health record (EHR) – MHS GENESIS

Page 14: Standardizing, Modernizing, Securing Health Information ... · Standardizing, Modernizing, Securing Health Information Technology (IT) Session 9, February 12, 2019 ... or governance

Orchestrating D2D Implementation

Page 15: Standardizing, Modernizing, Securing Health Information ... · Standardizing, Modernizing, Securing Health Information Technology (IT) Session 9, February 12, 2019 ... or governance

Centralized ServicesLPNI = Low probability of being replaced,

no interface

LPI = Low probability of being replaced,

requires interface

15

Page 16: Standardizing, Modernizing, Securing Health Information ... · Standardizing, Modernizing, Securing Health Information Technology (IT) Session 9, February 12, 2019 ... or governance

16

Continued Standardization Of Products• Current tool portfolio is decentralized and contains duplicative and

varying tools with unknown statuses and critical tool information

• Many were acquired for local necessity without a common enterprise standard to gain efficiencies and provide centralized management capabilities

FY19 – 21:

34/117 tools rationalized

Allows shutdown of 616 servers

Page 17: Standardizing, Modernizing, Securing Health Information ... · Standardizing, Modernizing, Securing Health Information Technology (IT) Session 9, February 12, 2019 ... or governance

17

Know Ourselves

17175+3 tMTFs All Other MTFsCentrally managed IT

Analysis

“All Humans” Visibility “All Budgets” Visibility

Savings Identify redundancy, non-

standard products

Page 18: Standardizing, Modernizing, Securing Health Information ... · Standardizing, Modernizing, Securing Health Information Technology (IT) Session 9, February 12, 2019 ... or governance

• Personal accountability: Ask “who” is responsible … not “what office, committee, or governance group is responsible”

• Financial accountability: Personally manage money to the level of the check and the name of the person who can justify it

• Schedule accountability: Ask “by when”

o If something doesn’t get done on time, it usually means that it costs more money … ask “can you still afford it?” … “what can you not do elsewhere to be able to afford it?” … do not become a burden to your clinicians, patients, or the enterprise

• Customer focus:

o Nobody likes going to the DMV

o Must know customer priorities … and communicate that understanding … constantly

• Engineering competency: “Own the technical baseline” … don’t outsource your brain … or you’ll pay too much

• Contracting: Plan for it to take longer than you think … have a plan A, B, and C … strive for no 4th QTR awards

• Never stop refining your understanding of what you do, why you do it, and how you do it

• Cybersecurity Compliance: There are two kinds of lawyers … “Judgement vs. Counsel”

Developing “Cost Warriors”… Important Traits

Page 19: Standardizing, Modernizing, Securing Health Information ... · Standardizing, Modernizing, Securing Health Information Technology (IT) Session 9, February 12, 2019 ... or governance

Recognize and Combat Cyber Risk 85,000 records

Ransomware

attack

Page 20: Standardizing, Modernizing, Securing Health Information ... · Standardizing, Modernizing, Securing Health Information Technology (IT) Session 9, February 12, 2019 ... or governance

20

Defense-In-Depth

• Department of Defense (DoD) – Common network information assurance (IA) controls

• D2D – DHA specific common IA controls

• Site enclave – Site specific IA controls

• Med-COI architecture – Zone specific IA controls

• Individual systems and medical devices address/comply with remaining IA controls

Page 21: Standardizing, Modernizing, Securing Health Information ... · Standardizing, Modernizing, Securing Health Information Technology (IT) Session 9, February 12, 2019 ... or governance

Enable Risk Balancing

Page 22: Standardizing, Modernizing, Securing Health Information ... · Standardizing, Modernizing, Securing Health Information Technology (IT) Session 9, February 12, 2019 ... or governance

22

Building Security In

– National Institute of Standards and Technology (NIST) Standards

• https://www.nist.gov

– Security Technical Implementation Guide (STIG) standards

• Provide technical guidance to “lock down” information systems/software

• https://iase.disa.mil

• DISA STIG Customer Support Desk: [email protected]

– Security Requirements Guides (SRG)

• Provide high level guidance where product specific STIGs don’t exist

• https://iase.disa.mil

Help us and yourselves by building to DoD required security

standards, including:

Page 23: Standardizing, Modernizing, Securing Health Information ... · Standardizing, Modernizing, Securing Health Information Technology (IT) Session 9, February 12, 2019 ... or governance

23

• For additional questions, please contact us at

[email protected]

• Please complete the online session evaluation

Questions