The Defense Department’s new electronic health record system is up and running at a medical clinic at Fairchild Air Force Base after a scheduling delay to continue fixing functionality problems and patching security vulnerabilities.
The Air Force’s 92nd Medical Group started successfully using what is called the Medical Health System GENESIS on Feb. 7 and hosted a ceremony at the clinic Wednesday to celebrate the launch. The system “combines health records from base primary care providers, pharmacy, laboratory, immunization and dental clinics all on one network.”
The new system “will also enable the base to share information with civilian and Veterans Affairs providers,” according to a news release. Fairchild is in eastern Washington state, near Spokane.
“The Pacific Northwest has a tradition of being innovative,” Stacy Cummings, Defense Healthcare Management Systems program executive officer, said in a statement. “We are basing our scheduled rollouts on our experiences and lessons learned here. We remain on track for full deployment by 2022.”
This first implementation affects about 11,000 service members, dependents and retirees, and 27,000 eligible beneficiaries in the area, according to Col. Meg Carey, commander of the 92nd Medical Group.
The fully implemented system should affect more than 9.4 million people.
Readying the system
Cybersecurity was a factor in delaying the first implementation of the program from December to February.
Last June, the DOD’s inspector general said the department’s goal of having a pilot of its modernized electronic health record platform running by the year’s end “may not be realistic.”
The watchdog cited “risks and potential delays involved in developing and testing the interfaces needed to interact with legacy systems, ensuring the system is secure against cyber attacks, and ensuring the fielded system works correctly and that users are properly trained” as reasons for DOD possibly missing its deadline.
And the problems continued. The system’s director of operational test and evaluation noted in his annual report in December 2016 that even though the launch schedule had been updated to Feb. 7, 2017, “significant technical and schedule risks remain due to the large number of high severity defects and cybersecurity vulnerabilities that the program manager still needs to address.”
During a roundtable with reporters Thursday, DOD Chief Information Officer Terry Halvorsen touched on lessons learned after going through the risk assessment process with company Cerner on this system — particularly those related to evaluating security risks on projects using commercial IT
“You are not going to be able to do security — and we were guilty and I think industry was guilty too — of trying to put security in a checklist,” he said. “That is not going to work.”
He continued: “What we’ve got to is change this to being a true risk assessment.”
While working with Cerner, Halvorsen said both the Pentagon and the company discovered their network structures were different from what they thought they were.
“This is going to be about industry bringing ways they do business, being honest about what they connect, us doing the same thing and working through a risk assessment process,” he said.
What it won’t be with future industry partners, he said, is checklist of security requirements.
“One of the things we’re learning with Cerner is how to have this dialogue, so I think the model that will come out of here is how do you do a risk assessment model that involves, and partners with industry?” he said. “And that means give and take, so in some cases Cerner is letting us [add sensors to the network], in some cases, because we’re doing that we’re giving Cerner access to all of the data that they should have access to. That takes good understanding of what everybody’s structures are.”
Halvorsen added too that not only will DOD end up with a patient records system that will improve medical care, but the DOD and industry at large will have system that is more secure.