Recently, FedHealthIT’s Executive Vice President, Susan Sharer, had the opportunity to sit down with Pat Flanders, CIO (J-6) at DHA to discuss his army of Cost Warriors, the benefits of Ektropy, broad standardization across the MHS, cyber defense, and device security.
Update: Army of Cost Warriors
Last year at DHITS I spoke about the need to develop an army of “Cost Warriors” that place a high priority on personal and financial accountability and we have been working the past year on moving toward that. I now know, to within 85 percent confidence, the name of every person supporting our IT, to include contractors. I now know every cheque we will write for the next six years, who said they needed money and what that money will be used for.
That big picture will allow us to see priorities and time phases and the opportunity to work to align strategies.
What is Ektropy and What are the Benefits to Your Organization?
Ektropy is an IT solution used to support DHA IT program and portfolio management. The application provides insight into personnel, programs, cost and contracts. Initially, I implemented it across the Deputy Assistant Director Information Operations (DAD IO) directorate and have expanded its use to identify all IT personnel and IT-related outlays across the MHS. I’ve received initial IT spend plans from the military treatment facilities.
Ektropy is the basis for aligning organizational strategy, for the way we see where we want to go in a way that is visible and in a way that integrates all the different parts of the organization. Ektropy allows the people executing the vision to align their personnel and budgets to support that greater vision.
With MHS GENESIS for instance, as rollouts are fielded, I know 14 months later we have to sunset some legacy systems. Ektropy allows the division chiefs within DAD IO to see the entire organization, not just their division. As a division chief takes steps to sunset applications under his or her purview, everyone has visibility into the funding that will be freed up to meet other needs and we can open the competition for available dollars. Division chiefs are responsible for the budgets of the programs under their purview and the project managers that report to them must justify their proposed spend plans. As money is freed up or left unspent, it becomes available to support other defined needs.
What is Your Approach to Achieving Broader Standardization Across the MHS?
In 2001 I attended a conference where Larry Ellison, CTO of Oracle was speaking. He defined the place where one enterprise should end and another begin as where the business processes become more different than alike. That approach starts with a functional, rather than a technical approach but it becomes technical when you try to implement it in software. That’s what I try to use as a guideline – where are we more different than alike and is it true, are the differences real and valid? By the latter I mean that there are facilities that will be doing things others don’t based on geography, based on unique expertise.
How do you Ensure you have the Updated Data needed Moving Forward?
In DoD, financial management is different. We have to rely on people trained in Government finance to run the money so we tried to build the Ektropy system so it looks like the world from the bottom. A program manager or product manager for instance, may not have a lot of financial management system experience so we tried to abstract the complexity away so you don’t need to be a Government finance expert to use Ektropy. Essentially, we wanted to make the user experience with Ektropy similar to the user experience with commercially available personal finance and budgeting software — simple — so they could focus on what they need without having to understand all of the different Government funding gates. We also looked at the capabilities the money folks were asking for and where it made sense, we added it in so they got some of what they need and everyone can use the same system.
There is a lot of TLC applied to how the data gets in to Ektropy and how often we ask for it so it’s become a monthly process, like in the commercial space, looking at people, positions and resources, considering risk management and expiring ATOs and privacy impact assessments.
How is DHA Preparing for Cyber Defenses as it Absorbs Responsibility?
Our approach to network modernization is called the Desktop to Data Center. Essentially, we’re transitioning the MHS to a single secure medical network, known as the Medical Community of Interest, with a single security context and a central cyber provider for the whole MHS. The Naval Information Warfare Center run out of Charleston is very good at what they do.
The technical enabler to our approach is zone architecture. By standardizing and adopting the same VLAN zones everywhere there is consistency that allows a pedigree of a medical device to be connected to certain VLANs throughout the system.
How do you Ensure the Security of Medical Devices?
Suppliers of medical devices are required to adhere to STIG guidelines and to meet RMF requirements. We document all communication that medical devices have with other devices and the network and have to be able to demonstrate that where there is risk that we are mitigating or accepting, there is a reason beneficial enough to be worth it. All of that, coupled with zone architecture and so on, means we are in a good place.
What are your Recommendations to Industry?
Industry needs to know that things take time. Physicians want products and technologies and industry wants to sell them, but it all takes time to go through the process, to ensure all of the documentation is in place so ensuring everything is there up front and then a bit of patience is key.
I get a lot of people spending a lot of time preparing to come to see me about things that I don’t own. I have my fingers in many things but I don’t have the scope people think I do so I also recommend people really understand who they’re going to see and what they own before they invest time setting up and preparing for a meeting.
Do You Have Anything More You’d Like to Add?
It’s important to keep in mind that DHA is responsible for fielding the IT infrastructure required to support MHS GENESIS. That means, to keep MHS GENESIS deployment on schedule, we need to complete Med-COI (Medical Community of Interest) installation by 1 October 2020. One of the long poles in the tent is migration activities needed at each site–moving servers and equipment from the old network to the new one–and the touch labor required to do that. Unfortunately, the MTFs do not have contracts in place to migrate proprietary equipment they’ve procured, and waiting for individual MTFs to put them in place takes too long. We are letting a single, centralized contract to provide the sites with the necessary support. We should have that vehicle in place before the end of this fiscal year.
About Thomas “Pat” Flanders
Mr. Flanders is the Chief Information Officer (CIO) and a Deputy Assistant Director for the Defense Health Agency (DHA). Mr. Flanders provides leadership for the continued development of an affordable, innovative, robust, and secure health information technology environment in support of the Combatant Commands, service members, veterans, and their families. Mr. Flanders is a computer scientist and Department of Defense (DoD) certified acquisition professional with nearly 29 years of system automation, personnel, finance, and logistics experience. Prior to joining the DHA, he served as the Deputy Program Executive Officer for Defense Healthcare Management Systems, the Senior Military Assistant to the Under Secretary of Defense for Acquisition, Technology and Logistics; and the Deputy Director of Investment for the United States Army.