Despite recent years’ numerous oversight hearings on Capitol Hill and a yearly IT budget of over $4 billion, the Department of Veterans Affairs continues to be plagued by lacking IT processes and weak cybersecurity management, reveals a new Government Accountability Office review.
In a new report released yesterday, GAO highlighted VA’s “limited progress” in tackling its IT system modernization challenges. Although GAO said it has made “numerous” recommendations on how the agency can address its shortcomings, VA has failed to implement most of them.
For starters, VA lacks a defined governance plan for the Electronic Health Record Modernization, the agency’s most recent effort to update its health information system.
GAO also determined the IT system that supports VA’s Family Caregiver Program wasn’t effective. Because of the limitations of the system, the program office was unable to monitor workload problems caused by the program. Finally, VA’s Veterans Benefits Management System doesn’t fully support disability and pension claims or appeals processing.
VA also struggles with its management of cybersecurity, which GAO says is missing vital aspects. In 2016, GAO reported that VA had set up numerous security controls, but didn’t adopt key elements of its information security program. In addition, as GAO noted in March 2019, VA had not accurately categorized positions to effectively identify critical staffing needs for its cybersecurity workforce. VA only implemented three of six cybersecurity-related recommendations from these two reports, GAO said in its April 2 review.