Deficiencies in Infrastructure Readiness for Deploying VA’s New Electronic Health Record System

VA faces tremendous challenges modernizing its electronic health records system and connecting it to a similarly implemented Department of Defense (DoD) system to create a comprehensive, lifetime health record for service members. The VA Office of Inspector General (OIG) examined whether infrastructure-readiness activities were on schedule to support the modernization initiative, starting with the system’s initially scheduled deployment on March 28, 2020, at the Mann-Grandstaff VA Medical Center (VAMC) in Spokane, Washington. The OIG found that critical physical and information technology infrastructure upgrades had not been completed at Mann-Grandstaff and associated facilities six months before the specified system deployment date, as guidance suggested. Even as recently as January 8, 2020, some infrastructure updates had yet to be completed, jeopardizing the then planned March 28 deployment. In April 2020, VA postponed going live without specifying a new date. The lack of important upgrades jeopardizes VA’s ability to properly deploy the new system and increases risks of delays to the overall schedule. Some needed infrastructure upgrades were not projected to be completed until months after going live. Infrastructure upgrades were not completed at Mann-Grandstaff on time primarily because VA had not completed initial comprehensive site assessments, developed specifications for infrastructure with appropriate monitoring mechanisms, and lacked adequate staffing. VA committed to the March 28 date without having the necessary information on the state of the medical center’s infrastructure. The OIG also found security vulnerabilities with some of the physical infrastructure at the Mann-Grandstaff VAMC. Damage to that infrastructure from unauthorized access could lead to loss of connectivity. The OIG made eight recommendations, including establishing an infrastructure-readiness schedule for future deployment sites that incorporates lessons learned from DoD’s experience and ensures projected milestones are realistic and achievable. The OIG also recommended ensuring the physical security of electronic health records infrastructure.