The Technical Advisory Group, part of a broader effort to engage stakeholders and support FedRAMP processes related to delivering emerging technology solutions to assist agencies, will inform decision-making on the technical, strategic and operational direction of the government-wide compliance program, according to a GSA press release. 

“This group will help make FedRAMP a smarter and more technology-forward operation that better meets its goals of making it safe and easy for federal agencies to take full advantage of cloud services,” Eric Mill, GSA’s executive director for cloud strategy in Technology Transformation Services, said in the statement. 

Members of the inaugural group are: Laura Beaufort, technical lead with the Federal Election Commission; Paul Hirsch, technical lead with TTS; Michael Boyce, director of DHS’s AI Corps; Elizabeth Schweinsberg, senior technical adviser at CMS; Grant Dasher, architecture branch chief in the Cybersecurity and Infrastructure Security Agency’s Office of the Technical Director; Nicole Thompson, cybersecurity engineer with the Department of Defense’s Defense Digital Service; and Brian Turnau, cloud authorization program manager with GSA’s Office of the Chief Information Officer.

Laura Gerhardt, director of technology modernization and data in the Office of Management and Budget, said in a statement that “the TAG is well-positioned to provide valuable insights into streamlining processes, enhancing security postures and adapting to novel technology implementations so that agencies can leverage the full potential of FedRAMP.” 

GSA released a new roadmap for modernization efforts through the FedRAMP program in March and has since revealed a slew of other FedRAMP-related announcements.

The post GSA taps seven federal tech experts for new FedRAMP advisory group appeared first on FedScoop.

But with an aging workforce, occasional hiring freezes and an unyielding stream of work to manage, CMS’s financial leaders are turning to artificial intelligence to keep pace.

Joe Hong, director of CMS’s Division of Program and Data Management within its Financial Management Systems Group, said Wednesday during a Scoop News Group-produced UiPath public sector event that his office is running a large language model pilot that aims to “mitigate the loss of that institutional knowledge” while also “rapidly getting people up to speed.”

“With all of the potential generative AI and knowledge management, we’re working on a pilot … to basically give us precise, contextual-based answers,” Hong said during a panel discussion on empowering finance through AI and automation. “And it’s really … able to get information much sooner and stuff that’s credible and reliable.” 

In an interview with FedScoop after the panel, Hong noted that the Office of Financial Management is “not a public-facing program administering Medicare,” but it plays a critical behind-the-scenes role in helping others within CMS to process claims and ensure recipients receive proper benefits. 

“The best thing that we can do is equip the components that are more front-facing and getting them information, data reports that are much more accurate in a faster amount of time,” Hong said. “Therefore, they can make decisions quicker, and they can see what’s actually happening.”

Hong pointed to documentation on federally facilitated marketplaces as a “very technical” item that requires a bit of expertise to “translate” into “what does that mean for the accounting system.” Leveraging LLMs helps financial management staffers — especially those that are newer to the work — to “tie that together.” 

The pilot currently in use in Hong’s division is Meta’s Llama 2, described as “the next generation” of the tech giant’s open-source large language model. Hong said he’s preached an “LLM-agnostic” philosophy, noting that it doesn’t make sense to “be married to a specific LLM” when those systems are becoming more complex and capable by the day. But so far, Llama 2 has been successful thanks to CMS partners “providing solutions that give [the office] that flexibility.”

The Office of Financial Management workforce has quickly demonstrated a desire to “embrace” the technology, Hong said during the panel, and his CMS division “is inviting people to lead teams, bring the problems that they’re trying to solve, and give them the tools and the flexibility to work through them.”

Figuring out how best to utilize AI systems to support agency work will only become more crucial for federal financial staffers going forward, Hong added after the panel. 

“We don’t see AI or automation eliminating jobs,” Hong said. “It’s only going to create jobs because the work doesn’t go away, right? We just take on more complex problems.”

The post CMS’s financial office is using LLM pilot to combat loss of institutional knowledge appeared first on FedScoop.

Uppal is currently leading CMS’s Office of Information Technology and serves as its acting CIO, the agency said in a Wednesday release. He will join the IRS in early 2024, replacing Nancy Sieger, who left in March.

“This is a historic time for the IRS as our transformation efforts continue accelerating, and Rajiv brings a strong background to help our agency continue to modernize and work to provide better technology to support taxpayer service and tax enforcement,” IRS Commissioner Danny Werfel said in a statement in a release from the agency Wednesday.

Uppal has more than 25 years of IT experience in both the public and private sectors. According to the release, Uppal’s experience at CMS includes areas that are a priority for the IRS, like security, privacy, enterprise architecture, and IT investment planning. 

Before joining CMS, Uppal was part of the U.S. Digital Service team at the Department of Homeland Security. There, he worked on “transformation initiatives such as the Trusted Traveler and Single Window projects,” according to his CMS biography page.

Uppal worked in the private sector earlier in his career, including co-founding the company NeuVis, which was acquired by IBM, serving as president and chief technology officer of retail technology company Retail Optimization, and working as senior director of product development for software development company Revionics.

Since Sieger left the IRS as its CIO earlier this year to be chief technology officer for the Treasury Department, there have been several personnel who’ve shifted in and out of that role. Treasury Deputy CIO Jeff King took on a detail as IRS CIO for 90 days before returning back to the larger department in June. Since then, Kaschit Pandya has assumed the role of interim CIO.

The post CMS’s Rajiv Uppal to take on CIO role at IRS appeared first on FedScoop.

During a panel at FedScoop’s FedTalks on Thursday, industry leaders and government officials spoke about cybersecurity and the current challenges they face in creating a secure federal IT infrastructure as networks and the technologies they employ become more and more complex.

As CISOs and other IT professionals look to bolster the cybersecurity of their agencies, the success of those efforts depends on how responsive the security is, the people involved and the process of establishing guardrails, the experts said.

To account for this, the panelists referenced solutions rooted in new, emerging technologies that companies and agencies are employing, like automation and artificial intelligence, specifically within network management. 

Robert Wood, CISO for Centers for Medicare and Medicaid Services, said his agency is “sprawling with diverse technology.” And while that can create new opportunities, it can also come with new challenges, he said.

“There’s a bunch of technology that isn’t going to be potentially aligned with these market solutions,” Wood said. “We don’t want to put square pegs in round holes. So that’s been probably the biggest challenge that we’ve had.”

Implementing technology to have a real-time response to online threats can be challenging to do throughout a large agency or business. John Davis, vice president of Palo Alto and a retired U.S. Army major, said that the complexity of emerging technology added to the challenge of securing an enterprise environment. 

“To be able to see and stop a threat along that process before, to achieve the goal becomes a very complicated issue in this complex, enterprise environment,” Davis said. “What’s happened is (these) disparate pieces prevent you, as a cybersecurity professional, from seeing that threat across the attack process.”

The post Federal cybersecurity is challenged and strengthened by emerging technology appeared first on FedScoop.

The Department of Health and Human Services (HHS) agency said in a statement Friday it is working with the Reston, Virginia-headquartered company to notify by letter any individuals who may have been affected by the breach.

“The Department of Health and Human Services (HHS) and the Centers for Medicare & Medicaid Services (CMS) have responded to a May 2023 data breach in Progress Software’s MOVEit Transfer software on the corporate network of Maximus Federal Services, Inc. ), a contractor to the Medicare program, that involved Medicare beneficiaries’ personally identifiable information (PII) and/or protected health information (PHI),” CMS said.

The agency’s statement comes after Maximus in a Wednesday SEC filing revealed that its corporate network was affected by the MOVEit ransomware attack, discovered in May, and that between 8 million and 11 million individuals may have had their information compromised.

In response to the incident, CMS and Maximus are sending letters to any Medicare recipients whose information may have been compromised and will offer free-of-charge credit monitoring services for 24 months.

No CMS or HHS IT systems were compromised as a result of the cyberattack.

Maximus is one of hundreds of private and public sector entities that have so far been affected by the MOVEit ransomware attack, which targeted customers of Progress Software’s file transfer tool.

Other companies compromised include energy giant Shell and U.S.-based First Merchants Bank. Cybersecurity company Telos, which provides services to the Department of Defense and the Department of State, has also been affected.

A Maximus spokesperson told FedScoop in a statement that “[d]ata privacy and security are among our top priorities, and we are committed to protecting the data entrusted to us.”

“On May 31, Progress Software Corporation announced a critical security vulnerability in MOVEit, their managed file transfer software, which is used by many companies, including Maximus. We quickly took measures to respond to the situation and are thoroughly investigating the issue,” the statement continued. “To be clear, we have not identified any impact from the MOVEit vulnerability on other parts of our corporate network and remain confident in the integrity of the network.”

The company added: “We have been working with the subset of our customers who were using MOVEit as part of their workflows and continue to provide updates and support to them as our investigation proceeds. We continue to closely monitor our systems for any unusual activity.”

The post Maximus data breach may have exposed information of 612,000 Medicare recipients, CMS says appeared first on FedScoop.

While this proposed rule has received less attention, the inclusion of algorithms represents an important example of how Biden administration regulators are hoping to rein in AI. ONC wants to get that final rule out as soon as possible, “perhaps as early as later this year,” an ONC spokesman said in an email.

The proposal — the comment period closed earlier this month — would require electronic health record systems using predictive tools like AI and algorithms to provide users with information about how that technology works, including a description of the data it uses. That would add to a certification process already overseen by ONC.

“The idea is that you should have a standardized nutrition label for an algorithm,” Micky Tripathi, who leads the health IT division housed within the U.S. Department of Health and Human Services, said in an interview with FedScoop.

ONC’s certification program for health IT — which includes electronic health record technologies — is voluntary. It’s incentivized, however, by requirements that hospitals and physicians use certified systems when participating in certain Centers for Medicare and Medicaid Services payment programs.

While ONC hopes that more transparency will help avoid unintended consequences of algorithmic bias, the rule has received some pushback from medical professionals, health IT companies, and associations for both not going far enough and being too hard to comply with. The division will next review those comments and work on finalizing the rule.

The AI and algorithm requirements are part of ONC’s proposed rule titled “Health Data, Technology, and Interoperability: Certification Program Updates, Algorithm Transparency, and Information Sharing” (HTI-1), which includes a variety of updates for the division’s Health IT Certification Program.

Specifically, the artificial intelligence portion of the rule would build upon its existing certification requirements for clinical decision support (CDS) systems by defining a new category for predictive tools, which includes AI and algorithms. 

Artificial intelligence presents “a whole new dimension in this area of clinical decision support,” Tripathi said. There are things about AI that are “fundamentally different” and require ONC to again weigh in on how these technologies are incorporated into electronic health records systems, he explained.

ONC doesn’t want to be in the position of telling people they can’t use a particular algorithm, Tripathi said, which is why it’s pointing to transparency as a way to help people “navigate” the technology.

For example, Tripathi said, a user in San Juan, Puerto Rico, might learn that an algorithm in an electronic health record system was trained on data from the Mayo Clinic in Minnesota and question whether that would be appropriate for their patient population. 

ONC’s emerging approach to AI regulation has won support from a variety of healthcare industry stakeholders, public comments revealed. For example, the College of American Pathologists — a nonprofit with thousands of members — has said that more information about the datasets AI systems are trained on would boost transparency, and also help pathologists with their “AI-related responsibilities.”

Ron Wyatt, the chief scientist and medical officer at the Society to Improve Diagnosis in Medicine, said the rule didn’t go far enough, and argued that the information that’s made available to “end users,” like health systems and patients, should also be shared in the public domain — so that it’s “exposed to the expert academic research and developer communities that now are sensitized” to the problems with using AI in healthcare. 

Unsurprisingly, there’s also been pushback. The HIMSS Electronic Record Association, on behalf of 30 companies, has suggested that ONC’s requirements for “decision support interventions” would be hard for electronic health record developers to implement, since — they argue — these tools are often created by third parties. 

The American College of Cardiology, a nonprofit association that credentials cardiovascular professionals, said the algorithms proposal was “overly broad,” could potentially cover “thousands of technology solutions utilized in health care,” and may also be confusing for clinicians dealing with software that’s defined differently by other agencies. 

It’s not yet clear how ONC will incorporate this feedback. Still, the proposal and the feedback it received show the mounting effort to regulate AI across the Biden administration. 

The Office of Science and Technology Policy, for example, has emphasized fighting algorithmic discrimination in the Blueprint for an AI Bill of Rights, which was released in October. The Department of Justice and the Department of Housing and Urban Development have looked at algorithmic bias in systems used to screen tenant applications. Senator Charles Schumer highlighted fighting bias in the SAFE Innovation Framework he introduced earlier this month. 

ONC’s own work on artificial intelligence isn’t limited to the proposed rule. Separately, Tripathi said the ONC is working on the department’s broader efforts to develop AI regulatory strategies and is exploring how to make sure a type of application programming interface (API) used for healthcare interoperability — known as Fast Healthcare Interoperability Resources (FHIR) — is able to interact with AI. 

“As ONC, and as the HHS, and as the federal government, we want to balance the ability to allow us to continue to have innovation in a really — what we recognize is — a really important space that could offer tremendous benefit at the end of the day,” Tripathi said.

The post Regulations to govern use of AI in health records could come later this year appeared first on FedScoop.

In its 13th annual duplication and cost savings report, GAO identified 100 new matters and recommendations in 35 new topic areas for Congress or federal agencies to improve the efficiency and effectiveness of government. Some of the biggest potential savings identified in the report come from improvements to Medicare payments within the Department of Health and Human Services (HHS), nuclear waste disposal within the Energy Department, Navy shipbuilding, and IRS enforcement efforts.

“Congressional and agency action in these areas has yielded about $600 billion in cost savings and revenue increases. Addressing remaining matters and recommendations could save tens of billions more dollars and improve government services,” the GAO said in a summary of its report released this week.

The GAO issues annual reports on federal programs, agencies, offices, and initiatives that have duplicative goals or activities and also identifies additional opportunities for greater efficiency and effectiveness that could result in cost savings or enhanced revenue collection.

Fragmentation refers to instances when more than one federal agency (or more than one organization within an agency) is involved in the same broad mission and opportunities exist to improve service delivery and efficiency.  

Overlap occurs when multiple agencies or programs have similar goals, engage in similar activities or strategies to achieve them, or target similar beneficiaries. 

Duplication is when two or more agencies or government programs are engaged in the same activities or provide the same service to the same beneficiaries.

Some of the largest areas of financial benefit to the federal government and taxpayers from the GAO report include:

• Medicare Payments by Place of Service: Congress should consider directing the Secretary of HHS to equalize payment rates between settings for evaluation and management office visits and other services that the secretary deems appropriate, which could create financial benefits of $141 billion over 10 years, per Congressional Budget Office (CBO) data.
• Nuclear Waste Disposal: The Department of Energy may be able to reduce certain risks by adopting alternative approaches to treating a portion of its low-activity radioactive waste and create tens of billions of dollars in financial benefits in the process, per GAO data.
• Navy Shipbuilding: The U.S. Navy could improve its acquisition practices and take steps to ensure ships can be efficiently sustained and create financial benefits of billions of dollars, GAO data showed.
• Medicare Advantage: The Centers for Medicare & Medicaid Services could better adjust payments for differences between Medicare Advantage plans and traditional Medicare providers in the reporting of beneficiary diagnoses and create financial benefits of billions of dollars, per MedPAC data.
• Internal Revenue Service Enforcement Efforts: Enhancing the IRS’s enforcement and service capabilities can help reduce the gap between taxes owed and paid by collecting tax revenue and facilitating voluntary compliance. This could include expanding third-party information reporting, which could save billions of dollars, per Joint Committee on Taxation data.
• Congress could reauthorize the First Responder Network Authority by 2027 to ensure the continuity of the public-safety broadband network and collection of potential revenues of billions of dollars over 15 years, the report states.
• Foreign Military Sales Administrative Account: Congress should consider redefining what can be considered an allowable expense to be charged from the administrative account of the Defense Department which could create financial benefits of tens of millions of dollars annually, per GAO data.

The new additions to the report fall on top of the 1,885 that GAO has identified in prior reports. Of those, Congress and agencies have fully addressed 1,239 — about 66 % — of those existing items.

The post Government could save over $100B by reducing big overlaps, duplications, watchdog finds appeared first on FedScoop.

In a press release Monday, the company said it has named Amy Davis as senior vice president and chief security officer.

Most recently, Davis was deputy chief of the National Security Agency’s Office of Security and Counterintelligence, leading a team responsible for protecting civilian, military and contractor personnel around the world. Her two-decade career at the agency included appointments that focused on insider risk, emerging threats, physical security and crisis management.

In the new role, Davis will be responsible for leading, managing and directing Leidos’ corporate security division. She will also oversee the company’s compliance with U.S. and foreign government national security standards.

Commenting on the appointment, Leidos Executive Vice President of Corporate Operations Vicki Schmanske said: “As a career intelligence officer, Amy brings a wealth of experience and skills from the highest levels of the federal government. We’re excited to leverage Amy’s ability to combine strategy with innovative capabilities and support our customers with exceptional service to execute their missions in a secure environment.”

Her appointment follows that of longtime federal IT leader Bobby Saxon, who in January left government service to join Leidos as a vice president focused on customer advocacy. He was most recently deputy CIO at the Centers for Medicare and Medicaid Services.

The post Leidos names former NSA executive as chief security officer appeared first on FedScoop.

In a quarterly update on progress with the President’s Management Agenda, the Office of Management and Budget set out details of the two programs, which are intended to advance the Biden administration’s customer experience agenda.

Details of the two projects come after the White House in March launched nine “life experience projects” that are intended to improve citizens’ access to government websites and services through human-centered design.

To streamline access to Medicare for citizens over the age of 65, the Social Security Administration and the Centers for Medicare and Medicaid Services at the Department of Health and Human Services are working to improve the experience of accessing content and information on the SSA.gov and Medicare.gov websites. In order to do this, the agencies are conducting user research to inform the design of user website journeys and work to reduce the time it takes for applications to be approved.

As part of the second project on disaster assistance, the Federal Emergency Management Agency, the Small Business Administration, the Department of Housing and Urban Development, the U.S. Department of Agriculture and HHS are working to streamline the individual assistance regulation process that citizens must complete when disaster strikes, along with SBA’s disaster loan application.

Key deliverables that the agencies are looking to complete for this project during 2023 include updating relevant computer matching agreements to ensure FEMA and SBA can share data about citizens’ applications, building a new disasterassistance.gov intake application process, and establishing a new disaster loan application process for disaster survivors on mySBA.gov.

Each quarter, OMB issues an update on progress made with the President’s Management Agenda, which is used by IT leaders and other C-suite executives at federal departments to help set key strategic priorities.

The final draft of the Biden administration’s PMA, which was published in September, centered on helping agencies undertake cross-agency projects to improve American citizens’ experience of government services during pivotal life moments.

Recent projects announced as part of this program, for example, include building a trauma-informed care approach for natural disasters, providing newborn supplies and text message-based updates about critical services for low-income families with young children, and a new digital pathway for helping service members to find individualized support.

The post White House reveals two new ‘life experience’ CX projects appeared first on FedScoop.

In a missive sent Monday, senior lawmakers requested documentation including agency communications about the ransomware attack and communications related to notifying congressional committees of the breach.

The Centers for Medicare and Medicaid Services concluded on Oct. 18 that the incident had potentially resulted in the compromise of Medicare enrollee data. However, details of the cyberattack, which hit subcontractor Healthcare Management Solutions, were not made public until mid-December.

According to lawmakers, Congress was not notified about the incident until Dec. 1.

Under the Federal Information Security Modernization Act of 2014, federal government agencies are required to notify Congress about major cybersecurity incidents within seven days of discovery.

Details of Medicare beneficiaries that were exposed during the incident included names, addresses, dates of birth, phone numbers, social security numbers and Medicare Beneficiary Identifiers.

In addition, CMS determined that the breach may have exposed sensitive banking information including routing and account numbers. Medicare entitlement, enrollment and premium information were also potentially compromised.

In the letter, which was addressed to CMS Administrator Chiquita Brooks-LaSure, the lawmakers said: “After becoming aware of a major data breach and potential exposure of Medicare beneficiaries’ personal information, it took CMS two months to determine that the data breach constituted a “major incident” as defined in the Federal Information Security Modernization Act (FISMA).”

“To assist our investigation the into this major incident and the response by CMS, please provide the following documents and communications … no later than April 3, 2023,” lawmakers added in the missive.

As with the Office of Personnel Management cybersecurity breach that occurred in 2015, affected beneficiaries have been advised to contact their financial institutions and to enroll in credit monitoring services that will be provided by the federal government agency free of charge.

The letter was signed by House Committee on Oversight and Accountability Chairman Rep. James Comer, R-Ky., and House Committee on Energy and Commerce Chair Rep. Cathy McMorris Rodgers, R-Wash. 

The post GOP lawmakers want additional details on CMS subcontractor breach timeline appeared first on FedScoop.