Ipiotis said Tuesday at the AFCEA Bethesda Health IT Summit that potentially lifesaving insights often remain untapped because of the length of time it takes staff and agencies to become comfortable with sharing certain assets.

“When it comes to data collaboration, there are a lot of challenges,” he said. “We talked about the different systems and the silos, the security practices around the systems, privacy … [b]ut the biggest issue of all is the feeling of risk.”

Ipiotis added: “When somebody is asked to share data with someone else, the first thing they are thinking is ‘this is a very daunting process.’ It typically takes months. In fact, when you start drafting a data-sharing agreement with another agency, I would say that more than half die in the process. Because by the time the agreement is signed, the need is not there anymore.”

According to Ipiotis, a key aspect of the challenge is addressing concerns about liability felt by employees spearheading programs that involve the sharing of datasets. Currently, the risks often outweigh the potential rewards for staff.

The technology leader cited HHS’ COVID-19 surveillance program, HHS Protect, which he said was in part successful because giving employees across all HHS agencies visibility of the same data allowed the agency to achieve maximum benefit from the program.

While HHS Protect sustained some criticism over cybersecurity concerns with the COVID-19 data tracking program, it was launched in just two weeks and gave federal officials access to real-time data where previously none existed.

“There is, in the government, more risk than reward [when it comes to sharing data]. What I’m trying to do within the department is to create those different mental HHS data worlds pretty much to entice people to take the leap forward,” Ipiotis said. “Right now, there are more consequences if something goes wrong than if something goes right, and we have to reverse that relationship. You have to recognize people for doing the right thing.”

The post HHS chief data officer: Federal employees face outsized barriers to data sharing appeared first on FedScoop.

A couple networks are live, and the Office of the National Coordinator for Health IT hopes the first group — among 12 entities that submitted letters of intent — will be officially designated qualified health information networks (QHINs) in early 2023.

Part of the Department of Health and Human Services, ONC published a framework in January for exchanging health information nationwide: the Trusted Exchange Framework and Common Agreement (TEFCA). Required by the 21st Century Cures Act, the framework provides non-binding principles and the agreement technical terms, and now it falls to ONC’s recognized coordinating entity, The Sequoia Project, to approve interoperable QHINs.

“What we’ve heard informally from a number of the prospective QHINs is that they are building in anticipation of getting approved,” Tripathi said, during eHealth Exchange’s annual meeting on Dec. 15. “They think that they would have a pretty good opportunity to do this in the 12-month window and hopefully shorter than that with some of them.”

QHINs will be added on a rolling basis to include electronic health record (EHR) vendors, ambulatory practices, hospitals, health centers, federal and public health agencies, and payers. Epic Systems became the first EHR vendor to announce it would seek QHIN status in August and was later joined by the likes of the eHealth Exchange network and trade association CommonWell Health Alliance.

How TEFCA coexists with other exchanges when it comes to benefits determinations, health care operations, treatment, payment and individual access remains to be seen. But scaling TEFCA will be the “real challenge” and one for which incorporating the Health Level Seven (HL7) Fast Healthcare Interoperability Resource (FHIR) data standard will be key, Tripathi said.

FHIR application programming interfaces streamline health information exchange by eliminating the need for separate data use agreements, and eventually they’ll enable questionnaires, scheduling, links, Clinical Decision Support hooks and subscriptions. That’s why there are already federal deadlines in place for their steady adoption across the public health ecosystem, but QHIN-to-QHIN brokered exchange remains years away.

By the end of 2022, certified EHR vendors must make a FHIR API available to customers.

HL7’s Helious FHIR Accelerator aims to improve the exchange of situational awareness information on hospital and intensive care unit beds available, ventilator counts, personal protective equipment counts, and vaccinations. The HHS Protect system launched during the height of the COVID-19 pandemic provides a lot of that information right now.

“But it’s done via spreadsheets,” Tripathi told FedScoop in July. “A lot of manual work is still done to populate that now.”

The government has spent about $40 billion on EHR infrastructure since the passage of the Health IT for Economic and Clinical Health (HITECH) Act in 2009. Yet clinical operations and health payment systems remain largely rooted in paper because states — most of which still don’t require electronic case reporting — have health authority in the U.S.

Jurisdictional issues and scarce resources are some reasons why about 30% of U.S. hospitals still don’t connect to a health information network, Tripathi said Dec. 15.

Naturally issues with case reports, lab and testing results, and vital records arose early in the pandemic, when they were often being shared by phone or fax.

For all these reasons the Centers for Disease Control and Prevention launched its Data Modernization Initiative (DMI) in 2020 to streamline sharing of electronic health information between care providers and state, local, tribal and territorial (SLTT) health departments. 

The DMI’s first phase has involved getting data from electronic sources into a Microsoft Azure cloud environment, called the Enterprise Data Analytics and Visualization (EDAV) platform, while providing SLTT health departments with automated forecasting analytics tools.

Data standardization is key to improving information sharing between these systems, which is why ONC is working closely with the CDC on its North Star Architecture. The U.S. Core Data for Interoperability (USCDI) Version 4 (v4) that ONC has planned for 2023 will become the de facto minimum set of health data classes and elements for nationwide, interoperable information exchange.

At the same time ONC is developing USCDI+, a nationwide public health data model, for release beyond 2023. Discussions with the CDC and Centers for Medicare and Medicaid Services revealed more than 20 data elements that overlapped, allowing the agencies to agree on a common approach.

ONC is now speaking with the White House Office of Science and Technology Policy and the National Institutes of Health about tailoring a USCDI+ program for President Biden’s Cancer Moonshot program.

EHR vendors support TEFCA and the DMI because they’ll be able to maintain just one customer interface, rather than hundreds to meet the various jurisdictional requirements of SLTT health departments, Tripathi said in July.

Phase I of the DMI is also improving the CDC’s situational awareness, which is based on the Data Collation and Integration for Public Health Event Response (DCIPHER) platform — originally intended to track food-borne diseases. DCIPHER gave rise to HHS Protect and has since had hospital capacity, social vulnerability, mobility, race and ethnicity, social determinants of health, economic, two-on-one, and climate data layered atop it as part of the new Center for Forecasting and Outbreak Analytics’ work, Dr. Dan Jernigan, deputy director for public health science and surveillance, told FedScoop in August.

The center can already do weekly influenza and some Mpox forecasting and has visibility into emerging problems at about 70% of emergency departments.

“To see a fully formed prediction center, it’s going to be a couple years,” Jernigan said. “The numbers of staff that are in the Center for Forecasting right now are in the tens to thirties, but it is anticipated to be a much larger group.”

As part of DMI Phase I, 128 reportable diseases now automatically trigger EHR electronic case reporting, which is routed to the Association of Public Health Laboratories-APHL Informatics Messaging Services (APHL-AIMS) cloud platform and then SLTT health departments. Electronic case reporting increased from 187 facilities pre-pandemic to more than 14,000, more than 30 of which turned on Monkeypox reporting.

While the effort highlights the CDC’s move toward pathogen- and program-agnostic systems through its DMI, electronic case reporting continues to fall short.

“It’s not nearly the volume that we need it to be,” Tripathi said in July. “But at least we’re starting to set up those pathways.”

At the same time the DMI has seen “dramatic improvements” in COVID-19 reporting across immunization information systems (IISs), he added.

IISs were slow to take adult COVID-19 vaccination information, but now they accept line-listed records using privacy-preserving record linkage — even for Monkeypox.

The CDC recently revised its DMI implementation plan, and Phase 2 will focus on improving state health departments’ cloud infrastructure and update the National Electronic Disease Surveillance System (NEDSS) Base System (NBS) that 26 states use for case management.

Cloud migration allows doctors like Phil Huang, director of Dallas Health and Human Services, to match immunization, lab and death records to know if a patient who passed away tested positive for COVID-19 and was vaccinated. 

“That ability to put that data together and integrate it with other kinds of information, even down to the neighborhood level, helps him do his prevention work and his mitigation work in a much more targeted way,” Jernigan. 

CDC proposed the DMI receive about $200 million in fiscal 2023 to continue its “incremental” progress, but the Healthcare Information and Management Systems Society estimated the initiative needs $33 billion over the next 10 years to be successful, he added.

Meanwhile ONC, unable to enforce TEFCA, is working with federal partners to highlight the need for network-to-network interoperability and hoping its rollout leads outside providers to question why they’re still faxing records.

“We were given no dollars and no new authorities to do this,” Tripathi said.

The post HHS, health information networks expect rollout of trusted data exchange next year: Micky Tripathi appeared first on FedScoop.

Running five years, the contract unites the Palantir-driven Health and Human Services (HHS) Protect, Administration for Strategic Preparedness and Response (ASPR) Engage, Tiberius and DCIPHER programs into what the CDC is calling its Common Operating Picture.

The CDC contracted Palantir to launch the public health infrastructure programs during the height of the pandemic, and the new Common Operating Picture approach will allow for long-term, interagency planning and operational consistency around outbreak and incident preparedness.

“There’s no way Palantir could do what we’re doing in this space without a really deep emphasis on partnership and interoperability, not only with our federal partners but with other technology systems and the other key players in the public health technology landscape,” Hirsh Jain, head of public health federal at Palantir, told FedScoop in an exclusive interview. “By definition a Common Operating Picture really requires that level of engagement with other systems and other entities.”

The Common Operating Picture allows Palantir to scale its modular technology beyond the specifics of COVID-19 for more generalized public health response to diseases like Monkeypox and respiratory syncytial virus (RSV).

Beneficiaries include federal agencies, jurisdictional health departments and industry partners, which rely on the Common Operating Picture for disease surveillance, outbreak preparedness and response, and supply chain visibility and management.

“Every platform is being used for use cases and mission areas beyond COVID,” Jain said. “The underlying modules were configured in a way that allows for pretty immediate expansion beyond COVID and reusability across that broader space of diseases.”

The National Wastewater Surveillance System uses Palantir software for wastewater genomics, while the Predict Division within the CDC’s new Center for Forecasting and Outbreak Analytics is embarking on an “ambitious” effort to deploy models and analytics addressing critical needs as they arise, Jain said.

Advances in such work are more likely given the length of the Common Operating Picture contract.

“We’re really excited about the 5-year commitment here, knowing what the last five years have been like,” Jain said. “Having long-term preparedness and public health response infrastructure in place is so critical, and this gives Palantir the place to support CDC and the broader public health ecosystem in delivering that.”

The post CDC awards Palantir consolidated disease surveillance contract worth $443M appeared first on FedScoop.

In an interview with FedScoop, José Arrieta said that attackers were waiting for the agency to lower its perimeter firewall and clear its cache — because the network was backloaded with about 50 million packets slowing it down — to access the department’s network.

HHS was hit with a serious DDOS-style attack on March 15, 2020, as malicious actors sought to take advantage of the agency’s pandemic move to full telework to infiltrate its network.

“And when we did [lower the firewall] they were trying to embed themselves in the HHS network so that, when we went on full-on telework, they could exfiltrate data,” Arrieta told FedScoop. “And we would have no visibility or understanding if it was normal telework or whether it was an enemy combatant that was actually trying to steal data.”

According to Arrietta, HHS’ network remained functional because the agency had already upgraded its firewalls, Trusted Internet Connections capacity at multiple locations, server capacity and Virtual Private Network capability for telework.

Scanning attacks are used to gather network information ahead of sophisticated cyberattacks. Commonly used scanning techniques to gather computer network information include IP address scanning, port scanning and version scanning.

Additional details about the cyber threat faced by HHS at the height of the coronavirus pandemic come after multiple former senior officials challenged key findings of a quashed watchdog report into the cybersecurity of COVID-19 data analysis systems launched at that time.

Officials speaking to this publication said that the report, which was rescinded last month by the HHS inspector general, failed to take into account the speed at which agency leaders were having to respond to the situation, the lack of available high-quality data, and the cybersecurity measures the CIO’s office implemented in light of the March 15 attack.

Two officials briefed on the investigation refuted its findings, saying the functions provided by the technology to senior medical decision makers in a short time period outweighed any potential cyber risks.

HHS did not respond to a request for comment.

The post Ex-HHS CIO says agency was hit with over 8 billion scanning efforts during March 2020 DDOS-style attack appeared first on FedScoop.

HHS’ inspector general on Aug. 24 quashed the report, which investigated the launch of COVID-19 data collection and analysis technology without authorizations to operate (ATOs) accepting relevant security risks.

Two officials briefed on the investigation refuted its findings, saying the functions provided by the technology to senior medical decision makers in a short time period outweighed any potential cyber risks.

Details of the quashed investigation were obtained by FedScoop last month through a Freedom of Information Act request. The existence of the report was reported earlier today by The Washington Post.

The investigation probed the launch of the agency’s governmentwide COVID-19 data analysis system HHS Protect, which was set up in just nine days. It also focused on a hospital data collection function provided by TeleTracking Technologies, Inc.

Former HHS Chief Information Officer José Arrieta in an interview told FedScoop the contracts were crucial to the agency’s COVID-19 response efforts and said operation without ATO is contractually permissible as long as there is a stated period of time within which to resolve any lingering issues identified.

“The employees that worked on this did an unbelievable job securing the system within the fractured policy rules and regulations that dominate the cybersecurity marketplace, in the wake of the largest cybersecurity attack on an individual agency in the history of the nation,” Arrieta said.

A second former official with direct knowledge of the data contracts said they were critical in giving HHS leadership the data needed to make decisions at speed during the height of the pandemic and challenged cybersecurity concerns raised in the IG report.

Speaking with FedScoop, that official added that the fact TeleTracking’s contract was renewed indicates the value that was provided to the agency at the time.  

HHS renewed TeleTracking’s contract in October 2020, and it was renewed for a second time under the new Biden administration in March 2021. The former Administration for Strategic Preparedness and Response official said this was validation that the product was serving medical professionals well. HHS does not plan to renew its contract with TeleTracking when it expires in December, meaning hospital data collection will revert to the CDC, Bloomberg reported in August.

In addition, a third former HHS official with knowledge of frontline operations told FedScoop that the contracts had allowed HHS to distribute lifesaving drugs quickly and equitably at the height of the pandemic.

“There was a void in data collection and reporting,” the former HHS official said. “There was not a national, real-time system in which to know how many hospital beds were taken up by COVID patients, where people were and how sick they were — as measured by intensive care unit (ICU) status or not.”

The official added that the data reporting structure provided at the time by the CDC’s National Healthcare Safety Network was “inadequate to the task at hand”.

HHS Protect was crucial, the third official added, because its more complete data allowed patient cases to be separated into confirmed or suspected and ICU and non-ICU categories. This in turn proved “irreplaceable” in distributing scarce remdesivir, an in-patient medicine, more equitably, the official said.

ATOs are the official management decision given by senior government officials to authorize operation of an information system on behalf of a federal agency. Such a designation explicitly accepts the risk of operating a commercial product within a government department’s systems.

Despite rescinding the report, it is understood that a follow-up audit of security compliance surrounding the portal’s launch is still being planned for tentative completion in fiscal 2023.

An HHS IG spokesperson said: “HHS OIG is an independent, objective oversight agency. We conduct oversight of HHS programs to help reduce waste, abuse and mismanagement and promote economy and efficiency throughout HHS.”

The CDC did not respond to a request for comment.

The post Former HHS officials challenge findings of rescinded watchdog investigation into COVID-19 data systems appeared first on FedScoop.

In addition to the new appointment, he takes up the role of president of Dalrada’s subsidiary Dalrada Technologies.

Arrieta was CIO and chief data officer of HHS between May 2019 and September 2020, and previously held technology leadership roles at other federal agencies including the departments of Treasury and Homeland Security.

While at HHS he led the strategy and technology investments of the agency’s $6.3 billion technology portfolio, including during the COVID-19 pandemic. He was responsible for the launch of the HHS Protect, which facilitated the collection of more than 200 data sets from every state and territory, 6,146 hospitals, commercial and public health labs and 80% of private hospital labs.

Since leaving the federal government, Arrieta has led his own company, imagineeer, which provides development services for data ownership and digital twinning technology, including in the Metaverse.

He takes on the new post in addition to his current role as a member of the board and an adviser for Dalrada Energy Services.

Commenting on the appointment, Arrieta said: “I’m looking forward to contributing to the company’s efforts to disrupt existing business models utilizing technologies and strategies that support business growth and improve efficiencies.”

The post Former HHS CIO Jose Arrieta takes up new private sector role appeared first on FedScoop.

According to consultants and nonprofits canvassed, the responsibilities of CDOs expanded as the COVID-19 pandemic spread across the U.S. during early 2020, to include leading the flexible use of previously untapped data and working to establish a culture in which experimental data dashboards were used to help coordinate teleworking staff.

CDOs were also presented with the harder-to-grasp challenge of influencing department culture from behind their computer screen.

“[W]hile the role of the CDO was always important, the pandemic has highlighted just how important having a chief data officer managing and governing data across the federal agencies really is in practice,” said Nick Hart, president of the Data Foundation, a nonprofit that works closely with CDOs.

Hart continued: “[E]verything [during the pandemic] was happening at lightning speed, we were no longer in a position to wait a year for new data collection that could be linked to other government data sources, or even private-sector data sources.”

Agencies pulled together datasets at extraordinary speed to launch programs, such as the separate Department of Health and Human Services’ Protect Public Data Hub and Centers for Disease Control and Prevention COVID Data Tracker. Speaking at an event earlier this year, Kevin Duvall, acting chief data officer at the Department for Health and Human Services, described the challenge, saying the agency got “more comfortable” with datasets and the quality of data over time.

CDOs at pace had to consider a raft of ethical concerns, including how datasets might be used by lawmakers – and the way in which publication of such data might be viewed by teams internally.

“Collaboration between data visualization staff and software engineering teams really only happens if there is trust and knowledge that if any data is put out there [staff] will have the chance to validate it,” Grant Thornton public sector manager Tracy Jones told FedScoop.

“Other agencies I work at have very public-facing websites and public-facing data, and there are concerns on that front: Do agencies want to put data out there that constituents and policymakers at a higher level are going to be looking at?” Jones added.

Under a data ethics framework published in late 2020 as part of the Federal Data Strategy, agency data leaders are expected to understand and disclose any known limitations, defects, or biases — a challenge that CDOs had to embrace while working to respond to huge demands from their agency leaders and lawmakers.

According to Jones, one of the only ways to overcome internal concerns between teams over the publication of datasets is to foster a high level of communication. “You always want to understand: What is this data, how is it going to be used?”

In addition, the advocate role of the CDO — the ability to take staff on a journey towards the more effective deployment of data — also came under pressure during the pandemic, according to Jeff Lawton, Grant Thornton’s lead for enterprise information management solutions.

“I think that COVID has essentially hamstrung their ability to some degree, where they can’t use the full power of their charisma, their charm — because that’s part of the CDO position to get people to do something I want them to do that they are not normally doing,” he said.

On top of this, data leaders across federal agencies over the last 18 months have had to lead experiments with new datasets to help move staff to an all-telework environment during the height of the pandemic.

Speaking with FedScoop, one consultant described a rise in demands for more creative analytics from data leaders to afford more insight into exactly how staff were working outside the office. CDOs have had to lead the charge on the internal use of metrics, where it is efficient and makes sense within the teleworking environment.

“[We saw] a shift towards really trying to understand productivity…beyond maybe just the simple timecard entry. What are the ways that we can pull data to validate that we’ve all been productive in this engagement,” said JD Walter, a former HHS modernization adviser who is now executive vice president of solution optimization and execution at Golden Key Group.

Above all, however, Lawton added that one of the biggest determining factors in the success of a CDO — during the pandemic but also more widely in their role — has been attitude. He described the enthusiasm of one current, successful CIO as “infectious.”

“When we asked her what she wanted to have achieved in a year’s time, she said ‘I want people to have fun working on data governance,” Lawton said. “Who doesn’t want to be part of that group, which has that positive energy.”

The post Dataset demands and remote leadership among top challenges for CDOs during pandemic appeared first on FedScoop.

The one-year, $7.4 million contract renewal covers the modernization of the Data Collation and Integration for Public Health Event Response (DCIPHER) environment, based on the Palantir Foundry platform.

While the National Center for Emerging and Zoonotic Infectious Diseases has used DCIPHER to better manage food-borne outbreaks since 2010, the COVID-19 pandemic showed other CDC centers the benefits of using scalable, interoperable cloud solutions.

“We’ve learned from the pandemic just how important it is to modernize surveillance to have that situational awareness for any public health issue,” Dr. Bill Kassler, chief medical officer at Palantir, told FedScoop.

DCIPHER collects epidemiological, surveillance and laboratory data from various sources so CDC centers and their partners can make informed decisions around outbreaks.

Within NCEZID, both the System for Enteric Disease Response, Investigation, and Coordination (SEDRIC) and the National Wastewater Surveillance System use DCIPHER.

More recently other centers have requested similar cloud infrastructure to assist with surveilling the flu and HIV and the Center for Global Health.

The pandemic made CDC centers recognize the need for earlier situational awareness on social determinants of health, to plan a more equitable response, and supply chain instability, to get personal protective equipment and other resources where they’re needed, Kassler said.

Unfortunately many CDC systems are legacy systems that can’t be scaled for more compute or storage in a crisis to handle hundreds of necessary data sources. Systems like that can take contractors two to four months to recode for collection of new data fields pertaining to novel outbreaks.

DCIPHER’s usefulness extends beyond outbreaks though as new data sources on genomics, social needs, behavior from wearables, and clinical records help monitor conditions like heart disease and stroke.

“We think there are huge opportunities across the federal government to bring disparate, multimodal data together to help to visualize that data and to make it into a form that advanced analytics such as machine learning and predictive modeling [can use],” Kassler said.

The Department of Health and Human Services awarded Palantir several contracts early in the pandemic that were not competed citing the “unusual and compelling urgency” of the crisis. Those contracts supported the development of HHS Protect, which informs the White House on COVID-19’s spread and comprises most of Palantir’s work around the pandemic.

Palantir also supplies the analytics platform behind the National Institutes of Health‘s National COVID Cohort Collaborative (N3C) Data Enclave, used by researchers to better understand the coronavirus.

The post Renewed Palantir contract could expand disease surveillance to other CDC centers appeared first on FedScoop.

The National Nuclear Security Administration awarded a five-year, $89.9 million contract to the Silicon Valley-based software company for a platform capable of measuring the health of its safety programs, Palantir announced Monday.

The platform will support NNSA’s Safety Analytics, Forecasting, and Evaluation Reporting (SAFER) project run out of its Office of Safety, Infrastructure, and Operations.

“Our work with NNSA illustrates Palantir’s mission to provide software to the world’s most important institutions in support of their most critical work,” said Akash Jain, president of Palantir USG. “We are excited to expand our work within the U.S. government and provide the NNSA with a high-tech solution to make the best possible use of its resources in support of the nation’s nuclear security missions.”

Palantir’s platform will integrate data across NNSA sites irrespective of the data or system type and will give the agency granular insight into safety metrics complete with visualizations.

The contract is Palantir’s first with NNSA.

While many of Palantir’s recent federal contracts have been tied to COVID-19 pandemic response systems, namely HHS Protect and Tiberius, the company started in the defense and intelligence space. One of the first tech startups explicit in their desire to aid national security agencies, Palantir landed its first Space Force contract almost a year ago and an Army network modernization contract in November.

The post National Nuclear Security Administration awards $89.9M deal to Palantir for safety platform appeared first on FedScoop.

Duvall filled the role in February, according to his LinkedIn, taking over for Perryn Ashmore, CIO of HHS, who had been dual-hatted since September.

Having previously served as deputy CDO of HHS since July, Duvall was instrumental in the release of several key datasets in December showing granular hospital COVID-19 admissions and use, as well as community outcomes.

HHS has gone through its fair share of acting CDOs since the Foundations for Evidence-Based Policymaking Act, which took effect in 2019, began requiring all CFO Act agencies to appoint a nonpolitical CDO.

Mona Siddiqui had been CDO within HHS’s Office of the Chief Technology Officer to that point, when then-CIO José Arrieta claimed the departmentwide role for himself in an acting capacity.

Arrieta held both positions through the start of the pandemic before abruptly resigning in August, shortly after overseeing the launch of the system intended to inform the Trump administration’s COVID-19 response: HHS Protect.

Ashmore took over the acting CDO role on August 28 to ensure a seamless transition. His successor, Duvall, has been with HHS since April 2018.

The post HHS gets new acting chief data officer appeared first on FedScoop.