EXCLUSIVE: VA’s CIO Stephen Warren on serving veterans

2014_08_warren-stephen-121 In his first interview since a scandal involving secret waiting lists forced a change of leadership at the Department of Veterans Affairs, Stephen Warren, VA’s chief information officer, offers a candid assessment of the agency’s past and future technology plans.

Stephen Warren knows exactly where he fits in the long history of Department of Veterans Affairs chief information officers. He thumps his desk with an outstretched arm, beneath which sits a giant timeline of major VA system development.

“This is when I came on the scene,” he said, leaning over the desk and stretching his arm across the chart at the 2007 mark on the timeline. Since then, the marching orders have been clear: Deliver fast, fail fast and if “it’s a failed project, kill it,” he said.


2014_08_desk Stephen Warren keeps this giant timeline of IT development projects at VA on his desk as a reminder of  “how not to do projects, how not to do IT.” (Photo: Dan Verton)

For Warren, those are distinct and critical steps in an agile development methodology that has been forced to develop new capabilities while simultaneously conducting emergency room procedures to determine if an aging system can be saved. It’s a time-consuming process for an agency that has little time to make things right, but Warren still sees value in it.

“I keep this in front of me to remind me and to remind the team of how not to do projects, how not to do IT,” he said, leaning over the color-coded timeline chart, which covers his entire desk. “You’ve got to do it fast, because it allows you to fail fast. We do short, small steps that are always tracking to what my customer wants, versus the old style of business called waterfall, where four or five years go by and then you find out it’s no good.”

Warren drew a line in the sand and picked six months as the length a developer can work on something before they have to deliver. “And deliver is not a report. Deliver is customer-facing functionality in production,” he said. “We set six months as a hard standard. I’m averaging 4.2 months and on [the Veterans Benefits Management System] I’m at three months. I’m driving a standard there in terms of how do we change the way we do business.”


Throughout the recent scandal involving secret waiting lists at certain VA hospitals and allegations that VA employees were able to “game” the scheduling component of the Veterans Integrated System Technology Architecture, VA’s main electronic health record system known as VistA, Warren had been unable to speak publicly. The leadership team of ousted VA secretary Eric Shinseki had placed a collective muzzle on the agency, foolishly preventing Warren and others from engaging their critics.

Supporters of Warren describe a highly intelligent, skilled federal manager who has become the unfortunate focus of a political witch hunt. His detractors, however, paint a picture of a senior IT leader who rules by fiat, can be condescending to staff and disdainful of congressional authority.

In an exclusive interview with FedScoop in his office one block from the White House overlooking Vermont Ave., Warren is affable and welcoming, but clearly in command of his facts. He’s waging a war against a vastly outdated computing ecosystem and he thinks he’s winning. And he wants people to know about it. That wasn’t possible, he acknowledges, until the new leadership of VA Secretary Robert McDonald.

That leadership has given new life to Warren’s agile development approach and ensures that VA is “getting back to our roots on the health care side, where we were very, very agile in the past,” he said.

Rubber meets the road


In the next 45 days, Warren plans to have at least 3,500 users for VA’s new Joint Legacy Viewer, known throughout the agency as Janus and named after the Roman god of gateways and doors. Janus is proving critical to integrating medical records from the Defense Department into VistA.

“The data was coming into VistA, but it wasn’t optimal in terms of how the clinicians could use it. And that’s what Janus has done for us. You now have DOD data not in a tab somewhere else but blended together,” Warren said. “You can see patient data, all of the DOD data and all of the VistA data from multiple places in a single screen view.”

During the next fiscal year, VA will add to the type of data available in the viewer. “And we’re also maturing the actual platform to bring in more,” Warren said. “The next step on it is taking that capability, which is just a view, and enabling clinicians to order things, like lab tests and medications, based on what they see.” Warren’s team is also working on ways to allow those clinicians to enter data into the record.

But the success of the Janus legacy viewer may oversimplify the integration challenges between DOD and VA electronic medical records. When Warren and his team first looked at the business process of integrating DOD and VA records, they quickly realized that VA couldn’t start the benefits process until DOD could attest to the completeness of the veteran records it was providing. “So we worked with our partners in DOD for the single treatment record. Now the record arrives from DOD with that attestation attached to it and the duty to assist requirement is met and the team can process through,” Warren said.

This is where Warren’s focus on agile development comes into play. “We’re on a cycle today where every 90 days we add new capability to VBMS. And its not just adding something to the site, but also the middleware – the thing that pulls the data from the different places, as well as the database engine. Every 90 days we’re making changes, and that is a pace that is just phenomenal,” Warren said.



Warren paused ever so slightly and looked up from his desk. It was an opportunity to ask the question that nearly every journalist covering VA technology has wanted to ask for the past year or more: how are you going to fix patient scheduling?

Warren reverted almost immediately to what can best be described as a soft-spoken command of the facts backed by a clear vision of what needs to be done to keep the momentum moving in the right direction.

“The moment the flare went up that there are issues out there we did an all-hands on deck [to determine] what can we do and what do we need to do that’s not already underway,” Warren said. “We looked at how do we deal with what’s at hand.”

The first challenge they tackled was system-level communications, data flow and how different systems defined certain things. The internal VA review identified 11 such issues, and Warren’s team has so far finished work on five and “the rest are in the pipeline for solutions to be tested in the field and then deployed,” he said.


The VA inspector general also called on Warren’s team to activate auditing for the scheduling system. It took them about four days to do that nationwide. “There is some basic level of knowledge of who does what,” Warren said, pointing out that auditing is not the silver bullet that can stop all wrongdoing when it comes to individuals intent on manipulating the schedule. The piece that was added dealt with new fields to track who changed what and when. “That’s now all captured and available to the audit team.”

But Warren is quick to point out that the notion of controlling and securing a scheduling system from abuse is more complicated than most realize. “It’s a challenge. Scheduling systems by definition allow for change,” Warren said. “So one of the challenges the IT team has is how to differentiate between somebody calling in and saying ‘I need you to change a schedule or change an appointment,’ and somebody going in and gaming the system. Developers are working with that from a process standpoint. The data is being captured but the thing we need to be careful of is there will always be an opportunity to change an appointment date. We’ve got the auditing in place for folks to be able to go in and data mine and understand that one person is changing a lot of things and maybe we need to look at that.”

VistA is a large, complicated ecosystem of modules and interfaces. But there’s still a requirement to “make the interface as easy as we can for the scheduler while we replace the system,” Warren said. And that can be challenging, but not impossible.

“The interface was ugly and clunky. The way the system was designed, it was hard for a scheduler to see things in a single view,” Warren acknowledged. “Today, every resource, a doctor, a room, an assistant, a tool is a different panel somewhere in VistA. You’re putting a tremendous amount of pressure on the scheduler to manage these different assets,” he said.

So one of the fixes devised by Warren and his team in the short term is to give a more unified view to the scheduler. “We talk about it as a UI or user interface, but put more simply, it’s like a calendar,” he said. Along those lines there are now two efforts underway, including a recent contract to aggregate all of the data using the existing system, and a parallel effort to create a mobile app. VA has already started issuing iPads to medical centers, he said.


“We already deployed a mobile app that allows for scheduling of televideo engagements. That’s out in the field for testing and going to full deployment,” Warren said.

2014_08_VA-security-chart Health information breaches January 1, 2009 to July 14, 2014. Data provided by HHS. Red dots are VA security incidents.

For Warren, these new capabilities along with a renewed focus on security and veteran outreach efforts, such as credit monitoring anytime personal information is believed to have been compromised, are part of an effort to “lean forward” and serve veterans. In addition to encrypting all laptops and desktops, Warren’s Data Breach Core Team meets weekly to evaluate any security issues that might require veteran outreach. If it does, the agency invariably offers free credit monitoring to the affected veterans.

He points to another chart he keeps on his desk. It depicts how VA measures up against other health care organizations in terms of security. “Let’s talk about how we are doing against other health care organizations,” Warren said, offering a copy of the report. “You can see, the VA does pretty good versus the rest of the health care space. It’s more than just somebody saying we’re doing a pretty good job, there’s data that substantiates it in terms of where we are and what we’re trying to do. We’ve got a defense-in-depth, we’ve got folks focused on it and it’s not a heads-in-the-sand.”


“We’re reaching out because we want to make sure our buddies and the folks who served with us are getting all of the tools they can,” he said. “We’re about providing health care and benefits, ultimately to get them to a better quality of life.”

Latest Podcasts