Hospital ADP Systems:
VA Needs To Better Manage Its Decentralized System Before Expansion
IMTEC-87-28: Published: Jul 24, 1987. Publicly Released: Jul 24, 1987.
Additional Materials:
- Full Report:
Contact:
(202) 275-4659
contact@gao.gov
Office of Public Affairs
(202) 512-4800
youngc1@gao.gov
In response to a congressional request, GAO reviewed the Veterans Administration's (VA) Decentralized Hospital Computer Program (DHCP) system, which services 172 medical centers, to determine: (1) the status of the decentralized system; (2) VA effectiveness in managing the system's development and implementation; and (3) the possibility of using three commercial systems VA tested as alternatives to the decentralized system.
GAO found that: (1) the DHCP system did not adequately safeguard patient records from inaccurate data entry, unauthorized changes, or destruction, and permitted the creation of multiple patient records; (2) VA is planning a multimillion-dollar expansion of the system without an adequate analysis to determine the most cost-effective approach; and (3) although the test of three commercial systems does not provide an appropriate basis for comparison with the DHCP system, VA believes they are too expensive and are not viable alternatives.
Recommendations for Executive Action
Status: Closed - Implemented
Comments: VA issued policy on software development controls, risk analysis, and contingency plans in October 1987. VA implemented an interim policy and began holding its management office accountable for it in February 1987.
Recommendation: The Administrator of Veterans Affairs should report the lack of sufficient software development controls and continue to report the lack of risk analyses and contingency plans as material control weaknesses under the Federal Managers' Financial Integrity Act until: (1) appropriate software development controls have been implemented; (2) risk analyses, as well as needed corrected action identified by such analyses, have been completed for all computer centers; and (3) contingency plans have been developed, certified, and tested.
Agency Affected: Veterans Administration
Status: Closed - Implemented
Comments: VA recognized and began holding its management office accountable for the existing and expanded DHCP system. VA is instituting procedures to: (1) collect cost-benefit data; (2) implement software controls; (3) track software/hardware problems and correct them; (4) implement new security policy; (5) restrict software release; (6) define data requirements; and (7) monitor computer capacity.
Recommendation: The Administrator of Veterans Affairs should hold the Management Office accountable for ensuring that the existing and expanded DHCP system is effectively managed and adequately protected. At a minimum, this office should: (1) institute procedures to collect work-load and cost-benefit data on prototype modules at test sites; (2) implement controls to ensure that software is adequately tested, documented, and approved, and that software and hardware problems are systematically tracked and corrected; (3) implement appropriate internal controls to protect data, equipment, and facilities as required in Office of Management and Budget Circular A-130; (4) issue a policy to restrict release of DHCP software under the Freedom of Information Act; (5) ensure that the data requirements are defined and incorporated in the DHCP modules so that the data can be efficiently assessed by system users; and (6) establish policies and procedures for regular system monitoring and assessment.
Agency Affected: Veterans Administration
Explore the full database of GAO's Open Recommendations
»
Mar 2, 2021
-
High-Risk Series:
Dedicated Leadership Needed to Address Limited Progress in Most High-Risk AreasGAO-21-119SP: Published: Mar 2, 2021. Publicly Released: Mar 2, 2021. -
High-Risk Series:
Dedicated Leadership Needed to Address Limited Progress in Most High-Risk AreasGAO-21-383T: Published: Mar 2, 2021. Publicly Released: Mar 2, 2021. -
High-Risk Series:
Dedicated Leadership Needed to Address Limited Progress in Most High-Risk AreasGAO-21-384T: Published: Mar 2, 2021. Publicly Released: Mar 2, 2021.
Feb 3, 2021
-
Fixed-Price-Incentive Contracts:
DOD Has Increased Their Use but Should Assess Contributions to OutcomesGAO-21-181: Published: Feb 3, 2021. Publicly Released: Feb 3, 2021.
Jan 29, 2021
-
Federal Real Property:
Additional Documentation of Decision Making Could Improve Transparency of New Disposal ProcessGAO-21-233: Published: Jan 29, 2021. Publicly Released: Jan 29, 2021.
Jan 19, 2021
-
Federal Rulemaking:
Selected EPA and HHS Regulatory Analyses Met Several Best Practices, but CMS Should Take Steps to Strengthen Its AnalysesGAO-21-151: Published: Dec 17, 2020. Publicly Released: Jan 19, 2021.
Jan 13, 2021
-
Department of Energy Contracting:
Improvements Needed to Ensure DOE Assesses Its Full Range of Contracting Fraud RisksGAO-21-44: Published: Jan 13, 2021. Publicly Released: Jan 13, 2021.
Dec 16, 2020
-
Data Governance:
Agencies Made Progress in Establishing Governance, but Need to Address Key MilestonesGAO-21-152: Published: Dec 16, 2020. Publicly Released: Dec 16, 2020.
Dec 9, 2020
-
2020 Census:
The Bureau Concluded Field Work but Uncertainty about Data Quality, Accuracy, and Protection RemainsGAO-21-206R: Published: Dec 9, 2020. Publicly Released: Dec 9, 2020.
Dec 3, 2020
-
2020 Census:
Census Bureau Needs to Assess Data Quality Concerns Stemming from Recent Design ChangesGAO-21-142: Published: Dec 3, 2020. Publicly Released: Dec 3, 2020.
Looking for more? Browse all our products here