How the Pandemic Changed the Government’s Health-Focused Buying

The COVID-19 pandemic is not over, but it’s already altered how certain agencies and federal health-related organizations are approaching the development and procurement of technology-based tools. 

Senior professionals recently briefed Nextgov on their observations regarding the government’s health contracting during this global health crisis.

“We’ve noticed a shift to reduce the number of contract vehicles agencies turn to in order to procure [information technology] services,” National Government Services Inc. President Andrew Conn said.

NGS has been working on federal health care contracting for more than 50 years and is a major contractor for the Centers for Medicare and Medicaid Services. Conn added that this trend he pointed to “seems to focus more on the ‘best-in-class’ types of contract vehicles to allow federal agencies to partner with top-tier expertise and solution providers to help resolve issues.”

Almost as soon as the novel coronavirus emerged, government entities had to rapidly adopt practices, policies and technologies to confront new and complex priorities, like mass telework and telehealth initiatives to keep personnel safe in their homes. Joseph Flynn, public sector chief technology officer at Dell-owned software company Boomi, noted there were weighty challenges that accompanied health-tech contracting, even early on. The ability to get contractors onboarded quickly to respond to the needs of organizations during the pandemic was slow in his view.

“The inherent bureaucracy that drives procurement cycles is not meant to work in an accelerated manner,” Flynn said. “As such, much of the work that was awarded was going to larger health integrators where standing contracts for time and materials work could be leveraged. This limited opportunities to many smaller, boutique integrators and product vendors that may have had a great solution for a problem but procurement processes could not keep up with the demand for these smaller goods and service providers.”

Trillions of dollars were allocated by Congress to help federal agencies purchase resources to face the pandemic and many used less-typical acquisition methods—such as other transaction authorities and other vehicles—to put that money to use quickly.

“Like other agencies in the government, we have seen many organizations embrace new innovative options to procure the services they need from a federal health IT perspective,” Jimmy Benani, federal industry practice lead at technology firm Excella, noted. 

He said he and his team noticed “a shift to having more acquisitions utilizing new approaches such as technical challenges, oral presentation, technical demos, and design challenges.” This could provide a means to help the federal government to better assess vendors’ ability to deliver the requirements asked for in specific solicitations. Agencies within the Health and Human Services Department have leveraged these approaches, Benani said, which enables program and contracting teams “to really see what the vendor can deliver technically with their staff,” as opposed to relying on “more traditional written proposal response.” 

“These new approaches force the vendor community to ‘walk the walk’ in terms of how their teams operate and deliver, but also help to promote innovation and technical expertise,” Benani added.

The officials also each reflected on how agencies’ reliance on data expanded and changed during the pandemic. Entities had to collect and manage an increased amount of health care data, much of which stemmed from remote environments. Data also proved vital for decision-making. 

“The nation’s critical infrastructure—including health care—relies extensively on computerized systems and electronic data to support its missions,” NGS’ Conn said. “Serious cybersecurity threats to the infrastructure continue to grow and represent a significant national security challenge.”

Cyber threats—and ransomware in particular—increased in the health care sector. To Jeff Reichard, the senior director for enterprise strategy at software company Veeam, the pandemic put a “much larger emphasis” on immutable, ransomware-proof backups, and on the encryption of data-at-rest.

“Unfortunately, one huge side effect of the COVID-19 pandemic has been a massive uptick in ransomware attacks against governments and particularly against health care providers,” he noted. “In June, the [HHS] published its 2021 Ransomware Trends report about the effect of ransomware on the health care sector. By May 2021, the report had tracked 82 ransomware incidents already in 2021 affecting the health care sector.”

The actual number of such attacks is likely higher but remains unclear due to inconsistent reporting across affected organizations. Further, he said, data exfiltration—or the theft and then threat to leak stolen patient data—is viewed as a common tactic in 2020 and in 2021. So now, health care IT leaders, “focus increasingly on ensuring their backups can survive an adversary who has compromised admin credentials” and are also placing “a much greater focus on encryption” to protect patients’ sensitive medical information.

Still, Reichard added that there is one encouraging trend surfacing from the “ransomware epidemic” that public sector and health care organizations are confronting today. “There is a renewed focus on deep cooperation between public and private sector organizations to tackle cybersecurity threats,” he said. “NATO, the U.S. federal government and military, and the G7 have all recently acknowledged the severity of the ransomware threat and the need for large-scale coordinated response from government and industry.”