Defense-VA integrated electronic health record could use commercial cloud

The technical blueprint for the Defense and Veterans Affairs departments integrated electronic health record makes the security and privacy of patient information the first priority of the joint system planned for deployment in 2017, backed by rigid clinician access control systems and secure patient identity systems.

But the May 30 draft of the iEHR technical specifications package that Nextgov obtained also shows Defense and VA plan to use commercial cloud computing services as part of the iEHR data infrastructure.

While VA Chief Information Officer Roger Baker said in January that the department would use data centers operated by the Defense Information Systems Agency to store veterans’ health records, the draft technical blueprint said the iEHR will include public cloud storage such as Amazon’s Elastic Compute Cloud and commercial cloud services from AT&T, along with private cloud storage from DISA. Data centers operated by military treatment facilities also stand as another portion of the planned iEHR data infrastructure.

The technical package, developed for potential iEHR bidders, said the future health record data infrastructure will end up as a hybrid of public and private data centers “optimized to address the lifetime program costs (e.g., utility pricing of elastic cloud service, data center operation and maintenance costs) and capability‐specific benefits (e.g., order entry transactional processing advantages, latency of medical imaging activities).”

The draft said the specific blend of private and public cloud services will end up based on future cost benefit evaluations. Officials with Defense, VA and the Interagency Program Office did not reply to a query from Nextgov about whether sensitive medical information could end up stored in the public cloud.

Access control systems built into the iEHR will use role-profiles to grant or deny clinicians access to specific patient records while access-management systems will authenticate some 193,000 Defense and more than 250,000 VA health care personnel, the draft said.

The iEHR also will include a Defense-VA Patient Identity Management Service, which will create, maintain and apply digital identities to uniquely verify patients. This service will include a set of identity management functions, the draft technical document said.

Dr. Jonathan Woodson, assistant secretary of Defense for Health Affairs, told Congress in an April report that the Defense Manpower Data Center will provide identity management services for iEHR.

The blueprint also acknowledges that iEHR will need to maintain a significant and critical dependence on existing legacy Defense and VA health care applications, services and repositories as it is rolled out incrementally from two pilot sites in 2014 to 56 Defense and 152 VA hospitals and 1,300 clinics operated by the two departments in 2017.

The draft technical package said management of interaction with today’s Veterans Health Information Systems and Technology Architecture and the Defense AHLTA systems will be handled through Virtual Patient Record services, which will be responsible for overseeing the interaction with both new and old systems.

Mary Ann Rockey, program executive officer of Joint Medical Information Systems-Clinical, told an iEHR conference held by the Defense Strategies Institute on May 15 that she expected the final version of the technical specification package to be posted to the Federal Business Opportunities website this month.