IT Modernization Seriously Needed by HHS

The Government Accountability Office (GAO) publicized an audit report concerning all federal government systems using legacy operating systems. The goal of the audit was to identify the extent of using outdated software programs and systems, and to determine which departments need to be modernized.

GAO evaluated 65 federal agency systems found in 24 agencies and made a top ten list of systems that need IT modernization. GAO likewise examined the plan of institutions to update their systems and compared the plans with the recommended IT modernization.

The top 3 departments which need modernization include the:

  • Department of Health and Human Services (HHS)
  • Department of Education (DoE)
  • Department of Defense (DoD)

There were three departments which have high system criticality and high security risk. These are the:

  • Department of Health and Human Services (HHS)
  • Department of Education (DoE)
  • Department of Homeland security (DHS).

HHS requires a whole lot of modernization. It still utilizes a 50-year old legacy system for clinical and patient management activities. It’s been reviewed to have high security threat considering that GAO was unable to precisely measure the age of its operating systems.

The HHS systems still use legacy languages, MUMPS and C++. It’s actually hard to find computer programmers who use the MUMPS code, showing that modernization is desperately needed.

Th system was created with 50 extra modules and is established and utilized on plenty of computers with varying configurations. The system is vital, yet complex and hard to build and maintain.

GAO remarks that continuous usage of legacy systems and software programs demands a greater maintenance expenditure and are susceptible to way more cybersecurity risks. The answer to risk management and enhanced system efficiency is modernization.

Though the government is aiming to modernize IT in nearly all its departments, there are no written plan yet for updating HHS IT. Prior to making a decision to upgrade a legacy system, the government takes into consideration first the dependency of agency’s core mission functions on the system. For this reason upgrades are deferred that long. Unless there is an IT modernization plan created and done, departments are going to have much more cost overruns, schedule delays, and project failure.

The HHS has accepted the issues raised by GAO and is eager to improve its technical designs and facilities. An agreement with a third party is granted to learn how to upgrade the HHS systems in stages in one year period. The instant the report is received, HHS is going to make its modernization program, which it hopes to implement in 2020.

The HHS has one of the largest IT budget among the government departments. Modernization is needed to lower that expense. But GAO pointed out that the modernization will entail a sizeable capital investment and it is not sure if it will actually bring about savings.

Elizabeth Hernandez

Elizabeth Hernandez is the editor of HIPAA News section of HIPAA Coach and an experienced journalist in the healthcare sector. She specializes in healthcare and HIPAA compliance, making her a go-to source for information on healthcare regulations. Her work focuses on the importance of patient privacy and secure information handling. Elizabeth also has a postgraduate degree in journalism. Follow on Twitter: You can follow Elizabeth on twitter at