VA Considers Cloud Collaborative ToolsSeeks Advice on Using Commercial SaaS Applications
In a recently issued request for information, the VA asks vendors for suggestions for using web-based collaborative software that will integrate with the VA's existing systems. The project would start with a pilot including up to 5,000 participants. That could lead to the use of collaborative tools by all of the VA's 17,000 staff physicians, 36,000 residents and 81,000 other medical staff members.
"By implementing a pilot of cloud SaaS-based collaborative tools, the VA would be able to demonstrate how collaborative tools will improve veteran care, reduce the amount of time the VA's doctors spend on collaboration and prevent further breaches which have been caused, in part, due to the lack of a VA-approved collaborative tool," according to the RFI announcement.
The VA's November 2010 report to Congress on breaches listed an incident at a Chicago VA hospital in which four residents were inappropriately sharing information on more than 1,000 patients via a Yahoo calendar application. So the VA wants to make sure such cloud collaborative applications are used with the appropriate security precautions, including accessing the applications through a secure VA network. The RFI announcement notes that any SaaS application the VA uses must have earned, at a minimum, FISMA (Federal Information Security Management Act) moderate certification.
The RFI states that a recent VA study concluded that "VA's doctors need a new, effective and intuitive collaborative tool to improve communications while also reducing data breaches."
The VA is considering using a commercial cloud-based collaborative application, rather than developing and hosting its own application, based on recent Office of Management and Budget guidance, the RFI announcement also notes.
Four ScenariosThe RFI spells out four use scenarios for the collaborative application:
- Sharing sensitive and non-sensitive patient information from one VA physician to another;
- Sharing non-sensitive health-related information on education, research that's not patient-specific, policy and similar document developmental collaboration;
- Use of cloud SaaS tools as a substitute for the VA's standard Microsoft Outlook Exchange e-mail and for interconnection with the VA's existing e-mail systems; and
- Sharing of sensitive patient information between the VA and the Department of Defense.
The RFI document, which lists 47 questions for vendors to address, is not a formal solicitation of bids for the massive project, but instead is "solely for information and planning purposes."