Running the Centers for Medicare and Medicaid Services’ Office of Information Services (OIS), which spends $1 billion on IT each year, is a big job. It became a lot tougher in March 2010 with passage of the Affordable Care Act, healthcare reform legislation that establishes a number of requirements for CMS and sets deadlines for meeting them.
Tony Trenkle took over the job of running OIS in December 2010. In addition to meeting the ACA’s requirements, he faces the challenge of meeting other federal IT mandates, such as consolidating data centers and moving operations to cloud computing.
Trenkle has worked in federal IT for decades. He spoke with FedTech managing editor Matt McLaughlin about IT projects at CMS.
FEDTECH: It sounds like the Affordable Care Act is a huge challenge for CMS. It contains a lot of requirements. What are the main hurdles of meeting those requirements?
TRENKLE: Well, I think there are a number of hurdles. This is a major change in how CMS does business because of the sheer magnitude and complexity of the different programs that are being mandated under the Affordable Care Act: things such as National Insurance Exchanges, the innovation center, the accountable care organizations — any one of a number of provisions of the act.
If you begin to look at it from an IT perspective and how you support that, you quickly realize that that is a major lift — a major effort — because you are not only supporting the new initiatives, you are also having to basically support the same programs you have been supporting on a day-to-day basis.
Even our quote-unquote “normal business” is very high-volume. We process billions of claims per year. We have major initiatives in a number of areas, including quality. Of course, besides the fee for service, we do a lot of work in the Medicaid area and also the Part C Medicare Advantage and Part D prescription drug plans, as well as the HITECH [Health IT for Economic and Clinical Health Act] work that we have been doing over the past several years.
When you look at it from an enterprise perspective, you say, well, we don’t have the funding to support this, and we don’t have the resources. So how do we begin to look at ways to create more efficiencies across the agency in terms of the IT work we are doing so that we can begin to support not only these initiatives but also ways to look at how we can create better efficiency and effectiveness for our other programs as well?
One of the areas we looked at initially, and we are still obviously going on that path, is the ability to take certain type of IT systems or applications and use them across multiple programs. We call these shared services. For example, when we look across the multitude of projects that are part of the ACA, we see a number of areas where there are some commonalities. For example, many of them need identity management. They also may need what we call master data management, a book of records around individuals, whether they be providers or beneficiaries. Another commonality is an enterprise portal that could provide one entrance point that can then make it easier to create efficiencies across programs. We have identified a number of other shared services, but we decided to go with these three initially.
And what we did then is look across the various initiatives and the timelines and determine how we could begin to build foundational shared services that would initially support ACA programs. But then, as we get to versions 2, 3 and 4, we begin to look at other efficiencies that we can achieve with other programs — what other programs could use identity management or benefit from an enterprise portal or from master data management?
FEDTECH: What kind of technologies are you looking at to build these shared services on?
TRENKLE: In some cases, it’s utilizing existing technologies, and in others, we have had to look at procuring new technologies. You have to look at it as a business strategy — what kind of technologies are we going to use and what kind of contracts do we use to procure those strategies? And then how do we apply that to the timelines if they are needed to begin standing these things up? So we have had to go out in some cases with several different procurements to begin to get what we need to support this.
And some of it is not as much technologies as technologies combined with business requirements and rule changes that allow us to do certain types of business differently. For example, identity management: Certainly you can procure different types of technologies to help support what you are doing in identity management, but you also have to tie that to how you do things such as authentication, authorization to certain types of programs and things of that sort.
FEDTECH: You just mentioned the timelines. The bill lays out deadlines for having mandates met. How far along are you in meeting some of those mandates, and what are some of the most challenging ones?
TRENKLE: There is a famous quote that Winston Churchill used in World War II when he invaded North Africa, which signaled a lot of the changes in the war in Europe. He said, “We are not at the beginning of the end. We are at the end of the beginning.” And really, where we are with the shared services is really kind of the end of the beginning. We are beginning to define what these services are, get the base, get many of the contracts in place and then start building a foundation to support various programs.
We have already put aspects of them into, [for instance], some of the work we are doing with the accountable care organizations [ACOs], but they really won't be built out to support the ACA projects until probably later this year. We have got pieces of them, like I said, where we are building and we’re already part of the way down the way. We are not at the point where I would say that any shared services are really operational. We are aiming for probably the third quarter of the calendar year to really begin to get this into production to support some of the ACA work — particularly, as I mentioned, the ACO work.
FEDTECH: What kind of benefits do you see these projects bringing to the CMS mission overall? The idea behind any IT implementation is that you improve the way you do things. How will these projects help in that regard?
TRENKLE: Well, you are exactly right. The value of IT is how it can provide business value to an organization, and this is no different here, the advantage of these different services. Let’s take, for example, the master data management. What that does is set up reference data that basically can be utilized across multiple programs. For example, if you start setting up multiple payment programs and you have certain types of rules that deal with someone’s participation, a provider’s participation, in one or more of these programs, or dealing with where beneficiaries’ care is going to be provided, having these reference points allows you to not have redundancy — and to also look at ways that we can help prevent fraud and other types of things that result from not having good synchronization between program information.
If you basically rely on stovepipe program information, then you have inherent inefficiencies and potential for fraud. Identity management, for example, is something for which we have multiple provider identity systems here at CMS. They are very program-focused. So you can look at it from two ways. One, from a provider’s standpoint, this allows them — if you are thinking of customer support — to be able to access multiple programs without having to do multiple identify management applications. From their perspective, they like that.
From our perspective, it obviously allows us to more easily identify and track across multiple programs, so that decreases the opportunities for fraud and other types of problems. We have had a number of examples where this is something that we have needed for many years. And the advantage of something like the Affordable Care Act is it provides the political support as well as the resources to really be able to tackle some of these huge problems that we have had for many years, and frankly have not been able to solve. So, it’s a major lift. But once we do that, I think it’s something that will support us for years to come.
In talking about IT, one of the things we are also trying to do is develop a closer relationship with the business side of the house. You can look at IT in several ways. One way is the utility type of IT. It’s kind of like having the lights on in your office, where you take something like that more for granted. But then, there is also the IT that can be working closely with the business community to develop applications and solutions that will enable much greater business value.
And because of the changes we have had in technology over the past number of years — things such as greater business intelligence tools, the whole mobility area, improved web applications — all these allow you to do things from a business standpoint now that you couldn’t do even just a few yeas ago. So it’s something that we are really focused on. How do we get this tighter integration between the business side and the technology side? Because you can do a technology transformation, but if it’s not closely linked to a similar transformation on the business side, then you are not going to get the changes that you really need to make, and vice versa. Obviously, if we do a business transformation while not taking into account that so much of business today is driven by technology, then you won’t realize the business value that you could otherwise.
“We have to move beyond looking at tablets as a tool and look more toward how we can utilize them to really change the way we do business.”
FEDTECH: Outside of ACA, the Office of Management and Budget has laid out several mandates that all agencies have to meet, notably the Federal Data Center Consolidation Initiative and requirements regarding moving to cloud computing. How is CMS tracking in regard to those?
TRENKLE: We are working very closely with the Department of Health and Human Services [HHS], which of course works with all of its operating divisions on these two areas. Specifically with the data center consolidation, we have a procurement now for a virtual data center, which will really encompass several data centers. But part of the idea with that is to begin to utilize the changes in the data center environment between virtualization and cloud computing to really begin to consolidate the multiple data centers that we have.
I use the word “data center” somewhat loosely, because we have a number of sites, many with contractors or researchers where we store our data, and this data center consolidation is tied in with what we’re doing in the virtual data center procurement. We hope over the next several years we can begin to consolidate and reduce our numbers of data centers. And it’s important not just from the [Administration’s] 25 Point Plan, but it also creates the potential, obviously, for a better security perimeter.
I don’t necessarily say it will result in large cost savings. Sometimes it does; sometimes it doesn’t. Cloud computing, we are working on, as I said, very closely with the department, but we are also utilizing the ACA work to begin to pilot different cloud applications. And we are looking at, of course, what happens with GSA and the FedRAMP [the Federal Risk and Authorization Management Program] so that we can begin to look at expanding some of this in the future. Of course, a lot of this depends on what type of cloud you are talking about. There are public clouds, private and hybrid.
But obviously, those have to have the appropriate security in place because we can't afford to have any of our beneficiaries’ data get compromised.
FEDTECH: So you would be leaning toward a private cloud or some type of community cloud with other organizations that have a real need for heightened security?
TRENKLE: Right. And that’s where we are basically testing right now. And as I said, this is something that we need to work closely on with other federal agencies — especially, within HHS — because a lot of them are facing similar challenges. Whether it’s personal health information or just personally identifiable information, we’re governed by things such as the Privacy Act and HIPAA [Health Insurance Portability and Accountability Act]. And it obviously is something that we see great benefits from — the flexibility, the potential to move from a capital-intensive process to a more service-oriented process has a lot of potential value.
And as you move to more mobility, then you can have a single platform that supports multiple types of devices. So we see a lot of the benefits that cloud can provide, but we are not trying to be a leading-edge agency with that. We are certainly trying to work within the confines of where everybody else is going. But, obviously, we are very interested in it, especially given all the work that’s going on with ACA and data.
FEDTECH: CMS has an ambitious modernization plan. How is that going? What progress has been made? What kind of challenges are you guys facing as you seek to modernize?
TRENKLE: Actually, the modernization plan that we laid out about a year ago was a requirement of the Affordable Care Act. It was Section 10330, and it required us to put out a plan. And we are going to come out with a newer plan in the near future because it will be tied in with the business plan as well, but that’s because when that plan first came out, of course, we were just getting into the ACA world.
But I think one of the things that the plan laid out that we have been moving ahead on is the data area. I mentioned the master data management, but we are also doing a number of other things in the data area because the Affordable Care Act. If it's going to succeed, it is really dependent on data, such as data for how well programs are working, how well we are improving healthcare and how well we really can evaluate different types of initiatives. So our focus has really been on that area. In fact, we are working more closely than ever with the business side of the house.
I think some of the things we mentioned as part of the modernization plan have evolved over the past year — the shared services, the data, modernizing the data environment, the virtual data center procurement. And of course, we haven’t talked about security. I mean, that as well, these are kind of underpinnings of how we make ourselves a more flexible, agile IT infrastructure to support a wide variety of business needs.
FEDTECH: You mentioned waste, fraud and abuse or improper payments a little earlier, and you discussed a little bit about the authentication element to that. What other ways is CMS trying to address a problem that a lot of different federal agencies face as far as improper payments go? What kind of technologies are important in those efforts?
TRENKLE: Well, certainly, a lot of the business intelligence tools are very important, looking at ways to detect fraud, looking at ways to look at patterns, looking at ways to basically identify trends and other types of analysis that eventually allow you to put fraud prevention programs in place before they happen but certainly also to quickly identify fraud after it occurs.
We have been working very closely with our program integrity folks for a long time, but particularly over the last year, we have been working very closely with them on these things. It's beginning to pay early dividends, but there is a lot of work that still needs to be done in that area.
FEDTECH: You mentioned a little bit earlier in the conversation that mobility helps you accomplish your mission better. How is that the case, and how is CMS adding mobility to its IT infrastructure?
TRENKLE: We have a ways to go with that, but I think you can look at it from several perspectives. One is, “How does it help people to do their job better?” We have a number of people — especially in our regions — who work out in the field with different healthcare organizations, and having tablets to go out and support them when they are doing their work allows them a lot more flexibility to get information and to do their jobs.
Secondly, we are in a world where we have a lot of competition for staff resources. So to the extent that we can adopt flexible work arrangements, which mobility certainly supports, that’s another factor in moving toward a more mobile workforce.
The third is our customers themselves. As more of our providers, more of our beneficiaries and others begin to move toward the use of mobile phones and tablets and other devices, we need to be prepared to work with them and make sure that we also can have applications that support better business processes.
We are certainly in the early stages of a lot of this, but I think my feeling is we have to move beyond looking at tablets as a tool and look more toward how we can utilize them to really change the way we do business.
Now, when you get to issues of employee use, that’s got to be matched against workforce rules. So there is a lot of human resources policy and operational work that has to be done. You have to look at the security issues.
A number of us are testing the use of the iPad, but that is not currently tied into the infrastructure here at the agency. As you begin to do that, then you need to move more toward mobile desktop management, and we are not quite there yet. But that’s the kind of thing that you need to be thinking about. And then, of course, the question gets into, do we continue to provide devices for employees? Or do we allow them to utilize their own devices and create a secure infrastructure that allows them to do that, as opposed to us continuing to provide people with multiple devices?
So there are a lot of challenges over the next several years as we begin to really migrate more toward this type of platform. I think you can see where something like that is also supported as we move to cloud-based infrastructures that allow us to begin to roll out some of these things a lot more easily.
But once again — I hate to use this expression, but often it’s not the technology that’s a major barrier because technology continues to evolve — but can technology evolve and at the same time you evolve with the workplace policies and a lot of the other kinds of organizational underpinnings to really support movement toward a mobile platform?
I think there is a recognition that it's not as simple as giving everybody a tablet and then having them go out and do their job. It's really an issue of looking at what are the current workplace rules, what are the issues around security, what if data gets comprised if you are using a personal device that’s tied to the network but you have personal data on there? Do you end up wiping the employee’s personal device in order to make sure that no PHI [protected health information] gets compromised?
It’s a lot of different questions that you have to work with. But I think the important thing is not to look it at it as a tool, but look at it as the way we are evolving as a society and a workforce. How do we support and encourage that and use it to its advantages, while recognizing that every time you have a major technology change, it creates disruption not only from a workforce perspective but also with balancing various risks?
One of the critical challenges we have — and I touched on it briefly when I was talking about mobility and telework — is that over the next number of years, we, as well as the federal agencies as a whole, have to figure out how to get the right skill sets to come work for the government, and how to get the proper mix of contractor and federal IT skill sets.
Because with changes in technology occurring so rapidly, you have to make sure that you get people retrained, bring in people who have background in some of the new technology areas. How do you deal with the need to make sure you have people who have the skill sets to manage contractors who work in these areas? So one of the key challenges we have is the future of our workforce, and how we can provide the services that the American public needs in a rapidly evolving world.