An annual ReportThe Defense Departments (DoD), Director for Operational Test and Evaluation, (DOT&E), has determined that the Military Health System (MHS), GENESIS DoD’s new electronic health records management system (EHRM), was not deemed to survive in a cyber-contested setting after reviewing it in 2020 and 2021.
The report highlights some progress made in 2021 by a change management program. However, it also lists a long list of improvements in cybersecurity testing and training for the EHRM system, including testing of vendor data storage solutions.
MHS GENESIS can be used to perform basic operations in conventional clinics. However, it is not suitable for certain business areas or specialty clinics. Training remains a major concern with 72 percent of respondents rating the system as poor. However, practice in a mock environment has shown potential to improve MHS GeneSIS operational suitability. MHS GENESIS cannot survive in a cyber-conflicted environment despite continual cybersecurity improvements.
The DOT&E annual reports, which were released Jan. 27, examines the adequacy and plan for the service branch test strategies. It is based on the extent that they will provide the following:
- Data to support credible evaluations on operational effectiveness and suitability
- Coverage of the battlefield and threats;
- Use of modeling and simulation (M&S) in an appropriate manner
- Complete cybersecurity and live fire assessments. This includes demonstrating system survivability, lethality against mission relevant threats.
- Production-representative test articles;
- Operational realist; and
- Exercising test execution requires sufficient funding.
Based on the FOT&E [Follow-on Operational Test and Evaluation]MHS GENESIS was completed by 2020. This is largely due to insufficient training and configuration management, poor dissemination of information about system changes, and persistent usability issues, as stated in the 2021 report.
The 2021 suitability evaluation revealed that Pay It Forward, a new change management initiative, was implemented. This initiative was designed to bring military treatment facility personnel to the site to support new users in each fielding wave. The new report states that the effort was successful, but surveys and interviews showed that it was not available for many fielding users.
Five recommendations were made in the annual report, including:
- As they are still applicable, implement DOT&Es 2020 recommendations.
- JITC [Joint Interoperability Test Command]Continue to verify incident report fixes, and plan for an FOT&E in order to verify corrective actions.
- DHA [Defense Health Agency]and the PMO [Project Management Office]Should expand Pay It Forward
- DHA should offer new training opportunities that allow users to practice their skills in a virtual environment. Computer-based training that is ineffective should be cut, refocused on more relevant skills, or stopped.
- DHA and JITC should engage vendors and JITC in cybersecurity testing of vendor data storage solutions to assess mission risk and identify vulnerabilities which may expose sensitive protected medical information.