GovIT Government IT Business & Procurement » Topics

Hospital CIOs To Increase IT Spending In 2011

Travis Wheeler — Thu, 12 May 2011 18:52:43 +0000

Hospital CIOs in the U.S. say they’re planning to increase IT spending in 2011–and they’re not alone. Healthcare CIOs in the United Kingdom and Canada are also upping their IT investments this year, according to a new survey.

Of the 152 hospital CIOs surveyed across North America, Europe, and Australia about their IT budgets and priorities over the next 24 month, 42% said they are increasing IT spending in 2011, according to a new report from U.K-based research firm Ovum.

Almost a quarter, 22%, of the CIOs said they plan significant increases to IT spending in 2011, compared to only 14% who planned big increases last year.

Last year, 22% of healthcare CIOs said they’d slash their IT budgets, but that figure dropped to 17% for 2011.

\Government-fueled health IT initiatives appear to be the stimulus for spending increases in the U.S., U.K., and Canada.

In the U.S., thousands of hospitals and doctors are being incentivized with $27 billion in financial rewards starting this year for the meaningfully use of health IT such as e-health records (EHR) and computerized physician order entry systems (CPOE), as part of the HITECH Act signed into law in 2009.

Ovum found that hospital CIOs overall are focusing their IT investments this year on EHR systems, followed closely by digital imaging systems. Telehealth and mobile applications were also among the CIO’s spending plans.

In an InformationWeek Analytics’ healthcare IT priorities survey of 357 U.S. business technology professionals released earlier this year, the top new IT investment for 2011 was also EHR, followed by CPOE, e-prescribing and new computer hardware. Upgrades to security software and IT infrastructure, including networking, web portals, and storage products also topped spending plans of U.S. health IT leaders in 2011.

Full article by Marianne Kolbasuk McGee, InformationWeek

Mostashari recent comments offer snapshot of ONC leadership

Ali Cheung — Thu, 14 Apr 2011 18:16:35 +0000

Dr. Farzad Mostashari, the newly minted national health IT coordinator, recently offered a snapshot of the near-term direction for the Office of the National Coordinator for Health IT as he saw it, steady on the current path but aware that “nothing stays still, and certainly not in health IT.”

As Mostashari takes leadership, ONC is preparing to develop three proposed rules by the end of the year for stage 2 of meaningful use and the accompanying standards and certification criteria for electronic health records (EHRs). ONC will also propose a governance rule to support the expansion of the nationwide health information network (NHIN) to promote sharing of patient data.

ONC is coordinating with the Centers for Medicare and Medicaid Services to develop the regulations for the meaningful use of certified EHRs that healthcare providers must fulfill to qualify for Medicare and Medicaid incentive payments.

Health and Human Services Secretary Kathleen Sebelius named Mostashari the national coordinator for health IT, effective April 8. Mostashari, who has been the deputy national coordinator for programs and policy at ONC, has taken the reins from Dr. David Blumenthal, who will return to Harvard University.

ONC will stay consistent with the direction it has been heading under Blumenthal towards EHR adoption, health information exchange and assuring privacy and security for patients and their data, Mostashari said.

ONC will also come up with policies to deal with the cluster of overlapping issues of privacy and security, standards and interoperability, and information exchange and how they fit together, he said.

Full article by Mary Mosquera, Government Health IT

Taking Advantage of the New Simplified Acquisition Threshold

Linda Rodden — Fri, 31 Dec 2010 16:26:08 +0000

As was mentioned in our September article, effective October 1^st there were new thresholds in Federal acquisitions. One big change was the increase in the Simplified Acquisition Threshold (SAT) to $150,000. The increase in the SAT increases opportunities for small businesses. During FY2010, twenty federal agencies issued more than 585,000 Simplified Acquisition contract actions totaling $9,442,964,485.00 (Source: FPDS-NG). Are you getting your share of these?

The SAT is the threshold under which the government can use less formal procedures to purchase their goods and services. Typically these purchases are done by issuing a Request for Quotation or RFQ. For those requirements under $25,000, no FedBizOps announcement is required. Agencies can use a local business list. Terms and conditions, evaluations and award are simplified and can even be done orally.

Small business set asides are mandatory for acquisitions under $150,000 (excluding those under $3,000 or on a GSA schedule). Agencies must set these aside unless there are no small businesses that can provide the requirement or perform the service. Agencies in your area will most likely use the small business in their area to fulfill their requirements.

SAT procedures can be used to acquire open market items when the total requirement is under $150, 000. These are items that are not on GSA contract because of trade agreement act restrictions, new items, or pricing issues. When this is the case, again small businesses get preference for providing those items. When the SAT procedures are competed, an agency can include those items on their GSA contract order.

Things to Do Now:

Make sure you are on the local bidders lists for any federal agency or installation in your area.

Make sure your business size and NAIC codes are correct in your CCR and ORCA websites (https://www.bpn.gov/ccr/default.aspx; https://orca.bpn.gov)

Subscribe to GovContracts to receive notices of federal opportunities (http://search.govcontractsmagazine.com/contracts/fbosearch.cfm)

To expand the government’s ability to access your products without worrying about the new thresholds you can get your items on a GSA Schedule contract.
- Locate partners now such as Technical Communities who will act for you in the market.
- Make sure they have full access to the products or services that are in demand for the government markets.

Cyber Costs Climb

Travis Wheeler — Wed, 13 Oct 2010 18:17:24 +0000

New cybersecurity mandates are certain to drive tech spending for the next several years. What’s less certain is the kind of products and services federal agencies will be buying, as well as which agencies will be doing the buying.

In April, the Office of Management and Budget directed agencies to start monitoring continuously and automatically the status of their security controls in the fall. And Congress is pushing to update the oft-maligned 2002 Federal Information Security Management Act to eliminate its burdensome reporting, require real-time monitoring and build security into all technology acquisitions.

“At the end of the day, compliance with cybersecurity goals and initiatives will represent a multibillion-dollar opportunity for the contractor community,” says Rishi Sood, a vice president at research firm Gartner Inc.%C2%A0

Estimates on how much the government spends on cybersecurity range from roughly $2 billion to $8 billion a year, depending on how one defines cybersecurity and its range of applications. Some analysts predict costs could grow 5 percent to 8 percent annually during the next several years.

Security concerns are affecting just about every federal information technology initiative from social networking to cloud computing, in which users subscribe to products and services on demand and online from a third party.

The transition to cloud-based servers and storage will take a decade, largely due to security obstacles. “The day when the federal government sends all the Social Security check processing to the cloud is not on the horizon,” says Andrew Bartels, a vice president and principal analyst at Forrester Research.

While much of the so-called Web 2.0 technology that supports online social communities is free, agencies often need to add safeguards to comply with security regulations. “If you’re participating in a networked environment it may not be exclusive to you,” notes Ray Bjorklund, senior vice president and chief knowledge officer for FedSources, a market research firm. “To create a controlled tool and a controlled environment by the government, there’s going to be some cost to do it.”

The Obama administration and lawmakers are still debating the procedures for purchasing security tools and services.

The question is which department or departments will have power over federal cybersecurity, says Stan Soloway, president and chief executive officer of the Professional Services Council, a contractor group. Today, information security responsibilities are split between the White House cyber czar and the Defense and Homeland Security departments. But Congress could rewrite their budget authorities during the next year.

“Right now the cyber requirement is disaggregated–
multiple owners and thus multiple buyers. The uncertainty really is around how the cyber requirement and the architecture will look if and when there is a more centralized, coordinated policy, plan and architecture,” Soloway says.

Sen. Joe. Lieberman, I-Conn., sponsored a bill to invest heavily in recruiting and retaining federal security professionals to defend against escalating threats.

“The government is going to have to find a way to do something it hasn’t traditionally done–maintain high-level cyber skills. The competition for these skills is fierce,” Soloway says, hinting the private sector will be supplying agencies with security specialists as well as software for some time.

Full article by Aliya Sternstein, NextGov

CDC increases competition with $5 billion IT contract

Travis Wheeler — Mon, 04 Oct 2010 18:18:09 +0000

The Centers for Disease Control and Prevention has signed a $5 billion deal with 30 vendors that will compete for information technology work during the next decade, CDC officials said on Thursday.

The agreement, which consolidates several expiring IT contracts, continues and expands a seven-year initiative called the CDC Information Technology Support Project, which Lockheed Martin Corp. and Northrop Grumman Corp. won in 2003 to provide service to more than 200 information systems. The agency now operates about 400 major systems, according to the solicitation for the new information management services project.

The incumbent companies are among the winners of the new contract, which was awarded on Sept. 23.

Some analysts said the pact makes sound business sense given the fact that the billions of dollars will not be paid out all in one year and CDC’s good track record on fiscal responsibility.

For example, every major spending category at CDC is either flat or declining going into fiscal year 2011, according to Ray Bjorklund, senior vice president at market research firm FedSources. He also noted the agency recently combined its 13 IT infrastructure services to cut operating costs by 21 percent, or $23 million, according to CDC officials.

The 10-year deal is an indefinite delivery-indefinite quantity contract for information management, management consulting and IT infrastructure. The vendors will vie for tasks in each of the service areas. Information management involves the planning, development and life-cycle maintenance of systems; management consulting includes broad services such as business case development, training, communications and program risk assessment; IT infrastructure encompasses help desk services, network support, data center operations, information security and conferencing assistance.

“CIMS covers the entire range of IT services at the CDC, while CITS covered a more limited scope of IT — application and information management,” Lockheed spokeswoman Kimberly Jaindl said.

CDC Chief Information Officer Jim Seligman said on Friday the agency tried “to get a broader array of suppliers as well as ongoing competition” to obtain the most cutting-edge tech and achieve better pricing.

CDC relies on computers for communicating information and for supporting research such as conducting epidemiological studies that require scientific data management and performing complex analyses of population data. The solicitation for work, issued December 2009, stated the contract would provide services to offices in Atlanta, where most of the agency’s 15,000 employees live; Cincinnati; Morgantown, W.Va.; Hyattsville, Md.; Research Triangle Park, N.C.; and other cities. Support also must extend to staff working in developing nations and at quarantine offices in major urban areas.

Full article by Aliya Sternstein, NextGov

Security a bright spot in IT spending

Travis Wheeler — Tue, 21 Sep 2010 23:11:08 +0000

Security spending may have slowed, but it still outpaces spending in other segments.

Market watchers say today’s security market differs greatly from the market that was hammered almost a decade ago, following the dot.com implosion. Security vendors are considerably more nimble – i.e., more adaptable, flexible, and likely to accommodate nontraditional distribution or acquisition models – than were their legacy predecessors.

They have to be. “Security software vendors that have a balanced mix of channel, new license, and maintenance revenue streams and flexibility in contractual terms, such as software-as-a-service … open source and outsourcing, have the strongest options for continued growth and to even out the risk,” said Ruggero Contu, a principal research analyst with Gartner Inc., in a statement.

“Shrinking discretionary spending budgets have heightened competition for new maintenance and license revenue streams and placed a renewed emphasis on vendor performance and viability.”

One upshot of this, according to Gartner and Contu, is that security seems like a sure safe harbor in the midst of an otherwise confusing – and perhaps even treacherous – IT spending forecast. “Most segments of the security software market will continue to grow over the next few years, although a significant degree of variation is expected between the more-established and less-mature technologies,” Contu continued. “Overall, security will remain one of the fastest-growing areas within the enterprise software market.”

Consumer spending still accounts for the biggest overall chunk of overall security spend, with revenues expected to grow by almost 8 percent (to a projected $4.2 billion) this year. Sales of endpoint protection solutions will increase at slightly less than half that rate (3.4 percent), growing from $2.9 to $3 billion.

This is thanks in part to a pair of drivers – regulatory compliance and the increasing sophistication (to say nothing of ubiquity) of threats – that are unique to the security market. For this reason, Contu says, spending on security products or services tends to be “prioritized” relative to other IT spending efforts.

“The growing sophistication of the threat landscape – with malware composed of multiple components that can be installed after the initial infection and the exploits of socially engineered trojans, which trick end users into downloading and executing malicious files – will push organizations and consumers to invest in endpoint security products in coming years,” said Matthew Cheung, senior research analyst at Gartner, in a prepared release.

At the same time, enterprises are channeling an increasing percentage of security spend into nontraditional delivery channels, such as security appliances or SaaS offerings. It’s a trend that Gartner doesn’t see abating anytime soon.

“During the next six to 12 months, products delivered as SaaS and appliances will continue overtaking traditional software licensing as the preferred purchasing methods,” Cheung said. “Delivery as a suite in subsegments such as enterprise endpoint security, identity and access management … and Web security will be the most prevalent product delivery types. Despite major vendors seeking to consolidate, opportunities exist for smaller niche players and product specialization, and local expertise is expected to remain a valued factor.”

Full article by Stephen Swoyer, Washington Technology

Researchers will have access to ‘real-world’ data on cyber-attacks across the Internet

Travis Wheeler — Tue, 14 Sep 2010 17:38:18 +0000

The Science and Technology Directorate at DHS is planning to gather “comprehensive real-world data” about cyber-attack phenomena, so it can make those data sets available to an estimated 200 different research organizations attempting to develop products and technologies that can better protect the nation’s computing infrastructure.

Under a program called Protected Repository for the Defense of Infrastructure Against Cyber Threats, or PREDICT, the S&T directorate seeks to make these real-world data sets widely available to researchers, who today have to rely instead on anecdotal or small-scale test experiments.

“The data sets are intended to provide developers with timely and detailed insight into cyberattack phenomena occurring across the Internet and in some cases will reveal the effects of these attacks on networks that are owned or managed by the data producers,” says a notice published by S&T in the Federal Register on September 1.

Research groups will be asked to apply for access to the PREDICT data sets by completing a newly-assembled package of forms prepared by S&T. “In addition to helping to determine whether a group is eligible to access the repository, the forms will also manage the interactions between the PREDICT portal administrators and the research groups accessing the PREDICT portal,” says the S&T notice.

The Web portal’s URL is https://www.predict.org. The Coordinating Center for PREDICT will manage the centralized repository, and act as gatekeeper for access to and release of the data. “All data input to the system is either keyed in by users (Data Providers) or migrated (via upload of XML files),” says the notice.

DHS has estimated that 206 research organizations will complete the required package of forms, and that it will take each organization an average of eight hours to do so.

Further information is available from Jeffery Harris at 202-254-6015.

“Researchers, software developers, inventors associated with an authorized sponsoring institution may be granted access to the PREDICT portal,” explains the PREDICT Web site. “In addition, organizations that provide data to the researchers or host the data may hold accounts.

“PREDICT datasets are available to approved Researchers who are conducting cyber security research that is in the interests of the United States,” the Web site continues. “All research and work involving PREDICT datasets must be carried out at locations within the 50 United States.”

Full article by Jacob Goodwin, Government Security News

GSA fast tracks requirements for FedRAMP

Travis Wheeler — Tue, 07 Sep 2010 00:34:24 +0000

The General Services Administration is in the final stages of shoring up the requirements for a governmentwide program to certify and accredit cloud computing products and services.

Katie Lewin, GSA’s cloud computing program manager in the Office of Chief Information Officer, said the agency will issue Version 2 of the Federal Risk and Authorization Management Program (FedRAMP) requirements by the end of August or early September, as reported by Federal News Radio’s Jason Miller.

The GSA, Defense and Homeland Security are reviewing public- and private-sector comments on Version 1 of the requirements, Lewin said during a presentation at the Information Security and Privacy Advisory Board (ISPAB) meeting in Washington, D.C.

Version 2 of the FedRAMP requirements will include security controls detailed in the National Institute of Standards and Technology’s Special Publication 800-53R as well as enhancements.

“Looks like they are moving along fairly aggressively, at this point, which is encouraging,” David Linthicum, chief technology officer of consulting firm Blue Mountain Labs, said in an interview with Government Computer News.

A governmentwide certification and accreditation process for securing cloud computing infrastructures could accelerate adoption of the computing model among agencies, said Kevin Paschuck, vice president of public sector with RighNow, a provider of cloud computing services to the government.

“This will remove that hesitation that still remains across the federal government on the cloud,” Paschuck said.

Cloud computing provides on-demand network access to a shared pool of configurable computing resources that can be rapidly provisioned and released with minimal management effort or service provider interaction.

Announced in May, FedRAMP is an interagency effort whose aim is to reduce duplicate efforts and security compliance expenditures, as well as encourage rapid acquisition time frames, security oversight, and consistent integration with federal governmentwide security efforts.

FedRAMP, a key part of the Obama administration’s cloud computing initiative, also will provide security authorizations and continuous monitoring of shared systems.

FedRAMP will let vendors and agencies certify and accredit a system at the low or moderate level, so other agencies can implement it without having to go through a three- to six-month certification and accreditation process.

The low level pertains to information that agencies make available to the public, while the moderate level deals with critical business applications such as financial management and human resource systems, Paschuck said.

For example, RightNow, which has built its data centers at the moderate level, stores Air Force financial data in the company’s cloud infrastructure – sensitive but not classified information, he said.

The government is publishing guidelines with the FedRAMP requirements. The next step is to take these guidelines and make them policy, putting them into procurements, Paschuck said. So when an agency puts out a request for proposals for cloud computing, the RFP will state that cloud providers need to meet specific security standards. Agencies will also be able to stipulate data rights and the need for auditing of the cloud.

Agencies should expect to submit products and services to FedRAMP beginning Oct. 1, with the first approvals coming between January and March 2011.

Full article by Rutrell Yasin, Government Computer News

Lockheed Martin Wins $9 Million HHS Contract

Travis Wheeler — Tue, 31 Aug 2010 23:16:46 +0000

Lockheed Martin has announced that it has won two contracts worth a total of $9 million to help the Nationwide Health Information Network (NHIN) advance digital health records and secure health information exchanges. The contracts were awarded by the Department of Health and Human Services Office of the National Coordinator for Health Information Technology (ONC).

The Baltimore, Md.-based company said Wednesday that, under the first contract, Lockheed Martin will create new reference implementation software to support the development, testing, and adoption of future NHIN capabilities. The second contract calls for Lockheed Martin to develop real-world demonstrations and pilots for emergent capabilities.

“These pilots assess not only the technology and standards associated with the Nationwide Health Information Network, but also provide a test-bed to evaluate the interaction of all those elements required for secure interoperability among healthcare stakeholders,” Michael Leff, director, Lockheed Martin health information management solutions, said in a statement. “This is the equivalent of taking a new medical therapy out of a controlled clinical trial and assessing the value of that therapy in a real-world setting.”

NHIN is the set of services, standards, and policies that enable the secure exchange of health information over the Internet. This health IT initiative is considered a foundational element in realizing the Health Information Technology and Economic and Clinical Health Act of 2009 (HITECH Act) goals of improving the quality and efficiency of healthcare for American citizens.

Lockheed Martin was among the first NHIN contributors as a prime vendor in the Social Security Administration’s production prototype with Med Virginia, headquartered in Richmond, Va.

In partnership with key stakeholders, Lockheed Martin helped develop technical specifications and provided health IT consultation for the implementation of the CONNECT gateway, an open source federal health architecture initiative that offers core NHIN interoperability standards. These standards are now the foundation for all future NHIN expansion activity.

More recently, Lockheed Martin assisted the Centers for Medicaid and Medicare Services (CMS) on a project that demonstrated how the NHIN can support the secure exchange of standardized health assessments to help improve quality of care for Medicare patients as they transition among healthcare providers and professionals.

Full article by Nicole Lewis, InformationWeek

NIH kicks off $40 billion follow-on contract for IT services

Travis Wheeler — Fri, 20 Aug 2010 17:45:31 +0000

The National Institutes of Health kicked off on Tuesday one of the largest information technology procurements in the federal government: a 10-year governmentwide Chief Information Officer-Solutions and Partners 3 contract valued at $40 billion.

The CIO-SP3 contract includes a full- and open-competition vehicle valued at $20 billion and a separate small business contract also valued at $20 billion, according NIH’s Information Technology Assessment and Acquisition Center, which is managing the contract.

CIO-SP3 will incorporate medical imaging, remote sensing, videoconferencing and Web services previously handled under a separate NITAAC contract called Image World 2, according to a pre-solicitation notice posted on the Federal Business Opportunities website on Tuesday. NITAAC said it plans to release the full and open competition CIO-SP3 request for proposals on or about Sept. 1, with the small business RFP planned for a later and unspecified date.

Ray Bjorklund, senior vice president and chief knowledge officer for FedSources Inc., a consulting firm in McLean, Va., said only the General Services Administration’s omnibus $50 billion Alliant IT services contract has a higher ceiling value than CIO-SP3. But he questioned whether NITACC overestimated the value of the contract. Sometimes agency’s “eyes are bigger than their stomachs” when it comes to setting ceilings, Bjorklund said.

Mary Armstead, who was appointed NITAAC director in April after a more than 25 year career in procurement with the National Institutes of Health, said she welcomed a dialogue on the value of CIO-SP3, but added the ceilings are high because they take into account a range of IT variables spanning a the next decade.

Peter R. Orzag, outgoing director of the Office of Management and Budge, approved the $40 billion CIO-SP3 ceiling in a letter to Dr. Francis Collins, director of the National Institutes of Health, in July and said the contract can provide “cost-effective, quality results for our taxpayers.”

NITAAC said the contracts will help fulfill a range of IT needs across the federal government, with a particular emphasis on agencies such as NIH and the Health and Human Services Department, both of which are involved in health care and clinical and biological research.

In his letter, Orzag said he expected the contracts to offer a range of IT services to federal health agencies, with a “particular emphasis on health related IT services to support agencies with health related missions and responsibilities under the Patient Protection and Affordable Health Care Act,” the landmark health care reform bill Congress passed in March.

The law envisioned using IT to support many of its goals, including offering Web portals to allow people to compare online health insurance costs and benefits, state-managed health insurance exchanges, universal patient identifiers, and data matching technology to detect waste fraud and abuse related to health insurance claims.

Armstead said CIO-SP3 will provide the IT services called for in the health care law, including Web portal development and data mining. She emphasized interested bidders must demonstrate expertise in applying these services to the health care domain.

The draft CIO-SP3 RFP released in August 2009 called for contractors to support development of interoperable heath care systems under the Federal Health Architecture, including interoperable systems. Armstead said CIO-SP3 is being designed to support the architecture.

NITAAC already supports a variety of agencies, including the Defense, Homeland Security and Veterans Affairs departments, and the Environmental Protection Agency under its current IT services contract. Armstead said she anticipates continuing that support under the new contract.

Full Article by Bob Brewin, NextGov