KRM was tasked to design, document, implement and operate a HISD Medical Device Security Assessment Center (MeDSAC) for VA test purposes (non-production). Product evaluations were conducted on biomedical devices and their associated software packages. The MeDSAC will support a joint endeavor between the Department of Defense (DOD) Teleradiology and Advanced Technologies Research Center (TATRC) at Fort Detrick, MD. KRM has executed a Cooperative Research and Development Agreement (CRDA) with DOD and Georgetown to support these activities.

MeDSAC can assess the following devices:

• FDA 510(k) Medical Devices
• Medical systems (Clients and Servers)
• New platforms being considered at VA facilities
• Tablet PCs
• PDAs
• Wireless

KRM utilized extensive experience in healthcare information technology, information security and web development to design and support the implementation of a web-portal for information sharing. The goal of the HIISAAC was to provide the V.A. a medium for enterprise wide sharing of analysis and assessment results to improve decision-making regarding the security risks of medical information systems.

KRM provided administrative, program management, and technical expertise to the Veteran's Health Administration HOST (Hybrid Open Systems Trial) program to support the identification, evaluation, piloting, and documentation of commercially available healthcare technologies.  KRM also assisted in the integration efforts to ensure a smooth implementation process of technologies, which proved beneficial to the VA.

Policy Development: KRM assisted in the development of VHA policy that reflected the VA HOST Program approach for achieving their mission, and assisted in the creation of high level planning documentation required to ensure that the VA mission and objectives were adequately researched and defined.

Planning Documentation:Assisted in the creation of high level planning documentation required to ensure that the VA mission and objectives were adequately defined and researched.

Directives and Procedures: KRM developed directives for establishment of a technology clearinghouse for VHA HOST, directives and procedures for pilot project selection, directives and procedures for pilot project execution, directives for buy-versus-build, policy for pilot project migration within VHA, and policy for program process and a program handbook.

Medical Systems Assessments: KRM evaluated and managed over 20 pilot projects involving medical information devices and systems including a number of the major systems that HISD will be assessing.

Technology Evaluation:  Assisted the VA as the focal point to assess commercial information technology that provided a functionality rich and cost-effective information system. Technologies evaluated improved operational and management reporting requirements, as well as provided robust enhancements mandated by the health care environment within the VHA. Each technology was evaluated technically, clinically, and from a business perspective.

Pilot Projects Support: Supported approximately twenty-five pilot projects in the assessment of various commercial applications across the country. KRM provided onsite, case by case project management and assistance that included report generation, management assistance, and technical assistance. Upon completion, KRM conducted independent assessments to evaluate and recommend migration potential.

KRM served as a sub-contractor to conduct an Independent Security Control Assessment (SCA) of the Veterans Health Information Systems and Technology Architecture (VistA) system.  This SCA process supported the certification of VistA on three different computer platforms.

The purpose of the VISTA system is to support clinical and related activities within Veterans Health Administration (VHA) Medical Centers (VAMCs) throughout the country.  The VISTA system is currently installed on three computer platforms, VMS/DSM, VMS Cache, and W 2K Cache.  Testing was completed on each of the 3 platforms.   The VistA Legacy Certification Project developed a national methodology to accredit the VISTA Legacy system at the VHA’s 163 medical centers, to include meeting all OMB, NIST, and VA requirements to achieve accreditation.  The independent testing of security controls, was required to reach that goal. 
The VISTA system had to undergo the SCA process consists primarily of a Kernel and a suite of applications that interact with the Kernel Communication of data in VISTA uses HL7 and XML standards over VA local area networks (LANs) and the VA wide-area network (WAN).
 

This project was completed on time and within budget on 3/31/2006.

KRM provided support for the Veteran's Administration Health Information Security Division in Martinsburg, West Virginia.  The scope of this project included:

An overall goal to establish and operate a world-class HISD that would develop, implement, and evaluate security solutions addressing health data and health information systems, including security standards, access control, and access to health data by external groups.

The VA and other CHIS user organizations established a documented, repeatable, on-going process to measurably improve the security of their sensitive data, and demonstrated its value to its user community by:

• Raising awareness of healthcare specific information systems, to include risks, vulnerabilities, and protection requirements for new and emerging technologies.
• Examining and analyzing vulnerabilities and devising techniques for the cost-effective security and protection of private health information maintained on VHA sensitive system.
• Developing standards, metrics, tests, and validation programs to:
  • Promote, measure, and validate security in systems and services.
  • Provide system-specific role-based access to staff members.
  • Establish minimum security requirements for healthcare systems.
• Developing guidance to ensure security is included in the system planning, implementation, management, and operational phases of the system life cycle.
• Assisting VHA in planning and implementing best security practices.

KRM provided 24/7 support for the Security Operations Center for VA.  KRM provided support to monitor computer and network traffic, and analyzed network traffic activity and systems logs to determine causes of problems and security breaches.   Additionally, KRM personnel reported and tracked network and system problems, resolved simple computer and hardware problems independently, and coordinated with other IT groups to resolve complex problems and issues.

KRM provides support that encompasses day-to-day help desk operations and related services and provides 24x7x365 lifecycle support for the Information Technology Office (ITO), Information Technology Operations & Engineering Support (ITOES), located near Martinsburg, WV.

The Department of Veterans Affairs (VA) ITO has operational and management responsibilities for all Enterprise network services, including but not limited to:

• VA Network Operations Center (NOC)
• One-VA Internet gateways
• One-VA VPN services
• Business Partner Gateways

Support of these and other ITO initiatives requires collaboration with all VA entities including, but not limited to, Veterans Health Administration (VHA), Veterans Benefits Administration (VBA), National Cemetery Administration (NCA) and other VA Program Offices.