With more than 170 medical centers and 1,000 outpatient sites that serve more than 6 million veterans, the Department of Veterans Affairs owns one of the largest repositories of patient data in the world. To better serve the nation’s veterans, the VA is looking at technologies, including those already used in other agencies and the private sector, to make its data interoperable and readily accessible.
One major effort that the VA Office of Information Technology is promoting is called Lighthouse. Lighthouse creates a commercial gateway for the VA’s partners to use its application programming interfaces (APIs), which allow mobile applications and programs to communicate with VA servers. The commercial sector has used a similar method of API sharing to fuel innovation for years, but this is the first time any government agency has created a public portal where anyone can register for an API key to develop applications and programs.
“The feeling was that we could do more,” said Dominic Cussatt, principal deputy assistant secretary and deputy CIO at VA, at the Breakfast with the Govpreneur April 9. “We’re the stewards of all this data, and we do very carefully protect it through our cybersecurity measures. In a safe and measured way, we wanted to see what we could do to leverage the power of this data and not always focus on VA as the internal developer of everything that we do.”
The Lighthouse program represents a crucial shift that will allow VA OIT to deliver new technology and services to the veterans at a more rapid pace than government-led innovation typically moves.
“Our veterans are used to getting a level of service in the commercial sector that is increasingly growing over time,” said Drew Myklegard, executive director of API management at VA, “and we really aren't used to doing that, especially on a large scale. We're delivering medical care to 6 million veterans. So that's a whole major company that would do that. So if you want to ship an app quickly on the best technologies to 6 million people, that's a hard problem to solve for a startup or any small business.”
Myklegard added that the focus has been on improving the user experience by encouraging developers to create applications that remove bottlenecks for processing claims and transferring health data. Though claims can currently be submitted online, they're still being entered into the systems by hand, he said.
However, the VA’s interest in speedy delivery cannot happen without an eye on security. For Director of Cybersecurity Strategy Gary Stevens, this is not a balancing act, but a chance to reframe security as a help to the development process rather than a hindrance.
“The issue for us is to ensure security is an enabler of [our capabilities],” said Stevens. “We’re looking at what the business is trying to do at the earliest stage possible, understanding what needs to happen, and then how security can accommodate that capability across the entire apparatus.” The VA has already adopted commercial endpoint authentication processes and end-to-end encryption methods to ensure veterans’ data remains secure in transit, Myklegard added.
So far, the VA has released claims, facilities, health and veteran verification ID APIs through its developer website, said Myklegard. In February, it announced partnerships with the CDC and Apple.
“This was kind of groundbreaking,” said Cussatt, noting that the partnership with Apple has been an early success for Lighthouse. “We’re saying, ‘We’re going to take your proprietary app … and we’re going to see if we can use the power of APIs to tap into data in real time.”
Applications built off of the VA’s APIs currently include the Apple health app, so that veterans can easily access their health records from their iPhone, and an application built off of the facilities API that allows veterans to use Amazon Alexa to find their nearest VA medical centers and schedule appointments there.
“This is something that, for us in the VA or in the federal government, would have been really hard, if not impossible,” said Myklegard. “I don’t know if there would have been incentives … and [the developer of the Alexa function] had this done in a couple of weeks.”
Cussatt assured everyone that Lighthouse has not proceeded without veterans’ consent. “They own their data,” he said. “And we’re not giving any vendors any veteran’s data. This is about getting veterans access to their data from their devices.”
The biggest challenge for the development process for APIs and everything VA OIT is working on has been shifting the culture from the business side. The traditional culture has been to make an aspirational request up front and wait an extended period of time for a final product, rather than get a product that starts small and develops over time. “In our business lines, we’ve trained them to get these big bang results in their request for software, and we’ve got to reset that,” said Myklegard. “That resetting is hard, but the ones who are committed to it really see better products and features that are more geared to the real requirements.”
For those who are concerned about cybersecurity, Lighthouse has also been a model for ensuring security is integrated into the development process rather than bolted on at the end. “The nice thing about what’s happening here is that we’re able to look at the earliest point possible and bake [security] in,” said Stevens. “That is driving forward innovation and ensuring what gets created is secure. That’s one of the largest successes here … getting security into the right place, where it really needs to be.”
Cussatt expects Lighthouse to be the first step in digital transformation for the VA. “We know that in order to stay relevant, in order to achieve that high customer satisfaction with our veterans ... we want to turn over everything we’re doing,” he said. “We’re looking at everything.”