Since the beginning of the COVID-19 pandemic, the Department of Health and Human Services has been developing rapid, innovative solutions to support national response efforts. As the U.S. enters into phased reopening, Perryn Ashmore, now retired CIO of the agency, projects how the department will evolve to meet its mission.
Ashmore, who retired in May, served in HHS’ CIO Office during a majority of the department’s COVID-19 response and took over the role after Jose Arrieta’s departure in August. One of HHS’ major achievements was the launch of HHS Protect, which has enabled data sharing in near real time and provided information on the current state of the American health care system.
“The thing that made it work … was the private-public partnership. Our partners in this came to the table with everything. In combination with that, it was a whole team effort at HHS and the White House,” Ashmore said.
During its response, HHS made a commitment to continuous collaboration. HHS’ work with the Department of Defense is one example of this.
“What we know at HHS is the health care and the health care sector … what the DOD really knew was physical security and logistics. Sharing those kinds of things enabled us to build out and build out well,” Ashmore said. “That collaboration and coordination was phenomenal.”
He noted that while there was a strong push from both the government and public to have rapid solutions to combat the pandemic, the solutions HHS developed were robust and effective. HHS made its response work well because it focused on areas that were top priorities.
“For example, we didn’t try to integrate PIV credential access into a solution. We went with an alternative way to give multi-factor identification,” Ashmore said. “We had to come up with things that weren’t the norm. When you’re doing all of that, you have to make it simple.”
HHS focused on “building in bite-sized chunks” to create an anchored baseline that allowed the department to iterate quickly. While developing these solutions, HHS looked to reuse existing systems to cut time and cost such as those developed by the Centers for Disease Control and Prevention.
“That idea of reuse — every time we see something, we like to build it again so we can all take credit for it. Well that’s great, but that doesn’t work in an emergency,” Ashmore said.
Even when HHS was developing new solutions, the department kept an emphasis on reusability. Ashmore said the department took a “cut-and-paste approach,” so that once a template was created for one system, HHS could apply it to future projects.
Ashmore noted that these platforms should be seen as solutions for more than one challenge. “It only makes sense when you start to leverage it for more than one thing,” he said. Moving forward, HHS can leverage those lessons learned to respond even faster to future health crises.
“We were ready for this … Most importantly, we in the HHS CIO had relationships. Those relationships were what really made it happen. It’s almost a year and a half that we worked on these pieces, and it’s still going,” Ashmore said.
While the department was well positioned to combat the pandemic, Ashmore said that there are still areas that need to be improved and simplified from a usability standpoint. For example, he believes that two-factor authentication is too brittle.
“As more government employees become engaged directly with the products, it makes for a better private-public partnership because now you have a much more substantial understanding,” Ashmore said. “We’re all in this together, and we all have to understand the various risks that exist and when and where and how we can come together to address that.”
Following recent supply chain hacks on Colonial Pipeline and Solarwinds, Ashmore suggested that HHS focus its efforts on security and resiliency. However, as agencies focus on securing their IT infrastructures, costs will inevitably rise.
“The concept of IT cost has to go away. It has to become, ‘This is the cost of doing business,’” Ashmore said. “There’s been a lot of progress made … We’ve gotten certain things worked out, but what we haven’t worked out is how to contract properly for cloud services, specifically infrastructure. If we could figure that out … we have a chance.”