U.S. Coast Guard’s $67 Million EHR Fiasco

Sinking project mismanagement to new depths

A health service technician aboard the Coast Guard Cutter Healy, measures Petty Officer 2nd Class Robert Martin's heart rate during a physical health assessment
Photo: Petty Officer 1st Class Shawn Eggert/U.S. Coast Guard

In late January, the U.S. House of Representatives’ Subcommittee on Coast Guard and Maritime Transportation held a hearing to review the United States Coast Guard’s $14 million, five-year electronic health record (EHR) system project.

The project, which began in September 2010, ballooned into a $67 million fiasco that the USCG finally ended in September 2015. But the Coast Guard didn’t officially confirm its termination until April 2016.  At the time, the USCG public affairs office vaguely explained that there were concerns about whether the project could be completed in a reasonable time and at a reasonable cost. A spokesperson also opaquely added that, “Various irregularities were uncovered, which are currently being reviewed.” Mention of “irregularities” raised a lot of questions that the Coast Guard refused to answer for the last two years.

Finally, at the House subcommittee meeting, the reason for the agency’s uncommunicativeness became crystal clear: sheer embarrassment. At the hearing, the Government Accountability Office (GAO) reported (pdf) that the project suffered from such a breathtaking lack of management oversight that it astonished even them—which is saying a lot, given the surfeit of government IT failures against which the GAO could compare the USCG EHR project.

David Powner, Director of Information Technology Management issues at the GAO, testified at the hearing and made sure the subcommittee’s members understood the significance of his group’s findings. Powner explained to them, for example, that there were four management boards that the USCG had set up to provide project governance and oversight, but they were in fact “not active.”

Powner is reported to have said, “I’d like to highlight the words ‘not active.’ We at GAO have reported on failed IT acquisitions over the years, and usually the message is that executive boards were not effective or not involved enough―not, ‘not active.’”

The cardboard cutout boards included the executive steering committee, the user group, the change control board, and the system security committee. Inexplicably, the Coast Guard’s CIO was not even deemed worthy of being a member of any of the boards, the GAO discovered in its review.

Without any active, effective management oversight, the project leads were allowed to increase their wishes and desires without check. For example, the project was originally envisioned and sold as an EHR modernization effort based on Epic’s EHR software that would begin deployment to the Coast Guard’s 41 clinics and 125 sick bays sometime in late 2011. It soon morphed into a “whole new Coast Guard Integrated Health Information System.”

Additionally, even though the USCG admitted that it was having problems in establishing the health information system architecture, that didn’t stop the agency from further enlarging the project’s scope and complexity. In December 2011, in a “cost sharing” move, the USCG and the Department of State agreed that the IHiS would be jointly used, with a planned start date of October 2015. Now, not only would the IHiS need to go live at Coast Guard healthcare locations, but across State Department locations as well.

The various re-scoping and expansion efforts meant numerous other existing Coast Guard health information systems also required modernization efforts of their own. The inertia of increased the project complexity, cost and risk continued unabated. Soon, 25 different vendors were working on the IHiS, at a total cost of $56 million, without active USCG management oversight.

The GAO’s report (pdf) revealed a cringe-worthy litany of poor or non-existent system development, management, and governance practices over the duration of the IHiS project—too many to fully list here. A memo from last May by Epic also details myriad operational blunders that explain why the project tanked.

The rapidly increasing waves of rework caused by the project’s abject mismanagement meant that, by early 2015, the IHiS project was taking on water that the agency did not see any way to bail out. The health information system was swamped by what even the Coast Guard leadership finally admitted were significant “financial, technical, schedule, and personnel risks.” The only available course of action was to cut their losses and terminate the IHiS project, the Coast Guard told the GAO.

According to the GAO, the $67 million reported cost is probably a huge understatement of the actual cost. The Coast Guard, in computing its cost of failure, “did not include labor costs for the agency’s personnel (civilian or military) who spent approximately 5 years managing, overseeing, and providing subject matter expertise on the project. [The figure] also did not include any travel costs incurred by these personnel,” the GAO stated. In addition, the effort was a total write off, as no equipment or software from the project can used on future projects, the GAO noted.

An unfortunate side effect: The Coast Guard has had to revert to paper medical records because its legacy EHR and health IT support systems were all retired by January 2016. Reverting to paper records has given rise to another ongoing problem: incomplete or or completely missing service member medical records. All of the records from the legacy systems were supposed to be printed out before those systems were retired. But many were not. That bug in the system is placing burdens on both USCG healthcare professionals and service personnel alike, reports the GAO.

The Coast Guard has spent the past two-plus years looking for an EHR replacement. (I assume the State Department is as well.) At the January hearing, the House Coast Guard and Maritime Transportation subcommittee members let the Coast Guard leadership know that using anything other than the new $4.3 billion Military Health System now under development by the Departments of Defense and Veterans Affairs will not be looked upon favorably. The Coast Guard leadership indicated to the subcommittee that it would announce details of its EHR path forward by the end of February, but so far, there’s been no word on what the agency will do.

Meanwhile, there are indications that the IHiS project could be just the first dead canary out of a flock doomed to die in a very deep USCG IT project coal mine. A disconcerting audit report (pdf) released last November by the Department of Homeland Security Office of the Inspector General (OIG) indicated that the same types of IT governance and oversight mismanagement that killed IHiS may also be a blight on an untold number of the 400 IT procurements the Coast Guard has approved. These procurements amounted to $1.8 billion in expenditures between fiscal years 2014 and 2016. The Coast Guard, in response to the OIG report, promised it will correct any oversight deficiencies by the end of September.

What’s your best guess for how many Coast Guard IT procurements are eventually found (and publicly disclosed) to have the same management weaknesses that sank IHiS?

The Computing Technology Newsletter

Biweekly newsletter about advances in hardware, software and systems.

About the Risk Factor blog

IEEE Spectrum’s risk analysis blog, featuring daily news, updates and analysis on computing and IT projects, software and systems failures, successes and innovations, security threats, and more.