For HHS, FITARA is not just a law, but a lifestyle

Amy Haseltine, the deputy chief information officer for enterprise services at HHS, said the agency brought a cross-agency team together to focus on how best to...

It’s one thing to get an “A” or a “B” in the different areas of the Federal IT Acquisition Reform Act (FITARA) scorecard.

It’s another to translate those grades into real IT reforms.

While the results are far from final, the Department of Health and Human Services seems to be on a path to transform how it manages technology and delivers services.

Amy Haseltine, the deputy chief information officer for enterprise services at HHS, said the agency’s IT reform efforts are starting to pay off in measurable ways.

Amy Haseltine is the deputy chief information officer for enterprise services at HHS.

“By pulling together the department’s very first software license inventory, that data was actually needed and now is utilized not only by our CIO community, but by our acquisition community to better understand what is the financial footprint we have across the multitude of software technologies,” Haseltine said on Ask the CIO. “By understanding that, you are better informed, and even empowered, to make decisions about what makes the most sense technically for your portfolio, what software is going to help you drive your mission. By having that software inventory, we were able to show that as a product of FITARA there was real tangible business benefits, and in doing that it has helped us garner that level of cross-community support [for FITARA].”

Additionally, the software data collection effort helped the agency understand where opportunities existed to get off legacy technology.

“Without the software license inventory and exercise, and without that as a product of that exercise, we would not be in the position we are in today to understand the portfolio and manage it,” she said.

Haseltine said the CIO’s office faced several challenges to collect the software data that before FITARA may not have been possible.

She said typically HHS agencies and bureaus weren’t excited to share software license data and they had no method to collect all the data.

HHS’s success in raising its score to a “B+” in the December 2018 scorecard will be tested again on Wednesday when the House Oversight and Reform Subcommittee on Government Operations releases the next iteration of the grades.

Federal CIO Suzette Kent is expected to testify among others.

FITARA is part of the routine

Whether or not HHS’ scores change, Haseltine said the agency’s approach, called D3 (data, dialogue and delivery) made the difference to drive certain behaviors across the department.

“We explored and developed a brand new strategy to tackle FITARA in a way that would not only be resonating with people who do not necessarily do technology, but would be relevant for our business, for our mission and relevant to drive outcomes across the space of the HHS portfolio,” she said. “We did [several] key things as a general part of our routine monthly discussions with our CIOs, we put FITARA on the agenda, not just the metrics themselves, but the goals we needed to set to demonstrate and really deliver on the HHS story. We made it a routine part of the dialogue on an everyday basis so by the time we met with the CIOs, we weren’t talking about a bunch of other policies or initiatives, but we started first with FITARA. We talked about how FITARA could help us drive results. We then talked about the other projects in the construct of making that IT portfolio really sing by managing it and providing the appropriate degree of oversight and compliance.”

Second, the CIO’s office spoke about FITARA not as an IT program, but as a management program that would benefit all of the agency, and did so in front of others in the CXO community, including the chief acquisition officer’s community and contracting officers.

Third, Haseltine said the CIO’s office used an internal scorecard measuring progress across the bureaus and ensuring everyone saw each other’s grades.

“We used the road shows to buttress and ensure while we were holding them accountable for the metrics, we were also providing them with technical and analytical support to help them get there,” she said. “When we met with the other groups, we showed them the scorecard so there was full transparency across the communities about what we were aiming for, why we were doing it, why it mattered and why it would ultimately be helpful to them.”

Data drives the process

Haseltine said the D3 model, which is evolving into the M3 model (monitor, maintain and mature), worked because the discussions centered on the data.

“Data provided us two things. First, it flagged areas where unspoken discord or there was a lack of understanding of the law and what it intended or its metrics. Data gave us the ability to help teach and ensure there was technical and philosophical understanding around what and why we were doing the modernization work,” she said. “Data also helped us understand why we as a CIO community had to do better job of articulating why a certain policy was in place, and then leverage the brain power not only in the CIO community, but engage the program people and others too. Data became the driver of very interdisciplinary conversations with folks who before didn’t know what FITARA was or why it matters.”

She added data was one of the key drivers that helped HHS make progress and achieve its current scores.

And that focus on data is driving HHS’s continued strategy to improve and modernize its technology.

“We are exploring how we can take this notion of enterprise architecture to pull together data across the portfolio that will help us better understand where we have legacy technology, particularly in the software realm, how we can know that the technology is getting ready to be unsupported or to sunset so we can make investments and financial decisions so we are not caught off guard,” Haseltine said. “We are leveraging FITARA as a way to strengthen our cybersecurity awareness whether it’s through addressing legacy technology or leveraging the scorecard itself so folks are aware that cybersecurity is an opportunity for everyone to participate in.”

She said the data is one of the best ways to make sure the cross-agency collaboration continues to grow sort of like the water for a plant.

“You can’t let those partnerships wither. They must be maintained and encouraged so when the next big challenge comes, whatever it may be, you have the right people in the right place with the right data to have the right conversation,” she said.

Copyright © 2024 Federal News Network. All rights reserved. This website is not intended for users located within the European Economic Area.