GovWin
B2G is moving!
Blogs posted after May 22, 2015 will be located on Deltek's central blog page at www.deltek.com/blog.
Just select the "B2G Essentials" blog to continue to receive this valuable content.
Congress Passes FY 2015 Funding – Civilian Highlights, Part 2

The U.S. Congress passed an omnibus funding bill for the remainder of fiscal year (FY) 2015 that includes $1.1 trillion in total in discretionary federal funds, roughly half of which goes to federal civilian departments and agencies. In part 2 we’ll look at HHS, DHS, Justice and State.

Read our Civilian Highlights, Part 1.

Health and Human Services    

HHS funding is part of the broader Labor, Health and Human Services, and Education Appropriation which totals $156.8B in discretionary funding which is the same as FY 2014 enacted levels, $926M below the president’s budget request.  Deltek estimate the HHS portion of these appropriations to be $80B.  HHS highlights of the omnibus bill include the following:

  • $2.7B in emergency funding to address the Ebola crisis.
  • $3.6B for CMS management and operations, which is equal to the level put in place by sequestration and the same as the FY 2014 enacted levels.
  • $6.9B for CDC for disease prevention and bio-defense research activities, $43M above FY 2014 program level.
  • $30B for NIH, $150M above the FY 2014 level.
  • $20M to combat prescription drug abuse around the country.
  • The bill contains several provisions to protect life, continues all longstanding restrictions on abortion funding that have been included in appropriations legislation in prior years, and promotes abstinence education.
  • $17.8B in discretionary resources for the Administration of Children and Families, which is a $108M increase.
  • The bill provides no new funding for the Affordable Care Act.

Homeland Security

The Department of Homeland Security is the only department in the Omnibus that is not receiving funding through the remainder of FY 2015, i.e. September 30, 2015.  The Omnibus funds DHS with a continuing resolution at the FY 2014 annual level of $39.3B through February 27, 2015 as media reports indicate that the Republican majority will seek to influence the implementation of the president’s recent immigration policy actions.

Justice

Department of Justice funding of $26.7B marks a reduction of $600M below FY 2014 enacted levels.

  • $25.8M for Justice Information Sharing Technology
  • Federal Bureau of Investigation (FBI): $8.4B for the FBI increases resources by $93M over FY 2014 levels to support activities around counter-terrorism, cybersecurity, and human trafficking.
  • Drug Enforcement Administration (DEA):  $2.4B marks an increase of $21M over the 2014 enacted level.
  • Bureau of Alcohol, Tobacco, Firearms and Explosives (ATF): An increase of $22M above 2014 enacted levels brings ATF funds to $1.2B for 2015.
  • National Instant Criminal Background Check System (NICS) Initiative grants: $73.0M in grants are provided to improve NICS records. These grants are expected to assist states in identifying and executing approaches to add more records to the system, particularly mental health records.
  • Prescription Drug Monitoring Programs (PDMPs): New state laws promoting the increase of PDMP best practices around prescribing controlled substances maintain support for technical assistance for PDMPs, PDMP data users, and other key stakeholders.
  • Additionally, DOJ is expected to identify and report on specific metrics related to cybercrime and cybersecurity efforts that may be measured.

State and International Programs

The Department of State and USAID appropriation of $49B includes $15.7B in base and contingency funding for operational costs of the State Department and related agencies, of which $5.4B is targeted for embassy security.

  • $1.4B for USAID base and contingency funding
  • $2.5B in Ebola emergency funding
  • $8.4B in base and contingency funding for international security assistance


Go to Part 3 of Civilian Highlights, or check out our Defense Highlights of the FY 2015 Omnibus here.

Top Information Security Contracts FY 2009 to 2014

Analysis of historic federal information security spending reveals where agencies are investing the most.

Methodology

As part of the research and analysis completed for the recent Federal Information Security Market, 2014 to 2019 report, the Federal Industry Analysis Team explored reported spending on information security across the government. Historic spending data was collected using a non-definitive selection of 24 information security related keyword searches on FPDS.gov. The resulting 224,297 contracts were culled down to 33,233 through further analysis. This analysis reviewed the initial set for IT-related product or spending (PSC) codes, duplicate entries, and as well as security related contract descriptions.

 

The report includes findings from the over 33,000 contracts, which provide an approximate baseline total contracted value for security contract awards that can be used to assess the overall size and composition of historical federal information security spending from FY 2009 to FY 2014. The discussion in this blog addresses findings associated with the top 50 contracts from that set.

Findings

The top 50 contracts spread nearly $1.4 billion in funds across 11 different federal agencies.

Conclusions

Over the past five years, agency top contracts have provided security related products and services including compliance with security mandates (e.g. HSPD-12), encryption devices, enterprise identity management, and technology support services. While some of these awards are through stand-alone contracts or dedicated security programs, a number are associated with agency preferred contract vehicles. Going forward, agencies aiming to implement enterprise solutions or streamline costs are likely to continue leveraging existing channels to address security capabilities.

 

----------------------------------

Originally published in the GovWin FIA Analysts Perspectives Blog. Follow me on Twitter @FIAGovWin.

Deltek Pulse: Health and human services, October 2014

Deltek saw the release of 1,398 solicitations from the health and human services vertical in October – a 63 percent increase from September.

Notable RFP releases include:

You can learn more about current procurement opportunities in the GovWin IQ State and Local Opportunities database. Not a Deltek subscriber? Click here to learn more about Deltek's GovWin IQ service and gain access to a free trial.

 

 

 

2014 Wastebook: $25 Billion in Dubious Federal Spending

Senator Tom Coburn (R-OK) recently released his annual report on federal waste, documenting nearly $25 billion in wasteful government spending, down from $30 billion documented last year. The report, Wastebook 2014, identifies 100 programs that in Senator Coburn’s words, “gives a snapshot of just a fraction of the countless frivolous projects the government funded in the past twelve months.”  

“Only someone with too much of someone else’s money and not enough accountability for how it was being spent could come up with some of the zany projects the government paid for this year,” states Coburn in the report.

Coburn’s research identifies federal funding for Swedish massages for rabbits at NIH and to teach monkeys how to play video games and gamble at the National Science Foundation.  For purposes of this blog, I’ve attempted to highlight programs that contain some form of IT or federal contracting implications, but I encourage you to browse through the entire 110 page report if for nothing more than amusement and entertainment purposes. 

State Department Tweets @ Terrorists – (State) $3M:  The State Department’s Center for Strategic Counterterrorism Communications (CSCC) used a portion of its $3 million budget to create the Think Again Turn Away Twitter account, which provides a counter to the tweets of extremists.  Experts in the field of terrorism and extremism believe taxpayer money could be better spent on countering their efforts in other formats.

Facebook for Fossil Enthusiasts – (NSF) $1.97M:  A group of University of Florida researchers won a $1.97 million NSF grant to create a “web-based education community that connects people with a shared interest in paleontology” where users will be able to input data and request information from one other.

Social Security IT Project Wastes Hundreds of Millions – (SSA) $288M:  SSA’s project to update their system for tracking disability claims is five years into development and is still two to two-and-a-half years from completion with nearly $300 million already wasted and very limited functionality to date. 

NASA Loses Hundreds of Electronic Devices Each Month – (NASA) $1.1M: NASA has been issuing smartphones, tablets, and AirCards without keeping track of who has them or even if they are being used at all. Over 2,000 devices went unused for at least 7 months from 2013-2014.  The estimated cost of the unused and lost devices is at least $97,000 every month.

Identity Thieves Steal Billions Each Year with Bogus Tax Returns – (IRS) $4.2B:  Every year the IRS pays out billions of dollars in fraudulent refunds to clever criminals filing fake tax returns.  The Treasury Inspector General  predicts this number will only continue to grow, estimating the IRS could issue approximately $21 billion in fraudulent tax refunds resulting from identity theft” over five years, an average of $4.2 billion each year.

Coburn plans to retire, so this maybe the last wastebook report unless someone else picks up the torch.  

Coburn states in the introduction, “What I have learned from these experiences is Washington will never change itself. But even if the politicians won’t stop stupid spending, taxpayers always have the last word.  As you read through the entries presented in this report, ask yourself:  Is each of these a true national priority or could the money have been better spent on a more urgent need or not spent at all in order to reduce the burden of debt being left to be paid off by our children and grandchildren?”

The bottom line is that the federal government still has a long way to go in order to curb pet projects, wasteful spending, and fraud.   Federal agencies perpetually will face tighter budgets while endeavoring to become more efficient and effective.  In some cases, technology can help identify wasteful spending, and root out fraud and abuse.  Agencies will continue to strive to improve operations, processes, and payment accuracy in order to save taxpayers’ money, leaving the market ripe for continued contractor support, especially in the areas of financial management, payment accuracy, and fraud prevention.

 

Collaboration Needed to Improve Health IT Security

The Department of Health and Human Services’ (HHS) Office for Civil Rights (OCR) and the Department of Commerce’s National Institute of Standards and Technology (NIST) hosted the seventh annual conference on Safeguarding Health Information on September 23 and 24, 2014. Exploring information assurance through the Health Insurance Portability and Accountability Act (HIPAA) Security Rule, the event covered topics including breach management, technical assurance of electronic health records, and integrating security into health IT.

The keynote address that kicked off the event was delivered by Darren Dworkin, the chief information officer and senior vice president for of enterprise information systems for Cedars-Sinai Health System. Dworkin described major security events that have shaped security architecture. For example, 2003’s Blaster RPC Worm led to better security patch management as well as improvements to antivirus deployment. More recently, Heartbleed resulted in enhancements to security scanning and inventory. Dworkin noted that hackers have not been the only threat. In fact, 35% of patient data breaches in 2013 were due to loss or theft of unencrypted laptops or other devices. The recent explosion of medical devices and mobile computing are further changing the landscape for health IT security. As new technologies change how data is accessed and shared, protecting health information becomes increasingly challenging.

Other speakers at the event stressed hurdles around risk assessments and promoting end-user awareness. One speaker from the HHS observed that it’s impossible to achieve effective risk management if organizations don’t know what their risks are. Another presentation (from industry) emphasized the importance of encrypting data at rest, in transit, or in process. One major takeaway from the event was the need for health care organizations to perform comprehensive security risk assessments. There’s no such thing as eliminating vulnerability or being “risk proof.” The key is managing risks, but first organizations need to know what those risks are. 

While speakers described a broad range of challenges and setbacks related to safeguarding healthcare information, the burden of progress must be shared by the whole community. As the Food and Drug Administration’s Suzanne Schwartz put it, "No one organization, no single government agency, no sole stakeholder, manufacturer, healthcare facility, provider, information security firm is going to be able to address and solve these issues on their own ." Schwartz’s comments echoes a recent blog entry from the White House Cybersecurity Coordinator, which stressed the need for collaboration between government and industry to strengthen the nation’s information security posture.

Vendors will find a number of opportunities to engage with government in the discussion around cybersecurity improvements. For example, NIST is accepting comments on its Framework for Improving Critical Infrastructure Cybersecurity until October 10, 2014. Later in October, the Food and Drug Administration will be holding a public workshop on adapting medical device cybersecurity. These discussions will help lay groundwork for partnerships, identify best practices, and may help shape requirements for future guidance.

----------------------------------

Originally published in the GovWin FIA Analysts Perspectives Blog. Follow me on Twitter @FIAGovWin. 

 

Mobility a must for state social services programs

Over the last 2-3 years, state governments have seen an increase in mobile traffic to health and human services websites. A recent Government Technology article highlighted this trend, noting that half of all traffic to Georgia’s child support website in 2012 came from mobile phones. Similarly, one in three visits to the New Jersey child support website in 2013 came from a mobile device. In response, many state IT departments are adopting “mobile first” strategies to ensure that information and benefits are easily accessible via mobile technologies, which are oftentimes the sole source of Internet access for many state residents.
 
Several states have pioneered smartphone apps for social services programs, which participants can download to quickly get information about their benefits or to access additional resources. New Jersey and California have developed child support phone apps to help recipients manage child support accounts on the go. Georgia has developed Quickwic, an app for WIC participants who want instant access to their benefits and information about eligible purchases. The Connecticut Health Insurance Marketplace, Access Health CT, developed a smartphone app that makes it easier for residents to browse healthcare plans and submit applications, even allowing residents to take photos of their verification documents and upload them to their account.
 
Deltek predicts an increase in user-friendly, mobile-enabled Web applications that make it easier for both caseworkers and constituents to access the information and resources they need. Vendors who emphasize mobile-first strategies or the importance of mobile-friendly software applications will stand out to state governments looking for innovative health and social services solutions. Pennsylvania announced that it is considering a mobile app for WIC payments, and many other states are looking for ways to make their health and social services programs more mobile friendly. To learn more about upcoming health and human services IT business opportunities, be sure to visit the State & Local Vertical Profiles for Health Care and Social Services. Not a Deltek subscriber? Click here to learn more about Deltek's GovWin IQ service and gain access to a free trial.
 

 

 

HHS OIG Hackers Test Health Insurance Exchange Websites

HHS Office of Inspector General (OIG) auditors conducted audits of Healthcare.gov, the Kentucky Health Benefit Exchange, and the New Mexico Health Insurance Exchange during February through June 2014, to include vulnerability scans and simulated attacks.

Auditors praised each marketplace for aspects of their security controls, policies, procedures and testing, while making recommendations for improvements in areas where they spotted vulnerabilities.

Findings and recommendations for each marketplace are specified below:

Healthcare.gov

CMS has taken actions in the last year to lower the security risks associated with Healthcare.gov systems and consumer Personal Identifying Information (PII), including:

  • Establishing a dedicated security team under the CIO to monitor and track corrective action plans for vulnerabilities and ensure they are completed 
  • Performing weekly vulnerability scans 
  • Completing two security control assessments

Suggested areas for improvement are as follows: 

  • Implement a process to use automated tools to test database security configuration settings on all databases 
  • Implement an effective enterprise scanning tool to test for web site vulnerabilities 
  • Maintain adequate documentation to verify that database property files containing user credentials have been closed by encrypting the file 
  • Detect and defend against web site vulnerability scanning and simulated cyber attacks directed at the Healthcare.gov web site 
  • Finish corrective action already underway to remedy a critical vulnerability. The publically available OIG summary did not convey specifics of this vulnerability. However, CMS stated that their scheduled completion date for corrective action was June 30, 2014.

Kentucky Health Benefit Exchange (KHBE)

According to the HHS OIG, the KHBE had sufficiently protected PII in accordance with federal requirements. Using encryption, Kentucky properly secured individual’s PII upon system entry, as well as during storage and transmission. However, the OIG identified the following areas of opportunity for improvement for database access and security control:

  • Sufficiently restrict user and group access to authorized roles and functions 
  • Address federal requirements for system security planning, risk assessment, penetration testing and flaw remediation, POA&M, and incident response capability 

The above deficiencies were mainly due to the fact that Kentucky was transitioning its information technology responsibilities among agencies and had not sufficiently established coordination between them, to date.

New Mexico Health Insurance Exchange (NMHIX)

The HHS OIG found that the NMHIX had implemented security controls, policies, and procedures to prevent vulnerabilities in its website, database, and supporting information systems. However, NMHIX’s IT policies and procedures did not always conform to federal IT requirements and NIST recommendations.

Specifically, the audit identified the following vulnerabilities: 

  • One data encryption vulnerability 
  • Two remote access vulnerabilities 
  • One patch management vulnerability 
  • One Universal Serial Bus port and device vulnerability 
  • 64 web application vulnerabilities, two of which were listed as critical 
  • 74 data base vulnerabilities, one of which were listed as high

In written responses to the HHS OIG, all of the exchanges concurred with most of the findings and recommendations and furnished plans regarding how they planned to address vulnerabilities cited.

 

 

HHS Inspector General Reports on Healthcare.gov Spending

In the wake of the troubled launch of the Federal Marketplace for health insurance, the Office of Inspector General (OIG) for Health and Human Services (HHS) is reviewing the planning, acquisition, management, and performance oversight of the contracts associated with the effort as well as aspects of Federal Marketplace Operations. The first in a series of reports on the findings of the review was released in August 2014.

On December 10, 2013, Kathleen Sebelius, Secretary of Health and Human Services from 2009 to 2014, issued a letter to the department's Inspector General. The letter requested review of several aspects of the contracting process including:

  • the acquisition process for the contracts that supported the October 1st launch,
  • contractor selection, contract administration, and project management of the development of Healthcare.gov,
  • contractor performance, supervision of the development contracts, and payments to contractors throughout the process, and
  • whether contract specification were met.

Between January 2009 and January 2014, some sixty different contracts started work on the development and operations for the Federal Marketplace. One third of the contracts started before 2012. Just over one third of the contracts started during 2012. Most of the remaining began in 2013, and a single contract started in 2014. These contracts covered a range of goods and services including health benefit data collection, consumer research, cloud computing, and website development.

OIG found that the development of the Federal Marketplace primarily leveraged two types of contracts: fixed-price and cost-reimbursement. In the former, the contractor assumes the risk of cost overruns. In the latter, the government carries the cost overrun risks (as far as prescribed in the contract). This is worth noting because combined obligations for the federal marketplace grew from $86 million in September 2011 to over $294 million in February 2014. This rise was related to cost increases, schedule delays, and lagging system functionality related to changing requirements. With contract values spanning from under $700,000 to over $200 million, the original value of these contract totaled $1.7 billion. Through February 2014, one third of these contracts exceeded the estimated value of the awards. Over ten percent of those contracts surpassed the estimated value in excess of 100 percent.

Not long before HHS OIG released its first report on the review, the Government Accountability Office (GAO) issued a study on Healthcare.gov that had been requested by Congress. GAO's study assessed selected contracts from the Center for Medicare and Medicaid Services (CMS) for acquisition planning, oversight of cost and schedule, system capability changes, and actions to regarding contactor performance. Among other things, GAO recommended that CMS take immediate actions to assess ballooning contract costs and that required oversight tools be used.

This first report from HHS's Inspector General offers an overview of the contracts such as basic financial information. HHS OIG reports from additional, ongoing reviews related to contract procurement and oversight are expected in 2014 and 2015. These reports will offer more detailed analysis, findings, and recommendations.

----------------------------------

Originally published in the GovWin FIA Analysts Perspectives Blog. Follow me on Twitter @FIAGovWin .

 

Raising the Stakes of Contractor Past Performance Information

Contractor past performance information is one tool federal agencies are being pressed to use more effectively to guard against acquisition risk and recent White House acquisition policy and a Government Accountability Office (GAO) assessment signals that the pressure in this area will only continue to grow. Some efforts are fairly standard government approaches, but others expand into new areas and have implications for both agencies and their contracting companies.

The Office of Federal Procurement Policy (OFPP) has issued numerous reporting compliance guidelines and recommendations over the last half-decade or more to move agencies to improve their reporting of contractor past performance. Further, Congress has included past performance reporting mandates in the last several National Defense Authorization Acts (NDAA). In typical fashion, GAO is looking for continued signs that these efforts are materializing so that agencies have this information available to make informed acquisition decisions.

Most Agencies Fall Short of Contractor Past Performance Reporting Compliance Targets

In August, the GAO released an assessment of how federal agencies were doing with regard to improving their reporting of contractor past performance information. According to OFPP’s annual reporting performance targets, agencies should have been at least 65 percent compliant by the end of fiscal year 2013. GAO found that agencies generally have improved their level of compliance with past performance reporting requirements issued by OFPP. However, the rate of compliance varies widely by agency and most have not met OFPP targets. As of April 2014, for the top 10 agencies, based on the number of contracts requiring an evaluation, the compliance rate ranged from 13 to 83 percent and only two of the top 10 agencies were above 65 percent compliance. (See chart below.)


 

OFPP Expanding Scope of Contractor Past Performance Information

In July, the OFPP directed agencies to research past performance more deeply before awarding complex IT development, systems and services contracts greater than $500 thousand in value. Further, OFPP directed agencies to expand the scope of the research processes used to collect contractors’ past performance information during source selection.

In order to have the most relevant, recent, and meaningful information about potential contracting partners considered in the pre-award phase of the acquisition process agencies were instructed to have their acquisition officials perform the following steps:

  • Recent Contracts - Contact contracting officers (COs) and/or Program Managers (PMs) on at least 2 of contractors’ largest, most recent contracts to review work history.
  • News Searches – a Review articles and publications (include. GAO and IG reports) on contractor performance and business integrity.
  • Commercial Sources - Review public sources and databases for business reviews, customer evaluations, contractor management reports, etc.
  • References – a Request 3-5 references from public and commercial customers, partners, subcontractors, etc. for work done in past 3-5 years.
  • Teaming Partners – Request past performance information on subcontractors and team arrangements.

Implications

The impacts on agencies and contractors alike include greater time and effort (i.e. expense) in collecting and providing this performance information. This will stretch an already-overly-tasked federal acquisitions workforce even further and will require that contractors pay broader attention to their performance reputations and those of their teaming partners.

The new OFPP directives and others like them will also likely extend the time it takes to complete the source selection process on applicable acquisitions, at least until all sides of the acquisition process build some repeatable processes and efficiencies into their systems.

What we can hope for in the end is more transparency, better managed acquisitions with fewer protests, and overall better performing contracts that meet the government’s goals with economy and efficiency and provide business growth opportunities along the way.

---
Originally published in the GovWin FIA Analysts Perspectives Blog. Follow me on Twitter @GovWinSlye.

IT Advances are Enabling Federal Agencies Promoting U.S. Health

Federal Health IT spending is expected to grow at a CAGR of 2.2% over the next five years to $4.8 billion in 2019 as shown in Deltek’s newly released Federal Health IT 2014-2019 report. 

Federal investments in health information technology are expected to be fueled by spending on EHRs, analytics, decision support systems, telehealth, storage, and cloud computing.  The Provider market segment, IT used to provide health care services and access to care, is expected to show the most year-over-year growth due to VA and DoD EHR and interoperability initiatives.  However, one of the more innovative and interesting market segments is that of Promoter.   Several federal agencies act as promoters of public health as part of their missions.   The promoter market segment is dominated by CMS, CDC, FDA, NCI, and NIH where spending will remain steady throughout the forecast period.

As promoters of public health, these government health departments and agencies are charged with protecting citizens from a variety of health risks, such as communicable diseases and bio-terrorism.  They also promote public wellness through campaigns targeted toward reducing smoking, diabetes, and obesity, as well as increasing population insurance coverage and improving prenatal care.    

Advances in technology that now allow agencies to collect, store, and compare data; conduct research; and analyze massive amounts of data, make this market segment fascinating.   For example, biomedical research data is amassing at a rate that can’t be handled by traditional IT tools.  Agencies are trying innovative methods to store, retrieve and analyze such large data sets. 

For instance, the National Cancer Institute (NCI) is testing a cloud-based infrastructure to process, store and analyze its massive genomic data sets.  NCI plans to award three contracts for pilot projects to create cloud computing environments that will house a Cancer Genome Atlas totaling 2.5 petabytes in size.   

IT advances will continue to enable progress in medical research. Agencies in this segment of the Health IT market will have an increasing need for big data products and services, such as analytics, storage, retrieval and connectivity.  Contractors will be needed to integrate new IT tools and cloud infrastructures and to pose innovative solutions for making large data sets available to researchers across the country.

 

 

More Entries