Joint Hearing of the Committee on Homeland Security and Governmental Affairs of the U.S. Senate and the Committee on Veterans’ Affairs of the U.S. House of Representatives at 1:00 p.m. CDT.
Witness Testimony of Mr. Alan Bozeman, Director, Veterans Benefits Management System Veterans Benefits Administration U.S. Department of Veterans Affairs
Good afternoon, Chairman Runyan, Ranking Member McNerney, and Members of the Subcommittee. My testimony will focus on the importance of safeguarding the records of Servicemembers and Veterans, particularly as the Veterans Benefits Administration (VBA) transitions to a paperless claims process. Secure electronic records are vital to our transformation and providing more timely and accurate decisions to Veterans, their families, and survivors.
Transition to Paperless Claims Processing
VBA is aggressively executing its transformation, a series of tightly integrated people, process, and technology initiatives designed to eliminate the claims backlog and achieve our goal of processing all claims within 125 days with 98 percent quality in 2015. Key to VBA’s transformation is ending the reliance on the outmoded paper-intensive processes that currently thwart timely and accurate claims processing.
Currently, VA’s Records Management Center (RMC) in St. Louis serves as a centralized storage facility for inactive claims files and Service Treatment Records (STRs). The RMC responds to inquiries from stakeholders and provides information from Official Military Personnel Files (OMPFs) to Department of Veterans Affairs (VA) regional offices (ROs). To effectively manage this nationwide workload, the RMC employs 414 fulltime federal workers and operates twenty-four hours per day, five days per week.
The RMC is responsible for the receipt, storage, maintenance, and distribution of approximately 7.5 million inactive claims files and STRs. To facilitate these objectives, the RMC utilizes a moveable file storage system, which provides approximately 107 miles of linear shelving space. The RMC estimates that it houses approximately 7.6 million records and has capacity to hold approximately 8.7 million records.
The RMC has a comprehensive strategy to ensure the safety of its personnel and records holdings. The main file storage facility is located on a secured campus administered by the General Services Administration. The Federal Protective Service ensures the overall security of the facility, and all entrances into VA-occupied spaces are controlled by either electronic or cipher locks. The electronic locks are operated by specifically coded access badges uniquely assigned to each employee. The Records Management Officer (RMO) can review historical entry logs for the facility, and highly sensitive locations as well as the facility perimeter are monitored with security cameras. The RMO conducts regular inspections of all occupied spaces and works with the Information Security Officer to ensure safety and security standards are strictly enforced.
Depending on the nature of the duties to be performed, each newly-hired employee at both the RMC and VA ROs completes Standard Form 85: Questionnaire for Non-Sensitive Positions via the Electronic Questionnaire for Investigation Processing (eQUIP) system. The questionnaire and supporting information are forwarded to the Detroit Human Resources Center, which works with the Office of Personnel Management to conduct National Agency Checks. These checks ultimately determine suitability for employment.
The RMC also ensures security of records during shipping and utilizes United Parcel Service (UPS) standard and express options for its shipping needs. In fiscal year 2012, the monthly average of associated shipping costs was approximately $28,000. To further ensure the proper shipment and security of records, all shipments to ROs are double-checked with locally established manifests and sealed with tamper-evident tape.
When ROs request either claims files or STRs in support of claims adjudication, the request is printed, a physical search of the file storage area is conducted, and the record is forwarded, via the mailroom, to the RO of jurisdiction. On average, record requests are fulfilled within three days from receipt.
Both the RMC and the ROs rely heavily on the timely return of records. On average, the RMC receives 300,000 inactive claims files from ROs and 350,000 STRs from the Department of Defense (DoD) each year. Currently, the longest phase in the claims process is gathering and awaiting evidence, which takes an average of 229 days. VBA is working with stakeholders to receive more timely records, which is absolutely critical to our transformation.
As part of our transformation, VBA is deploying technology solutions that improve access, drive automation, reduce variance, and enable faster and more efficient operations. VBA’s digital, paperless environment enables greater exchange of information and increased transparency to Veterans, the workforce, and our stakeholders. Seventy-three percent of our Veterans prefer to interact with VA online. We are therefore taking a new approach, which includes online claims and document submission. Our strategy includes participation of stakeholders such as Veterans Service Officers, State Departments of Veterans Affairs, County Veterans Service Officers, and DoD to provide digitally ready electronic files through online claims submission. This is accomplished through electronic data sharing and utilizing a stakeholder portal.
Veterans Benefits Management System (VBMS)
To improve the efficiency of the claims process, VA is executing a new business model that relies less on the acquisition and movement of paper documents. The Veterans Benefits Management System (VBMS) is a business transformation initiative supported by technology to improve service delivery. VA recognizes technology is not the sole solution to improving performance and eliminating the claims backlog; however, it is a critical requirement to our transformation. Without VBMS, we cannot succeed in meeting our goal of processing all claims within 125 days with 98 percent accuracy in 2015.
Through November 2012, VBMS was successfully deployed to 13 ROs. By the end of December 2012, VBMS will be deployed at an additional five ROs, bringing the total to 18. VBA is currently on track with the deployment schedule. Approximately 20,000 users at all 56 ROs will be utilizing VBMS to process claims for compensation benefits by the end of calendar year 2013.
The centerpiece of VBMS is a paperless system, which will be complemented by other people, process, and technology initiatives. VBMS will dramatically reduce the amount of paper in the current disability claims process, and will employ rules-based claims development and decision recommendations utilizing rating calculators where possible. Additionally, by using a service-oriented architecture and commercial off-the-shelf products, VA will be positioned to take advantage of future advances in technology developed in the marketplace to respond to the changing needs of Veterans over time.
The VBMS electronic folder (eFolder) is the electronic equivalent of the VBA paper claims folder. The eFolder serves as a digital repository of all documents related to a claim. Searchable Portable Document Files (PDFs) can be uploaded and viewed by multiple authorized users simultaneously, with the ability to add annotations to help end-users locate documents and facilitate processing. The eFolder eliminates wait times for physical paper folder transport, reduces incidents of lost or misplaced paper folders, and provides on-demand access to key documentation.
VBMS Document Security
VBMS has been engineered to ensure the security and availability of Veterans records from the time they are produced electronically and throughout their electronic life, fulfilling VA’s obligations to protect the personal and health information of our Nation’s Veterans. VBMS utilizes the latest technology and processes to ensure the confidentiality of electronic documents throughout the document delivery lifecycle. VBMS has been engineered to meet VA Handbook 6500 and National Institute of Standards and Technology (NIST) Federal Information Security Management Act (FISMA) HIGH system categorization and accreditation, ensuring Veterans information is well protected throughout its electronic lifecycle.
The VBMS architecture and system implementation are based on a common approach of “Defense in Depth,” where multiple layers of security controls are in place to provide comprehensive protection. Security controls are employed at the network, storage, system, and user layers. Network layer protections include Virtual Private Network (VPN) technologies, bulk encryption devices, multiple layers of firewalls and encryption, ensuring that electronic transmissions are properly secured against unauthorized access. In storage, documents are encrypted when saved to VBMS and when backed-up, to protect the data from unauthorized physical access. At the system level, access controls and auditing of activity are enforced at multiple levels within the application to ensure that only authenticated and authorized users are granted access in compliance with VA policies. At the user-level, Role-Based Access Control (RBAC) governs all access to documents ensuring only authorized users are allowed to view an individual’s information.
Protection of electronic documents from loss from any source of disaster or malfunction is just as critical as protection from unauthorized access. VBMS is hosted in the Culpepper, Virginia Terremark facility, with a redundant site in Miami, Florida. VBMS data is replicated every 15 minutes from Culpepper to Miami over a dedicated, encrypted network connection between the two sites. Additionally, a daily snapshot of all system data is generated and stored on warm-servers for one week, while a weekly backup is generated and stored to a tape backup unit and transported to a secure off-site facility. Weekly backups are maintained for two months, and end-of-month backups are retained for 100 years. All backups remain encrypted and protected throughout the storage and relocation processes.
VBMS is a modern system, engineered to the latest standards in information protection technologies. RBAC allows the system to control individual access to individual records, ensuring the privacy of sensitive Veteran records even as access to the system is provided to thousands of VBA, Veterans Health Administration, and Veterans Service Organizations authorized users.
Veterans Claims Intake Program (VCIP)
Transitioning the intake of Veterans’ paper claims and supporting claims-related source material to digital images and data is a critical success factor to feeding VBMS. The Veterans Claims Intake Program (VCIP) enables proactive delivery of Veterans benefits by optimizing the intake of relevant claims data to be utilized within a digital operating environment.
In support of the continued development and deployment of VBMS, VA executed contracts on July 24, 2012, with two contractors to provide document conversion services, which will account for 98 percent of VA’s current document conversion requirements. The contracts focus on populating the electronic claims folder (eFolder) in VBMS with images and data extracted from paper and other source materials.
While much focus is placed on scanning, a scanned document is not necessarily optimal for claims processing. VA is leveraging technology to ensure that the specific information needed to process claims can be identified, extracted, and quickly utilized by claims processors. The document-conversion contractors are converting both printed and handwritten content from source materials (including paper, photographs, and medical images) to standardized, indexed, image-only PDF and searchable PDF (PDF image plus text) electronic documents. Additionally, Optical Character Recognition (OCR) and Intelligent Character Recognition (ICR) technologies are leveraged for data extraction. These technologies recognize characters, form numbers, and patterns in the image and automate the assignment of the correct indexing values. In addition, they allow the extraction of data from the paper image and its use in automated processing.
Safeguarding Veterans’ records is a priority and is addressed not only as a contractual requirement, but also through continuous communication and training. Document-conversion security requirements for contractors apply to, but are not limited to, personnel security, cyber security, as well as physical facility security. Contractors, contractor personnel, subcontractors, and subcontractor personnel are subject to the same Federal laws, regulations, standards, and VA directives and handbooks as VA personnel regarding information and information system security.
The two document conversion services contractors employ strict controls to ensure data security. Their scanning and document conversion sites are secured in compliance with Federal Information Processing Standards Publication 140-2, “Security Requirements For Cryptographic Modules,” and VA Handbook 6500, “Information Security Program." The document conversion services contractors have engineered and employed adequate local area network (LAN)/Internet, data, information, and system security in accordance with VA standard operating procedures, laws, and regulations. The contractors' firewalls and web servers have been engineered to meet or exceed VA requirements for security. All VA data is protected behind this approved firewall. Additionally, the contractors employ strict controls for the physical access to the paper records, images, and data from those images, storing them on encrypted drives in hardened facilities specifically engineered for this purpose.
In addition to the security of Veterans’ records, VA also manages the quality of the images and the accuracy of the indexing values assigned during the document conversion process. Index values are assigned by a combination of the review of the materials and OCR and ICR technologies. Subsequent to the document conversion process, both image quality and index accuracy are validated by a multi-tiered quality assurance system:
1. The contractors perform 100 percent quality control reviews of the images and index values;
2. The contractors perform industry-standard statistical quality assurance samples and audits;
3. VA quality assurance staff conduct supplemental quality validation sampling;
4. VA is awarding a contract to have an independent contractor perform quality verification and validation; and
5. During disability claims processing, any corrections to indexing values made by RO employees are captured and fed back into the quality assurance process for additional analysis.
The contract personnel performing these tasks also undergo a vetting process. Most contract personnel are performing low risk duties and undergo a National Agency Check with Written Inquiries (NACI), which includes a Federal Bureau of Investigation (FBI) name check, a FBI fingerprint check, a check of any other existing government background investigation, criminal history records, and written inquiries to previous employers and references listed on the application for employment. Some contract personnel are required to complete public trust tasks that warrant a moderate background investigation (MBI). An MBI is also conducted by OPM and covers the elements of the NACI and also includes a credit report, an interview with the subject, and a verification of the educational degree.
VA understands the importance of securing records. Paperless claims processing through VBMS while maintaining the confidentiality, integrity, and availability of the data, is critical to our transformation goal of eliminating the claims backlog in 2015 and ensuring timely and quality delivery of benefits and services to our Veterans, their families, and survivors.
This concludes my testimony. I would be happy to address any questions from Members of the Subcommittee.