Like the IT systems of many other federal agencies, those of CMS are based on legacy technologies. Systems based on such technologies and architectures can be notoriously difficult to maintain and update, may not be well positioned for interoperability, and can depend increasingly on specialized knowledge that is ever more difficult to obtain in the commercial marketplace. Although CMS’s IT systems have been remarkably effective in meeting changing requirements over the past 40 years, they were not designed for the kinds of flexibility and ease of evolution likely to be needed to support the emerging set of requirements being mandated to be carried out by CMS. More specifically, past changes to CMS systems seem typically to have been made on a project-by-project basis, as needed in response to specific new requirements and as new funds were appropriated and allocated for the implementation of particular programs. Architectures that facilitate such narrowly focused modifications to IT systems tend not to allow for re-envisioning in the face of change or the implementation of major system-wide changes. Such significant changes typically require reconceived and redesigned hardware, software, and system architectures and will encompass all aspects of system performance, including processing, storage, communication, interface, and flexibility.
A major challenge that CMS faces is how to manage the combination of continually new and broadening requirements, an increasingly broad and diverse user population (including providers, beneficiaries, and other information consumers), and a correspondingly ever-more-challenging environment in which security and confidentiality must be assured. Assuming that new architectures will be needed to meet the new challenges that CMS faces, the transition to such new architectures will itself pose a formidable challenge. Specifically, there will be a need for system and software architectures that are sufficient to support existing CMS requirements, flexible enough to support an expected range of future requirements, and robust enough to support the complex transition from the current IT infrastructure to CMS’s future IT infrastructure. In short, new requirements and demands will likely mean that CMS systems need to be modernized in various areas because CMS currently does not use at scale modern IT solutions that are available and that are likely critical to meeting its new requirements (or even to meeting current requirements at new scales).
In the committee’s view, reengineering and evolution of this kind are difficult. Although it entails considerable risk, reengineering can be approached in ways that reduce risk. This reengineering might mean that certain hardware and/or software systems would need to be replaced, although mere replacement or “upgrade” is not the goal per se.
Because emerging requirements place a premium on flexible approaches to collecting and assembling data across the enterprise, improvements in data management appear to be critical. CMS IT systems have historically been developed to support plan-administration and claims-processing functions and have been implemented program by program, resulting in multiple data stores. In part because of their coarse granularity and location in multiple data stores, the data available today are likely not well suited for tracking health outcomes or conducting comparative-effectiveness research, and significant effort is required to produce needed data sets.
Indeed, the most successful private-sector users of IT at comparable scales reengineered their approaches to data more than a decade ago. This reengineering has made it easier for them to modify and change systems to keep up with evolutionary IT changes and new demands, and