PerspectiveBy Conselara
May 13, 2026
The default assumption in commercial AI is that inference happens in the cloud. You send a request to an API, a model somewhere processes it, and a response comes back. For most applications, this is fine. For federal programs handling sensitive health data, it often isn’t.
The reasons are straightforward. Data processed through third-party inference APIs leaves the agency’s security boundary. It may be logged, retained, or used for model training under terms that conflict with federal data handling requirements. Even when a vendor offers a compliant tier, the architecture requires ongoing trust in a service the agency does not control — and that trust has to be re-established every time the vendor’s terms, ownership, or security posture changes.
Read more →PerspectiveBy Conselara
May 1, 2026
Federal agencies have spent years exploring artificial intelligence — funding pilots, publishing strategies, and standing up sandboxes. The harder challenge is moving AI from controlled experimentation into operational programs where it has to work every day, at scale, under federal compliance requirements.
That gap between pilot and production is where most AI efforts stall. The reasons are predictable: models that performed well in testing degrade in production, compliance requirements weren’t accounted for in the architecture, or the system works but no one is using it because adoption wasn’t built in from the start.
Read more →Capability HighlightBy Conselara
April 15, 2026
There is a difference between building a system and operating one. The distinction matters more at the platform layer — where a single environment may support hundreds of thousands of users, dozens of applications, and a compliance posture that cannot slip.
National health IT platforms carry real stakes. A platform that supports research networks used by tens of thousands of clinicians, or a public-facing portal that serves as the federal government’s primary health IT information resource, cannot tolerate ambiguity about who owns what, when changes happen, or how incidents get resolved. The operational discipline required is different in kind from project delivery.
Read more →PerspectiveBy Conselara
April 1, 2026
Federal health IT programs are routinely evaluated on whether they delivered on time and on budget. Less often asked: did anyone actually use what was built, and did it change anything?
The adoption gap — the distance between a technically successful deployment and measurable mission impact — is one of the most persistent problems in federal health IT. Systems get built, training gets delivered, and then usage plateaus well below projections because the people the system was designed for weren’t sufficiently engaged in shaping it, weren’t prepared for how it would change their work, or weren’t given a reason to trust it.
Read more →Capability HighlightBy Conselara
March 15, 2026
The traditional approach to security in federal IT programs was sequential: build the system, then assess it for compliance, then remediate findings. The problem with this approach is that security discovered late is expensive to fix and often results in compromises — patched in ways that create technical debt, or accepted as risks because the cost to address them properly is too high this close to a deadline.
DevSecOps inverts this. Security controls, compliance validation, and vulnerability management are built into the development and deployment pipeline from the start — not as gates that slow delivery, but as automated checks that run continuously. A change that introduces a known vulnerability gets flagged before it reaches production, not after an audit six months later.
Read more →