Health IT

DOD's health data exchange running on bridge contract

health data (Supphachai Salaeman/Shutterstock.com) 

The system that allows the Department of Defense to share health data across multiple legacy platforms and with outside providers is running on a sole-source bridge contract while a bid protest is being resolved.

In June 2018, DOD awarded a five-year contract with a $90 million ceiling for sustainment services for the Defense Medical Information Exchange (DMIX) system to ASRC Federal Data Solutions. But a protest by incumbent ActioNet looks to delay the start of the new contract.

DMIX is a core component of the Defense Department's ongoing health record modernization effort. Although it was created before the DOD acquired a commercial health record capability and began plans to implement it, DMIX is now managed by the same office that handles the implementation of MHS Genesis -- the Cerner-based system it acquired in 2015.

DMIX supports sharing of health data in standardized formats across multiple current and legacy DOD systems, including MHS Genesis system and the Joint Legacy Viewer, which connects DOD and Veterans Affairs systems. The DMIX system is busy, supporting between 60,000-70,000 data exchanges just between DOD and VA every day. DMIX also links the DOD health IT system with 53 external health information exchanges.

According to contracting documents signed in late December but just posted publicly on Jan. 11, the Program Executive Office Defense Healthcare Management Systems (DHMS) authorized a six-month sole-source extension to ActioNet to continue work on the DMIX system, citing the need to implement needed patches and upgrades. One upgrade, scheduled for May, has been in the works for almost a year and involves coordination with multiple legacy vendors, according to contracting documents.

"The longer the systems remain offline, the larger the risk of patient misdiagnosis, missed allergies alerts, duplicative procedures, increased overlook of 'drug seeking' behavior, and missed negative medicine interactions," contracting officials wrote in a document justifying the sole-source extension.

The dollar amount of the extension, which covers two months base and four one-month options, was redacted in contracting documents. ActioNet's protest is due to be resolved at the Government Accountability Office by the end of February.

The DMIX program has had problems in the past. According to an internal oversight report from the Office of the Director of Operational Test and Evaluation, DMIX release 5 "is not survivable against cyber-attacks." A pair of tests conducted between May and September 2017 discovered "several vulnerabilities that could allow an adversary to compromise patient data," according to the DOTE report. Those vulnerabilities were exploited an "adversarial assessment."

A DHMS spokesperson told FCW those vulnerabilities had been mitigated in a subsequent DMIX release.

The contracting documents justifying the sole source extension don't explicitly mention cybersecurity vulnerabilities. In addition to the needed updates, officials cited "network latency (local or enterprisewide),miscommunicated systems patches that bring systems down, corrupted databases, a blade being pulled out of a storage network" as examples of everyday problems that demand a contractor stay on the job while the protests are being resolved. "Without this contract action, DMIX will not have insight into critical systems, which could result in more frequent outages of longer duration that directly impact patients and providers," the justification states.

About the Author

Adam Mazmanian is executive editor of FCW.

Before joining the editing team, Mazmanian was an FCW staff writer covering Congress, government-wide technology policy and the Department of Veterans Affairs. Prior to joining FCW, Mazmanian was technology correspondent for National Journal and served in a variety of editorial roles at B2B news service SmartBrief. Mazmanian has contributed reviews and articles to the Washington Post, the Washington City Paper, Newsday, New York Press, Architect Magazine and other publications.

Click here for previous articles by Mazmanian. Connect with him on Twitter at @thisismaz.


Featured

  • Cybersecurity
    CISA chief Chris Krebs disusses the future of the agency at Auburn University Aug. 22 2019

    Shared services and the future of CISA

    Chris Krebs, the head of the Cybersecurity and Infrastructure Security Agency at DHS, said that many federal agencies will be outsourcing cyber to a shared service provider in the future.

  • Telecom
    GSA Headquarters (Photo by Rena Schild/Shutterstock)

    GSA softens line on looming EIS due date

    Think of the September deadline for agencies to award contracts under the General Services Administration's $50-billion telecommunications contract as a "yellow light," said GSA's telecom services director.

  • Defense
    Shutterstock photo id 669226093 By Gorodenkoff

    IC looks to stand up a new enterprise IT program office

    The intelligence community wants to stand up a new program executive office to help develop new IT capabilities.

Stay Connected

FCW INSIDER

Sign up for our newsletter.

I agree to this site's Privacy Policy.