- The Department of Interior has awarded a six-month sole-source “sustainment bridge” contract for continued operation and maintenance of the Defense Medical Information Exchange (DMIX) system, which enables the Department of Defense (DoD), Department of Veterans Affairs (DoD), and other federal agencies to share health data on military personnel, veterans, and their families across platforms and with outside healthcare providers.
The sustainment contract was awarded to incumbent contractor ActioNet, while its appeal of the follow-on contract award to ASRC Federal Data Solutions is being reviewed by the Government Accountability Office (GAO). The GAO is expected to render its decision in March.
In its justification document for the bridge contract, the Department of Interior argued that ActioNet was the only contractor with the expertise to sustain the system while the appeal was being heard.
“The data exchanges are extremely complex and involve crossing numerous boundaries with other systems. Various problems occur daily, of which some are minor and some are major. Examples of these issues are network latency (local or enterprise-wide), miscommunicated systems patches that bring systems down, corrupted databases, a blade being pulled out of a storage network, etc.,” the documented observed.
“ActioNet is uniquely qualified to support PEO DHMS [Program Executive Office Defense Healthcare Management Systems] with DMIX sustainment services while the protest for the planned follow on contract is being adjudicated as it is the vendor currently performing the work with high system knowledge and access, and has the capability to support this task with minimal interruption or schedule impact,” the justification document related.
“Issuing a contract to new contractor for this bridge support is not in the Government’s best interest as a new contractor would need time to hire incumbent staff and familiarize themselves with the requirement. ActioNet can avoid the unacceptable delays that bringing in a new contractor would require and is the only vendor with the capability and experience needed to meet the Government requirements on this tight schedule. Moreover, it would not be appropriate to compete this requirement since this would be circumventing the protest process,” it added.
The DoD and VA, other federal agencies, and private-sector health providers use the DMIX infrastructure and services to:
• Share standardized health data via standard terminology
• Exchange standardized electronic health data securely and reliably with all partners
• Access a patient’s medical history from a single platform, eliminating the need to access separate systems to obtain patient information
• Maintain continuity of care
• Exchange outpatient pharmacy and medication allergy data and check for drug-to-drug and drug-to-allergy interaction
The DMIX system enables integrated health data sharing among the Military Health System (MHS) GENESIS system, legacy DoD systems, VA systems, other federal agencies, and private-sector health providers.
“Together, MHS GENESIS and DMIX are intended to modernize the Military Health System to enhance sustainability, flexibility, and interoperability for improved continuity of care,” a DoD report noted.
MHS GENESIS in an electronic health record for MHS that integrates inpatient and outpatient platforms that connect medical and dental information from point of injury to the military treatment facility. MHS GENESIS provides a single health record for service members, veterans, and their families.
“MHS GENESIS supports the availability of electronic health records for more than 9.4 million DoD beneficiaries and approximately 205,000 Military Health System personnel globally. It enables the application of standardized workflows, integrated healthcare delivery, and data standards for the improved and secure electronic exchange of medical and patient data,” a DoD fact sheet explained.
However, major cybersecurity flaws were uncovered in DMIX by a cybersecurity cooperative vulnerability and penetration assessment (CVPA), which could have allowed an adversary to compromise patient data.
“DMIX Release 5 is not survivable against cyber-attacks. The CVPA revealed several vulnerabilities that could allow an adversary to compromise patient data. The cyber test aggressors then exploited these vulnerabilities during the Adversarial Assessment,” the report observed. PEO DHMS has fielded DMIX Release 6, which fixes many of the bugs in Release 5.