Federal Health IT Glossary

DHA

Defense Health Agency

Runs military healthcare operations, TRICARE, pharmacy, and health IT for 9.6M beneficiaries.

Contractors: Your buyer for most DoD health IT work. DHA issues the task orders.

MHS

Military Health System

The entire DoD healthcare enterprise: MTFs, TRICARE, dental, pharmacy, and all supporting IT systems.

Contractors: Understanding MHS structure tells you where money flows and who has authority.

MHS GENESIS

DoD Electronic Health Record

The single largest health IT deployment in federal history. Built on Oracle Health (Cerner), now live at 130+ facilities.

Contractors: Integration, training, and sustainment opportunities surround this platform.

PEO-DHMS / OPMED

Program Executive Office, Defense Healthcare Management Systems

Now called OPMED. DoD's lead office for medical IT development and acquisition.

Contractors: This is the acquisition authority for major health IT programs.

DHACA

DHA Contracting Activity

The contracting arm of DHA. Issues and manages health IT contract vehicles.

Contractors: DHACA is where your proposals go. Know their evaluation preferences.

TRICARE

Military Health Insurance

Health insurance for 9.6M service members, retirees, and families. Managed by DHA.

Contractors: TRICARE IT systems (claims, enrollment, referrals) are major contract areas.

MTF

Military Treatment Facility

Hospitals and clinics on military installations. Each runs MHS GENESIS.

Contractors: MTFs are where your technology gets deployed and tested.

FEHRM

Federal Electronic Health Record Modernization

Joint office coordinating EHR interoperability between DoD and VA.

Contractors: FEHRM sets interoperability standards that both DoD and VA contracts must follow.

JLV

Joint Longitudinal Viewer

Read-only viewer that bridges DoD and VA patient records for continuity of care.

Contractors: JLV integration is a common requirement in health IT RFPs.

Defense Health Networks

Regional Healthcare Delivery

DHA's regional management structure replacing individual Service medical commands.

Contractors: Your regional POCs for implementation and sustainment contracts.

VA EHRM

VA EHR Modernization

The VA's program to replace VistA with Oracle Health (same platform as MHS GENESIS). Paused, under review.

Contractors: Status changes here shift billions in contract opportunities.

VistA

Veterans Health Information Systems and Technology Architecture

VA's legacy EHR built in-house since the 1970s. Still running at most VA facilities.

Contractors: VistA sustainment, migration, and modernization are active contract areas.

EHRM-IO

EHR Modernization Integration Office

VA office managing the Oracle Health EHR deployment.

Contractors: EHRM-IO runs the deployment program; know their priorities and pain points.

Oracle Health Federal EHR

Commercial EHR Platform

The commercial platform (formerly Cerner Millennium) underlying both MHS GENESIS and VA EHRM.

Contractors: Oracle Health sets the platform constraints your solutions must integrate with.

CIO-SP3

Chief Information Officer – Solutions and Partners 3

NITAAC's primary IT GWAC. $40B ceiling. Still active while CIO-SP4 was cancelled.

Contractors: If you hold a CIO-SP3 seat, protect it. It's one of the few active large GWACs.

CIO-SP4

Chief Information Officer – Solutions and Partners 4

NITAAC's planned successor to CIO-SP3. Cancelled January 2026 after years of protests.

Contractors: The cancellation reshuffled the GWAC landscape. Watch for rebid announcements.

OASIS+

One Acquisition Solution for Integrated Services Plus

GSA's multi-agency professional services contract. Covers IT, management consulting, and more.

Contractors: OASIS+ is the primary path for large professional services work across agencies.

T4NG

Transformation Twenty-One Total Technology Next Generation

VA's primary IT services IDIQ. $22.3B ceiling. Managed by VA TAC.

Contractors: T4NG is how VA buys most of its IT services. Critical vehicle for VA health IT work.

MHS EITS

MHS Enterprise IT Services

DHA's umbrella contract for enterprise IT infrastructure and managed services.

Contractors: MHS EITS covers network, compute, and cloud for the entire Military Health System.

MQS2-NG

Medical Quality Systems Services Next Generation

DHA contract vehicle for medical quality, patient safety, and clinical decision support IT.

Contractors: Niche but well-funded. Medical quality IT is a growing area.

ATO

Authority to Operate

The security approval required before deploying any system on a government network.

Contractors: No ATO means no deployment. Plan 6-18 months for the process.

FedRAMP

Federal Risk and Authorization Management Program

Security certification required for any cloud product serving federal agencies.

Contractors: FedRAMP authorization is table stakes for selling cloud to the government.

RMF

Risk Management Framework

NIST's structured approach to security assessment (categorize, select, implement, assess, authorize, monitor).

Contractors: RMF is the process that gets you to ATO. Know the six steps cold.

DoD Impact Levels

Cloud Security Classification

IL2 through IL6 classify what data DoD cloud systems can handle. IL4+ requires dedicated infrastructure.

Contractors: Know your IL. It determines which cloud environments you can use and what data you can process.

CMMC

Cybersecurity Maturity Model Certification

Third-party cybersecurity certification becoming mandatory for DoD contractors.

Contractors: CMMC Level 2 is becoming table stakes. Get certified before the deadlines hit.

NIST SP 800-171

Protecting Controlled Unclassified Information

110 security controls required for handling CUI in non-federal systems. CMMC is built on this.

Contractors: If you handle CUI (most health IT does), you must implement these controls.

Zero Trust Architecture

Security Model

DoD's mandated security architecture. Never trust, always verify. Continuous authentication and authorization.

Contractors: Every new DoD IT system must implement zero trust principles. Build it in from day one.

FHIR R4

Fast Healthcare Interoperability Resources

The modern healthcare data exchange standard mandated by the 21st Century Cures Act. RESTful APIs.

Contractors: FHIR R4 support is a requirement in most federal health IT RFPs.

TEFCA

Trusted Exchange Framework and Common Agreement

The national infrastructure for health data exchange. Connects all major health networks.

Contractors: TEFCA compliance is increasingly required. Understand the Qualified Health Information Networks.

HL7 v2

Health Level Seven Version 2

The legacy healthcare messaging standard. Still dominant in hospital interfaces despite FHIR.

Contractors: Most existing systems speak HL7 v2. Your integration layer needs both HL7 v2 and FHIR.

USCDI

United States Core Data for Interoperability

The standardized set of health data classes systems must exchange. Updated annually by ONC.

Contractors: USCDI defines the minimum data your system must handle. Check the latest version.

SMART on FHIR

Substitutable Medical Applications, Reusable Technologies

App launch and authorization framework built on FHIR. Enables third-party apps on EHR platforms.

Contractors: SMART on FHIR is how you build apps that plug into MHS GENESIS and VA systems.

Information Blocking

21st Century Cures Act Provision

Federal prohibition on practices that unreasonably limit health information exchange. Applies to health IT developers.

Contractors: Your software cannot restrict data sharing without qualifying for an exception. Violations carry penalties.

FAR

Federal Acquisition Regulation

The primary rule book for government procurement. Applies to all federal contracts.

Contractors: FAR knowledge is non-negotiable. Focus on Parts 8, 12, 15, and 16 for IT services.

IDIQ

Indefinite Delivery/Indefinite Quantity

Contract type with no guaranteed minimum. Government orders work via task orders over the contract period.

Contractors: Most federal health IT is bought through IDIQs. Win the vehicle first, then compete for task orders.

GWAC

Government-Wide Acquisition Contract

IT-specific contract vehicles that any federal agency can use. CIO-SP3, SEWP, Alliant 3 are the big ones.

Contractors: GWAC access opens doors across all agencies, not just one. Worth the investment to get on one.

SAM.gov

System for Award Management

The federal government's official system for entity registration, contract opportunities, and award data.

Contractors: You cannot win a federal contract without SAM registration. Keep it current.