All DoD Medical Treatment Facilities (MTF's) are currently connected to the same networks as major combatant commands, so the medical information systems on MTF networks are required to meet the same stringent security rules as weapons and command / control systems. And yet, MTF medical systems do not connect to any of the combatant command systems. In fact, the MTF's have more of a need to share patient data with other medical entities such as the VA and civilian care providers.
Due to the extremely long process (1+ year) to acquire a DoD Information Assurance Certification and Accreditation Process (DIACAP) Authorization to Operate (ATO) many of the medical information systems, modalities, and applications in use at MTF's can’t be connected to the network, resulting in the inability for care providers to seamlessly access patient data between facilities, and in many cases, even within the same facility. The extra costs of operating in this inefficient manner are staggering.
To further complicate matters, medical information systems are regulated under FDA rules, HIPAA, and other regulations, which are not addressed by DIACAP. My idea is to remove the MTF’s from the GIG, and create dedicated medical network with security rules specifically tailored to the needs of the medical community.