The National Institutes of Health Information Technology Acquisition and Assessment Center (NITAAC) recently awarded its Chief Information Officer–Commodity Solutions (CIO-CS) Government-wide Acquisition Contract (GWAC), valued at $20 billion, to 65 companies. CIO-CS is an indefinite-delivery/indefinite-quantity information technology (IT) contract with a duration of ten years (Boyd, 2015). While the contract is primarily a health IT vehicle, it will also include a host of other services such as deployment and installation, engineering studies, web and video-conferencing, big data, virtualization and health and biomedical IT, maintenance and training, enterprise licenses and extended warranties, and cyber security (NIH, 2015). The NIH incorporated numerous changes into the CIO-CS as a result of the previous Electronic Commodities Store (ECS) III GWAC.
In contrast to the ECS III, the CIO-CS and will place a premium on the adaptability of companies providing IT services:
“With CIO-CS we saw an evolving, enormous change in the IT marketplace when it comes to commoditized services and managed services and cloud services…We wanted to build a contract that had contract holders that were going to be able to meet those needs as they change. They are changing very, very quickly to be able to not only provide the straight laptops, desktops and hardware equipment; but to be able to buy those more sophisticated software licenses, being able to get the cloud services that they need. They will continue to evolve with mobility and infrastructure services that agencies are looking at…Contract holders really had to prove that they are going to be able to be relevant and meet those ever-changing needs that the government has over the next 10 years.” – NITAAC Program Director Robert Coen
The CIO-CS contract awardees include a wide range of firms including multibillion dollar companies such as AT&T and Hewlett Packard, as well as 44 small businesses of varying types:
A full listing of CIO-CS contract holders available at the NITAAC website. The number of small business participating in CIO-CS is consistent with prior NIHAAC commitments to award fifty percent of the total $8 billion awarded in previous GWACS over the past two and a half years (Coen, 2015).
In summary, NITAAC requirements reflect the growing interest within the NIH to modernize its IT services, transition towards a more cloud-based infrastructure, and address cyber security issues. Growing concerns over inadequate cyber security measures are likely to profoundly affect federal health IT contractors in the coming years. For example, the National Institute of Standards and Technology (NIST) released draft requirements relating to the management of controlled unclassified sensitive information; the new NIST requirements will supplement existing Federal Information Security Management Act (Ravindranath, 2015).