This is the accessible text file for GAO report number GAO-13-106 entitled 'Human Services: Sustained and Coordinated Efforts Could Facilitate Data Sharing While Protecting Privacy' which was released on February 21, 2013. This text file was formatted by the U.S. Government Accountability Office (GAO) to be accessible to users with visual impairments, as part of a longer term project to improve GAO products' accessibility. Every attempt has been made to maintain the structural and data integrity of the original printed product. Accessibility features, such as text descriptions of tables, consecutively numbered footnotes placed at the end of the file, and the text of agency comment letters, are provided but may not exactly duplicate the presentation or format of the printed version. The portable document format (PDF) file is an exact electronic replica of the printed version. We welcome your feedback. Please E-mail your comments regarding the contents or accessibility features of this document to Webmaster@gao.gov. This is a work of the U.S. government and is not subject to copyright protection in the United States. It may be reproduced and distributed in its entirety without further permission from GAO. Because this work may contain copyrighted images or other material, permission from the copyright holder may be necessary if you wish to reproduce this material separately. United States Government Accountability Office: GAO: Report to Congressional Requesters: February 2013: Human Services: Sustained and Coordinated Efforts Could Facilitate Data Sharing While Protecting Privacy: GAO-13-106: GAO Highlights: Highlights of GAO-13-106, a report to congressional requesters. Why GAO Did This Study: State and local human services agencies administer funds from various federal programs to help those in need-—many of whom are served by multiple programs. Data sharing across programs can improve administrative efficiencies and client service; however, some agencies are concerned about how to share more data while maintaining client privacy. GAO was asked to review issues related to data sharing. This report examines (1) how selected states or localities have shared data across programs to improve the administration of human services, (2) challenges state and local human services agencies face in balancing privacy protections with greater data sharing, and (3) actions that the federal government could take to help address these challenges. GAO reviewed relevant federal laws, regulations, and policies, interviewed federal officials, conducted site visits with state or local human services agencies in four selected states, and surveyed 40 stakeholders from the public, private, and non-profit sectors to identify challenges and possible federal actions. What GAO Found: Four selected states or localities used systematic and automated data sharing to improve eligibility verification or case management processes. Such data sharing improved eligibility verification processes in Michigan and Utah. Specifically, program officials said that data sharing improved program integrity because more accurate payments were made, and staff noted program efficiencies through more automated and consolidated systems. In terms of case management, officials from New York City and Allegheny County, Pennsylvania said that data sharing helped caseworkers obtain client information more quickly and make more informed decisions. For instance, child welfare workers used client data from other agencies to quickly obtain background information on other household members when child maltreatment was reported or to locate potential caregivers when needed. Officials cited various factors contributing to the success of their initiatives, with strong leadership as the most commonly cited. The stakeholders GAO surveyed identified a number of challenges to increased data sharing related to the interpretation of federal privacy requirements. These included confusion or misperceptions around what agencies are allowed to share, as well as a tendency to be risk averse and overly cautious in their interpretation of federal privacy requirements. For example, stakeholders said an agency’s legal counsel may advise against sharing data as a precautionary measure rather than because of an explicit prohibition. Stakeholders also reported that potential inconsistencies in federal privacy requirements that apply to data sharing across multiple programs are a challenge. In particular, they, along with some officials at the sites GAO visited, noted that child welfare workers have difficulty meeting a federal obligation to monitor and support foster care children’s educational stability and performance because of the federal law limiting access to education records without parental consent. An amendment enacted on January 14, 2013, includes provisions to address this issue. To address identified challenges, stakeholders suggested that federal agencies could clarify federal privacy requirements and consider harmonizing requirements. Nearly all stakeholders GAO surveyed said that coordinated, multi-agency guidance that clarifies what data sharing is permissible would be extremely useful. They also suggested that developing model data sharing agreements and informed consent language that comply with federal privacy requirements, or providing existing examples, would be useful. Stakeholders also said it would be highly useful to reexamine requirements to ensure more consistent privacy rules for data sharing across human services programs and agencies. Federal agencies have some related efforts under way. For example, the Department of Health and Human Services (HHS) is preparing a "toolkit"-—currently under internal review-—that is expected to describe privacy rules among several programs as well as typical data sharing activities, although specific plans for its completion, dissemination, and follow-up have not been established. Also, the Office of Management and Budget (OMB) issued a 2010 memorandum to federal agencies that encouraged sharing data while protecting privacy, and has efforts under way to promote data sharing generally. However, officials said OMB has no plans to undertake specific actions related to privacy requirements, such as identifying model data sharing agreements or other tools, citing resource constraints, although they acknowledged the usefulness of such tools. What GAO Recommends: GAO recommends that HHS ensure timely completion of its current work to clarify privacy requirements across programs, and OMB consider additional ways to disseminate useful data sharing practices and tools that address privacy requirements. HHS agreed with our recommendation. OMB stated in its technical comments that it already had ongoing efforts to promote data sharing. GAO continues to believe that OMB should do more in this area to specifically address privacy issues within existing resources. View [hyperlink, http://www.gao.gov/products/GAO-13-106]. For more information, contact Kay E. Brown at (202) 512-7215 or brownke@gao.gov. [End of section] Contents: Letter: Background: Selected States and Localities Use Centralized Data Sharing Systems That Enhance Eligibility Verification and Case Management Processes: Stakeholders Identified Data Sharing Challenges Related to Interpretation of Federal Privacy Requirements and Organizational Issues: Stakeholders Suggest Federal Agencies Clarify Requirements and Consider Changes to Increase Their Consistency: Conclusions: Recommendations for Executive Action: Agency Comments and Our Evaluation: Appendix I: Additional Information On Selected Sites: Appendix II: Scope and Methodology: Appendix III: Delphi Survey Results: Appendix IV: Delphi Survey Respondents: Appendix V: Comments from the Department of Health and Human Services: Appendix VI: GAO Contacts and Staff Acknowledgments: Tables: Table 1: Benefits of Data Sharing in Key Functional Areas of Human Services: Table 2: Examples of Federal Privacy Requirements That May Apply to Human Services Programs: Table 3: Examples of How Selected Sites Use Data Sharing: Table 4: Challenges Identified by 35 Stakeholders That State and Local Human Services Agencies Face When Balancing Data Sharing with Protecting Personal Information: Table 5: Potential Federal Agency Actions Proposed by 35 Stakeholders to Address Challenges That State and Local Human Services Agencies Face Balancing Data Sharing with Protecting Personal Information: Table 6: Current or Planned Federal Initiatives Related to Stakeholder Suggestions: Table 7: Challenges Identified by Stakeholders Related to Federal Privacy Requirements (Including Federal Laws, Regulations, and Other Requirements): Table 8: Organizational and Implementation Challenges Identified by Stakeholders: Table 9: Challenges Related to Income/Wage Data Sources: Table 10: Potential Federal Agency Actions Suggested by Stakeholders to Address Challenges: Guidance and Models: Table 11: Potential Federal Agency Actions Suggested by Stakeholders to Address Challenges: Federal Requirements: Table 12: List of Individuals That Completed Survey Responses: Figure: Figure 1: Illustration of Allegheny County's Data Warehouse and Examples of Data Shared: Abbreviations: ACF: Administration for Children and Families: BRIMM: Bridges Information Management Mart: DHS: Department of Human Services: DWS: Department of Workforce Services: Education: Department of Education: FERPA: Family Educational Rights and Privacy Act of 1974: HHS: Department of Health and Human Services: HIPAA: Health Insurance Portability and Accountability Act of 1996: IDEA: Individuals with Disabilities Education Act: OMB: Office of Management and Budget: SNAP: Supplemental Nutrition Assistance Program: SSN: Social Security number: TANF: Temporary Assistance for Needy Families: USDA: Department of Agriculture: [End of section] United States Government Accountability Office: Washington, DC 20548: February 8, 2013: The Honorable Thomas Carper: Chairman: Committee on Homeland Security and Governmental Affairs: United States Senate: The Honorable David Reichert: Chairman: Subcommittee on Human Resources: Committee on Ways and Means: United States House of Representatives: The Honorable Erik Paulsen: United States House of Representatives: The Honorable Tom Reed: United States House of Representatives: Each year, state and local human services agencies administer billions of dollars of federal funds to assist individuals and families in need. Because people often receive services or benefits from multiple programs, state and local human services agencies could better determine eligibility as well as coordinate the delivery of services if they could more easily exchange client data. Historically, however, programs have often delivered a relatively narrow range of services without sufficient information from or on other related client services or benefits. While various factors--including outdated systems that do not communicate with each other and lack of standard data elements[Footnote 1]--can create significant hurdles to data sharing, agencies may also struggle with the extent to which they can share increasing amounts of data while continuing to protect client privacy.[Footnote 2] Moreover, state and local human services agencies must comply with various privacy requirements set by laws and regulations, including various requirements at the federal level. Specifically, some federal laws, such as the Privacy Act of 1974, establish privacy requirements that apply across multiple programs,[Footnote 3] while other federal laws--including the Health Insurance Portability and Accountability Act of 1996 (HIPAA) and the Family Educational Rights and Privacy Act of 1974 (FERPA)--establish privacy requirements specific to certain types of information.[Footnote 4] Federal statutes and regulations that authorize specific human services programs as well as agency- level policies may also impose privacy requirements. You requested that we examine the extent to which privacy-related issues may constrain human services agencies and how such issues could be addressed in the advent of new technologies that can enable more useful and efficient data sharing. To that end, this report provides information on the following questions: 1. In what ways have selected states or localities implemented promising data sharing practices across programs to improve their administration of human services? 2. What did stakeholders identify as challenges that state and local human services agencies face in balancing privacy protections with sharing data? 3. What actions do stakeholders suggest the federal government take to address identified challenges? To perform this work, we conducted site visits in two states (Michigan and Utah) and two localities (Allegheny County, Pennsylvania and New York City, New York) with human services agencies that were repeatedly identified during our exploratory research and interviews as having promising data sharing efforts. Specifically, we selected sites that share data in order to improve eligibility verification or case management processes in their administration of human services. [Footnote 5] During our site visits, we spoke with relevant program and policy officials, including program administrators, information technology officials, and attorneys, as well as frontline staff using the data sharing systems in their daily work. To gather information on challenges and potential federal actions, we surveyed 40 stakeholders from various sectors: (1) state and local officials in program administration, information technology, and legal positions as well as associations representing these agencies;[Footnote 6] (2) private or nonprofit technology service providers; and (3) representatives from client advocacy groups and research organizations. We used a two- survey iterative technique, referred to as a Delphi survey,[Footnote 7] to gather ideas on relevant challenges and possible federal actions from stakeholders who were identified through our initial interviews and research, were members of relevant trade associations, or were recommended to us by other stakeholders.[Footnote 8] The first Delphi survey asked open-ended questions and the responses were used to develop the second Delphi survey, which asked the same group of stakeholders to rate the degree of possible challenges and the usefulness of possible actions. For each survey, the response rate was 88 percent (35 of 40 people responded). In addition, to better understand the federal role as well as existing initiatives that may help address some of the challenges identified by stakeholders and suggested actions, we interviewed officials at the Department of Health and Human Services (HHS) and the Department of Agriculture (USDA) who oversee key human services programs, officials at the Department of Education (Education) who oversee FERPA, and officials at the Office of Management and Budget (OMB) who oversee relevant multi-agency initiatives. Finally, we examined relevant federal laws, regulations, and policy guidance, as needed. We conducted this performance audit from November 2011 through January 2013, in accordance with generally accepted government auditing standards. Those standards require that we plan and perform the audit to obtain sufficient, appropriate evidence to provide a reasonable basis for our findings and conclusions based on our audit objectives. We believe that the evidence obtained provides a reasonable basis for our findings and conclusions based on our audit objectives. (See appendix II for more information on our scope and methodology.) Background: Data Sharing in Human Services: Eligibility Verification and Case Management: The federal government funds a wide array of programs that provide benefits and services to individuals, families, and households needing financial assistance or other forms of social support. These programs often involve state or local administration and vary in their purpose and target populations. For instance, human services programs may help address a family's economic situation or the needs of vulnerable children or adults. Some examples include: * Economic assistance programs: Through block grants to states, the Temporary Assistance for Needy Families (TANF) program, for instance, helps provide assistance, such as cash benefits, to eligible families, as well as supports to help individuals return to work, including job training and child care. The Supplemental Nutrition Assistance Program (SNAP), a federally-funded benefit program which states help administer, provides monthly food assistance to eligible low-income individuals and families. Medicaid, a joint federal-state program, finances health care coverage for a variety of vulnerable populations, including certain low-income children, families, and individuals. State child support enforcement programs, also supported through federal funds, are designed to ensure that parents financially support their children by locating noncustodial parents and collecting and distributing child support payments. * Programs for at-risk children and families: Various federal funding streams and programs, such as those administered under Titles IV-B and IV-E of the Social Security Act, support family preservation and child welfare programs. For instance, states' child welfare agencies may use federal funds to provide family support, family preservation, and family reunification services intended to assist families at risk for child abuse or neglect. States also receive federal funds to help children from low-income families or those with certain special needs who have been removed from their homes and are in need of temporary or permanent care. Because the range of possible services is broad and administration of these programs is multi-faceted, state and local human services agencies may use data sharing in different ways to enhance various functional areas (see table 1). Table 1: Benefits of Data Sharing in Key Functional Areas of Human Services: Key functional areas: Eligibility, enrollment, recertification; Description: Frontline workers collect and assess information needed to determine and update eligibility and benefit amounts; Potential benefits of data sharing: * Use existing data sources to prepopulate forms and reduce need for clients to provide the same information and documentation to multiple agencies; * Use existing reliable data sources to automate verification of information instead of conducting manual checks to improve payment accuracy and worker efficiency[A]; * Provide more timely updates on changes in circumstances that affect benefit levels, reducing need to recoup payments later; * Use data matching to facilitate the recertification of clients who continue to meet eligibility criteria. Key functional areas: Case management; Description: Caseworkers assess client needs, refer to services, and monitor service delivery; Potential benefits of data sharing: * Ensure caseworkers have necessary and more complete information to make appropriate case decisions; * Provide caseworkers with updated information on addresses and household composition, which helps them contact clients more efficiently; * Reduce demands on staff to manually look up and provide data on client inquiries from other agencies; * Provide more integrated services for families or individuals with complex and overlapping needs. Key functional areas: Program oversight and accountability; Description: State, local, and federal officials monitor and assess program administration for accuracy, efficiency, and program performance measures on an ongoing basis; Potential benefits of data sharing: * Conduct data matching inquiries to identify program integrity issues (e.g., fraud) and improve payment accuracy[A]; * Offer a more complete picture of how services are being provided and the degree to which they are effective; * Better understand the number and populations of clients served and the extent that they are accessing multiple services; * Monitor outcomes of participants across domains (e.g., education, employment or health). Key functional areas: Research and evaluation; Description: State, local, and federal officials as well as private researchers analyze de-identified information on caseload characteristics, needs, or trends as well as program outcomes; Potential benefits of data sharing: * Use administrative program information to supplement or replace data otherwise gathered through surveys or other research methods.[B] Obtain larger samples at lower costs than those obtained through surveys; * Avoid underreporting and selection biases known to be associated with survey responses about program participation. Source: GAO analysis. Note: This report looks particularly at how data sharing has been used in eligibility verification and case management processes for human services. [A] For example, see GAO, Improper Payments: Moving Forward with Governmentwide Reduction Strategies, GAO-12-405T (Washington, D.C.: Feb. 7, 2012). [B] For example, see GAO, Federal Statistical System: Agencies Can Make Greater Use of Existing Data, but Continued Progress Is Needed on Access and Quality Issues, GAO-12-54 (Washington, D.C.: Feb. 24, 2012). [End of table] Regarding eligibility verification, a family and its members may apply for or receive assistance from multiple human services programs, but each program may use a separate eligibility verification process. While many states have combined eligibility verification processes for certain programs (including TANF, SNAP, and Medicaid),[Footnote 9] to apply for other supports, such as housing assistance or disability benefits, a client may have to provide the same basic personal and financial information and documentation multiple times.[Footnote 10] Reducing duplicative processes, such as by sharing common eligibility information through increased automation, can lower program costs. Additionally, benefits from public assistance programs may be counted as unearned income by other programs, which supports the need for timely and accurate data sharing across programs. It can also improve program integrity through reduced improper payments by validating initial or ongoing eligibility information with data from other databases considered reliable--instead of depending solely on client provided documentation.[Footnote 11] In the past decade, the federal government has paid greater attention to the problem of improper payments, as evidenced by the enactment of the Improper Payments Information Act of 2002 and subsequent amending legislation.[Footnote 12] Regarding case management, data sharing can help program staff provide integrated case management, in a more systematic way, for families with overlapping and complex service needs. For instance, the family of a child placed in foster care may interact with other social service systems, including substance abuse or mental health treatment, juvenile justice, schools, courts, health care, and housing. Over the years, greater emphasis has been placed on providing a more coordinated approach to serve families with multiple needs.[Footnote 13] However, information about these families may be maintained in different files or systems across different agencies and, in order to provide an integrated approach, caseworkers may be faced with the difficult task of piecing together this information through inefficient or ad hoc means. Accordingly, more systematic data sharing can provide workers with more complete information and enhance the ability of agencies and other service providers to coordinate care. Federal Privacy Requirements: Collectively, human services agencies obtain a great deal of personal information from their clients that, if not properly protected, could be vulnerable to wrongful use or disclosure.[Footnote 14] Accordingly, various laws and regulations, including those at the federal level, have established requirements that protect individuals' privacy, such as requiring that safeguards be put in place to ensure that only authorized individuals are able to view specific pieces of information. For instance, certain federal laws, and their corresponding regulations and guidance, establish privacy protections for certain types of personal information, such as health or education records (see examples in table 2). Additionally, the federal statute authorizing a specific program may also include provisions that prescribe when a state agency can or cannot share data related to administering that program. For instance, the statute authorizing the TANF program requires that states outline how they will restrict the use and disclosure of information about individuals and families receiving assistance from federal funds.[Footnote 15] The statute authorizing federal assistance for state child support enforcement programs generally requires that states establish safeguards to protect the privacy of the parties involved, but also requires that the state agency use an automated system to share data as necessary with its state counterparts that administer TANF and Medicaid. [Footnote 16] Finally, although not covered in this report, states may have their own laws or policies that affect the use and sharing of personal information in human services programs. Table 2: Examples of Federal Privacy Requirements That May Apply to Human Services Programs: The Privacy Act of 1974 (Privacy Act) protects individually- identifiable records maintained by federal executive agencies and retrieved using a name or other individual identifier. Generally, federal agencies are prohibited from disclosing such records without the written consent of the individual to whom the record pertains. The Privacy Act identifies several exceptions to this requirement, including "routine use" that is compatible with the purpose for which the record was collected. State and local agencies must comply with certain Privacy Act requirements when they electronically match their records with those of a federal agency. 5 U.S.C. § 552a. Federal agencies adopt their own regulations to implement the Privacy Act. Regulations implementing the Health Insurance Portability and Accountability Act of 1996 (HIPAA) require the protection of individually identifiable health information, including information about a person's physical or mental health or condition, treatment, or payment for services. These requirements generally apply to health plans, health care clearinghouses, and those health care providers that electronically transmit health information in connection with certain health care transactions. The regulations require appropriate safeguards and set limits and conditions on the uses and disclosures that may be made of such information without patient authorization. Information may be disclosed without authorization in specified circumstances--including for certain treatment, payment, and health care operations--and must be disclosed to individuals upon their request or to HHS for compliance or enforcement purposes. See generally 42 U.S.C. §§ 1320d to 1320d-9, 45 C.F.R. parts 160 and 164 (subparts A and E). To be eligible for federal funding under programs administered by the Department of Education, the Family Educational Rights and Privacy Act of 1974 (FERPA) requires that educational agencies and institutions take certain steps with respect to student education records. Parents must have the right to inspect and review their children's education records. Generally, schools and educational agencies must obtain written consent from the parent in order to release information from a student's education record. Schools may disclose, without parental consent, "directory information" including a student's name, address, telephone number, date and place of birth, degrees and awards, and dates of attendance, provided they give public notice of these categories and a reasonable opportunity for parents to opt out of allowing schools to release this information. FERPA also authorizes schools to disclose education records without parental consent to specifically enumerated parties or under certain circumstances, including pursuant to a court order. 20 U.S.C. § 1232g, see generally 34 C.F.R. part 99. Section 523 of the Public Health Service Act and its implementing regulations (codified at 42 C.F.R. Part 2), restrict the disclosure and use of alcohol and drug abuse patient records maintained in connection with federally-assisted substance abuse programs. Information may be disclosed without patient consent only in specific circumstances, such as medical emergencies. 42 U.S.C. § 290dd-2, see generally 42 C.F.R. part 2. States receiving grants under the Child Abuse Prevention and Treatment Act must have methods in place to preserve the confidentiality of all records and reports of child abuse and neglect in order to protect the rights of the child and the child's parents or guardians, and must limit the availability of records only to specifically enumerated people or entities. 42 U.S.C. § 5106a, 45 C.F.R. §§ 1340.14(i), 1340.20. Section 6103 of the Internal Revenue Code prohibits disclosure of tax returns and return information except in specifically enumerated circumstances. Where disclosure is permitted, section 6103 generally imposes safeguarding requirements and requires the IRS to monitor compliance with those requirements. The requirements apply to federal agencies as well as state and local agencies and others who have lawfully received taxpayer information from the IRS. 26 U.S.C. § 6103, 26 C.F.R. §§ 301.6103(a)-1 to 301.6103(p)(7)-1. Source: GAO review of selected federal laws and regulations. Note: This table is for illustrative purposes only and is not intended to provide a comprehensive list of all federal privacy requirements that apply to human services programs. In addition, the description of each requirement provides only a general summary; additional provisions may apply that are not described in this table. [End of table] Selected States and Localities Use Centralized Data Sharing Systems That Enhance Eligibility Verification and Case Management Processes: Human services agencies we visited in two selected states (Michigan and Utah) and two selected localities (Allegheny County and New York City) use central systems to share client data. Officials at these locations cited improved payment accuracy and greater program efficiencies as some of the benefits of their respective data sharing systems. Among the various factors that have contributed to the success of the data sharing initiatives, strong leadership support was the most commonly cited. Selected Sites Use a Central Repository or Portal to Give Specified Workers Access to Data from Various Sources: The data sharing systems in each of the four selected sites provided specified workers with automatic access to certain client information, such as demographics or services received from other departments or by family members. Although each site's data sharing system was distinct, they shared some common elements: * Central repository or portal: With a central repository, as used in Michigan and Allegheny County, data from various source agencies are collected, copied, and stored in one central location, such as a "data warehouse," and information is refreshed on a regular basis. With a central portal, as used in Utah and New York City, users can view data from multiple systems through one point of entry, but the data are not copied or stored separately from their original sources. See figure 1 for an illustration of how data are shared through a data warehouse system, such as in Allegheny County. For a description of each site's data sharing system, see appendix I. * Interfaces with external parties other than human service agencies: Data sources may include other government entities, such as schools, courts, state treasury departments, and motor vehicle departments. For example, eligibility workers from Utah's Department of Workforce Services can access car registration and lien information from the state's Department of Motor Vehicles to assess a client's assets when determining eligibility for program benefits. * Common identifier to match client records: The four sites used different means to match client records across different data systems, including assigning clients a unique client index number across programs, searching on Social Security numbers (SSN),[Footnote 17] or employing algorithms based on a collection of key client demographic elements. For instance, to match client records across different data systems, New York City's system generates a common index number for each client using algorithms based on certain demographic information (e.g., full name, mailing and residential addresses, and date of birth.) * Role-based access: At these four sites, users are granted access only to information that is needed to perform their job function, as agreed upon in advance, and that they are legally authorized to access.[Footnote 18] For instance, New York City's data sharing initiative involved a lengthy process with program officials, department attorneys, and others to determine exactly what information 34 different user groups would have access to, for what business purpose, and under what legal authority, according to city officials. Officials at all four sites also used various security measures to control access to sensitive information, such as user training, password-protected screens, and audit trails to track which individuals have accessed databases or to flag excessive use. * Data sharing agreements: All four sites had multiple data sharing agreements in place to outline exactly what data will be shared, with whom, how, and for what purpose. Allegheny County's Department of Human Services, for instance, has a data sharing agreement in place with multiple external government entities. It most recently established one with Pittsburgh Public Schools to share data on students who are receiving services in order to offer these students additional assistance, if needed, and help them to achieve better educational outcomes. Figure 1: Illustration of Allegheny County's Data Warehouse and Examples of Data Shared: [Refer to PDF for image: illustration] Allegheny County Data Warehouse: Examples of types of data shared: All sources include client demographics, service history, provider information, and cost. Allegheny County DHS data sources: Child Welfare[A]: * Children in protective custody; * Family services received by the family or household members; * Family court activity. Behavioral Health and Intellectual Disability[A]: * Clients receiving mental health and substance abuse services, and information about these services for county and Medicaid funded programs; * Clients with intellectual disabilities receiving support services. Aging Services: * Senior clients receiving nursing home prevention, senior center services, or elder care. Community Services[A]: * Clients receiving rental or homeless assistance; * Clients receiving jail reentry support; * Clients receiving Head Start or family support center services. Outside DHS: Public Schools[A]: * Student directory information; * Performance and attendance information for certain students; * Four districts: Pittsburgh, Clairton, Woodland Hills, Elizabeth Forward. State and local correction agencies: * Incarceration history of clients; * Current status of release or sentencing for a client. City and County government housing authorities: * Clients currently receiving low income housing assistance. Pennsylvania Department of Public Works: * Recipients of TANF, SNAP or Social Security Disability Insurance. [A] Data exchange is two way and source agencies also use certain data shared through the system. The graphic shows examples of data provided by agencies but does not depict what data each agency receives or how data are used. Source: GAO analysis based on information collected from Allegheny County officials. Note: GAO did not evaluate this system for compliance with any applicable laws or regulations. [End of figure] Data Sharing Was Used to Improve Eligibility Verification and Caseworker Efficiency at the Four Selected Sites: According to officials, data sharing improved eligibility verification processes in Michigan and Utah and case management processes in New York City and Allegheny County. For instance, the data sharing systems of the two selected states were built, at least in part, with the purpose of reducing error rates in payments made for SNAP or Medicaid programs. Officials from Michigan and Utah told us that their data sharing systems have improved program integrity through more accurate benefit payments. As we have reported in prior work, strong preventive controls, such as validating initial eligibility through data sharing, remain the frontline defense in reducing improper payments.[Footnote 19] State officials also said that data sharing systems have improved program efficiencies by reducing the need for staff to manually search or ask for documentation needed to verify eligibility. For example, according to officials we interviewed in Utah, the process of checking other data sources to verify eligibility information was reduced from 17 minutes to 3 minutes, allowing staff to manage higher caseloads. In addition, caseworkers in the two localities we visited said that automated access to data on demographics, family members, and service history has facilitated their ability to make timely and informed decisions for families or individuals in need. Finally, officials at three sites we visited noted a reduced burden on staff in responding to information requests from other agencies as another benefit to automated data sharing. Table 3 includes additional information on ways that the selected sites used data sharing to facilitate eligibility verification or case management processes. For a better understanding of how data are shared at each site we visited, including detailed information on the characteristics, goals, and data providers and users of each site's system, see appendix I. Table 3: Examples of How Selected Sites Use Data Sharing: Site and type of worker: Michigan: Department of Human Services' eligibility worker; Ways data sharing is used to improve eligibility verification processes: Job function: Eligibility workers in the Department of Human Services determine eligibility for several human service programs, including TANF, SNAP, and Medicaid. Since 2010, local offices have used a data sharing management tool --the Bridges Information Management Mart (BRIMM) - to access data from the state's Enterprise Data Warehouse. The warehouse stores client data from various state systems. Eligibility workers can then access this data, which is refreshed on a nightly basis, to determine eligibility and monthly benefit amounts for public assistance programs; Type of data used: Data used to determine benefits include payroll or unemployment data, income sources such as receipt of other benefits and lottery winnings, family composition information, and client demographics; Stated benefits: Officials reported that BRIMM has helped: * Improve the speed of eligibility determinations, as all case history and demographic information are available online in one place. Before BRIMM, caseworkers needed to review both printed and electronic information from multiple data sources. In particular, redeterminations are done more quickly since summary information across multiple benefit programs is consolidated. A report from Michigan's Department of Technology, Management, and Budget noted that since local offices of the Department of Human Services began using BRIMM, benefit redeterminations are 50 percent faster for each individual case; * Streamline client service. Clients now deal with one caseworker across programs and can complete redeterminations after a single interview instead of multiple ones. Site and type of worker: Utah: Department of Workforce Services' eligibility worker; Ways data sharing is used to improve eligibility verification processes: Job function: Department of Workforce Services eligibility workers access multiple data sources through eFind to verify information on a client's benefit application. People seeking benefits from programs, such as SNAP, Medicaid TANF or child care assistance, often submit applications online, which may include incomplete information; Type of data used: Eligibility workers access links to: vital records, including birth certificates or death records, from the Department of Vital Statistics; real-time wage information captured by private vendors; car registration and lien information from the state Department of Motor Vehicles; and possible sources of other unearned income, including child support payments or income as a child care provider; Stated benefits: Eligibility workers and officials we interviewed said that the system has helped to: * Reduce the amount of documentation the client must submit. For example, clients may not have to submit pay stubs if eFind has timely wage and employment information; * Make the eligibility verification process more uniform and user friendly. It has consolidated data from disconnected systems to provide useful eligibility information. For example, a worker is able to assess a client's assets by looking to see if he or she has a registered vehicle, the value of that vehicle, and the likelihood that the vehicle is actually the client's based on other demographic information, in one screen; * Reduce the chance of improper payments because eligibility verification using external data sources is easier and more automated. With eFind and Department of Workforce Services' more recent move to prepopulate applications with externally validated data, there is less need to rely on self-reported information from the client and fewer chances for staff to make manual transcription errors. Site and type of worker: Allegheny County: Department of Human Services' child welfare intake worker; Ways data sharing is used to improve eligibility verification processes: Job function: When responding to a call regarding potential maltreatment, a child protective services intake worker may look up information on a person, child, or family in the data warehouse system; Type of data used: According to officials, the data warehouse has increased the amount of client information intake workers have at their disposal. This information can help them identify whether the reported person or another member of the family or household has received other government services, such as behavioral health, or has a criminal history. Intake workers are able to access demographic information collected by other departments, such as the state Department of Public Welfare that administers the TANF and SNAP programs. Such information may include an exact address or alternative addresses, or names and information on other household members, relatives, or noncustodial parents; Stated benefits: Intake workers we interviewed said that the system has helped to: * Speed up their ability to get information on a family when limited or inaccurate information is provided at intake, including the location of reported maltreatment or the full name of the reported person; * Probe in their questioning with a client who may not always be forthcoming; * Manage their time, such as by knowing who else is living in the house and who they need to interview before conducting a home visit; * Ensure their own safety because they have better background information on household members before making the home visit (e.g., information on criminal history or mental health status); * Search for and contact potential relative caregivers. Site and type of worker: New York City: Health and Hospital Corporation's financial counselor; Ways data sharing is used to improve eligibility verification processes: Job function/process: Financial counselors often work with patients visiting the corporation's facilities (e.g., hospitals, acute care facilities) that come in without any proof of identification, residence, or citizenship. Counselors must work with them to determine if they are eligible for Medicaid or other health insurance programs; Types of data used: Counselors access basic information through a system called Worker Connect such as most recent address, birth date, previous Medicaid status, and family composition; Stated benefits: Officials we interviewed said that the system has helped their workers: * Save time that they would otherwise spend with the client or with other agencies tracking down information (e.g., obtaining a birth certificate or determining Medicaid status); * Better serve a transient population that often has behavioral health issues and precarious housing situations. Clients do not always have needed documentation on them, nor are they always able to clearly describe their history or situation. Source: GAO analysis based on information collected from state and local officials at each site. [End of table] Several Factors Have Contributed to the Success of Data Sharing Efforts at the Selected Sites: While officials we interviewed at all four sites said that they faced and continue to face a number of challenges in developing and expanding their data sharing systems, they noted several factors that have contributed to the success of their data sharing efforts. (See the following section for further discussion on challenges.) These included strong leadership and support by both internal and external stakeholders, the organizational structure of the agency, financial support or seed funding, and a legal review or analysis. * Strong leadership and support: Strong leadership and support for data sharing as a way to achieve critical policy goals and priorities was the most common factor cited by officials at each site we visited. In Utah, state officials told us that data sharing was supported by the Governor, and they noted their department's ongoing willingness to try new things and take risks. According to New York City officials, their initiative was led by the Deputy Mayor, who established an Executive Steering Committee that consisted of Commissioners from all of the agencies involved--that would provide and use the data--to promote buy-in and leadership support for sharing data across multiple agencies. * Organizational structure: Officials at two sites told us that having an organizational structure that houses multiple human services programs under one agency makes sharing data easier. For instance, Utah officials said that sharing is easier because there is more trust that everyone in the department is under the same controls, standards, and protocols regarding oversight and data security. * Financial support or seed funding: Funding to initially develop the systems was also cited as a factor that contributed to the success of data sharing. In Allegheny County, according to officials, seed funding from the local foundation community helped support the initial development of the County's data warehouse without relying exclusively on the Department of Human Services' resources. A coalition of 12 local foundations came together to create the Human Services Integration Fund, which provided the necessary funding to start the data warehouse and has supported periodic improvements. Utah's system was created because USDA had sanctioned the state for high payment error rates in its food assistance program, according to state officials. As part of Utah's plan to reduce error rates, state officials told us that USDA allowed the state to reinvest the sanctioned funds to build an eligibility verification system. [Footnote 20] * Legal review and analysis: We also heard that the use of outside legal experts or the establishment of legal workgroups to review privacy requirements across programs was instrumental in developing data sharing agreements. For instance, Allegheny County officials said that consulting with an attorney who was considered a national expert in these areas was invaluable. Similarly, New York City officials told us that their initiative relied on interagency groups comprised of policy and legal staff to assess the city's authority to collect, use, and share personal data among agencies. In addition to these contributing success factors, officials from a few sites also emphasized that successful data sharing takes time to implement and execute. For instance, program officials in Allegheny County told us that the data sharing agreement with the public school district, alone, took 18 months to develop, and their data warehouse, which started with one data source, has incrementally added other sources over a span of years. Stakeholders Identified Data Sharing Challenges Related to Interpretation of Federal Privacy Requirements and Organizational Issues: The stakeholders from state and local human services agencies, information technology providers, and research and advocacy organizations we surveyed identified a number of challenges that state and local human services agencies face as they balance the need to protect clients' personal information while increasing the use of data sharing. The challenges identified fell into two main categories: (1) challenges related to federal privacy requirements, and (2) organizational and implementation challenges (see table 4). The top three items identified as extreme or great challenges by the highest number of stakeholders were related to federal privacy requirements. Table 4: Challenges Identified by 35 Stakeholders That State and Local Human Services Agencies Face When Balancing Data Sharing with Protecting Personal Information: Confusion or misperceptions around what agencies are or are not allowed to share[A]: Number of stakeholders who rated each of the following an "extreme challenge" or "great challenge" (% of 35 stakeholders): 32 (91%). Agencies may be overly cautious and interpret federal privacy requirements more narrowly than necessary[A]: Number of stakeholders who rated each of the following an "extreme challenge" or "great challenge" (% of 35 stakeholders): 29 (83%). Federal privacy requirements that govern data sharing are inconsistent across multiple programs[A]: Number of stakeholders who rated each of the following an "extreme challenge" or "great challenge" (% of 35 stakeholders): 24 (69%). Agencies have outdated technology systems that are unable to share data securely[B]: Number of stakeholders who rated each of the following an "extreme challenge" or "great challenge" (% of 35 stakeholders): 23 (66%). Data sharing agreements between agencies are cumbersome to establish[B]: Number of stakeholders who rated each of the following an "extreme challenge" or "great challenge" (% of 35 stakeholders): 21 (60%). Past practice has created a mindset or culture that agencies should not share data[B]: Number of stakeholders who rated each of the following an "extreme challenge" or "great challenge" (% of 35 stakeholders): 20 (57%). Agencies may not always be aware of the capacity of technology to protect personal information[B]: Number of stakeholders who rated each of the following an "extreme challenge" or "great challenge" (% of 35 stakeholders): 20 (57%). Agencies do not provide sufficient training to workers on allowable sharing[B]: Number of stakeholders who rated each of the following an "extreme challenge" or "great challenge" (% of 35 stakeholders): 20 (57%). Agencies are not always sure when client consent is required to share data[A]: Number of stakeholders who rated each of the following an "extreme challenge" or "great challenge" (% of 35 stakeholders): 20 (57%). Federal privacy requirements about sharing data with third parties (e.g., non-profit service providers) are overly restrictive[A]: Number of stakeholders who rated each of the following an "extreme challenge" or "great challenge" (% of 35 stakeholders): 18 (51%). Agencies may not trust that other agencies will sufficiently protect shared data[B]: Number of stakeholders who rated each of the following an "extreme challenge" or "great challenge" (% of 35 stakeholders): 18 (51%). Security standards for sharing and storing data are inconsistent[A]: Number of stakeholders who rated each of the following an "extreme challenge" or "great challenge" (% of 35 stakeholders): 15 (43%). Agencies tend to adopt data sharing agreements that are too specific and do not allow for flexibility[B]: Number of stakeholders who rated each of the following an "extreme challenge" or "great challenge" (% of 35 stakeholders): 15 (43%). Public perception regarding sharing personal information deters agencies from sharing data[B]: Number of stakeholders who rated each of the following an "extreme challenge" or "great challenge" (% of 35 stakeholders): 14 (40%). Agencies are hesitant to use clients' Social Security numbers to match data across systems[B]: Number of stakeholders who rated each of the following an "extreme challenge" or "great challenge" (% of 35 stakeholders): 13 (37%). Agencies are concerned about the accuracy of data from other agencies[B]: Number of stakeholders who rated each of the following an "extreme challenge" or "great challenge" (% of 35 stakeholders): 11 (31%). [A] Challenges related to federal privacy requirements: [B] Organizational and implementation challenges: Source: GAO analysis of responses from the second of two surveys to the same group of stakeholders. Note: Stakeholders rated challenges on a 5-point scale from "extreme challenge" to "not a challenge." [End of table] Interpretation of Federal Privacy Requirements and Inconsistencies Are Significant Challenges, According to Stakeholders: The challenges stakeholders identified relating to federal privacy requirements primarily concern the understanding or interpretation of these requirements. With the exception of a specific concern regarding FERPA, stakeholders did not consistently identify individual laws or regulations as overly restrictive;[Footnote 21] rather, the challenges they identified relate to how the federal requirements are understood and applied by state and local agencies and how they interact across programs. We found that some of the challenges discussed here are inter-related and may also reinforce each other. For example, confusion about what data may be shared and whether the different federal privacy requirements are consistent were both identified as challenges. Not only are they inter-related, but they may contribute to the cautious interpretation of requirements by state and local agencies--another challenge that was identified by the stakeholders. The items related to federal privacy requirements that were identified as challenges by the highest number of stakeholders (as shown in table 4) are described in more detail below, including illustrative examples drawn from stakeholder comments:[Footnote 22] * Confusion or misperceptions around what agencies are or are not allowed to share was identified as an extreme or great challenge by 32 of 35 stakeholders. For example, many stakeholders commented that state and local agencies may cite privacy requirements in general as a reason not to share data, but may not be familiar with the actual scope of the specific privacy laws at issue. Several of these stakeholders noted further that agencies may assume that laws or regulations do not permit them to share data when no actual prohibitions exist. Several stakeholders also noted that human services agencies are subject to multiple privacy requirements and may not always understand which are applicable to a particular situation. As one stakeholder noted, "It is challenging to understand what information may be shared with whom when four or five confidentiality laws may be applicable at the same time." * Agencies may be overly cautious and interpret federal privacy requirements more narrowly than necessary was identified as an extreme or great challenge by 29 of 35 stakeholders. According to several stakeholder comments, state and local agencies may decide not to share data based on advice from their legal departments, which may be based on a desire to minimize the risks associated with client data being shared improperly rather than due to a prohibition in law or policy. One stakeholder said that "a great deal of practice is based on avoiding risk and taking what is assumed to be a safe course without any necessary connection to the original policies' requirements or intentions." Several stakeholders stressed the importance of protecting personal information, but were concerned that "the overzealous interpretation of privacy and confidentiality laws" may negatively impact agencies' ability to provide services. Agency officials we visited who manage New York City's data sharing initiative explained that attorneys at the different departments they worked with were initially hesitant to allow their data to be shared. Only after a rigorous process of reviewing all the relevant laws and regulations did the attorneys determine that sharing for the specific purposes identified was permissible. * Federal privacy requirements that govern data sharing are inconsistent across multiple programs was identified as an extreme or great challenge by 24 of 35 stakeholders. In their comments, stakeholders generally did not identify specific inconsistencies in federal privacy requirements. Rather, several stakeholders cited as a challenge the combination of many separate requirements for human services programs and a lack of clarity about how they interact. One stakeholder noted: "There is a curious mix of enabling and inhibiting legislation in the areas of confidentiality and privacy. There are identified rules for data sharing and there are protections for privacy but these are not well aligned and often are governed by the requirements of services to a specific population such as the homeless, or victims of domestic violence, child welfare, healthcare, behavioral health, education, etc. They do not coexist in alignment and often work against each other." The one specific federal law that many stakeholders and officials in localities we spoke to identified as creating a challenge was FERPA. [Footnote 23] Under Title IV-E of the Social Security Act, state child welfare agencies are required to include in the case plan the education records of the child, including the child's grade-level performance and school record, among other information.[Footnote 24] Congress expanded these requirements with the enactment of the Fostering Connections to Success and Increasing Adoptions Act of 2008, which gave states additional responsibilities for monitoring the education of children in foster care, but did not provide child welfare agencies with additional access to education records.[Footnote 25] According to several stakeholders, the available options for child welfare agencies to obtain education records under FERPA, including parental consent or court order, were difficult and time consuming, and the limitations on the agencies' access to records could negatively affect their ability to make timely decisions for children in care.[Footnote 26] For instance, one stakeholder noted that in instances when a child first enters the child welfare system, caseworkers may have faced delays in obtaining education records that they needed to determine an appropriate living and school placement for the child. She further noted that this delay, in some jurisdictions, could have resulted in a child being forced to sit out of school for a period of time. Experts we interviewed noted that a delay of even a few days can be harmful when children are transitioning in and out of schools and can affect child welfare workers' ability to meet goals around school stability. Similarly, officials we interviewed in Allegheny County and New York City cited FERPA as a challenge and noted that their child welfare agencies had experienced difficulty accessing records to monitor the educational status of children in foster care. Stakeholders Also Identified Organizational Challenges: Stakeholders also identified organizational and implementation challenges to balancing increased data sharing with the protection of clients' personal information. These challenges may apply to data sharing in general; however, for this study, stakeholders focused on the facets of these issues that relate to privacy protections. For example, outdated technology systems may be a barrier to data sharing for multiple reasons, but stakeholders discussed the implications for privacy protections. As with the prior category of challenges, these organizational challenges are likely to be inter-related. For example, data sharing agreements may be more cumbersome to establish when workers operate in a culture that is wary of sharing data, and outdated technology systems may contribute to skepticism that data can be shared securely. The items related to organizational and implementation issues that were identified as challenges by the highest number of stakeholders are described in more detail below, including illustrative examples from stakeholder comments: * Agencies have outdated technology systems that are unable to share data securely was identified as an extreme or great challenge by 23 of 35 stakeholders. For example, many stakeholders commented that the information technology infrastructure of state and local human services agencies poses a challenge to data sharing efforts. More specifically, several stakeholders suggested that outdated technology systems, often referred to as legacy systems, raise privacy concerns because they cannot share client data securely in the way that modern systems can. A few stakeholders noted that these systems were not built with data sharing in mind, and one stakeholder said they may not be able to perform important functions related to privacy protection, such as allowing certain users access to only a specific subset of information. One stakeholder said that the slow pace of information technology innovation in public sector human services has inhibited agencies from deploying tools that facilitate appropriate data sharing while also protecting personal information. * Data sharing agreements between agencies are cumbersome to establish was identified as an extreme or great challenge by 21 of 35 stakeholders. For example, several stakeholders commented that negotiating data sharing agreements may be difficult, time consuming, require the participation of many parties, or suffer from a lack of standard models. According to one stakeholder, "The process of getting agencies and individual entities (such as schools) on board and getting to data-sharing agreements is so exhausting that the effort just dies." Additionally, a few stakeholders, as well as officials we spoke with in Michigan, noted that when data sharing arrangements are negotiated, they may be too narrow to allow for future uses of the data for similar purposes. According to Michigan officials, if the agencies involved later decide they want to add a few additional data elements, they must establish a new agreement, which slows down the process. They further noted that Michigan's human services agency has more than 180 separate data sharing agreements in place, and establishing and maintaining these agreements is time consuming. * Past practice has created a mindset or culture that agencies should not share data was identified as an extreme or great challenge by 20 of 35 stakeholders. For example, several stakeholders commented that human services agencies have traditionally operated in independent "silos" and developed cultures that do not promote data sharing. One stakeholder said that workers at human services agencies believe that they cannot share information and that their agency will be punished in some way if they share such information. Officials at sites we visited also identified agency culture as a challenge. For example, officials in Allegheny County said that workers at human services agencies may have grown accustomed to not sharing data over many years and fear violating privacy requirements. One official said there had been a tendency not to share data and use privacy requirements as an excuse rather than fully explore possibilities. Stakeholders Suggest Federal Agencies Clarify Requirements and Consider Changes to Increase Their Consistency: Stakeholders we surveyed suggested actions that federal agencies could take to address the challenges that state and local agencies face in balancing increased data sharing with the need to protect personal information. The proposed federal actions fell into two broad categories: (1) those related to providing additional information, including guidance and models, and (2) those related to re-examining federal privacy requirements. Overall, stakeholders rated many of these proposed actions as highly useful, with a large majority of stakeholders rating nearly all of the actions as "extremely useful" or "very useful" (see table 5). Coordinated multi-agency guidance was the highest rated proposed action, with 30 of 35 stakeholders rating it "extremely useful." In addition, some federal agencies have already taken some actions suggested by stakeholders we surveyed, and, according to federal officials, plan to pursue others. Table 5: Potential Federal Agency Actions Proposed by 35 Stakeholders to Address Challenges That State and Local Human Services Agencies Face Balancing Data Sharing with Protecting Personal Information: Provide coordinated multi-agency guidance that clarifies what data sharing is permissible[A]: Number of stakeholders who rated each of the following actions as "extremely useful" or "very useful": (% of 35 Stakeholders): 32 (91%). Develop model or provide existing examples of data sharing agreements that comply with federal privacy requirements[A]: Number of stakeholders who rated each of the following actions as "extremely useful" or "very useful": (% of 35 Stakeholders): 32 91%). Develop model or provide existing examples of informed consent language (including possibilities for "opt out" provisions) that complies with federal privacy requirements[A]: Number of stakeholders who rated each of the following actions as "extremely useful" or "very useful": (% of 35 Stakeholders): 32 (91%). Review and harmonize non-statutory requirements to ensure more standardized privacy rules for data sharing across human services programs and agencies[B]: Number of stakeholders who rated each of the following actions as "extremely useful" or "very useful": (% of 35 Stakeholders): 32 (91%). Review non-statutory privacy requirements across human services programs to ensure rules are appropriate for current available technologies[B]: Number of stakeholders who rated each of the following actions as "extremely useful" or "very useful": (% of 35 Stakeholders): 32 (91%). Continue or increase the provision of funds for pilots and demonstration projects for data sharing, including those that address privacy-related challenges[A]: Number of stakeholders who rated each of the following actions as "extremely useful" or "very useful": (% of 35 Stakeholders): 32 (91%). Provide guidance from individual federal agencies that clarifies what data sharing is permissible for the programs the agency administers[A]: Number of stakeholders who rated each of the following actions as "extremely useful" or "very useful": (% of 35 Stakeholders): 30 (86%). Revise FERPA to ensure child welfare agencies have access to education records (or recommend Congressional action if necessary)[B]: Number of stakeholders who rated each of the following actions as "extremely useful" or "very useful": (% of 35 Stakeholders): 29 (83%). Communicate that the federal agency views data sharing as beneficial to the administration of human services programs[A]: Number of stakeholders who rated each of the following actions as "extremely useful" or "very useful": (% of 35 Stakeholders): 28 (80%). Create consistent standards for data security across programs and agencies[B]: Number of stakeholders who rated each of the following actions as "extremely useful" or "very useful": (% of 35 Stakeholders): 28 (80%). Identify and publicize examples of state and local agencies that have successfully addressed privacy-related challenges to data sharing[A]: Number of stakeholders who rated each of the following actions as "extremely useful" or "very useful": (% of 35 Stakeholders): 28 (80%). Identify statutory limits to data sharing that Congress should consider changing[B]: Number of stakeholders who rated each of the following actions as "extremely useful" or "very useful": (% of 35 Stakeholders): 27 (77%). Provide technical assistance and training that focuses on how human services agencies can enhance data sharing under existing federal privacy requirements[A]: Number of stakeholders who rated each of the following actions as "extremely useful" or "very useful": (% of 35 Stakeholders): 27 (77%). Explore ways to expand access to federal sources of income and wage information[B]: Number of stakeholders who rated each of the following actions as "extremely useful" or "very useful": (% of 35 Stakeholders): 21 (60%). [A] Actions related to guidance and models: [B] Actions related to re-examining federal privacy requirements: Source: GAO analysis of responses from the second of two surveys to the same group of stakeholders. Note: Stakeholders rated actions on a 5-point scale from "extremely useful" to "not at all useful." [End of table] Stakeholders Suggest Federal Agencies Provide Information to Clarify Permissible Data Sharing: Stakeholder suggestions included actions that federal agencies could take to make federal privacy requirements clearer and easier to implement for state and local human services agencies. The items that the most stakeholders identified as useful actions related to providing additional information are described in more detail below, including illustrative examples from stakeholder comments: [Footnote 27] * Provide coordinated multi-agency guidance that clarifies what data sharing is permissible was identified as an extremely or very useful federal action by 32 of 35 stakeholders. In their comments, many stakeholders provided suggestions for areas that the guidance could cover, including: - A broad statement of cross-agency support for appropriate data sharing that discusses the potential benefits; - The different uses or purposes for which agencies might share data, and how privacy requirements may vary by purpose; - Data security, including the mechanics of how data may be shared (e.g., through web-based portals), stored, and protected; - Data governance, or which agency owns the shared data and retains responsibility for its maintenance; and: - The relationship between federal and state law, including information on when federal law preempts state law that may conflict. * Develop a model or provide existing examples of data sharing agreements and/or informed consent language (including possibilities for "opt out" provisions) that comply with federal privacy requirements were identified as extremely or very useful federal actions by 32 of 35 stakeholders. For example, several stakeholders proposed having federal agencies develop model data sharing agreements or templates that include provisions on how data should be shared, maintained, and used. A few suggested that federal agencies could collect and share examples, such as by creating a database of sample data sharing agreements that could inform other agencies in developing their own data sharing protocols. Several stakeholders suggested that clarifying guidance on allowable data sharing be paired with model language, forms, or agreements. Several stakeholders also suggested federal agencies provide model "informed consent" language, which is used to either notify clients that their data will be shared unless they request it not be ("opt-out" consent) or to request their permission to share the data ("opt-in" consent).[Footnote 28] They suggested federal agencies work toward developing informed consent language and procedures that could be used across states and programs. * Continue or increase the provision of funds for pilots and demonstration projects for data sharing, including those that address privacy-related challenges was identified as an extremely or very useful federal action by 32 of 35 stakeholders. For example, several stakeholders and officials at sites we visited suggested the federal government could use funded demonstration projects to encourage data sharing that complies with privacy requirements, and to send a message that such sharing is useful and appropriate. One stakeholder, for instance, said that federal agencies should offer competitive grants to fund data sharing systems that have the capability to comply with applicable privacy laws, and that can be modified over time to comply with changing laws. An outcome of such demonstration projects could be to publicize examples of agencies that have successfully addressed privacy-related challenges to data sharing, which is another potential action that most stakeholders rated as useful. Stakeholders Suggest Federal Agencies Re-examine Privacy Requirements and Consider Changes to Increase Consistency: Stakeholders also suggested actions that federal agencies could take to ensure that the federal privacy requirements that apply to state and local human services agencies are reasonable and consistent. In general, stakeholders did not consistently identify specific laws or regulations in need of revision. Instead, they raised questions in more general terms about whether some privacy requirements should be re-examined in light of changes in society and technology. With respect to FERPA, however, a number of stakeholders specifically suggested the law be revised to ensure child welfare agencies have appropriate and timely access to the educational records of children in foster care.[Footnote 29] The items that the most stakeholders identified as useful actions related to re-examining federal privacy requirements are described in more detail below, including illustrative examples from stakeholder comments: * Review and harmonize non-statutory requirements to ensure more standardized privacy rules for data sharing across human services programs and agencies was identified as an extremely or very useful federal action by 32 of 35 stakeholders. In their comments, several stakeholders suggested reviewing and revising federal privacy requirements as needed to increase consistency. Several stakeholders also suggested a comprehensive federal effort to ensure all relevant privacy requirements work together. A few stakeholders identified specific areas for closer review. For instance, one stakeholder observed that the differing privacy protections for substance abuse and mental health records were developed separately, but that today, standard practice integrates treatment for substance abuse and mental illness. As a result, the stakeholder noted that these "treatment providers must deal with conflicting standards for privacy and confidentiality." * Review non-statutory privacy requirements across human services programs to ensure rules are appropriate for current available technologies was identified as an extremely or very useful federal action by 32 of 35 stakeholders. For example, several stakeholders suggested that federal privacy requirements be examined in light of evolving technologies to ensure an appropriate balance between protecting personal information and innovative use of technology to improve efficiency and client service. One stakeholder suggested that privacy requirements be reviewed to identify restrictions that impede beneficial data sharing while offering little protective benefit to clients. Another stakeholder noted that "privacy should not be used as an excuse to thwart innovation or data sharing that would enable agencies to better serve citizens, or to do so more efficiently and economically." * Revise FERPA to ensure child welfare agencies have access to education records (or recommend Congressional action if necessary) was identified as an extremely or very useful federal action by 29 of 35 stakeholders. Most stakeholders supported federal action to reconcile FERPA's restrictions on access to education records with the responsibilities of child welfare agencies. In their comments, several stakeholders suggested FERPA be amended to permit disclosure of the education records of foster children to child welfare agencies without needing to first obtain parental consent or a court order. For example, a state or local child welfare agency with responsibility for a child in foster care could be authorized to access education records as needed to address the child's educational needs, with requirements for appropriate protection of the information. Officials from HHS and Education indicated that expanding disclosure without parental consent or court order would require Congress to amend the statute. Because the exceptions to FERPA are statutory, Education does not have authority to add additional exceptions by regulation. Education officials told us that they could provide additional guidance that clarifies that child welfare agencies may access education records under FERPA if they are defined as "parents" of foster children under state law, but that approach has limitations. For example, they noted that such an approach may give child welfare agencies additional rights as a parent beyond accessing education records, such as the right to challenge or correct the content of the records.[Footnote 30] Furthermore, the Individuals with Disabilities Education Act (IDEA) and its implementing regulations also require parental consent prior to the disclosure of education records of children with disabilities. However, according to Education officials, the definition of parent in IDEA does not permit a child welfare agency to be considered a parent. [Footnote 31] As a result, even if a child welfare agency was defined as a parent under state law for purposes of FERPA, child welfare agencies could not obtain the education records of foster children with disabilities without parental consent or a court order. These complications could be avoided by adding child welfare agencies to the existing list of parties under FERPA to whom schools may disclose records without first obtaining parental consent. Officials from both agencies said that such a change would help facilitate child welfare agencies' timely access to education records for children in foster care. On January 14, 2013, the president signed into law the Uninterrupted Scholars Act, which among other provisions, amends FERPA by authorizing disclosure of education records without parental consent to child welfare agencies that have a right of access to a student's case plan and are legally responsible for the care and protection of the student.[Footnote 32] Existing Federal Initiatives Address Some Actions Suggested by Stakeholders: Several federal agencies we reviewed have some initiatives underway or planned that relate to actions suggested by stakeholders (see table 6). In particular, HHS's Administration for Children and Families (ACF) and OMB both have efforts that concern data sharing in human services programs, and which have components related to federal privacy requirements. In addition to these ongoing initiatives, ACF and HHS's Office of the Assistant Secretary for Planning and Evaluation told us that they have additional efforts planned to clarify federal privacy requirements. Table 6: Current or Planned Federal Initiatives Related to Stakeholder Suggestions: Initiatives completed or currently ongoing: Stakeholder suggestion: Continue or increase the provision of funds for pilots and demonstration projects for data sharing, including those that address privacy-related challenges; Federal initiative: Initiatives completed or currently ongoing: * Since fiscal year 2011, OMB's Partnership Fund for Program Integrity Innovation has allocated over $22 million for pilot projects to improve federal assistance programs that are jointly administered by federal and state agencies, or where federal-state cooperation could be beneficial.[A] Part of the Partnership Fund's mission is to streamline program administration and strengthen program integrity, which includes addressing obsolete technologies and conflicting requirements. Proposals for the Partnership Fund pilots are developed with the help of the Collaborative Forum, a group of federal, state, local, and non-government stakeholders who work together to develop ideas for improving state-administered federal assistance programs. The Forum and its working groups meet regularly and disseminate information to its members. Through the Partnership Fund, in September 2012, ACF awarded nearly $8 million to seven states (Colorado, New York, Oklahoma, Illinois, Indiana, California, and Maryland) for 12-month grants to plan improved integration in health and human services information technology systems. As part of these projects, each state will be required to produce a public report that includes the privacy and confidentiality framework developed to support appropriate data sharing. Stakeholder suggestion: Communicate that the federal agency views data sharing as beneficial to the administration of human services programs; Federal initiative: Initiatives completed or currently ongoing: * ACF recently started an initiative focusing on the importance of "Interoperability"--the ability of two or more systems to exchange information. ACF has posted information for state and local agencies on a website, including an Interoperability Toolkit that was first published in 2011 and updated in 2012; * A 2010 OMB memorandum entitled "Sharing Data While Protecting Privacy" encouraged federal agencies to engage in coordinated efforts to share data to improve program implementation. The memo noted that "OMB stands ready to assist agencies as they evaluate proposals for data sharing activities and as they take the necessary steps for ensuring that their data sharing activities comply with applicable laws, regulations, and policies." Stakeholder suggestion: Create consistent standards for data security across programs and agencies; Federal initiative: Initiatives completed or currently ongoing: * In June 2012, ACF released data security guidance as part of a larger initiative (the National Human Services Interoperability Architecture) to develop standards for information technology systems that will enable information exchange across federal, state, local, and private human services systems. Initiatives planned: Stakeholder suggestion: Provide coordinated multi-agency guidance that clarifies what data sharing is permissible; Federal initiative: Initiatives completed or currently ongoing: * As part of its Interoperability Initiative, ACF plans to release a Confidentiality Toolkit for sharing data among six human services programs (TANF, SNAP, Low-Income Home Energy Assistance Program, child welfare, child support, and child care) aimed at state and local human services agencies. According to ACF officials leading this effort, they worked with policy and legal officials from each program, including USDA officials overseeing SNAP, to develop this toolkit. Officials said that for each program the toolkit will contain a narrative description of the relevant privacy rules, an explanation of typical data sharing activities, and a matrix of what data can be shared across which programs. Although the toolkit's scope has evolved over time and its publication has encountered some delay, ACF officials told us in October 2012 that the toolkit was undergoing internal review and expected it would be published soon. Stakeholder suggestion: Develop a model or provide existing examples of data sharing agreements that comply with federal privacy requirements; Federal initiative: Initiatives completed or currently ongoing: * In response to confusion from state and local agencies regarding federal privacy requirements, HHS's Office of the Assistant Secretary for Planning and Evaluation has undertaken a limited review of requirements. Officials said that an outcome of their review may be to identify model data sharing agreements for specific data sharing purposes; however, they had not yet finalized the scope of their work. Source: GAO summary of information provided by federal agencies. [A] The Partnership Fund was established by the Consolidated Appropriations Act, 2010, Pub. L. No. 111-117, div. C, tit. II, 123 Stat. 3034, 3171-72 (2009). OMB established the Collaborative Forum to comply with the Act's requirement to consult with an "interagency council" consisting of representatives of federal agencies, states, and other stakeholders. [End of table] These efforts also demonstrate the importance that OMB and HHS have placed on breaking down silos across programs and systems to provide better and more efficient service delivery. For example, the Collaborative Forum, which was established through one of OMB's initiatives, involves members from all levels of government, as well as a range of programs and disciplines, considering ways to improve state-administered federal assistance programs. The Confidentiality Toolkit that ACF plans to release cuts across six human services programs and involves interagency work with USDA on SNAP. This planned Confidentiality Toolkit is part of a larger effort by ACF, which recently started focusing on the importance of "Interoperability"--the ability of two or more systems to exchange information. These recent initiatives represent important steps by OMB and HHS in facilitating data sharing while addressing important privacy issues. However, some questions remain about the final content and completion dates of these efforts. For example, the actual completion date of HHS's planned Confidentiality Toolkit is not yet known. According to ACF officials, it was originally expected to be completed earlier in the year, but had encountered some delay. When we spoke with officials in October 2012, the Toolkit was still undergoing internal review, including by legal counsel. Further, ACF did not yet have specific plans for the Toolkit's dissemination or the collection of feedback from potential users on the information's usefulness. In addition, the plans and scope for another HHS effort that may potentially incorporate model or existing examples of data sharing agreements have not been finalized. In our work, we found that the stakeholders we surveyed ranked the provision of models or examples of data sharing agreements addressing privacy issues among the highest actions desired from the federal level. OMB officials also said that building a repository of model agreements would be helpful to facilitate the sharing of promising practices. The officials also noted that a key factor that facilitates improved data sharing among programs is leadership--a key success factor that was also discussed by officials at our selected states and localities. Given OMB's role in overseeing federal agencies, it is positioned to encourage and facilitate appropriate cross-agency activities and practices and has done so in the past. For example, OMB issued a 2010 memorandum entitled "Sharing Data While Protecting Privacy" that encouraged federal agencies to engage in coordinated efforts to share data to improve program implementation, while emphasizing that they must do so in a way that fully protects individual privacy. The memorandum states that OMB "stands ready to assist agencies" consider ways to expand useful data sharing activities that comply with applicable privacy laws, regulations, and policies. OMB also continues to seek opportunities to promote and facilitate data sharing efforts generally. For example, OMB officials said that, in response to recent legislation,[Footnote 33] OMB is working with several federal agencies on data exchange standardization to improve the ease and accuracy of information exchanges between and within human services programs. However, according to OMB officials, the agency did not have plans to undertake specific actions related to privacy requirements, such as identifying and disseminating model data sharing agreements or other tools, that might better facilitate the implementation of new and appropriate data sharing efforts. Moreover, funding for the Partnership Fund for Program Integrity Innovation, which supports pilots, including the one related to developing privacy and confidentiality frameworks noted in the table above, expires at the end of fiscal year 2013. Conclusions: The steps the federal government and some states and localities have taken to provide more seamless and standardized data exchange promote greater interoperability across health and human services programs. Advances in technology, in some locations, have also increasingly allowed agencies to better manage exactly who has access to what information. Yet, even with the technology to share data, state and local agencies may be stymied by uncertainties regarding what can or cannot be shared consistent with the myriad of privacy laws and requirements that affect the delivery of human services. Absent more explicit clarification on what data sharing is permitted under these requirements, as well as specific examples and tools related to how some states and localities are actually sharing data in new ways while fully maintaining client privacy protections, other state and local agencies may be stalled in their efforts. While HHS and OMB have demonstrated leadership by taking some initial steps to help states and localities move forward in this area, these efforts need sustained attention--to ensure their completion, appropriate content, effective dissemination, and usefulness to program administrators and other users. Recommendations for Executive Action: HHS: To ensure that state and local human services agencies have additional information to help facilitate useful data sharing, we recommend that the Secretary of HHS ensure timely completion of the department's planned activities to clarify what data sharing is permissible under federal privacy requirements and consider other ways to bolster the efficacy of its efforts. For example, HHS could develop a strategy for the effective dissemination of its Confidentiality Toolkit and consider ways to solicit and incorporate feedback on the information's usefulness from a range of users. OMB: To follow through on its efforts to improve the delivery of federal assistance programs and to help federal agencies promote useful data sharing activities that comply with federal privacy requirements, we recommend that the Director of OMB take a more active leadership role in considering additional opportunities to identify and disseminate useful data sharing practices and tools that address privacy requirements among human services programs. For example, OMB could leverage the Collaborative Forum's existing network of federal, state, and local agencies and other stakeholder organizations to collect and disseminate useful information, such as model data sharing agreements that comply with federal privacy requirements. Agency Comments and Our Evaluation: We provided a draft of our report to Education, HHS, OMB, and USDA for review and comment. We received written comments on the draft report from HHS, which are reproduced in appendix V. We also received technical comments from OMB, Education, HHS, and USDA which we incorporated as appropriate. In the report that we sent to the agencies for comment, we had included a suggestion for Congress to consider amending FERPA to ensure that child welfare agencies have timely and appropriate access to the education records of children in foster care, such as by adding state and local child welfare agencies to the existing list of parties to whom schools may disclose records without first obtaining parental consent. We removed this suggestion from the final report due to the passage of the Uninterrupted Scholars Act in January 2013 which amended FERPA in this manner. In its comments, HHS concurred with our recommendation for the department and stated that it is in the process of refining its Confidentiality Toolkit and plans to solicit feedback on the Toolkit's usefulness before wider dissemination to state and local human service agencies. In its technical comments, OMB noted that it had already taken some steps to encourage data sharing while protecting privacy. We think that such encouragement would be more effective if accompanied by the dissemination of concrete tools, such as model data sharing agreements, that ultimately could be leveraged by state and local agencies. As a result, we have clarified some information in the report and the recommendation to emphasize this point. As agreed with your offices, unless you publicly announce the contents of this report earlier, we plan no further distribution until 30 days from the report date. At that time, we will send copies of this report to appropriate congressional committees and the Secretaries of Agriculture, Education, and Health and Human Services, the Deputy Director for Management and other interested parties. The report also will be available at no charge on the GAO website at [hyperlink, http://www.gao.gov]. If you or your staff have any questions about this report, please contact me at (202) 512-7215 or brownke@gao.gov. Contact points for our Offices of Congressional Relations and Public Affairs may be found on the last page of this report. Key contributors to this report are listed in appendix VI. Signed by: Kay E. Brown: Director, Education, Workforce, and Income Security Issue: [End of section] Appendix I: Additional Information On Selected Sites: This information was provided by state and local officials. GAO did not independently evaluate the data sharing systems described in this report, including their compliance with any applicable laws or regulations. Michigan: Enterprise Data Warehouse: System Characteristics: System owner or administrator: Michigan Department of Technology, Management and Budget, a centralized IT department for the various state departments and agencies. System name and description: Michigan’s Enterprise Data Warehouse provides a common platform to allow users to connect disparate data elements on a single client or family across different agencies’ data systems. Data from the various systems feed into the warehouse, are updated on a regular basis, and are stored over time. Start date: The warehouse was developed in the mid-1990s to monitor Medicaid claims data. It has since expanded to other government departments and now supports about 10,000 government users statewide. Goals of the system include: * Reducing improper payments of public benefits (e.g., by identifying potential payment errors or detecting fraud). * Improving program efficiencies, such as by analyzing and managing worker caseloads, as well as streamlining eligibility redetermination processes. * Improving client outcomes, such as by locating non-custodial parents to provide child support payments or increasing the rate of reunification for foster care children. Access to Data from Various Sources: Michigan’s Enterprise Data Warehouse stores a breadth of client information including data on federal and state income taxes, benefit eligibility, vital statistics, Medicaid claims, as well as criminal and civil court cases. Officials said that the common architecture of the warehouse allows state users to make connections across data systems that were previously not possible. The Enterprise Data Warehouse also collects client’s data over a longer time period. Thus, unlike some of the source data systems which primarily capture current client information, the warehouse also serves as a central repository for historic client information across departments and programs. [Refer to PDF for image: illustration] Michigan Enterprise Data Warehouse: Examples of types of data shared: Michigan Department of Human Services systems: Public Assistance Eligibility[A]: * TANF, SNAP, Medicaid eligibility, information; * Child care payment information; * Wage and unemployment data; * Service provided payments. Child Support Enforcement[A]: * Non-custodial parent location and status; * Child support payment information. Children's Services: * Children in foster care; * Children and family services data. Other state department systems: Department of Community Health[A]: * Medicaid provider data; * Medicaid beneficiary data; * Birth and death records; * Immunization records for newborns. Department of Treasury[A]: * Employer provided data (e.g., employer name, income amount); * State and federal tax return data. Michigan State Courts[A]: * Case information (e.g., filing date, case number, judge of record, next hearing date) on: - Criminal cases; - Civil cases; - Juvenile justice cases. Department of Natural Resources: * Hunting and fishing licenses. [A] Data exchange is two way and source agencies also use certain data shared through the system. The graphic shows examples of data provided by agencies but does not depict what data each agency receives or how data are used. Source: GAO analysis based on information collected from Michigan officials. Note: Officials we interviewed noted that not all data sharing between departments occurs through the data warehouse. Some departments share data directly between systems without accessing the warehouse. [End of figure] System Users: Similar to other sites we visited, agencies that provide data to the warehouse also have staff who access data from the warehouse for certain job functions. Some of the state departments that use the Enterprise Data Warehouse include: * The Department of Human Services, which includes a number of different programs, including TANF, SNAP, child care, child welfare, and child support enforcement. * The Department of Community Health, which administers a range of medical programs, including Medicaid, mental health and substance abuse treatment, as well as services to at-risk pregnant women, infants, and children. * Michigan Courts consist of over 200 courts which preside over a range of cases including civil, criminal, juvenile justice, and traffic. Example of Data Sharing Use: Human Services Eligibility Caseworker: Job function: Eligibility workers in the Department of Human Services determine eligibility for several programs, including TANF, SNAP, and Medicaid. Since 2010, local offices have used a data sharing management tool -- the Bridges Information Management Mart (BRIMM) – to access data from the state’s Enterprise Data Warehouse. The warehouse stores client data from various state systems. Eligibility workers can then access this data, which is refreshed on a nightly basis, to determine eligibility and monthly benefit amounts for public assistance programs. Type of data used: Data used to determine benefits include payroll or unemployment data, income sources such as receipt of other benefits and lottery winnings, family composition information, and client demographics. Stated benefits: Officials reported that BRIMM has helped: * Improve the speed of eligibility determinations, as all case history and demographic information are available online in one place. Before BRIMM, caseworkers needed to review both printed and electronic information from multiple data sources. In particular, redeterminations are done more quickly since summary information across multiple benefit programs is consolidated. A report from Michigan’s Department of Technology, Management, and Budget noted that since local offices of the Department of Human Services began using BRIMM, benefit redeterminations are 50 percent faster for each individual case. * Streamline client service. Clients now deal with one caseworker across programs and can complete redeterminations after a single interview instead of multiple interviews. Example of Data Sharing Use: Child Support Enforcement Caseworker: Job function: Michigan’s Office of Child Support also has a separate system called Michigan Child Support Enforcement System (MiCSES) that shares with and uses data from the common Enterprise Data Warehouse platform and links to certain data through the warehouse. As one key responsibility, staff try to locate non-custodial parents in order to obtain child support payments. Types of data used: Client information tapped through the state’s data warehouse expands the possible sources of information to locate a non- custodial parent. In addition to various federal and state sources for income and employment information, child support staff are also able to access data on state motor vehicle licenses, hunting and fishing licenses, and police protection or incarceration status. Stated benefits: Workers we interviewed said that the system has helped them expand the ways that they can try to locate a non- custodial parent and do so more efficiently. According to a report from the state’s technology department, the Office of Child Support has been able to recover millions of dollars in child support payments, due in part to data sharing and the state’s data warehouse. [End of Michigan site data] Utah: Department of Workforce Services’ eFind: System Characteristics: System owner or administrator: Utah’s Department of Workforce Services (DWS)—the agency that administers public assistance programs, including TANF, SNAP, Medicaid, and child care assistance programs. System name and description: eFind is a single web application that provides eligibility workers with information from many different sources for the purposes of determining eligibility for a variety of public assistance programs. eFind searches 21 federal, state, and local databases to obtain relevant applicant information, such as changes in address, income, and household composition. Start date: eFind was launched in January 2004 as a result of sanctions received for high payment error rates in the food assistance program. Utah was authorized to reinvest the sanctioned funds to improve the program, which it used in part to build eFind. Goals of the system include: * Improving accuracy and timeliness across all programs by searching alternate systems for pertinent client eligibility information and pulling up all relevant application data at once. * According to officials, the process of checking other data sources to verify eligibility information was reduced from 17 minutes to 3 minutes, allowing staff to manage higher caseloads. Officials also said that the accuracy rates of payments improved with the system. Access to Data from Various Sources: Prior to eFind, eligibility workers had to search multiple systems involving multiple usernames and passwords and search separately for individual family members. eFind streamlined the process greatly by consolidating the various systems and automating searches. In addition, to improve accuracy and speed up processing times, DWS officials told us that they are starting to integrate certain eFind elements into their application system in order to “prepopulate” data fields determined to be highly reliable that do not require worker interpretation (e.g., immigration status information from the Department of Homeland Security). In these cases clients do not need to submit any documentation unless they disagree with the prepopulated information. Utah eFind: [Refer to PDF for image: illustration] DWS eligibility worker logs into a single system to verify eligibility. Examples of types of data shared: Federal: Social Security Administration: * Verification of client Social Security numbers; * Wage data. Internal Revenue Service: * Federal tax return data including earned and unearned income. Food and Nutrition Service Electronic Disqualified Recipient System: * Whether a client has received public benefits in certain programs (including SNAP, TANF, and Medicaid) in another state. State: Unemployment Insurance Division[A]: * Clients receiving unemployment benefits; * Quarterly wage data. Department of Human Services: (Provides foster care, child support and disability services); * Uses portal but does not provide data. Division of Motor Vehicles: * Driver's license and registration information; * Make and model of current vehicle; * Verification of client's address. Office of Recovery Services: * Child support payments; * Third party health insurance payments. Private: Employment Verification Vendors: * Current wage information such as hire date, client's earning per pay period and pay dates. [A] Data exchange is two way and source agencies also use certain data shared through the system. The graphic shows examples of data provided by agencies but does not depict what data each agency receives or how data are used. Source: GAO analysis based on information collected from Utah officials. Note: DWS eligibility workers have full access to the data in eFind. Other users in DWS and other departments have varying access to the data in the system based on data sharing agreements. [End of figure] System Users: Users of the system include eligibility workers from several different agencies both internal to DWS and outside of the agency. External agency users (as well as some DWS staff who do not have full access to eFind) access certain data elements in eFind to determine eligibility for their own programs. Access is determined by data sharing agreements that stipulate how the source data can be shared with other agencies. For instance, users from the state’s Board of Education access certain data elements in the system to determine which students are eligible for free or reduced lunch. Users of the system include: Inside DWS: * Eligibility Services Division; * Unemployment Insurance Division; * Case managers for assistance programs, such as TANF. Outside of DWS: * Department of Community Housing; * Board of Education; * Department of Health; * Department of Human Services (includes child welfare); * Office of Recovery Services. Example of Data Sharing Use: DWS Eligibility Caseworker: Job function: DWS eligibility workers must access multiple data sources through eFind to verify information on a client’s benefit application. People seeking benefits, such as SNAP, Medicaid, TANF, or child care assistance often submit applications online, which may include incomplete information. Type of data used: Eligibility workers access links to: vital records, including birth certificates or death records, from the Department of Vital Statistics; real-time wage information captured by private vendors; car registration and lien information from the state Division of Motor Vehicles; and possible sources of other income, including child support payments or income as a child care provider. Stated benefits: Eligibility workers and officials we interviewed said that the system has helped to: * Reduce the amount of documentation the client must submit. For example, clients may not have to submit pay stubs if eFind has timely wage and employment information. * Make the eligibility verification process more uniform and user friendly. It has consolidated data from disconnected systems to provide useful eligibility information. For example, a worker is able to assess a client’s assets by looking to see if he or she has a registered vehicle, the value of that vehicle, and the likelihood that the vehicle is actually the client’s based on other demographic information, in one screen. * Reduce the chance of improper payments because eligibility verification using external data sources is easier and more automated. With eFind and DWS’s more recent move to “prepopulate” applications with externally validated data, there is less need to rely on self- reported information from the client and fewer chances for staff to make manual transcription errors. Example of Data Sharing Use: Other program eligibility workers: Job function: Other department eligibility workers outside of DWS are allowed to access custom views on eFind to perform their job functions – called ‘eSHARE’ when viewed by other departments. For instance, program directors we interviewed from the Low-Income Home Energy Assistance Program told us that they have access to certain elements in eFind to assist in determining eligibility for energy assistance programs. Types of data used: Workers are able to access customized views to verify certain client identification information (e.g., date of birth, citizenship and income information such as quarterly wages and unemployment payments). Stated benefits: * Energy assistance program officials we interviewed told us that eSHARE was more automated and consolidated than the prior eligibility system they used, which made the work easier for their eligibility workers. * DWS program officials said that providing custom access to their eligibility system through eSHARE reduces the amount of time DWS workers spend responding to outside data requests from other departments. [End of Utah site data] Allegheny County, PA: Department of Human Services’ Data Warehouse: System Characteristics: System owner or administrator: Allegheny County’s Department of Human Services (DHS). System name and description: DHS operates a data warehouse that is a central repository of human service and other client data. The warehouse allows DHS to electronically track demographic and service data for each of its clients across multiple program offices. The warehouse draws from existing program case management systems that serve specific populations (e.g., child welfare, mental health) to compile the information centrally. Start date: DHS launched the data warehouse in 2001, consolidating a few of its own internal data systems, such as those for behavioral health and homeless services. It then expanded over time to include other data sources, including the state’s Department of Public Welfare. Goals of the system include: * Improving services to clients. * Improving the ability of workers to perform their jobs. * Improving the ability to manage and administer DHS programs and operations. Officials said the system has helped with coordinating services for clients because workers have a better understanding of families with multiple needs across multiple programs. Access to Data from Various Sources: Over the years, DHS’s data warehouse has expanded to include various other data sources, including those from other state and local government departments. Most recently it formulated an agreement with Pittsburgh Public Schools to include certain student data in its warehouse. According to officials, as of November 2012, more than 15 million client records were stored in the data warehouse. Information stored and exchanged include client demographics (e.g., name, SSN, date of birth, address), services received by clients and family members (current and historic) and provider information (e.g., name, location, type of providers, and cost of treatment). Through negotiations between officials and, in certain cases, specific data sharing agreements, agencies determine exactly what data will be provided to the warehouse and how they will be used. Agencies may act as contributors to the warehouse, users, or both. [Refer to PDF for image: illustration] Allegheny County Data Warehouse: Examples of types of data shared: All sources include client demographics, service history, provider information, and cost. Allegheny County DHS data sources: Child Welfare[A]: * Children in protective custody; * Family services received by the family or household members; * Family court activity. Behavioral Health and Intellectual Disability[A]: * Clients receiving mental health and substance abuse services, and information about these services for county and Medicaid funded programs; * Clients with intellectual disabilities receiving support services. Aging Services: * Senior clients receiving nursing home prevention, senior center services, or elder care. Community Services[A]: * Clients receiving rental or homeless assistance; * Clients receiving jail reentry support; * Clients receiving Head Start or family support center services. Outside DHS: Public Schools[A]: * Student directory information; * Performance and attendance information for certain students; * Four districts: Pittsburgh, Clairton, Woodland Hills, Elizabeth Forward. State and local correction agencies: * Incarceration history of clients; * Current status of release or sentencing for a client. City and County government housing authorities: * Clients currently receiving low income housing assistance. Pennsylvania Department of Public Works: * Recipients of TANF, SNAP or Social Security Disability Insurance. [A] Data exchange is two way and source agencies also use certain data shared through the system. The graphic shows examples of data provided by agencies but does not depict what data each agency receives or how data are used. Source: GAO analysis based on information collected from Allegheny County officials. Note: GAO did not evaluate this system for compliance with any applicable laws or regulations. [End of figure] System Users: According to officials, many of the government entities that provide data into the warehouse also benefit from access to the data for routine staff work. Access to the data by staff occurs at several levels, ranging from de-identified and aggregated data to direct access to client level records. In general, officials said that DHS’ program office staff (Child Welfare, Behavioral Health) have access to more detailed client-level data, while entities outside DHS (including the public schools and jails) access aggregate data for planning purposes, or more specific client-level data upon request. Example of Data Sharing Use: Child Welfare Intake Worker: Job function: When responding to a call regarding potential maltreatment, a child protective services (CPS) intake worker may look up information on a person, child, or family in the data warehouse system. Type of data used: According to officials, the data warehouse has increased the amount of client-level information intake workers have at their disposal. This information can help them identify whether the reported person or another member of the family or household receives other government services, such as behavioral health, or has a criminal history. Intake workers are able to access demographic information collected by other departments, such as the state Department of Public Welfare that administers the TANF and SNAP programs. Such information may include the exact address or alternative addresses or names and information on other household members, relatives, or noncustodial parents. Stated benefits: Intake workers we interviewed said that the system has helped to: * Speed up their ability to get information on a family when limited or inaccurate information is provided at intake, including the location of reported maltreatment or the full name of the reported person. * Probe in their questioning with a client who may not always be forthcoming. * Manage their time, such as by knowing who else is living in the house and who they need to interview before conducting a home visit. * Ensure their own safety because they have better background information on household members before making the home visit (e.g., information on criminal history or mental health status of household members). * Search for and contact potential relative caregivers. Example of Data Sharing Use: Behavioral Health Caseworker: Job function/process: When dealing with new or returning clients, frontline workers in homeless shelters or substance abuse treatment centers look up client information stored in the data warehouse. Types of data used: Caseworkers are able to access a client history and current service involvement, including provider claims data. Community health care providers can obtain background information on a patient (e.g., number of therapy sessions or psychiatric evaluations performed). Stated benefits: Caseworkers we interviewed said that the system helped them to: * Conduct coordinated screenings, referrals, and service plans across multiple programs serving the same client. * Know what services have been provided when, which reduces the possibility of providing duplicative services. * Make faster connections between program offices with less effort. [End of Allegheny County site data] New York City: Worker Connect: System Characteristics: System owner or administrator: New York City Office of the Deputy Mayor for Health and Human Services and Partner Agencies. System name and description: Worker Connect is a read-only web-based portal that enables users to view limited data from other city departments’ systems. Worker Connect is one part of a larger city initiative called HHS Connect, which is aimed at improving the city’s delivery of health and human services through enhanced technology. Workers with access to Worker Connect view data through a common portal. Data ownership is maintained by the source agencies and data that is shared is not copied or stored in another system. Start date: Worker Connect began in 2010 and currently has approximately 6,800 authorized city users across 34 different user groups. Goals of the system include: * Giving workers real-time access to data across programs that can help them make more informed case management decisions, better identify client needs, and provide more integrated service delivery. * Reducing clients’ and workers’ time to process cases and provide or collect documents. Access to Data from Various Sources: Worker Connect links data on a single individual, family, or household across city agencies and programs. This is done by matching client records from different source systems based on select demographic data (e.g., name, address, SSN, date of birth, or gender). Based on agreements between agencies, certain specified workers have access to certain client data, such as household composition, services provided by other agencies, or client case status. The system is able to provide customized views of information, down to what data elements are shown on a single screen for one worker versus another. The graphic below identifies the source agencies and how information is shared. New York City: Worker Connect: [Refer to PDF for image: illustration] Examples of types of data shared: Workers can only see client information relevant to their job function. Worker A: Worker B: Worker C: Worker Connect Portal to read only data sharing system. Administration for Children's Services[A]: (Child welfare, protective services): * Family demographic information (address, date of birth, full name); * Number of families currently receiving subsidized child care. Health and Hospitals Corporation: (Provides medical, mental health and substance abuse services): * Uses portal but does not provide data, Department of Homeless Services[A]: * Families and singles in the city's shelters; * Families and singles diverted from homelessness. City Housing Authority: * Residents currently in city housing. Department of Finance[A]: * Clients enrolled in the senior rent increase exemption program. Human Resources Administration: * Status of client's public assistance application; * Amount of a family's cash assistance benefits; * Copies of documents provided by client (e.g., birth certificates, pay stubs, utility bills). [A] Data exchange is two way and source agencies also use certain data shared through the system. The graphic shows examples of data provided by agencies but does not depict what data each agency receives or how data are used. Source: GAO analysis based on information collected from New York City officials. [End of figure] Many of the agencies that provide data also have staff who are users of Worker Connect. According to officials, some of the agencies that use Worker Connect include: * Administration for Children’s Services (child welfare, child protective services). * Department of Juvenile Justice. * Department for the Aging. * Department of Health and Mental Hygiene. * Department of Correction. * Department of Probation. * Health and Hospitals Corporation (provides medical, mental health and substance abuse services). * Human Resources Administration (public assistance agency). * Department of Homeless Services. * Department of Finance. According to officials, the largest groups of users are child protective service workers. Example of Data Sharing Use: Department of Homeless Services’ Intake Worker: Job function: When homeless clients arrive at intake facilities, they are often in crisis and do not have the necessary documentation to process their application. Intake workers often have to obtain documents they are unable to retrieve from the client, or help clients identify other housing resources that may be available to them, such as low income housing programs. Type of data used: Intake workers have access to sources of information, such as previous shelter placements and dates, work history, pay stubs, leases, and other basic demographic information, such as prior addresses, birth certificates, and names of family members. Stated benefits: Officials we interviewed said that the system has helped their intake workers: * Save time on interviews and processing of applications. With information from Worker Connect, intake workers are able to process a client with one interview instead of two and in fewer minutes. Given the high volume of clients, the time savings add up to a significant amount time saved. * Expedite placements and meet the city’s established 10 day mandatory decision for homeless cases. * Allowed intake workers to spend more time on coordination of care. Example of Data Sharing Use: Health and Hospital Corporation (HHC) Financial Counselors: Job function: HHC financial counselors often work with patients visiting the corporation’s facilities (e.g., hospitals, acute care facilities) that come in without any proof of identification, residence, or citizenship. Counselors must work with them to determine if they are eligible for Medicaid or other health insurance programs. Types of data used: Counselors are able to access basic information through Worker Connect like the most recent address, birth date, previous Medicaid status, and family composition. Stated benefits: Officials we interviewed said that the system has helped their workers: * Save time that they would otherwise spend with the client or with other agencies tracking down information (e.g., obtaining a birth certificate or determining Medicaid status). * Better serve a transient population that often has behavioral health issues and precarious housing situations. Clients do not always have needed documentation on them, nor are they always able to clearly describe their history or situation. [End of New York City site data] [End of section] Appendix II: Scope and Methodology: To address the objectives of this study, we used a variety of methods. Specifically, we: * Conducted four site visits to state or local human services agencies that were repeatedly identified during our exploratory research and interviews as having promising data sharing efforts; * Conducted "Delphi method" surveys of stakeholders from state and local human services agencies, information technology providers, and research and advocacy organizations; and: * Conducted interviews with federal agencies; reviewed relevant federal laws, regulations, and policy guidance; and reviewed information related to federal initiatives to support data sharing. [Footnote 34] Site visits: To gather information on how selected sites share data to improve the administration of human services programs, we conducted site visits to four state or local human services agencies repeatedly identified as sharing data in promising ways: Allegheny County, Pennsylvania; Michigan; New York City; and Utah. To identify potential promising examples, we relied on recommendations from external parties, including federal agencies and key national associations knowledgeable about these issues, as well as published research and articles. We then gathered initial information on the data sharing efforts of approximately 10 sites that were mentioned repeatedly, including through preliminary phone interviews with state or local officials, and a preliminary visit to Montgomery County, Maryland. Ultimately, we selected four sites to obtain a mix of functional areas (e.g., whether data sharing was used to improve eligibility verification or case management processes) and targeted populations and programs. Secondarily, we selected sites for a mix of state and local level agencies and geographic location. For each site, we gathered in-depth information on key data sharing initiatives, goals of increased data sharing, target populations and programs, organizational structure of data sharing (such as which agencies are involved and "own" the data), and anecdotal information on outcomes.[Footnote 35] During our site visits, we spoke with relevant program and policy officials, including program administrators, information technology officials, and attorneys. At each site, we also spoke with frontline staff to help us obtain concrete examples of data sharing related to day-to-day work of eligibility determination and case management. We also observed demonstrations of computer systems. On two visits, we also spoke with organizations representing service providers or community groups. On the basis of our site visit information, we cannot generalize our findings beyond the states or localities we visited. Information we gathered on our site visits represents only the conditions present in the states and local areas at the time of our site visits. Delphi Survey: To gather the opinions of stakeholders on challenges faced by state and local human services agencies in balancing data sharing and privacy, and federal actions to address these challenges, we employed a modified version of the Delphi method, which follows a structured process for collecting and distilling knowledge from a group through a series of questionnaires. For our purposes, we employed two iterative surveys. We selected stakeholders to cover a broad range of perspectives and sectors, including: (1) state and local human service agency officials in program administration, technology, and legal positions as well as associations representing these agencies;[Footnote 36] (2) private and non-profit sector information technology providers; and (3) representatives from advocacy and research organizations. For a list of the names and organizations of stakeholders who responded to our surveys, see appendix IV. Through preliminary interviews and background research, we identified approximately 30 potential stakeholders to participate in our survey as a starting point. We then vetted our initial list of potential respondents with representatives from the American Public Human Services Association (APHSA) and the Collaborative Forum, a group established by the Office of Management and Budget (OMB) that draws on federal, state, and other stakeholder expertise to help develop pilot projects to improve how states administer federally-funded assistance programs. Then, using the snowball approach, we contacted our initial list of respondents to explain our research, inquire about their interest in participating in our survey, and ask for the names of other potential respondents who may have expertise in this area. This allowed us to both expand our initial list of potential respondents and to validate the relevance of the respondents we had already identified. We originally invited 42 stakeholders to participate in our survey, with participation from each of the sectors we identified above. We later determined that two of the 42 stakeholders were out of scope because they told us they were not in a position to answer our questions; therefore, we did not include them in the surveys which were sent to 40 stakeholders. Our survey was not intended to be representative of a wider population, but rather to solicit a broad range of expertise. We first surveyed the stakeholders with open-ended questions and asked them to identify challenges that state and local agencies face balancing increased data sharing with the need to protect personal information, actions that the federal government could take to address challenges, and current relevant federal initiatives. We received completed surveys from 35 of the 40 stakeholders for a response rate of 88 percent. This survey was administered from May 14, 2012, to June 15, 2012. Based on the 35 completed surveys, we performed a content analysis to identify key themes. Two analysts independently reviewed and coded survey responses and reached consensus on a group of key challenges and federal actions. When providing illustrative examples using stakeholders' views throughout this report, we defined modifiers (e.g., "several") to quantify stakeholders' views as follows: * "Most" stakeholders represents more than 25; * "A majority" of stakeholders represents 18-25; * "Many" stakeholders represents 10-17; * "Several" stakeholders represents 4-9; * "A few" stakeholders represents 2-3. The open-ended comments from the first survey were the basis for our second survey of stakeholders, which asked them to rate items in terms of the level of challenge they presented for state and local agencies (on 5-point scale from "extreme challenge" to "not a challenge") and the degree of usefulness of potential federal actions (on a 5-point scale from "extremely useful" to "not at all useful"). In addition, we asked a limited number of open-ended questions to collect more information on specific challenges and actions. We sent this survey to the same 40 stakeholders and received completed surveys from 35 for a response rate of 88 percent. The second survey was administered from July 23, 2012, to August 27, 2012. For the full results of the second survey, see appendix III. Both surveys were web-based. For both rounds, we sent stakeholders an email invitation to complete the survey on a GAO web server using a unique username and password. Nonrespondents received reminder emails asking them to complete the survey. Because the two surveys were not sample surveys, but rather surveys of the universe of respondents we identified, they have no sampling errors. However, the practical difficulties of conducting any survey may introduce nonsampling errors, such as difficulties interpreting a particular question, which can introduce unwanted variability into the survey results. We took steps to minimize nonsampling errors by pretesting the first questionnaire with two stakeholders in May 2012 and the second questionnaire with three stakeholders in July 2012. We conducted pretests to make sure that the questions were clear and unbiased and that the questionnaire did not place an undue burden on respondents. An independent reviewer within GAO also reviewed a draft of both questionnaires prior to their administration to ensure questions were understandable to a cold reader. We made appropriate revisions to the content and format of the questionnaires after the pretests and independent reviews. [End of section] Appendix III: Delphi Survey Results: Using the Delphi method, we distributed two surveys to 40 individuals from state and local human services agencies, IT providers, and research and advocacy organizations to determine their views on challenges that state and local agencies face in balancing increased data sharing with the need to protect personal information, and the actions that the federal government could take to address these challenges. For both surveys, we received completed responses from 35 of 40 individuals, for a response rate of 88 percent. Tables 7-11 below show responses to questions from the second survey; these questions were developed based on our analysis of stakeholders' responses to the first survey, which asked open-ended questions about relevant challenges and potential actions. For more information about our survey methodology, see appendix II. Table 7: Challenges Identified by Stakeholders Related to Federal Privacy Requirements (Including Federal Laws, Regulations, and Other Requirements): Question: In your opinion, how much of a challenge is each of the following items for state and local human services agencies as they balance the need to protect personal information while increasing the use of data sharing?. Responses: Confusion or misperceptions around what agencies are or are not allowed to share; Extreme challenge: 17; Great challenge: 15; Moderate challenge: 1; Somewhat of a challenge: 0; Not a challenge: 0; Not applicable/don't know: 2; Total responses: 35. Agencies may be overly cautious and interpret federal privacy requirements more narrowly than necessary; Extreme challenge: 17; Great challenge: 12; Moderate challenge: 3; Somewhat of a challenge: 2; Not a challenge: 0; Not applicable/don't know: 1; Total responses: 35. Federal privacy requirements that govern data sharing are inconsistent across multiple programs; Extreme challenge: 12; Great challenge: 12; Moderate challenge: 10; Somewhat of a challenge: 0; Not a challenge: 0; Not applicable/don't know: 1; Total responses: 35. Agencies are not always sure when client consent is required to share data; Extreme challenge: 7; Great challenge: 13; Moderate challenge: 5; Somewhat of a challenge: 5; Not a challenge: 2; Not applicable/don't know: 3; Total responses: 35. Federal privacy requirements about sharing data with third parties (e.g., non-profit service providers) are overly restrictive; Extreme challenge: 7; Great challenge: 11; Moderate challenge: 6; Somewhat of a challenge: 7; Not a challenge: 1; Not applicable/don't know: 3; Total responses: 35. Security standards for sharing and storing data are inconsistent; Extreme challenge: 7; Great challenge: 8; Moderate challenge: 10; Somewhat of a challenge: 4; Not a challenge: 0; Not applicable/don't know: 5; Total responses: 34. Source: GAO analysis of responses from the second of two surveys to the same group of stakeholders. Note: Totals may not add to 35 because not all respondents answered every question. [End of table] Table 8: Organizational and Implementation Challenges Identified by Stakeholders: Question: In your opinion, how much of a challenge is each of the following items for state and local human services agencies as they balance the need to protect personal information while increasing the use of data sharing?. Responses: Agencies may not trust that other agencies will sufficiently protect shared data; Extreme challenge: 7; Great challenge: 11; Moderate challenge: 13; Somewhat of a challenge: 1; Not a challenge: 0; Not applicable/don't know: 2; Total responses: 34. Agencies may not always be aware of the capacity of technology to protect personal information; Extreme challenge: 7; Great challenge: 13; Moderate challenge: 11; Somewhat of a challenge: 1; Not a challenge: 1; Not applicable/don't know: 1; Total responses: 34. Data sharing agreements between agencies are cumbersome to establish; Extreme challenge: 8; Great challenge: 13; Moderate challenge: 9; Somewhat of a challenge: 2; Not a challenge: 1; Not applicable/don't know: 1; Total responses: 34. Agencies tend to adopt data sharing agreements that are too specific and do not allow for flexibility; Extreme challenge: 5; Great challenge: 10; Moderate challenge: 8; Somewhat of a challenge: 7; Not a challenge: 1; Not applicable/don't know: 3; Total responses: 34. Public perception regarding sharing personal information deters agencies from sharing data; Extreme challenge: 3; Great challenge: 11; Moderate challenge: 10; Somewhat of a challenge: 5; Not a challenge: 4; Not applicable/don't know: 1; Total responses: 34. Agencies are hesitant to use clients' Social Security numbers to match data across systems; Extreme challenge: 5; Great challenge: 8; Moderate challenge: 10; Somewhat of a challenge: 2; Not a challenge: 6; Not applicable/don't know: 4; Total responses: 35. Past practice has created a mindset or culture that agencies should not share data; Extreme challenge: 9; Great challenge: 11; Moderate challenge: 9; Somewhat of a challenge: 5; Not a challenge: 0; Not applicable/don't know: 1; Total responses: 35. Agencies do not provide sufficient training to workers on allowable sharing; Extreme challenge: 9; Great challenge: 11; Moderate challenge: 9; Somewhat of a challenge: 3; Not a challenge: 0; Not applicable/don't know: 3; Total responses: 35. Agencies are concerned about the accuracy of data from other agencies; Extreme challenge: 5; Great challenge: 6; Moderate challenge: 14; Somewhat of a challenge: 6; Not a challenge: 1; Not applicable/don't know: 2; Total responses: 34. Agencies have outdated technology systems that are unable to share data securely; Extreme challenge: 16; Great challenge: 7; Moderate challenge: 5; Somewhat of a challenge: 4; Not a challenge: 2; Not applicable/don't know: 1; Total responses: 35. Source: GAO analysis of responses from the second of two surveys to the same group of stakeholders. Note: Totals may not add to 35 because not all respondents answered every question. [End of table] Table 9: Challenges Related to Income/Wage Data Sources: Question: In your opinion, how much of a challenge is each of the following items for state and local human services agencies as they balance the need to protect personal information while increasing the use of data sharing?. Responses: Existing data sources of income and wage information are not sufficiently timely; Extreme challenge: 8; Great challenge: 8; Moderate challenge: 7; Somewhat of a challenge: 2; Not a challenge: 0; Not applicable/don't know: 10; Total responses: 35. Agencies do not have sufficient access to existing federal data sources of income and wage information; Extreme challenge: 6; Great challenge: 6; Moderate challenge: 9; Somewhat of a challenge: 2; Not a challenge: 0; Not applicable/don't know: 12; Total responses: 35. Agencies do not have sufficient access to other states' income and wage information; Extreme challenge: 4; Great challenge: 8; Moderate challenge: 7; Somewhat of a challenge: 3; Not a challenge: 1; Not applicable/don't know: 12; Total responses: 35. Source: GAO analysis of responses from the second of two surveys to the same group of stakeholders. [End of table] Table 10: Potential Federal Agency Actions Suggested by Stakeholders to Address Challenges: Guidance and Models: Question: In your opinion, how useful would each of the following actions be if taken by federal agencies to address challenges that state and local human services agencies face in balancing the need to protect personal information while increasing the use of data sharing?. Responses: Provide coordinated multi-agency guidance that clarifies what data sharing is permissible; Extremely useful: 30; Very useful: 2; Moderately useful: 2; Somewhat useful: 1; Not at all useful: 0; Not applicable/don't know: 0; Total responses: 35. Provide guidance from individual federal agencies that clarifies what data sharing is permissible for the program the agency administers; Extremely useful: 21; Very useful: 9; Moderately useful: 2; Somewhat useful: 3; Not at all useful: 0; Not applicable/don't know: 0; Total responses: 35. Develop a model or provide existing examples of data sharing agreements that comply with federal privacy requirements; Extremely useful: 27; Very useful: 5; Moderately useful: 3; Somewhat useful: 0; Not at all useful: 0; Not applicable/don't know: 0; Total responses: 35. Develop model or provide existing examples of informed consent language (including possibilities for "opt out" provisions) that complies with federal privacy requirements; Extremely useful: 23; Very useful: 9; Moderately useful: 2; Somewhat useful: 1; Not at all useful: 0; Not applicable/don't know: 0; Total responses: 35. Identify and publicize examples of state and local agencies that have successfully addressed privacy-related challenges to data sharing; Extremely useful: 19; Very useful: 9; Moderately useful: 5; Somewhat useful: 2; Not at all useful: 0; Not applicable/don't know: 0; Total responses: 35. Communicate that the federal agency views data sharing as beneficial to the administration of human services programs; Extremely useful: 20; Very useful: 8; Moderately useful: 2; Somewhat useful: 4; Not at all useful: 0; Not applicable/don't know: 1; Total responses: 35. Provide technical assistance and training on relevant federal privacy requirements; Extremely useful: 14; Very useful: 13; Moderately useful: 7; Somewhat useful: 0; Not at all useful: 0; Not applicable/don't know: 1; Total responses: 35. Continue or increase the provision of funds for pilots and demonstration projects for data sharing, including those that address privacy-related challenges; Extremely useful: 23; Very useful: 9; Moderately useful: 3; Somewhat useful: 0; Not at all useful: 0; Not applicable/don't know: 0; Total responses: 35. Source: GAO analysis of responses from the second of two surveys to the same group of stakeholders. [End of table] Table 11: Potential Federal Agency Actions Suggested by Stakeholders to Address Challenges: Federal Requirements: Question: In your opinion, how useful would each of the following actions be if taken by federal agencies to address challenges that state and local human services agencies face in balancing the need to protect personal information while increasing the use of data sharing?. Responses: Identify statutory limits to data sharing that Congress should consider changing; Extremely useful: 16; Very useful: 11; Moderately useful: 4; Somewhat useful: 1; Not at all useful: 1; Not applicable/don't know: 1; Total responses: 34. Review and harmonize non-statutory requirements to ensure more standardized privacy rules for data sharing across human services programs and agencies; Extremely useful: 22; Very useful: 10; Moderately useful: 1; Somewhat useful: 2; Not at all useful: 0; Not applicable/don't know: 0; Total responses: 35. Review non-statutory privacy requirements across human services programs to ensure rules are appropriate for current available technologies; Extremely useful: 20; Very useful: 12; Moderately useful: 2; Somewhat useful: 1; Not at all useful: 0; Not applicable/don't know: 0; Total responses: 35. Revise the Family Educational Rights and Privacy Act (FERPA) to ensure child welfare agencies have access to education records (or recommend congressional action if necessary); Extremely useful: 25; Very useful: 4; Moderately useful: 1; Somewhat useful: 1; Not at all useful: 0; Not applicable/don't know: 4; Total responses: 35. Create consistent standards for data security across programs and agencies; Extremely useful: 22; Very useful: 6; Moderately useful: 5; Somewhat useful: 1; Not at all useful: 0; Not applicable/don't know: 0; Total responses: 34. Explore ways to expand access to federal sources of income and wage information; Extremely useful: 15; Very useful: 6; Moderately useful: 5; Somewhat useful: 1; Not at all useful: 1; Not applicable/don't know: 7; Total responses: 35. Source: GAO analysis of responses from the second of two surveys to the same group of stakeholders. Note: Totals may not add to 35 because not all respondents answered every question. [End of table] [End of section] Appendix IV: Delphi Survey Respondents: We asked 40 individuals from state and local human services agencies, IT providers, and research and advocacy organizations to complete two surveys about privacy and data sharing. For more information on our survey and selection methodologies, see appendix II. The following table lists the individuals from whom we received completed survey responses. Table 12: List of Individuals That Completed Survey Responses: Andrew Stettner: Seedco. Barbara Needell: University of California-Berkeley Center for Social Services Research. Beth Morrow: The Children's Partnership. Brenna Isman: National Academy of Public Administration. Carolyn Daffron: Solutions for Progress, Inc. Charles Simon: Case Commons, Inc. Cheryl Smithgall: Chapin Hall at the University of Chicago. Claudia Page: Social Interest Solutions. David Hansell: KPMG LLP. Dennis Culhane: University of Pennsylvania. Deven McGraw: Center for Democracy & Technology. Donna Younkin: New Jersey Department of Children and Families. Doug Robinson: National Association of State Chief Information Officers. Elizabeth Lower-Basch: Center for Law and Social Policy. Emily Putnam-Hornstein: University of Southern California. Ginger Zielinskie: Benefits Data Trust. Jerry Friedman: Accenture Human Services. Jim Jones: Sellers Dorsey. Jody Becker-Green: Washington Department of Social and Health Services. John Petraborg: Hewlett Packard. John Petrila: University of South Florida. Larry Bolton: California Department of Social Services. Larry Goolsby: American Public Human Services Association. Laurie O'Connor: Montgomery County (PA) Office of Children and Youth. Maura McInerney: Education Law Center. Matt Salo: National Association of Medicaid Directors. Patricia Martin: Circuit Court of Cook County (IL). Rebecca Gudeman: National Center for Youth Law. Richard Gold: Stewards of Change. Stan Dorn: Urban Institute. Steve Aragón: Texas Health & Human Services Commission. Sundhar Sekhar: Deloitte Consulting LLP. Susan Kinnevy: Philadelphia Department of Human Services. Tim Day: Teredata Corporation. Uma Ahluwalia: Montgomery County (MD) Department of Health & Human Services. Will Sanson: California Administrative Office of the Courts. William Travis, Jr.: New York State Office of Children and Family Services. Source: GAO. [End of table] [End of section] Appendix V: Comments from the Department of Health and Human Services: Department of Health & Human Services: Office of The Secretary: Assistant Secretary for Legislation: Washington, DC 20201: December 20, 2012: Kay E. Brown: Director, Health Care: U.S. Government Accountability Office: 441 G Street NW: Washington, DC 20548: Dear Ms. Brown: Attached are comments on the U.S. Government Accountability Office's (GAO) report entitled, "Human Services: Sustained and Coordinated Efforts Could Facilities Data Sharing While Protecting Privacy" (GA0- 13-106). The Department appreciates the opportunity to review this report prior to publication. Sincerely, Signed by: Jim R. Esquea: Assistant Secretary for Legislation: Attachment: General Comments Of The Department Of Health And Human Services (HHS) On The Government Accountability Office's (GAO) Draft Report Entitled, "Sustained And Coordinated Efforts Could Facilitate Data Sharing While Protecting Privacy" (GAO-13106): The Department appreciates the opportunity to review and comment on this draft report. GAO Recommendation: To ensure that state and local human services agencies have additional information to help facilitate useful data sharing, we recommend that the Secretary of HHS ensure timely completion of the department's planned activities to clarify what data sharing is permissible under federal privacy requirements and consider other ways to bolster the efficacy of its efforts. For example, HHS could develop a strategy for the effective dissemination of its Confidentiality Toolkit and consider ways to solicit and incorporate feedback on the information's usefulness from a range of users. HHS Response: HHS concurs with GAO's recommendation and is in the process of refining the Confidentiality Toolkit. Once that process is completed, we will engage interested stakeholders in providing feedback on the Toolkit's usefulness. Based on their recommendations, further refinement may be made and then it will be disseminated to state and local human service agencies. [End of section] Appendix VI: GAO Contacts and Staff Acknowledgments: GAO Contact: Kay E. Brown, (202) 512-7215 or brownke@gao.gov: Staff Acknowledgments: In addition to the contact named above, Gale Harris, Theresa Lo, Michael Pahr, and Vernette Shaw made significant contributions to all aspects of this report. Also contributing to this report were David Chrisinger, Sarah Cornetto, Jean McSween, Mimi Nguyen, Nhi Nguyen, and Almeta Spencer. [End of section] Footnotes: [1] We have reported on other challenges to data sharing; see for example GAO, Human Services Integration: Results of a GAO Cosponsored Conference on Modernizing Information Systems, [hyperlink, http://www.gao.gov/products/GAO-02-121] (Washington, D.C.: Jan. 31, 2002). Also see GAO, Means-Tested Programs: Determining Financial Eligibility Is Cumbersome and Can Be Simplified, [hyperlink, http://www.gao.gov/products/GAO-02-58] (Washington, D.C., Nov. 2, 2001) for information on challenges involved in improving the administration of human services programs. [2] The term "privacy" has multiple definitions, and in some circumstances, certain aspects of privacy may be specifically defined in statutes or regulations. For purposes of this report, we are using the term broadly to refer to the appropriate protection of personal information that is individually identifiable, which may involve restrictions on who may access the information and for what purposes. This definition includes information that is considered confidential under program statutes. [3] Pub. L. No. 93-579, 88 Stat. 1896 (1974), codified as amended at 5 U.S.C. § 552a. [4] Pub. L. No. 104-191, §§ 262, 264, 110 Stat. 1936, 2021-30 (1996), codified as amended at 42 U.S.C. §§ 1320d to 1320d-9; and Pub. L. No. 93-380, § 513, 88 Stat. 484, 571 (1974), codified as amended at 20 U.S.C. § 1232g. [5] Although we solicited feedback from state and local officials on the challenges and benefits they experienced, we did not independently evaluate these efforts. [6] Officials selected in this sector were not from any of our four sites. [7] The Delphi method follows a structured process for collecting and distilling knowledge from a group through a series of questionnaires. For our purposes, we employed two iterative web-based surveys. [8] We also vetted our initial list of stakeholders with key representatives from the American Public Human Services Association and the Collaborative Forum, a group established by the Office of Management and Budget (OMB) that draws on federal, state, and other stakeholder expertise to help develop pilot projects to improve how states administer federally-funded assistance programs. [9] Specific processes of applying for human services may differ across states and programs. [10] GAO has reported in prior work that human services programs, which can suffer from siloed and inefficient service delivery, could benefit from greater data sharing. For example, see Human Services Programs: Opportunities to Reduce Inefficiencies, [hyperlink, http://www.gao.gov/products/GAO-11-531T], (Washington, D.C.: April 5, 2011) and GAO, Benefit and Loan Programs: Improved Data Sharing Could Enhance Program Integrity, [hyperlink, http://www.gao.gov/products/GAO/HEHS-00-119] (Washington, D.C.: Sept. 13, 2000). [11] GAO, Child Care and Development Fund: Undercover Tests Show Five State Programs Are Vulnerable to Fraud and Abuse, [hyperlink, http://www.gao.gov/products/GAO-10-1062] (Washington, D.C.: Sept. 22, 2010). [12] Improper payments include, for example, overpayments and underpayments. For the statutory definition of improper payment, see 31 U.S.C. § 3321 note. The Improper Payments Information Act of 2002 requires executive branch agencies to annually identify programs and activities susceptible to significant improper payments, estimate the amount of improper payments for such programs and activities, and report these estimates along with actions taken to reduce them. Pub. L. No. 107-300, 116 Stat. 2350 (2002). The Improper Payments Elimination and Recovery Act of 2010 and the Improper Payments Elimination and Recovery Improvement Act of 2012 expanded these and other requirements for identifying and recovering overpayments across a broad range of federal programs. Pub. L. No. 111-204, 124 Stat. 2224 (2010), Pub. L. No. 112-248, 126 Stat. 2390 (2013). For an example of recent GAO work in this area, see GAO, Improper Payments: Remaining Challenges and Strategies for Governmentwide Reduction Efforts, [hyperlink, http://www.gao.gov/products/GAO-12-573T] (Washington, D.C.: March 28, 2012). [13] For example, see Jane Waldfogel, "Reforming Child Protective Services," Child Welfare, vol. 79 no. 1 (Jan/Feb. 2000) and HHS, A Coordinated Response to Child Abuse and Neglect: The Foundation for Practice (Washington, D.C.: 2003). [14] The wrongful disclosure or use of personal information could result in substantial harm, embarrassment, and inconvenience to individuals. GAO has reported on the importance of establishing proper privacy protections and security controls for personal information. For example, see GAO, Information Security: Protecting Personally Identifiable Information, [hyperlink, http://www.gao.gov/products/GAO-08-343], (Washington, D.C.: Jan. 5, 2008). [15] 42 U.S.C. § 602(a)(1)(A)(iv). See also 45 C.F.R. § 205.50. [16] 42 U.S.C. §§ 654(26), 654a(f)(3). See also 45 C.F.R. §§ 303.21, 307.11(f), 307.13. [17] We have previously reported that SSNs can be useful tools to enhance program integrity through data matching. However, government agencies need to take steps to prevent the improper disclosure of SSNs, including limiting the use and display of SSNs in public records as they are a key piece of information that can be used to perpetuate identity theft. GAO's prior work has examined the collection, display, and protection of SSNs in public and private records. For example, see GAO, Social Security Numbers: Use Is Widespread and Protection Could Be Improved, [hyperlink, http://www.gao.gov/products/GAO-07-1023T] (Washington, D.C.: June 21, 2007). [18] We did not conduct any independent legal analysis of the data sharing systems developed by our selected sites. [19] For example, see GAO, Improper Payments: Moving Forward with Governmentwide Strategies, [hyperlink, http://www.gao.gov/products/GAO-12-405T] (Washington, D.C.: Feb. 7, 2012); Child Care and Development Fund: Undercover Tests Show Five State Programs Are Vulnerable to Fraud and Abuse, [hyperlink, http://www.gao.gov/products/GAO-10-1062] (Washington, D.C.: Sept. 22, 2010); and Benefit and Loan Programs: Improved Data Sharing Could Enhance Program Integrity, [hyperlink, http://www.gao.gov/products/GAO-00-119] (Washington, D.C.: Sept. 13, 2000). [20] Under the SNAP program, USDA is required to impose financial sanctions on states with high error rates, but is authorized to take alternative actions, including waiving all or part of the sanction amount and/or requiring that some be reinvested to improve the state agency's administration of the SNAP program. 7 U.S.C. § 2025(c)(1). [21] A number of stakeholders did identify other specific requirements as a challenge. However, with the exception of FERPA, there was little consistency on which specific requirements were particularly challenging. When there were multiple mentions of a requirement (e.g., protections for tax information), stakeholders did not necessarily name the same aspect as challenging (e.g., one stakeholder noted that the security standards for safeguarding tax data are burdensome, while another cited state agencies' inability to access tax data as a challenge). [22] See appendix II for more information on our methodology. [23] Since we surveyed the stakeholders, the Uninterrupted Scholars Act was enacted in January 2013, which may address the challenges described with respect to FERPA. This law, which amends FERPA, is discussed later in this report. [24] 42 U.S.C. § 675(1)(C). [25] Pub. L. No. 110-351, 122 Stat. 3949 (2008). Among other provisions, the act requires that the case plan for each child in foster care include "a plan for ensuring the educational stability of the child," including assurances that the foster care placement takes into account the appropriateness and proximity of the current educational setting. 42 U.S.C. § 675(1)(G). [26] Prior to the enactment of the Uninterrupted Scholars Act in January 2013, child welfare agencies were not one of the specifically enumerated entities to whom schools or educational agencies may disclose education records without parental consent. FERPA does authorize disclosure of records with the parent's written consent or to comply with a judicial order or subpoena, provided the parents are notified. See 20 U.S.C. §§ 1232g(b)(1)-(2). In some cases, child welfare agencies may also access records as a parent. Although FERPA does not define "parent," Education's regulations define it to include "a natural parent, a guardian, or an individual acting as a parent in the absence of a parent or a guardian." 34 C.F.R. § 99.3. Education officials explained that if a child welfare agency is the child's "guardian" under state law, or the child's legal custodian under state law acting in the absence of a parent or guardian, the child welfare agency could access records under FERPA as a parent. See 20 U.S.C. § 1232g(a)(1)(A)-(B). [27] See appendix II for more information on our methodology. [28] Depending on program requirements, participants may not be allowed to opt in or out of disclosure of their data. For instance, federal requirements for SNAP do not allow SNAP participants to opt in or out of disclosure of their data for specific purposes, including the administration or enforcement of SNAP, other federal assistance programs, or certain federally-assisted state programs. [29] FERPA was amended in January 2013 by the Uninterrupted Scholars Act and is discussed later in this report. [30] 20 U.S.C. § 1232g(a)(2). [31] See 20 U.S.C. §§ 1401(23), 1412(a)(8), 1417(c), 34 C.F.R. §§ 300.30(a), § 300.622(a). [32] Pub. L. No. 112-278, 126 Stat. 2480 (2013). The Uninterrupted Scholars Act prohibits redisclosure of the education records or personally identifiable information except to an authorized individual or entity engaged in addressing the student's education needs, consistent with applicable state confidentiality laws. The act further provides that education records may be released pursuant to a court order issued in the context of a child abuse and neglect or dependency matter without additional notice to a parent, when the parent is a party to the court proceeding. [33] The Middle Class Tax Relief and Job Creation Act of 2012, Pub. L. No. 112-96, 126 Stat. 156, and the Child and Family Services Improvement and Innovation Act, Pub. L. No. 112-34, 125 Stat. 369 (2011). [34] Specifically, we interviewed officials with the following agencies and departments regarding data sharing challenges and potential federal actions, including actions already taken or planned by the agency: Department of Agriculture's Food and Nutrition Service; Department of Education; Department of Health and Human Services' (HHS) Administration for Children and Families; HHS's Office of the Assistant Secretary for Planning and Evaluation; HHS's Centers for Medicare and Medicaid Services; and the Office of Management and Budget. [35] We did not independently evaluate these efforts. [36] Officials selected from this sector were not from any of our four sites. [End of section] GAO’s Mission: The Government Accountability Office, the audit, evaluation, and investigative arm of Congress, exists to support Congress in meeting its constitutional responsibilities and to help improve the performance and accountability of the federal government for the American people. GAO examines the use of public funds; evaluates federal programs and policies; and provides analyses, recommendations, and other assistance to help Congress make informed oversight, policy, and funding decisions. GAO’s commitment to good government is reflected in its core values of accountability, integrity, and reliability. Obtaining Copies of GAO Reports and Testimony: The fastest and easiest way to obtain copies of GAO documents at no cost is through GAO’s website [hyperlink, http://www.gao.gov]. Each weekday afternoon, GAO posts on its website newly released reports, testimony, and correspondence. To have GAO e-mail you a list of newly posted products, go to [hyperlink, http://www.gao.gov] and select “E-mail Updates.” Order by Phone: The price of each GAO publication reflects GAO’s actual cost of production and distribution and depends on the number of pages in the publication and whether the publication is printed in color or black and white. Pricing and ordering information is posted on GAO’s website, [hyperlink, http://www.gao.gov/ordering.htm]. Place orders by calling (202) 512-6000, toll free (866) 801-7077, or TDD (202) 512-2537. Orders may be paid for using American Express, Discover Card, MasterCard, Visa, check, or money order. Call for additional information. Connect with GAO: Connect with GAO on facebook, flickr, twitter, and YouTube. Subscribe to our RSS Feeds or E mail Updates. Listen to our Podcasts. Visit GAO on the web at [hyperlink, http://www.gao.gov]. To Report Fraud, Waste, and Abuse in Federal Programs: Contact: Website: [hyperlink, http://www.gao.gov/fraudnet/fraudnet.htm]; E-mail: fraudnet@gao.gov; Automated answering system: (800) 424-5454 or (202) 512-7470. Congressional Relations: Katherine Siggerud, Managing Director, siggerudk@gao.gov: (202) 512-4400: U.S. Government Accountability Office: 441 G Street NW, Room 7125: Washington, DC 20548. Public Affairs: Chuck Young, Managing Director, youngc1@gao.gov: (202) 512-4800: U.S. Government Accountability Office: 441 G Street NW, Room 7149: Washington, DC 20548. [End of document]