Skip to main content

Image

Information Management

Jump To:

Image

Open Recommendations

Artificial Intelligence: DOD Needs Department-Wide Guidance to Inform Acquisitions

GAO-23-105850
Jun 29, 2023
Show
4 Open Recommendations
Agency Affected Recommendation Status
Department of Defense The Secretary of Defense should ensure that the Chief Digital and AI Officer, in conjunction with other DOD acquisition policy offices as appropriate, prioritize establishing department-wide AI acquisition guidance, including leveraging key private company factors, as appropriate. (Recommendation 1)
Open
DOD agreed with this recommendation. To address it, the Chief Digital and AI Officer (CDAO) stated that it developed the DOD Data, Analytics, and AI Adoption Strategy, released in November 2023, which includes guidance for DOD components on adopting and scaling AI capabilities, with a decision aid framework appendix planned for March 2024. DOD is also planning to create a federated AI construct implementation plan and publish a DOD instruction to serve as department-wide AI acquisition guidance by September 2024.
Department of the Army After DOD issues department-wide AI acquisition guidance, the Secretary of the Army should establish service-specific AI acquisition guidance that includes oversight processes and clear goals for these acquisitions, and leverages key private company factors, as appropriate. (Recommendation 2)
Open
The Army agreed with this recommendation. As of Fall 2023, it noted that it expects to update the AI and Autonomy Roadmap after CDAO publishes its AI strategy, but did not indicate a specific timeframe for doing so. The Army is also delivering a Unified Data Reference Architecture and Project Linchpin, the Army's operations-enabling program for AI/machine learning capabilities.
Department of the Navy After DOD issues department-wide AI acquisition guidance, the Secretary of the Navy should establish service-specific AI acquisition guidance that includes oversight processes and clear goals for these acquisitions, and leverages key private company factors, as appropriate. (Recommendation 3)
Open
The Navy agreed with this recommendation. As of Fall 2023, it noted that it expects to update AI acquisition guidance issued by the Secretary of the Navy where applicable within 90 days after CDAO issues its AI strategy.
Department of the Air Force After DOD issues department-wide AI acquisition guidance, the Secretary of the Air Force should establish service-specific AI acquisition guidance that includes oversight processes and clear goals for these acquisitions, and leverages key private company factors, as appropriate. (Recommendation 4)
Open
The Air Force agreed with this recommendation. As of Fall 2023, it noted that it expects to address this recommendation by January 2026 by establishing Air Force-specific AI acquisition guidance after CDAO issues its AI strategy.

Information Management: Agencies Need to Streamline Electronic Services

GAO-23-105562
Dec 20, 2022
Show
12 Open Recommendations
Agency Affected Recommendation Status
Office of Management and Budget The Director of the Office of Management and Budget should take steps to promote, through mechanisms such as the Federal Privacy Council and Chief Information Officers Council, sharing of information and lessons learned to help agencies implement the requirements of the CASES Act; this could include SEC sharing information on overcoming challenges and identifying lessons learned. (Recommendation 1)
Open
As of May 2023, OMB has not yet provided information pertaining to planned actions for this recommendation. Once the agency states that it has taken action, we plan to verify whether implementation has occurred.
Department of Defense The Secretary of Defense should establish a reasonable time frame for when the Department of Defense will be able to accept remote identity proofing with authentication, digitally accept access and consent forms from individuals who were properly identity proofed and authenticated, and post access and consent forms on the department's privacy program website. (Recommendation 2)
Open
As of May 2023, DOD has not yet provided information pertaining to planned actions for this recommendation. Once the agency states that it has taken action, we plan to verify whether implementation has occurred.
Department of Health and Human Services The Secretary of Health and Human Services should establish a reasonable time frame for when the Department of Health and Human Services will be able to digitally accept access and consent forms from individuals who were properly identity proofed and authenticated and post access and consent forms on the department's privacy program website. (Recommendation 3)
Open
As of June 2023, HHS reported that it receives approximately 15,000 first-party request per year, 90% of which are received by the Centers for Medicare and Medicaid Services (CMS). In addition, the department noted that CMS added functionality to an existing electronic processing platform in September 2022 to allow users to choose between Login.gov and ID.me for digital proofing. The electronic processing platform is expected to permit CMS to accept remote identity proofing and authentication from individuals requesting access to their records. HHS also described its ongoing efforts towards being fully compliant with the CASES ACT and the Office of Management and Budget implementation guidance (M-21-04), but the department has not yet established a time frame for completion.
Department of the Interior The Secretary of Interior should establish a reasonable time frame for when the Department of the Interior will be able to accept remote identity proofing with authentication, digitally accept access and consent forms from individuals who were properly identity proofed and authenticated, and post access and consent forms on the department's privacy program website. (Recommendation 4)
Open
As of May 2023, DOI has not yet provided information pertaining to planned actions for this recommendation. Once the agency states that it has taken action, we plan to verify whether implementation has occurred.
Department of Justice The Attorney General should establish a reasonable time frame for when the Department of Justice will be able to accept remote identity proofing with authentication, digitally accept access and consent forms from individuals who were properly identity proofed and authenticated, and post access and consent forms on the department's privacy program website. (Recommendation 5)
Open
As of June 2023, Justice noted that any solution to implement remote identity proofing with authentication consistent with the CASES ACT and the Office of Management and Budget implementation guidance (M-21-04) must meet NIST's technical standard known as "Identity Assurance Level 2" (IAL2). In addition, the Department stated that they had been exploring acquiring the remote identity proofing services known as Login.gov offered by the General Services Administration (GSA), as a means of complying with the requirements of the CASES Act and M-21-04. Further, Justice stated the concerns identified in the GSA Inspector General report have contributed to challenges that the Department has faced in finding a solution to facilitate CASES Act compliance.
Department of Transportation The Secretary of Transportation should establish a reasonable time frame for when the Department of Transportation will be able to accept remote identity proofing with authentication, digitally accept access and consent forms from individuals who were properly identity proofed and authenticated, and post access and consent forms on the department's privacy program website. (Recommendation 6)
Open
As of May 2023, DOT has not yet provided information pertaining to planned actions for this recommendation. Once the agency states that it has taken action, we plan to verify whether implementation has occurred.

COVID-19: Pandemic Lessons Highlight Need for Public Health Situational Awareness Network

GAO-22-104600
Jun 23, 2022
Show
12 Open Recommendations
1 Priority
Agency Affected Recommendation Status
Department of Health and Human Services The Secretary of HHS should prioritize the development of the public health situational awareness and biosurveillance network by designating a lead operational division for PAHPAIA implementation. (Recommendation 1)
Open
In February 2023, HHS stated that ASPR and CDC are co-leads for the implementation of the public health situational awareness network capability given their respective missions and operational responsibilities. They further stated that ASPR and CDC have coordinated and served as co-leads responding to a range of public health emergencies and as such, there is not a single document that prescribes their roles as co-leads for the implementation of the public health situational awareness network. For example, as part of the initial steps to establish an electronic public health situational awareness network capability, the HHS Deputy Secretary signed a decision memo on March 18, 2022 to transition the HHS Protect data system and program stewardship to CDC. Further, HHS added that in March 2022, the HHS Deputy Secretary approved a new governance structure to ensure strategic oversight, active management, and upkeep of HHS Protect as a data management system that will provide a common operating structure for future public health emergencies. However, as of April 2023, the department did not designate a lead operational division for PAHPAIA implementation, which goes beyond the capabilities of HHS Protect. The PAHPAIA requirements include developing a plan to ensure that systems of public health communications and surveillance allow for the timely and secure dissemination of essential information concerning bioterrorism or other public health emergencies. The requirements also include HHS conducting a review of the data and information transmitted by the network and a discussion of any additional data sources and challenges in the incorporation of standardized data from various sources. We will continue to monitor the actions HHS takes to implement this recommendation.
Department of Health and Human Services The Secretary of HHS should clearly define the roles and responsibilities for the lead operational division responsible for PAHPAIA implementation. The roles and responsibilities should include the specific activities required in PAHPAIA. (Recommendation 2)
Open
In February 2023, HHS stated that ASPR and CDC are co-leads for the implementation of the public health situational awareness network given their respective missions and operational responsibilities. Additionally, HHS stated that HHS Protect is currently serving as the common operating picture for public health emergencies to meet the goals of a public health situational awareness network, required by PAHPAIA. HHS added that in March 2022, its Deputy Secretary also approved a new governance structure to ensure strategic oversight, active management, and upkeep of HHS Protect as a data management system that will provide a common operating picture for future public health emergencies. However, as of April 2023, the department did not provide clearly defined roles and responsibilities for PAHPAIA implementation. We will continue to monitor any additional actions HHS takes to implement this recommendation.
Department of Health and Human Services The Secretary of HHS should identify the office responsible for overseeing the completion of the activities performed by the lead operational division and clearly define its roles and responsibilities. (Recommendation 3)
Open
In February 2023, HHS stated that the new governance structure also established an executive board to provide oversight on the overall strategy and activities of HHS Protect. However, as of April 2023, the department had not provided evidence that it had clearly defined the roles and responsibilities of the executive board in overseeing the completion of the activities performed for PAHPAIA implementation. We will continue to monitor any additional actions HHS takes to implement this recommendation.
Department of Health and Human Services The Secretary of HHS should ensure that the lead operational division, in developing the PAHPAIA work plan, includes the steps to be taken to address all of the required actions in PAHPAIA. (Recommendation 4)
Open
In April 2023, HHS stated that it considered this recommendation open. The department noted that additional actions to address the requirements in PAHPAIA related to an electronic public health situational awareness network capability beyond fiscal year 2023 will require additional funding resources. According to the department, the long-term vision is to build on the successes of HHS Protect and fully establish an all-hazards near real-time, electronic, nationwide public health common operating picture for 24/7 situational awareness data for use during and in between emergency responses by HHS; other government agencies; and state, local, territorial, and tribal partners. We will continue to monitor the actions HHS takes to implement this recommendation.
Department of Health and Human Services
Priority Rec.
The Secretary of HHS should ensure that the lead operational division, in developing the PAHPAIA work plan, includes specific near-term and longterm actions that can be completed to show progress in developing the network. (Recommendation 5)
Open
In April 2023, HHS stated that it considered this recommendation open; noting that that longer-term actions that can be completed beyond fiscal year 2023 will require the establishment of dedicated funding resources. In February 2023, HHS stated that it had completed specific near-term actions to establish an electronic public health situational awareness network capability by (1) transitioning the HHS Protect data system and program stewardship to CDC; (2) completing a $49.8 million procurement with financial support from CDC, ASPR, and HHS to ensure the continued operation of HHS Protect through September 30, 2023; and (3) approving a new governance structure to ensure strategic oversight, active management, and upkeep of HHS Protect as a data management system that will provide a common operating picture for future public health emergencies. We will continue to monitor any additional actions HHS takes to implement this recommendation.
Department of Health and Human Services The Secretary of HHS should ensure that the lead operational division, in developing the PAHPAIA work plan, includes time frames for implementing the near-term and long-term actions. (Recommendation 6)
Open
As of April 2023, HHS stated that it considers this recommendation open. According to the department, longer-term actions that can be completed beyond fiscal year 2023 will require the establishment of dedicated funding resources. We will continue to monitor any additional actions HHS takes to implement this recommendation.

Electronic Health Records: Additional DOD Actions Could Improve Cost and Schedule Estimating for New System

GAO-22-104521
Jun 08, 2022
Show
2 Open Recommendations
Agency Affected Recommendation Status
Department of Defense The Secretary of Defense should direct the Program Executive Officer of Defense Health Management Systems to ensure that the program office develops a reliable cost estimate using best practices described in GAO's Cost Estimating and Assessment Guide, in particular, by addressing those cost practices that were partially or minimally met. (Recommendation 1)
Open
In its comments on our draft report, DOD agreed with our recommendation. In October 2022, DOD outlined steps they would take to address the recommendation. We will continue to be in contact with DOD to gain additional information on the actions they are taking and their progress toward completion.
Department of Defense The Secretary of Defense should direct the Program Executive Officer of Defense Health Management Systems to ensure that the program office develops a reliable schedule using best practices described in GAO's Schedule Assessment Guide, in particular, by addressing those schedule practices that were partially met. (Recommendation 2)
Open
In its comments on our draft report, DOD agreed with our recommendation. In October 2022, DOD outlined steps they would take to address the recommendation. We will continue to be in contact with DOD to gain additional information on the actions they are taking and their progress toward completion.

GAO Contacts