Skip to main content

Image

Information Management

Jump To:

Image

Open Recommendations

Artificial Intelligence: DOD Needs Department-Wide Guidance to Inform Acquisitions

GAO-23-105850
Jun 29, 2023
Show
3 Open Recommendations
Agency Affected Recommendation Status
Department of Defense The Secretary of Defense should ensure that the Chief Digital and AI Officer, in conjunction with other DOD acquisition policy offices as appropriate, prioritize establishing department-wide AI acquisition guidance, including leveraging key private company factors, as appropriate. (Recommendation 1)
Open – Partially Addressed
DOD agreed with this recommendation. To address it, the Chief Digital and AI Officer (CDAO) developed the DOD Data, Analytics, and AI Adoption Strategy, released in November 2023, which includes guidance for DOD components on adopting and scaling AI capabilities, with a forthcoming decision aid framework appendix. DOD is also planning to pursue an iterative approach to identifying best practices for acquisition of data, analytics, and AI, including forthcoming information on DOD access to AI training data, guidelines for generative AI, a steering group on acquisition and contracting practices for business models, and establishing a contracting vehicle for acquiring enterprise solutions.
Department of the Army After DOD issues department-wide AI acquisition guidance, the Secretary of the Army should establish service-specific AI acquisition guidance that includes oversight processes and clear goals for these acquisitions, and leverages key private company factors, as appropriate. (Recommendation 2)
Open
The Army agreed with this recommendation. As of Fall 2023, it noted that it expects to update the AI and Autonomy Roadmap after CDAO publishes its AI strategy. The Army is also delivering a Unified Data Reference Architecture and Project Linchpin, the Army's operations-enabling program for AI/machine learning capabilities. As of September 2024, the Army indicated it expects to complete these actions in FY2025.
Department of the Navy After DOD issues department-wide AI acquisition guidance, the Secretary of the Navy should establish service-specific AI acquisition guidance that includes oversight processes and clear goals for these acquisitions, and leverages key private company factors, as appropriate. (Recommendation 3)
Open
The Navy agreed with this recommendation. As of Fall 2023, it noted that it expects to update AI acquisition guidance issued by the Secretary of the Navy where applicable within 90 days after CDAO issues its AI strategy. As of September 2024, the Navy has not provided further information on its timeline for implementation of this recommendation.
Department of the Air Force After DOD issues department-wide AI acquisition guidance, the Secretary of the Air Force should establish service-specific AI acquisition guidance that includes oversight processes and clear goals for these acquisitions, and leverages key private company factors, as appropriate. (Recommendation 4)
Open
The Air Force agreed with this recommendation. As of Fall 2023, it noted that it expects to address this recommendation by January 2026 by establishing Air Force-specific AI acquisition guidance after CDAO issues its AI strategy. We will continue to follow-up on the Air Force's plans to issue its AI acquisition guidance.

Information Management: Agencies Need to Streamline Electronic Services

GAO-23-105562
Dec 20, 2022
Show
12 Open Recommendations
Agency Affected Recommendation Status
Office of Management and Budget The Director of the Office of Management and Budget should take steps to promote, through mechanisms such as the Federal Privacy Council and Chief Information Officers Council, sharing of information and lessons learned to help agencies implement the requirements of the CASES Act; this could include SEC sharing information on overcoming challenges and identifying lessons learned. (Recommendation 1)
Open
As of March 2024, OMB has not yet provided information pertaining to planned actions for this recommendation. Once the agency states that it has taken action, we plan to verify whether implementation has occurred.
Department of Defense The Secretary of Defense should establish a reasonable time frame for when the Department of Defense will be able to accept remote identity proofing with authentication, digitally accept access and consent forms from individuals who were properly identity proofed and authenticated, and post access and consent forms on the department's privacy program website. (Recommendation 2)
Open
As of March 2024, DOD has not yet provided information pertaining to planned actions for this recommendation. Once the agency states that it has taken action, we plan to verify whether implementation has occurred.
Department of Health and Human Services The Secretary of Health and Human Services should establish a reasonable time frame for when the Department of Health and Human Services will be able to digitally accept access and consent forms from individuals who were properly identity proofed and authenticated and post access and consent forms on the department's privacy program website. (Recommendation 3)
Open
As of March 2024, HHS reported that it receives approximately 15,000 first-party request per year, 90% of which are received by the Centers for Medicare and Medicaid Services (CMS). In addition, the department noted that CMS added functionality to an existing electronic processing platform in September 2022 to allow users to choose between Login.gov and ID.me for digital proofing. The electronic processing platform is expected to permit CMS to accept remote identity proofing and authentication from individuals requesting access to their records. HHS also described its ongoing efforts towards being fully compliant with the CASES ACT and the Office of Management and Budget implementation guidance (M-21-04), but the department has not yet established a time frame for completion.
Department of the Interior The Secretary of Interior should establish a reasonable time frame for when the Department of the Interior will be able to accept remote identity proofing with authentication, digitally accept access and consent forms from individuals who were properly identity proofed and authenticated, and post access and consent forms on the department's privacy program website. (Recommendation 4)
Open
As of March 2024, DOI has not yet provided information pertaining to planned actions for this recommendation. Once the agency states that it has taken action, we plan to verify whether implementation has occurred.
Department of Justice The Attorney General should establish a reasonable time frame for when the Department of Justice will be able to accept remote identity proofing with authentication, digitally accept access and consent forms from individuals who were properly identity proofed and authenticated, and post access and consent forms on the department's privacy program website. (Recommendation 5)
Open
As of March 2024, Justice noted that any solution to implement remote identity proofing with authentication consistent with the CASES ACT and the Office of Management and Budget implementation guidance (M-21-04) must meet NIST's technical standard known as "Identity Assurance Level 2" (IAL2). In addition, the Department stated that they had been exploring acquiring the remote identity proofing services known as Login.gov offered by the General Services Administration (GSA), as a means of complying with the requirements of the CASES Act and M-21-04. Further, Justice stated the concerns identified in the GSA Inspector General report have contributed to challenges that the Department has faced in finding a solution to facilitate CASES Act compliance.
Department of Transportation The Secretary of Transportation should establish a reasonable time frame for when the Department of Transportation will be able to accept remote identity proofing with authentication, digitally accept access and consent forms from individuals who were properly identity proofed and authenticated, and post access and consent forms on the department's privacy program website. (Recommendation 6)
Open
As of March 2024, DOT has not yet provided information pertaining to planned actions for this recommendation. Once the agency states that it has taken action, we plan to verify whether implementation has occurred.

COVID-19: Pandemic Lessons Highlight Need for Public Health Situational Awareness Network

GAO-22-104600
Jun 23, 2022
Show
12 Open Recommendations
1 Priority
Agency Affected Recommendation Status
Department of Health and Human Services The Secretary of HHS should prioritize the development of the public health situational awareness and biosurveillance network by designating a lead operational division for PAHPAIA implementation. (Recommendation 1)
Open
In February 2023, HHS stated that ASPR and CDC are co-leads for the implementation of the public health situational awareness network capability given their respective missions and operational responsibilities. They further stated that ASPR and CDC have coordinated and served as co-leads responding to a range of public health emergencies and as such, there is not a single document that prescribes their roles as co-leads for the implementation of the public health situational awareness network. For example, as part of the initial steps to establish an electronic public health situational awareness network capability, the HHS Deputy Secretary signed a decision memo on March 18, 2022 to transition the HHS Protect data system and program stewardship to CDC. Further, HHS added that in March 2022, the HHS Deputy Secretary approved a new governance structure to ensure strategic oversight, active management, and upkeep of HHS Protect as a data management system that will provide a common operating structure for future public health emergencies. However, as of April 2023, the department did not designate a lead operational division for PAHPAIA implementation, which goes beyond the capabilities of HHS Protect. The PAHPAIA requirements include developing a plan to ensure that systems of public health communications and surveillance allow for the timely and secure dissemination of essential information concerning bioterrorism or other public health emergencies. The requirements also include HHS conducting a review of the data and information transmitted by the network and a discussion of any additional data sources and challenges in the incorporation of standardized data from various sources. As of October 2024, we have not received an update from HHS on actions taken to address this recommendation. Once received, we will provide updated information.
Department of Health and Human Services The Secretary of HHS should clearly define the roles and responsibilities for the lead operational division responsible for PAHPAIA implementation. The roles and responsibilities should include the specific activities required in PAHPAIA. (Recommendation 2)
Open
In February 2023, HHS stated that ASPR and CDC are co-leads for the implementation of the public health situational awareness network given their respective missions and operational responsibilities. Additionally, HHS stated that HHS Protect is currently serving as the common operating picture for public health emergencies to meet the goals of a public health situational awareness network, required by PAHPAIA. HHS added that in March 2022, its Deputy Secretary also approved a new governance structure to ensure strategic oversight, active management, and upkeep of HHS Protect as a data management system that will provide a common operating picture for future public health emergencies. However, as of April 2023, the department did not provide clearly defined roles and responsibilities for PAHPAIA implementation. As of October 2024, we have not received an update from HHS on actions taken to address this recommendation. Once received, we will provide updated information.
Department of Health and Human Services The Secretary of HHS should identify the office responsible for overseeing the completion of the activities performed by the lead operational division and clearly define its roles and responsibilities. (Recommendation 3)
Open
In February 2023, HHS stated that the new governance structure also established an executive board to provide oversight on the overall strategy and activities of HHS Protect. However, as of April 2023, the department had not provided evidence that it had clearly defined the roles and responsibilities of the executive board in overseeing the completion of the activities performed for PAHPAIA implementation. As of October 2024, we have not received an update from HHS on actions taken to address this recommendation. Once received, we will provide updated information.
Department of Health and Human Services The Secretary of HHS should ensure that the lead operational division, in developing the PAHPAIA work plan, includes the steps to be taken to address all of the required actions in PAHPAIA. (Recommendation 4)
Open
In April 2023, HHS noted that additional actions to address the requirements in PAHPAIA related to an electronic public health situational awareness network capability beyond fiscal year 2023 will require additional funding resources. According to the department, the long-term vision is to build on the successes of HHS Protect and fully establish an all-hazards near real-time, electronic, nationwide public health common operating picture for 24/7 situational awareness data for use during and in between emergency responses by HHS; other government agencies; and state, local, territorial, and tribal partners. As of October 2024, we have not received an update from HHS on actions taken to address this recommendation. Once received, we will provide updated information.
Department of Health and Human Services
Priority Rec.
The Secretary of HHS should ensure that the lead operational division, in developing the PAHPAIA work plan, includes specific near-term and longterm actions that can be completed to show progress in developing the network. (Recommendation 5)
Open
In April 2023, HHS stated that longer-term actions that can be completed beyond fiscal year 2023 will require the establishment of dedicated funding resources. HHS also stated that it had completed specific near-term actions to establish an electronic public health situational awareness network capability by transitioning the HHS Protect data system and program stewardship to CDC and approving a new governance structure. In March 2024, HHS stated that the FY 2024 CDC Congressional Justification request will support the Response Ready Enterprise Data Platform (formerly HHS Protect) to serve as the common operating picture and central hub to collect, integrate, and share public health data in near-real time across federal agencies and with state, local, territorial, and tribal partners. HHS also stated that it will continue to provide information to GAO in future updates. We will continue to monitor any additional actions HHS takes to implement this recommendation. To fully implement this recommendation, HHS should ensure that it develops a plan for specific long-term actions in addition to near-term actions to show progress in the PAHPAIA network's development. For example, the plan should include PAHPAIA requirements regarding HHS' efforts to conduct a review of the data and information transmitted by the network and a discussion of any additional data sources and challenges in the incorporation of standardized data from various sources. Until HHS fully implements this recommendation, it may not be able to show that it is making significant progress in developing the network. As of October 2024, we have not received an update from HHS on actions taken to address this recommendation. Once received, we will provide updated information.
Department of Health and Human Services The Secretary of HHS should ensure that the lead operational division, in developing the PAHPAIA work plan, includes time frames for implementing the near-term and long-term actions. (Recommendation 6)
Open
In April 2023, HHS stated that longer-term actions that can be completed beyond fiscal year 2023 will require the establishment of dedicated funding resources. As of February 2024, HHS stated that it will continue to provide information to GAO in future updates. As of October 2024, we have not received an update from HHS on actions taken to address this recommendation. Once received, we will provide updated information.

Electronic Health Records: Additional DOD Actions Could Improve Cost and Schedule Estimating for New System

GAO-22-104521
Jun 08, 2022
Show
1 Open Recommendations
Agency Affected Recommendation Status
Department of Defense The Secretary of Defense should direct the Program Executive Officer of Defense Health Management Systems to ensure that the program office develops a reliable cost estimate using best practices described in GAO's Cost Estimating and Assessment Guide, in particular, by addressing those cost practices that were partially or minimally met. (Recommendation 1)
Open
In its comments on our draft report, DOD agreed with our recommendation and outlined steps it would take in response. In July 2023, DOD reported that the program will start transitioning to new cost estimating software in September 2023. As a result of this transition, DOD stated that they will not have a new cost estimate that adheres to the best practices described in our Cost Estimating and Assessment Guide until September 2024. We will continue to be in contact with DOD to gain additional information on the actions they are taking and their progress toward completion.

GAO Contacts