Skip to main content

Image

Information Management

Jump To:

Image

Open Recommendations

Artificial Intelligence: DOD Needs Department-Wide Guidance to Inform Acquisitions

GAO-23-105850
Jun 29, 2023
Show
4 Open Recommendations
Agency Affected Recommendation Status Sort descending
Department of the Navy After DOD issues department-wide AI acquisition guidance, the Secretary of the Navy should establish service-specific AI acquisition guidance that includes oversight processes and clear goals for these acquisitions, and leverages key private company factors, as appropriate. (Recommendation 3)
Open
The Navy agreed with this recommendation. As of Fall 2023, it noted that it expects to update AI acquisition guidance issued by the Secretary of the Navy where applicable within 90 days after CDAO issues its AI strategy.
Department of the Air Force After DOD issues department-wide AI acquisition guidance, the Secretary of the Air Force should establish service-specific AI acquisition guidance that includes oversight processes and clear goals for these acquisitions, and leverages key private company factors, as appropriate. (Recommendation 4)
Open
The Air Force agreed with this recommendation. As of Fall 2023, it noted that it expects to address this recommendation by January 2026 by establishing Air Force-specific AI acquisition guidance after CDAO issues its AI strategy.
Department of Defense The Secretary of Defense should ensure that the Chief Digital and AI Officer, in conjunction with other DOD acquisition policy offices as appropriate, prioritize establishing department-wide AI acquisition guidance, including leveraging key private company factors, as appropriate. (Recommendation 1)
Open
DOD agreed with this recommendation. To address it, the Chief Digital and AI Officer (CDAO) stated that it developed the DOD Data, Analytics, and AI Adoption Strategy, released in November 2023, which includes guidance for DOD components on adopting and scaling AI capabilities, with a decision aid framework appendix planned for March 2024. DOD is also planning to create a federated AI construct implementation plan and publish a DOD instruction to serve as department-wide AI acquisition guidance by September 2024.
Department of the Army After DOD issues department-wide AI acquisition guidance, the Secretary of the Army should establish service-specific AI acquisition guidance that includes oversight processes and clear goals for these acquisitions, and leverages key private company factors, as appropriate. (Recommendation 2)
Open
The Army agreed with this recommendation. As of Fall 2023, it noted that it expects to update the AI and Autonomy Roadmap after CDAO publishes its AI strategy, but did not indicate a specific timeframe for doing so. The Army is also delivering a Unified Data Reference Architecture and Project Linchpin, the Army's operations-enabling program for AI/machine learning capabilities.

Information Management: Agencies Need to Streamline Electronic Services

GAO-23-105562
Dec 20, 2022
Show
12 Open Recommendations
Agency Affected Recommendation Status Sort descending
Department of Health and Human Services The Secretary of Health and Human Services should establish a reasonable time frame for when the Department of Health and Human Services will be able to digitally accept access and consent forms from individuals who were properly identity proofed and authenticated and post access and consent forms on the department's privacy program website. (Recommendation 3)
Open
As of June 2023, HHS reported that it receives approximately 15,000 first-party request per year, 90% of which are received by the Centers for Medicare and Medicaid Services (CMS). In addition, the department noted that CMS added functionality to an existing electronic processing platform in September 2022 to allow users to choose between Login.gov and ID.me for digital proofing. The electronic processing platform is expected to permit CMS to accept remote identity proofing and authentication from individuals requesting access to their records. HHS also described its ongoing efforts towards being fully compliant with the CASES ACT and the Office of Management and Budget implementation guidance (M-21-04), but the department has not yet established a time frame for completion.
Department of the Interior The Secretary of Interior should establish a reasonable time frame for when the Department of the Interior will be able to accept remote identity proofing with authentication, digitally accept access and consent forms from individuals who were properly identity proofed and authenticated, and post access and consent forms on the department's privacy program website. (Recommendation 4)
Open
As of May 2023, DOI has not yet provided information pertaining to planned actions for this recommendation. Once the agency states that it has taken action, we plan to verify whether implementation has occurred.
Department of Justice The Attorney General should establish a reasonable time frame for when the Department of Justice will be able to accept remote identity proofing with authentication, digitally accept access and consent forms from individuals who were properly identity proofed and authenticated, and post access and consent forms on the department's privacy program website. (Recommendation 5)
Open
As of June 2023, Justice noted that any solution to implement remote identity proofing with authentication consistent with the CASES ACT and the Office of Management and Budget implementation guidance (M-21-04) must meet NIST's technical standard known as "Identity Assurance Level 2" (IAL2). In addition, the Department stated that they had been exploring acquiring the remote identity proofing services known as Login.gov offered by the General Services Administration (GSA), as a means of complying with the requirements of the CASES Act and M-21-04. Further, Justice stated the concerns identified in the GSA Inspector General report have contributed to challenges that the Department has faced in finding a solution to facilitate CASES Act compliance.
Department of Transportation The Secretary of Transportation should establish a reasonable time frame for when the Department of Transportation will be able to accept remote identity proofing with authentication, digitally accept access and consent forms from individuals who were properly identity proofed and authenticated, and post access and consent forms on the department's privacy program website. (Recommendation 6)
Open
As of May 2023, DOT has not yet provided information pertaining to planned actions for this recommendation. Once the agency states that it has taken action, we plan to verify whether implementation has occurred.
Department of the Treasury The Secretary of Treasury should establish a reasonable time frame for when the Department of the Treasury will be able to digitally accept access and consent forms from individuals who were properly identity proofed and authenticated and post access and consent forms on the department's privacy program website. (Recommendation 7)
Open
As of June 2023, Treasury reported that it is exploring options for an authentication solution that includes an option for Multi-Factor Authentication Phishing Resistance. The Treasury will update GAO once they have a timeframe for implementation.
Department of Veterans Affairs The Secretary of Veterans Affairs should establish a reasonable time frame for when the Department of Veterans Affairs will be able to accept remote identity proofing with authentication, digitally accept access and consent forms from individuals who were properly identity proofed and authenticated, and post access and consent forms on the department's privacy program website. (Recommendation 8)
Open
As of June 2023, the VA's Office of Information and Technology (OIT) stood-up a focused team to explore solutions, develop a plan with milestones, establish level of effort, requirements, estimated costs, and a time frame for compliance. VA stated that within the next 90-days, the focused team responsible for addressing compliance with the CASES ACT and the Office of Management and Budget implementation guidance (M-21-04) will refine the plan based on the selected solution. OIT will provide an updated response to GAO, to include a detailed plan with milestones by July 31, 2023.

COVID-19: Pandemic Lessons Highlight Need for Public Health Situational Awareness Network

GAO-22-104600
Jun 23, 2022
Show
12 Open Recommendations
1 Priority
Agency Affected Recommendation Status Sort descending
Department of Health and Human Services The Secretary of HHS should identify the office responsible for overseeing the completion of the activities performed by the lead operational division and clearly define its roles and responsibilities. (Recommendation 3)
Open
In February 2023, HHS stated that the new governance structure also established an executive board to provide oversight on the overall strategy and activities of HHS Protect. However, as of April 2023, the department had not provided evidence that it had clearly defined the roles and responsibilities of the executive board in overseeing the completion of the activities performed for PAHPAIA implementation. As of February 2024, HHS stated that it is working to provide an additional update to GAO. We will continue to monitor any additional actions HHS takes to implement this recommendation.
Department of Health and Human Services The Secretary of HHS should ensure that the lead operational division, in developing the PAHPAIA work plan, includes the steps to be taken to address all of the required actions in PAHPAIA. (Recommendation 4)
Open
In April 2023, HHS noted that additional actions to address the requirements in PAHPAIA related to an electronic public health situational awareness network capability beyond fiscal year 2023 will require additional funding resources. According to the department, the long-term vision is to build on the successes of HHS Protect and fully establish an all-hazards near real-time, electronic, nationwide public health common operating picture for 24/7 situational awareness data for use during and in between emergency responses by HHS; other government agencies; and state, local, territorial, and tribal partners. As of February 2024, HHS stated that it will continue to provide information to GAO in future updates. We will continue to monitor the actions HHS takes to implement this recommendation.
Department of Health and Human Services
Priority Rec.
The Secretary of HHS should ensure that the lead operational division, in developing the PAHPAIA work plan, includes specific near-term and longterm actions that can be completed to show progress in developing the network. (Recommendation 5)
Open
In April 2023, HHS stated that longer-term actions that can be completed beyond fiscal year 2023 will require the establishment of dedicated funding resources. HHS also stated that it had completed specific near-term actions to establish an electronic public health situational awareness network capability by transitioning the HHS Protect data system and program stewardship to CDC and approving a new governance structure. In March 2024, HHS stated that the FY 2024 CDC Congressional Justification request will support the Response Ready Enterprise Data Platform (formerly HHS Protect) to serve as the common operating picture and central hub to collect, integrate, and share public health data in near-real time across federal agencies and with state, local, territorial, and tribal partners. HHS also stated that it will continue to provide information to GAO in future updates. We will continue to monitor any additional actions HHS takes to implement this recommendation. To fully implement this recommendation, HHS should ensure that it develops a plan for specific long-term actions in addition to near-term actions to show progress in the PAHPAIA network's development. For example, the plan should include PAHPAIA requirements regarding HHS' efforts to conduct a review of the data and information transmitted by the network and a discussion of any additional data sources and challenges in the incorporation of standardized data from various sources. Until HHS fully implements this recommendation, it may not be able to show that it is making significant progress in developing the network.
Department of Health and Human Services The Secretary of HHS should ensure that the lead operational division, in developing the PAHPAIA work plan, includes time frames for implementing the near-term and long-term actions. (Recommendation 6)
Open
In April 2023, HHS stated that longer-term actions that can be completed beyond fiscal year 2023 will require the establishment of dedicated funding resources. As of February 2024, HHS stated that it will continue to provide information to GAO in future updates. We will continue to monitor any additional actions HHS takes to implement this recommendation.
Department of Health and Human Services The Secretary of HHS should ensure that the PAHPAIA work plan includes specific steps the department will take to oversee the progress of the actions the lead operational division takes to implement PAHPAIA requirements. (Recommendation 7)
Open
In February 2023, HHS stated that its Deputy Secretary approved a new governance structure in March 2022 to ensure strategic oversight, active management, and upkeep of HHS Protect as a data management system that will provide a common operating picture for future public health emergencies. According to HHS, the common operating picture establishes a governance structure and designates HHS leadership roles and responsibilities in the oversight and decision-making processes. However, as of April 2023, the department had not provided evidence that it established specific steps it would take to oversee the progress of PAHPAIA implementation. As of February 2024, HHS stated that it is working to provide an additional update to GAO. We will continue to monitor any actions HHS takes to implement this recommendation.
Department of Health and Human Services The Secretary of HHS should commit to a deadline for finalizing the work plan to implement PAHPAIA requirements and ensure that the work plan is fully implemented. (Recommendation 8)
Open
In April 2023, HHS stated that longer-term actions to establish an electronic public health situational awareness network capability beyond fiscal year 2023 will require the establishment of dedicated funding resources. The department added that it is working through the budget process to request additional resources in future fiscal years. As of February 2024, HHS stated that it will continue to provide information to GAO in future updates. We will continue to monitor the steps HHS takes to implement this recommendation.

Electronic Health Records: Additional DOD Actions Could Improve Cost and Schedule Estimating for New System

GAO-22-104521
Jun 08, 2022
Show
1 Open Recommendations
Agency Affected Recommendation Status Sort descending
Department of Defense The Secretary of Defense should direct the Program Executive Officer of Defense Health Management Systems to ensure that the program office develops a reliable cost estimate using best practices described in GAO's Cost Estimating and Assessment Guide, in particular, by addressing those cost practices that were partially or minimally met. (Recommendation 1)
Open
In its comments on our draft report, DOD agreed with our recommendation and outlined steps it would take in response. In July 2023, DOD reported that the program will start transitioning to new cost estimating software in September 2023. As a result of this transition, DOD stated that they will not have a new cost estimate that adheres to the best practices described in our Cost Estimating and Assessment Guide until September 2024. We will continue to be in contact with DOD to gain additional information on the actions they are taking and their progress toward completion.

GAO Contacts