HHS supports strategies to ensure the security of HHS facilities, technology, data, and information, while advancing environment-friendly practices. HHS is focused on shifting the culture of data use across the enterprise to maximize the power of data. The Department is leveraging modernization as a gateway to strengthened cybersecurity and enhanced risk management. HHS also captures and applies lessons learned from real-world experiences to strengthen operational resilience.
Objectives represent the changes, outcomes and impact the HHS Strategic Plan is trying to achieve. This objective is informed by data and evidence, including the information below.
- Current challenges and trends highlight the need for HHS to enhance its core IT capabilities. A digital workplace drives a need for enhanced cybersecurity. An evolving IT workforce challenges traditional employee management norms. The shifting role of the IT organization drives more enterprise collaboration, agility, and flexibility. Technology landscape trends include emerging technologies that drive transformation and enhance mission outcomes; modernizing legacy technology creates opportunities save costs, streamline processes, and improve capabilities; and access to data leads to better decisions, enhances collaboration, and improves mission delivery. (Source: HHS Information Technology Strategic Plan FY 2021-2023)
- Federal agencies need to take urgent actions to implement a comprehensive cybersecurity strategy, perform effective oversight, secure federal systems, and protect cyber critical infrastructure, privacy, and sensitive data. The risks to IT systems supporting the federal government and the nation’s critical infrastructure are increasing, including insider threats from witting or unwitting employees, escalating and emerging threats from around the globe, and the emergence of new and more destructive attacks. (Source: GAO High Risk Area: Ensuring the Cybersecurity of the Nation)
- Health information technology, which provides critical life-saving functions, consists of connected, networked systems and leverages wireless technologies, leaving such systems more vulnerable to cyber-attack. Recent highly publicized ransomware attacks on hospitals, for example, necessitated diverting patients to other hospitals and led to an inability to access patient records to continue care delivery. Such cyber-attacks expose sensitive patient information and lead to substantial financial costs to regain control of hospital systems and patient data. (Source: Health Industry Cybersecurity Practices: Managing Threats and Protecting Patients)
- As the Department builds upon its current capabilities and adapts to a changing environment and emerging technology, HHS recognizes that Artificial Intelligence (AI) will be a critical enabler of its mission in the future. Given the immense potential for AI to improve health and human services, HHS will leverage AI capabilities to solve complex mission challenges and generate AI-enabled insights to inform efficient programmatic and business decisions, while removing barriers to AI innovation. (Source: HHS Artificial Intelligence (AI) Strategy)
- To better manage tens of billions of dollars in IT investments, OMB and other federal agencies should continue to fully implement critical requirements of federal IT acquisition reform legislation. (Source: GAO High Risk Area: Improving the Management of IT Acquisitions and Operations)
- The crosscutting challenge of observed and expected changes in climate and extreme weather compels agencies to safeguard federal assets for the entirety of the asset service life. These risk management activities are undertaken to ensure agencies can consistently and reliably complete their missions in changing conditions. (Source: Climate Risk Management)
- HHS has facilities nationwide that are subject to severe weather events and shifting regional climates. In addition, HHS staff globally work in federal and partner facilities subject to similar climate pressures. HHS priorities for climate adaptation and climate resilience include optimizing the workforce and operational footprint through space management, and promoting sustainable and climate resilient operations at HHS facilities. (Source: 2021 HHS Climate Action Plan)
- During the COVID-19 pandemic, HHS adopted a maximum telework policy resulting in a significant reduction in occupancy of its buildings. HHS anticipates an improvement in facility energy efficiency, water efficiency and waste management and diversion due to this reduction in building occupancy. (Source: 2020 HHS Sustainability Report and Implementation Plan)
Contributing OpDivs and StaffDivs
All OpDivs and StaffDivs contribute to achievement of this objective.
HHS OpDivs and StaffDivs engage and work with a broad range of partners and stakeholders to implement the strategies and achieve this Objective. They include: the Chief Information Officers (CIO) Council, Cyber-ERM Community of Interest/Practice (CyberCOI), Federal Privacy Council, HHS AI Community of Practice (CoP), and HHS AI Council.
Strategies
Strategically shift the culture of data use across the enterprise towards sharing data to maximize the power of data
- Evaluate the behaviors, risk-framework, and incentive structure around data sharing and increase the value of data to be an enterprise-level asset for the Department.
- Advance effective data management and ethical data use across the Department by addressing essential elements related to data integrity, quality, privacy, and security.
- Create and utilize strategic frameworks for the trustworthy and ethical deployment of artificial intelligence and machine learning solutions across the Department.
Leverage HHS modernization as a gateway to strengthened cybersecurity and enhanced risk management
- Modernize legacy information technology infrastructure, processes, and systems and deploy emerging technologies, such as artificial intelligence and machine learning, and Zero Trust architecture.
- Align information security risk management and information technology modernization efforts with enterprise risk management by sharing opportunities and risks among information security and privacy, information technology, and other management disciplines, which will help HHS to ensure that information security and information technology modernization initiatives directly support mission priorities and HHS stakeholders, and consistently meet mandated requirements.
- Continually improve staff awareness of HHS risk posture and cybersecurity threats through awareness programs.
Capture and apply lessons learned from real-world experiences to strengthen operational resilience and continuity to deliver the HHS mission
- Ensure the continuity of government by protecting employees and safeguarding HHS physical and digital assets during natural or man-made events through viable Continuity of Operations and Occupant Emergency Plans.
- Implement best practice security measures when modernizing and remodeling workspaces.
- Strategically hire, train, equip and empower the appropriate workforce charged with ensuring the safety and security for all HHS employees, visitors, and assets.
Implement the climate resiliency actions as indicated in the HHS Climate Action and Resilience Plan to bolster resilience of its operations and assets from impacts of climate change
- Mitigate and prevent carbon pollution from HHS operations and procurement activities.
- Prevent and reduce waste and pollution by diverting waste to landfill and eliminate the use of single use plastic through promotion and establishment of closed loop recycling processes.
- Continually improve energy and water efficiency in facility operations across HHS facilities real estate portfolio.
- Prioritize and implement projects to ensure HHS facilities are resilient against excessive heat, extreme weather, wildfires, drought, and flooding.
Performance Goals
The HHS Annual Performance Plan provides information on the Department’s measures of progress towards achieving the goals and objectives described in the HHS Strategic Plan for FY 2022–2026. Below are the related performance measures for this Objective.
- Increase the percentage of systems with an Authority to Operate
- Improve Phishing Reporting and Resistance Percentages
- Reduce HHS GHG emissions (Metric Tons CO2 Equivalent) from Prior FY
- Increase HHS owned facilities municipal solid waste (MSW) diversion rate
- Reduce energy intensity (MMBtu/kSF) from prior FY
- Reduce water intensity (Gal/kSF) from prior FY
Learn More About HHS Work in this Objective
- AI/ML Software As A Medical Device Action Plan: This Action Plan was developed in direct response to the stakeholder feedback described herein, and it builds on FDA’s longstanding commitment to support innovative work in the regulation of medical device software and other digital health technologies.
- Health Sector Cybersecurity Coordination Center (HC3): HC3 was established to act as the coordinator of cybersecurity information sharing across the HPH sector and to affirm the protection of vital healthcare information and aid the sector in mitigating cyber-attacks through collaboration.
- Health Industry Cybersecurity Practices: Managing Threats and Protecting Patients: Sets forth a common set of voluntary, consensus-based, and industry-led guidelines, best practices, methodologies, procedures, and processes to achieve three core goals: cost-effectively reduce cybersecurity risks for a range of healthcare organizations; support the voluntary adoption and implementation of its recommendations; and ensure, on an ongoing basis that content is actionable, practical, and relevant to healthcare stakeholders of every size and resource level.
- HHS Artificial Intelligence (AI) Strategy, January 2021: Together with its partners in academia, industry and government, HHS will leverage AI to solve previously unsolvable problems by continuing to lead advances in the health and well-being of the American people, responding to the use of AI across the health and human services ecosystem, and scaling trustworthy AI adoption across the Department.
- HHS 2021 Climate Action Plan: The Plan builds on and expands previous agency climate action plans, to present initial steps in working across the different divisions and individual regions of HHS to identify and implement critical actions to protect the health of all Americans from climate change-related threats, ensure the continuity of operations of HHS facilities in the face of extreme weather events, and foster healthy greenhouse gas reduction and resilience efforts in the health sector and communities, and strives to assure that individuals and communities at greatest risk from climate change related threats, including low-income communities and communities of color, receive the resources necessary to achieve resilience and protect public health.
- HHS Information Technology Strategic Plan FY 2021–2023: The plan focuses on five core goals and associated objectives to strengthen the Department’s ability to deliver core IT functions with greater agility, security, and effectiveness amidst an evolving public health landscape.
- Training Data for Machine Learning (ML) to Enhance Patient-Centered Outcomes Research (PCOR) Data Infrastructure: The project addressed the goal of building and testing high-quality training datasets for a kidney disease use case that can potentially be utilized for AI/ML applications, including joint clinician-patient informed decision making.
