Health IT

HHS CIO to get more control over

screen capture of site

The CIO of the Department of Health and Human Services will get more visibility into the development and governance of In reply comments to a Government Accountability Office report on, HHS concurred with a GAO recommendation that the departmental CIO ensure that high-risk IT programs are overseen by the investment review board.

HHS said it "will provide oversight through several mechanisms including the department-wide review board and the increased responsibilities articulated within the Federal Information Technology Acquisition Reform Act."

This is one of the first concrete signs that the oversight weaknesses identified in congressional hearings during the flawed rollout of in October 2013 are being remedied by legislation.

The GAO conducted a broad inquiry into the management, planning, and testing of, and found that even after full functionality was restored to the service, problems in project management, systems testing, and oversight persisted.

For example, GAO found that in the race to meet the launch deadline, functional requirements were approved for development without the OK of the appropriate Centers for Medicare and Medicaid Services officials. With its new governance process, instituted in June 2014, "CMS has not consistently and appropriately approved requirements," the report found. Until the system for documenting the approval process for new functionality is in place, GAO warned, "CMS may not establish a shared understanding of requirements with its contractors, potentially resulting in critical system functionally not providing needed capabilities." According to reply comments from HHS, this has been addressed with an approval system requiring sign-off from officials who supervise contractors.

Despite improvements in testing procedures, GAO also found that some testing plans lacked key elements. This is a work in progress, according to the HHS reply comments. Teams at CMS are standardizing testing documents and policies. Additionally, GAO is looking for CMS to improve scheduling. HHS concurred with all of the recommendations made in the report.

The Office of Management and Budget came in for a few dings for not selecting the project for a TechStat accountability session, where project managers would come in and explain the status of flagging development efforts. While HHS had the primary role in selecting its own projects for TechStat, OMB did have the authority to intervene and target high-risk projects for review. 

The GAO inquiry covered project documents and data through July 2014, covering the period when developers at CMS were fixing for the first open enrollment season, and when they were preparing for the open enrollment season that kicked off last November.

About the Author

Adam Mazmanian is executive editor of FCW.

Before joining the editing team, Mazmanian was an FCW staff writer covering Congress, government-wide technology policy and the Department of Veterans Affairs. Prior to joining FCW, Mazmanian was technology correspondent for National Journal and served in a variety of editorial roles at B2B news service SmartBrief. Mazmanian has contributed reviews and articles to the Washington Post, the Washington City Paper, Newsday, New York Press, Architect Magazine and other publications.

Click here for previous articles by Mazmanian. Connect with him on Twitter at @thisismaz.


  • Defense
    Ryan D. McCarthy being sworn in as Army Secretary Oct. 10, 2019. (Photo credit: Sgt. Dana Clarke/U.S. Army)

    Army wants to spend nearly $1B on cloud, data by 2025

    Army Secretary Ryan McCarthy said lack of funding or a potential delay in the JEDI cloud bid "strikes to the heart of our concern."

  • Congress
    Rep. Jim Langevin (D-R.I.) at the Hack the Capitol conference Sept. 20, 2018

    Jim Langevin's view from the Hill

    As chairman of of the Intelligence and Emerging Threats and Capabilities subcommittee of the House Armed Services Committe and a member of the House Homeland Security Committee, Rhode Island Democrat Jim Langevin is one of the most influential voices on cybersecurity in Congress.

Stay Connected


Sign up for our newsletter.

I agree to this site's Privacy Policy.