What We Do

The Office of the Chief Information Officer (OCIO) serves the U.S. Department of Health and Human Services (HHS) by leading the development and implementation of an enterprise information technology (IT) across HHS. The office establishes and provides support for:

E-Government Initiatives

Coordinates HHS participation in, and the technical implementation of, all President’s Management Agenda e-Government Initiatives. HHS serves as the managing partner for two initiatives: Federal Health Architecture and Grants.gov and co-leads the Grants Management Line of Business.

IT Operations Management

Provides IT project management and oversight for all major IT projects that have enterprise importance.
Supports IT infrastructure for the Office of the Secretary (OS) and participating Operating Divisions (OpDivs) by offering and managing help desk and desktop support.
Provides support for the Secretary’s Command Center and continuity of operations planning.
Maintains an IT workforce development and training program to support an IT workforce that exhibits technical knowledge and expertise.

IT Investment Analysis

Coordinates the Department’s strategic planning, capital planning and investment control, budgeting and performance management processes for IT, and provides direct planning development and support to assure that Information Resources Management (IRM) plans support agency business planning and mission accomplishment.
Assesses risks that major information systems pose to performance of program operations and administrative business throughout the Department, develops risk assessment policies and standard operating procedures and tools, and uses program outcome measures to gauge the quality of Departmental IRM.

IT Security and Privacy

Develops, implements, and administers a business-centric and collaborative approach to effectively address the evolving cyber threat environment, increased sophistication of attacks, and rapid proliferation of health data resources without impeding or inhibiting OpDivs’ missions and business objectives.
Establishes strategic program goals geared towards deploying threat management and information protection capabilities and standards; strengthening the cybersecurity workforce; increasing stakeholder engagement; and offering secure solutions and enterprise services to Programs across HHS.
Monitors all Departmental systems development and operations for security and privacy compliance and provides advice and guidance to ensure compliance standards are included throughout system life cycle development.
Ensures access to innovative technologies and thought leadership that enable OCIO program objectives and allows HHS to provide better, more secure services to the public.
Develops, implements, and evaluates an industry-recognized cybersecurity training and awareness program that includes HHS CyberCARE and Healthy Technologies.
Establishes and leads the Computer Security Incident Response Center, the Department’s overall cybersecurity incident response/coordination center, and works through the Health Threat Operations Center in the monitoring, response, and mitigation of emerging cyber threats.
Maintains a consistent and current security and privacy impact assessment program and evaluates compliance of critical data and information for the Department.
Monitors and improves the overall quality of the Department’s privacy and information risk analyses, anticipates and responds to breaches of privacy information, and helps mature the information management functions within the OpDivs.
Develops, implements, and provides information managers and handlers privacy education and awareness trainings to reduce risk across the Department.

Performance Measurement

Evaluates major investments in IT, and is responsible for their subsequent periodic review based on performance measures.
Oversees and manages risks associated with major information systems and IT.
Reviews the Department’s information resources for fraud, waste, and abuse to avoid having redundant resources, in conformance with the Clinger-Cohen Act.

Policies to Provide Improved Management of Information Resources and Technology

Develops and coordinates IRM policies applicable across the Department and OS, including the creation, handling, storage, dissemination, and disposition of information.
Oversees HHS information collection, including development of Departmental policies, coordinating the Department’s information collection budget, and reviewing and certifying requests to collect information from the public.
Approves and reports on computer matching activities as required by law through the Departmental Data Integrity Board.
Manages the Departmental printing management, records management and mail management policy programs.
Works closely with the Chief Financial Officer, Chief Administrative Officer, Division leadership, OpDiv and Staff Division Chief Information Officers, and governance structures to have visibility throughout the planning, programming, and budgeting processes to assure understanding of the overall Departmental IT portfolio, IT budget and IT acquisitions, in conformance with the Federal Information Technology Acquisition Reform Act.

Strategic Development and Application of Information Systems and Infrastructure

Provides leadership in the planning, design, and evaluation of major Departmental projects and oversight through project rollout, and performs post-implementation performance assessments.
Provides data processing and communications equipment for OS and participating HHS OpDivs; implements, operates and maintains standard office automation applications running on the OS network.

Technology-Supported Business Process Reengineering

Leads the development and implementation of enterprise architecture across the Department.
Performs alternative analysis for key emerging and enabling technologies. Coordinates or directs pilot projects in these areas to establish proof of concept, confirm return on investment, or implement initial production implementations.
Produces and updates the Department’s five year IT Strategic Plan.