Chief Information Officer Open Recommendations: Department of Health and Human Services

What GAO Found

In September 2025, GAO identified 82 open recommendations under the purview of the Department of Health and Human Services (HHS) Chief Information Officer (CIO), including 37 that are sensitive and 49 that are relevant to component-level CIOs, from previously issued work. Each of these recommendations relates to a GAO High-Risk area: (1) Ensuring the Cybersecurity of the Nation or (2) Improving IT Acquisitions and Management. In addition, GAO has designated one of the 82 as a priority recommendation.

For example, GAO previously recommended that HHS complete its covered Internet of Things inventory within the revised time frame it had proposed. Further, GAO previously recommended that HHS develop a work plan that includes specific actions that can be completed to show progress in developing a public health situational awareness network.

GAO also previously recommended that the department establish a reasonable time frame for when it will be able to digitally accept access and consent forms from individuals who were properly identity proofed and authenticated, and post those forms on the department's privacy program website. The CIO's continued attention to these recommendations will help ensure the secure and effective use of IT at the department.

Why GAO Did This Study

CIO open recommendations are outstanding GAO recommendations that warrant the attention of agency CIOs because their implementation could significantly improve government IT operations by securing IT systems, identifying cost savings, improving major government programs, eliminating mismanagement of IT programs and processes, or ensuring that IT programs comply with laws, among others.

For more information, contact Nick Marinos at [email protected].