Department Spotlight: Health and Human Services

In its work to "enhance the health and well-being of all Americans," the Department of Health and Human Services (HHS) oversees more than 100 programs across 13 agencies. Ten of these agencies are focused on public health, with three having human services as their main mission.

Across all of these agencies, there is a shared focus on the secure and ethical use of technology to improve public health and wellbeing. In 2023, HHS had an IT budget of $8.5 billion. Despite this spending, HHS has struggled to meet federal requirements. It did not score well on a cybersecurity audit, partly due to a lack of coordination among the operating units.

To improve this coordination, HHS is delivering guidance on IT protocols and practices to help bring all of its agencies, and even the healthcare industry in general, into alignment on modern IT applications. One such guiding document is the department's IT strategy, focused on four overarching goals:

  • Promote health and wellness
  • Enhance the delivery and experience of care
  • Accelerate research and innovation
  • Connect the health system with health data

At a more tactical level, HHS is also focused on supporting the implementation of modern technologies and architectures.

Zero Trust

Based on a request for information issued this fall, HHS is looking to centralize the implementation of zero-trust architecture across multiple operating divisions. The department wants to get a picture of where the agency's operating divisions are with respect to aligning with the Cybersecurity and Infrastructure Security Agency's (CISA) Zero Trust Maturity Model and meeting upcoming White House-issued cybersecurity mandates. With that knowledge, HHS can plan and lead the development of new security capabilities and address gaps that exist for zero-trust practices.


Data breaches in healthcare have climbed for the past five years, with ransomware attacks targeting healthcare organizations happening at much higher rates than in other sectors. Working with CISA, HHS has released guidance to support the healthcare sector in efforts to defend against cyber-attacks as they increase in volume and veracity. The cybersecurity tool kit includes overviews of cyber hygiene, how to address resource constraints, and how to share information on potential breaches.

HHS is also expanding its real-time threat intelligence operations and improving information sharing with key federal agencies to enhance preventative cybersecurity and comply with federal mandates for improved threat sharing among the public and private sectors. The department is utilizing its Sector Cybersecurity Coordination Center, known as HC3, to better enable information sharing across federal agencies, scientific research institutions, medical device manufacturers, and more.

Artificial Intelligence

HHS's Office of the National Coordinator for Health Information Technology has issued a rule that will require developers seeking certification for health IT that employs artificial intelligence or other algorithms to meet certain transparency criteria by the end of 2024. The Health Data, Technology, and Interoperability: Certification Program Updates, Algorithm Transparency, and Information Sharing (HTI-1) states that developers will have to show details on how AI is used to aid decision-making to maintain certification. One approach to increased AI transparency being piloted in CDC is "model cards," which contain information about what's in a model and how it's made. These are deployed alongside generative AI tools.

For more on HHS IT strategy and the technologies impacting the delivery of public health and services, check out these resources:

  • Accelerate Healthcare & Life Sciences (May 16, 2024; webcast) - As healthcare and life sciences organizations think about their transformation agenda, building a scalable enterprise data strategy is critical yet often challenging. During this virtual event, learn about the design considerations for a data strategy that can power business and clinical use cases, workloads and transformation initiatives, including generative AI.
  • Digital Healthcare Innovation Summit East 2024 (June 5-6, 2024; Boston, MA) - Learn about critical topics such as AI in healthcare, the impact of election results on digital healthcare innovation, issues related to underserved populations, regulatory changes, policy shifts, and more.
  • Health Innovation Summit 2024 (June 6, 2024; Reston, VA) - The focus of this year's Summit will be new healthcare technologies, innovative products and tools, the use of AI in various components of the healthcare system, partnerships and collaboration to improve the health ecosystem, and more.
  • Using Generative AI to Transform the Constituent Experience (October 11, 2024; webcast) - From the delivery of healthcare and public benefits to emergency management and national security, generative AI presents opportunities for governments to enhance constituent services.
  • The Change Healthcare Cyberattack and Response Considerations for Policymakers (white paper) - UnitedHealth Group Incorporated disclosed that one of its companies' units--Change Healthcare--was experiencing a cyberattack. As the effects of the attack have transpired, concerns over the federal response and the attack's resolution have grown.
  • Cyber Threats to Medical Technology and Communication Technology Protocols (white paper) - Healthcare facilities utilize a variety of medical devices, ranging from immobile imaging machines and mobile workstations to wearable or implanted mobile devices capable of sending and receiving data over various communications protocols. The increasing cyber threats targeting the healthcare and public health sectors place these devices at a greater risk of disruption, degradation, and destruction.
  • Artificial Intelligence & Medical Products: How CBER, CDER, CDRH, and OCP are Working Together (white paper) - The complex and dynamic processes involved in the development, deployment, use, and maintenance of AI technologies benefit from careful management throughout the medical product life cycle. AI management requires a risk-based regulatory framework built on robust principles, standards, best practices, and state-of-the-art regulatory science tools that can be applied across AI applications and tailored to the relevant medical product.

Explore more HHS related content and resources on GovEvents and GovWhitePapers.

Comments are closed temporarily due to excessive Spam.