• Decrease font size
  • Return font size to normal
  • Increase font size
U.S. Department of Health and Human Services

About FDA

  • Print
  • Share
  • E-mail

FDA IM Strategic Plan - Drivers and Framework for the Strategic Plan

FDA and OIM are responsible for providing the IM infrastructure and services to support FDA’s mission to advance the health of the public.  It is required to do this according to the following laws and directives, which govern the federal government IM line of business:

  • Federal Records Act of 1950 and National Archives and Records Administration Act of 1984 provides framework for records management in federal Agencies; NARA guides in appraising records, regulating and approving disposition, operating Federal Records Centers, and preserving permanent records
  • Privacy Act of 1974 balance between government rights to maintain information on individuals and individual rights to have privacy protected – collection limitation, disclosure, secondary usage, record correction, security
  • Competition in Contracting Act of 1984 requires, with limited exceptions, that contracting officers promote and provide for full and open competition in soliciting offers and awarding federal government contracts
  • Computer Security Act of 1987 establishes minimum acceptable security practices for federal systems; requires creation of computer security plans and training of system users or owners where the systems house sensitive information
  • Government Performance and Results Act of 1993 requires agencies to engage in project management tasks such as setting goals, measuring results, and reporting their progress; agencies must produce strategic plans, performance plans, and conduct gap analysis of project
  • Paperwork Reduction Act of 1980, amended 1995 federal agency policies, principles, standards, and guidelines on privacy, confidentiality, security, disclosure, and information sharing; requires OMB approval for information collected from the public; no persons required to respond without OMB control number
  • 5 Code of Federal Regulations (CFR) 1320 OMB’s final rule on controlling paperwork burden
  • Information Technology Management Reform Act of 1996  (Clinger-Cohen Act) comprehensive approach for executive agencies to improve the acquisition and management of their information resources – information resource planning; capital planning and investment control process linked to budget formulation and execution; develop, maintain, and facilitate implementation of top-level enterprise architecture
  • Freedom of Information Act of 1996 agencies shall make available for public inspection and copying a general index of records and copies of all records, with certain exceptions to protect proprietary and privacy information
  • Health Insurance Portability and Accountability Act of1996 to simplify administration of health insurance; to combat waste, fraud, and abuse; to create national standards to protect medical records; requires adoption of national standards for electronic health care transactions and national identifiers for providers, health plans, and employers; establishes standards for privacy and security of health information, as well as standards for electronic data  interchange of health information
  • Government Paperwork Elimination Act of 1998  – requires that, when practicable, Federal agencies use electronic forms, electronic filing, and electronic signatures to conduct official business with the public; focuses on records management issues; guidance to agencies on securing information in interconnected electronic networks; significantly increased security for government systems
  • Presidential Decision Directive 63 disclaimer icon  Critical Infrastructure Protection (1998) – established Information and Communications as a critical infrastructure segment
  • OMB Circular A-130– Management of Federal Information Resources (2000) – policy for the management of federal information resources; integrated life cycle IM planning with budgeting, acquisition, and use of information technology; records management and archival functions; training; protection and safeguards; provide information to the public; limit collection of individually-identifiable information; Capital Planning and Investment Control; Enterprise Architecture
  • President’s Management Agenda (2002) technology agenda brings collaboration, participation, and transparency to government in a big way – disclosure management; data sharing; data quality; multichannel information, interaction, and service delivery; data analysis; disruption; and defining and measuring impact
  • Electronic Government Act of 2002 using information technology to transform agency business into a more user friendly process; protects confidentiality of data across   government and allows key statistical agencies to share business data
  • Federal Information Security Management Act of 2002 [Title III of eGov Act] defines a comprehensive framework to     protect government information, operations, and assets against natural or man-made threats; agency annual reviews of information security – categorize information, baseline controls, risk assessment, document controls in system security plan, implement security controls, assess effectiveness, determine agency-level risk, authorize information systems, monitor security controls
  • E-Government Strategy (2002) implements the President’s Management Agenda for e-Government; simplified delivery of services to citizens
  • The National Strategy to Secure Cyberspace(2003) national strategy to prevent cyber attacks against America’s critical infrastructures; reduce national vulnerability to cyber attacks; and minimize damage and recovery time from cyber attacks that do occur.
  • OMB Circular A-11, part 7 Capital Asset Management (2003) – federal budget process and capital asset management processes, Exhibit 300, Enterprise Architecture
  • OMB Circular A-76 Performance of Commercial Activities (2003) – requires competition for needed commercial services
  • Homeland Security Presidential Directive 7 (HSPD-7, 2003)identify and prioritize critical infrastructure and to protect them from terrorist attacks
  • Homeland Security Presidential Directive 12 (HSPD-12, 2004) - a mandatory, Government-wide standard for secure and reliable forms of identification issued by the Federal Government to its employees and contractors
  • Federal Acquisition Regulation (FAR, 2005) detailed contracting requirements
  • OMB M-08-05 and M-09-32 Trusted Internet Connections (2007, 2009) – optimizing of federal individual external internet connections
  • OMB Circular A-127 Financial Management Systems (2009) – policies for financial management systems; requires FSIO Certified Commercial (COTS) Systems
  • OMB Circular A-16 Coordination of Geographic Information and Related Spatial Data Activities (2010) – coordination and use of geospatial data
  • OMB Directive M-10-15 Reporting Instructions for the Federal Information Security Management Act and Agency Privacy Management (2010)
  • Telework Enhancement Act of 2010 – Mandates that federal agencies establish policy under which eligible employees maybe authorized to telework
  • Executive Order 13589 Promoting Efficient Spending (2011)
  • DIGITAL GOVERNMENT:  Building a 21st Century Platform to Better Serve the American People Information-Centric, Shared Platform, Customer-Centric, Security and Privacy (2012)
  • NIST Security Guidances National Institute of Standards and Technology mandates for IT security matters
  • Federal CIO Strategic Plan and 25-Point Reform Implementation Plan
  • HHS Strategic Plan and Secretary’s Priorities
  • HHS CIO Strategic Plan and Policy/Directives
  • Office of the National Coordinator for Health IT Directions - relating to Electronic Health Record (EHR) Standards, Federal Health Architecture, Nationwide Health Information Network,  EHR Meaningful Use, etc.
  • PCAST Report on Health Information Technology (2010)
  • PCAST Report on Designing a Digital Future (2010)
  • Topics with CIO responsibility / oversight (GAO-04-823, GAO-11-634, OMB M-11-29)

FDA Information Management, generally through OIM, is responsible to Guide Business Needs within Regulations and Mandates – OIM assists the FDA Programs in implementation of their business needs in a way that is acceptable within the boundaries defined by Laws, Regulations, Standards, and other mandates.

Comments or suggestions, please contact either the FDA CIO at FDACIO@FDA.HHS.GOV or John W. Gardner, MD, DrPH at john.gardner@fda.hhs.gov.

Table of Contents

Previous Section: Goal #4

Next Section: Acronym List