Depending upon their specific statutes and missions and the nature of the information they disseminate to the public, HHS agencies currently use a variety of quality assurance methods and procedures. These methods and procedures are designed to maximize the quality of HHS information, including the objectivity, utility, and integrity.
- Objectivity involves a focus on ensuring that information is accurate, reliable and unbiased and that information products are presented in an accurate, clear, complete and unbiased manner. Objectivity is achieved by using reliable data sources and sound analytical techniques, and carefully reviewing information products prepared by qualified people using proven methods.
- Utility involves the usefulness of the information to its intended users. Utility is achieved by staying informed of information needs and developing new data, and information products where appropriate. Based on internal analyses of information requirements, convening and attending conferences, working with advisory committees and stakeholders, sponsoring outreach activities, and where appropriate, testing publications with targeted audiences to ensure relevance, clarity, and comprehensiveness, HHS agencies keeps abreast of information needs.
- Integrity refers to the security of information from unauthorized access or revision to ensure that the information is not compromised through corruption or falsification. HHS agencies have in place rigorous controls to ensure the integrity of its administrative information. Three distinct objectives are pursued in protecting the integrity of information: ensuring that there is no deliberate or accidental improper disclosure of sensitive automated information; protecting against deliberate or accidental corruption of automated information; and protecting against deliberate or accidental actions that cause automated information resources to be unavailable to users when needed. Information is accorded protection against disclosure, alteration, loss, or destruction based on the degree of sensitivity.
In addition, HHS agencies use appropriate safeguards to protect data from improper disclosure by backing up critical data periodically, and, if a security incident occurs, by following proper incident response procedures. Managers are responsible for ensuring that employees, both Government and contractors, observe all security requirements, and that employees receive appropriate security training. HHS also is instituting an enterprise-wide structured management control review process that applies throughout the system life cycle. As part of this process, risk analyses are conducted to establish a balance between an acceptable level of risk and the costs associated with safeguards.
In addition, HHS is subject to a number of statutory requirements that protect the sensitive information it gathers and maintains on individuals. Among these are:
- Health Insurance Portability and Accountability Act of 1996
- Privacy Act of 1974
- Computer Security Act of 1987
- Office of Management and Budget (OMB) Circulars A-123, A-127, and A-130
- Government Information Security Reform Act
- Federal Managers' Financial Integrity Act (FMFIA) of 1982