Skip to Content


Statement of Organization, Functions and Delegations of Authority

Document Details

Information about this document as published in the Federal Register.

Published Document

This document has been published in the Federal Register. Use the PDF linked in the document sidebar for the official electronic format.

Start Preamble

This notice amends Part R of the Statement of Organization, Functions and Delegations of Authority of the Department of Health and Human Services (HHS), Health Resources and Services Administration (HRSA) (60 FR 56605, as amended November 6, 1995; as last amended at 73 FR 22961-22964 dated April 28, 2008).

This notice reflects organizational changes in the Health Resources and Services Administration. Specifically, this notice updates the functional statement for the Office of Information Technology (RAG).

Chapter RA—Office of the Administrator

Section RA-10, Organization

The Office of the Administrator (RA) is headed by the Administrator, Health Resources and Services Administration, who reports directly to the Secretary. The OA includes the following components:

(1) Immediate Office of the Administrator (RA);

(2) Office of Equal Opportunity and Civil Rights (RA2);

(3) Office of Planning and Evaluation (RA5);

(4) Office of Communications (RA6);

(5) Office of Minority Health and Health Disparities (RA9);

(6) Office of Legislation (RAE);

(7) Office of Information Technology (RAG);

(8) Office of International Health Affairs (RAH); and

(9) Office of Management (RAM).

Section RAG-20, Functions

Delete the current functional statement for the Office of Information Start Printed Page 30407Technology (RAG) in its entirety and replace with the following:

Office of Information Technology (RAG)

The Chief Information Officer (CIO) is responsible for the organization, management, and administrative functions necessary to carry out the responsibilities of the CIO including: organizational development, investment control, budget formulation and execution, policy development, strategic and tactical planning, and performance monitoring. The CIO provides leadership in the development, review and implementation of policies and procedures to promote improved information technology management capabilities and best practices throughout HRSA. The OCIO coordinates IT workforce issues and works closely with the departmental Office of Human Resources Management on IT recruitment and training issues.

The Chief Technology Officer (CTO), reporting to the CIO, is responsible for the HRSA emerging and advanced technology integration program consistent with HRSA missions and program objectives. The CTO manages technology planning and is responsible for coordinating the Agency's Enterprise Architecture (EA) efforts with the capital planning process, ensuring the suitability and consistency of technology investments with HRSA's EA and strategic objectives, and incorporating security standards as a component of the EA process. The CTO provides leadership for strategic planning that leverages information systems security, program strategies, and advanced technology integration to achieve program objectives through innovative technology use. The CTO also provides leadership and establishes policy to address legislative or regulatory requirements, such as Section 508 of the Rehabilitation Act, and provides oversight for Agency IT configuration management and control.

The Chief Information Security Officer (CISO), reporting to the CIO, provides leadership for, and collaborates with, Agency staff to oversee the implementation of security and privacy policy in the management of their IT systems, and plans all activities associated with the Federal Information Security Management Act (FISMA) or other agency security and privacy initiatives.

The CISO implements, coordinates, and administers security and privacy programs to protect the information resources of HRSA in compliance with legislation, Executive Orders, directives of the Office of Management and Budget (OMB), or other mandated requirements e.g., Presidential Decision Directive 63, OMB Circular A-130, the National Security Agency, the Privacy Act, and other Federal agencies. Further, the CISO is responsible for the execution of the Agency's Risk Management Program, and evaluates and assists with the implementation of safeguards to protect major information systems, and IT infrastructure. In close coordination with the Division of IT Operations and Customer Service, develops and implements HRSA level policies, procedures, guidelines, and standards for the incorporation of intrusion detection systems, vulnerability scanning, forensic and other security tools used to monitor automated systems and subsystems to safeguard HRSA's electronic information and data assets. The CISO manages the development, implementation, and evaluation of the HRSA information technology security and privacy training program to meet the requirements as mandated by OMB Circular A-130, the Computer Security Act, and Privacy Act.

Division of Business Information Management (RAG1)

The Division of Business Information Management (DBIM), provides consultation, assistance, and services to HRSA to promote and manage information dissemination and collaboration practices using appropriate electronic media. DBIM evaluates and integrates emerging technology to facilitate the translation of data and information from data repositories into electronic formats for internal and external dissemination. In collaboration with the Office of Communications, DBIM is responsible for the design, deployment, and maintenance of HRSA's Internet and Intranet Web sites including development and implementation of related policies and procedures. DBIM develops and maintains an overall data and information management strategy for HRSA that is integrated with HHS and Government-wide strategies. DBIM identifies information needs across HRSA and develops approaches for meeting those needs using appropriate technologies including development and maintenance of an enterprise reporting platform. DBIM provides for data quality and ensures that data required for enterprise information requirements are captured in appropriate enterprise applications and that necessary data repositories are built and maintained. DBIM enhances and expands use and utility of HRSA's data by providing basic analytic and user support; develops and maintains a range of information products for internal and external users; and demonstrates potential uses of information in supporting management decisions. DBIM provides leadership and establishes policy to address legislative or regulatory requirements in its areas of responsibility.

Division of Capital Planning and Project Management (RAG2)

The Division of Capital Planning and Project Management (DCPPM) coordinates the development and review of policies and procedures for IT Capital Planning and Investment Control, Earned Value Management, IT portfolio management, IT project management, and the enterprise performance lifecycle methodology. DCPPM administers the Department's multi-year strategic information resources planning process, including developing and administering the Department's Strategic IT Plan; supports the Budget Office in its evaluation of IT initiatives, and preparation of Agency, departmental and OMB Budget Exhibits and documents. DCPPM works to obtain required information and analyzes it as appropriate; coordinates control and evaluation review of ongoing IT projects, including support to the HRSA ITIRB in conducting such review; promotes and follows a consistent methodology for project management and improves agency-wide project management. DCPPM operates a Project Management Office to improve management, communications and functional user involvement, assists with project prioritization, and monitors progress and budget.

Division of Enterprise Solutions Development and Management (RAG3)

The Division of Enterprise Solutions Development and Management (DESDM) provides leadership, consultation, and IT project management services in the definition of Agency business applications architectures, the engineering of business processes, the building and deployment of applications, and the development, maintenance and management of enterprise systems and data collections efforts. DESDM is responsible for technology evaluation, application and data architecture definition, controlling software configuration management, data modeling, database design, development and management and stewardship services for business process owners. DESDM manages the systems development lifecycle by facilitating business process engineering efforts, systems requirements definition, and Start Printed Page 30408provides oversight for application change management control. DESDM provides enterprise application user training, Tier-3 assistance, and is responsible for end-to-end application building, deployment, maintenance and data security assurance.

Division of IT Operations and Customer Services (RAG4)

The Division of IT Operations and Customer Services (ITOCS) provides leadership, consultation, training, and management services for HRSA's enterprise computing environment. ITOCS directs and manages the support and acquisition of HRSA network and desktop hardware, servers, wireless communication devices, and software licenses. ITOCS is responsible for the HRSA Data Center and the operation and maintenance of a complex, high-availability network infrastructure on which mission-critical applications are made available 24 hours per day, 7 days per week. ITOCS provides oversight for outsourced electronic mail, Internet and connectivity, web and video conferencing, and co-managed firewall and security monitoring services. ITOCS controls infrastructure configuration management, installations and upgrades, security perimeter protection, and system resource access. ITOCS coordinates IT activities for Continuity of Operations Planning (COOP) Agency-wide including provisioning and maintaining IT infrastructure and hardware at designated COOP locations to support emergency and COOP requirements. ITOCS is accountable for property life cycle management and tracking of Agency-wide IT capital equipment. ITOCS provides oversight for outsourced Tier-1 and Tier-2 Help Desk Call Center technical assistance; maintains workstation hardware and software configuration management controls; and provides oversight of outsourced network and desktop services to staff in HRSA Regional Offices (ROs).

Section RA-30, Delegations of Authority

All delegations and re-delegations of authority made to HRSA officials and employees of affected organizational components will continue in them or their successors pending further re-delegations, provided they are consistent with this reorganization.

This reorganization is effective upon the date of signature.

Start Signature

Dated: May 15, 2008.

Elizabeth M. Duke,


End Signature End Preamble

[FR Doc. E8-11800 Filed 5-23-08; 8:45 am]