Page 1 GAO-25-108539 HHS CIO Recommendations
441 G St. NW
Washington, DC 20548
September 3, 2025
Mr. Clark Minor
Chief Information Officer
U.S. Department of Health and Human Services
200 Independence Ave., SW
Washington, DC 20201
Chief Information Officer Open Recommendations: Department of Health and Human
Services
Dear Mr. Minor:
I am writing to you with respect to your role as the Chief Information Officer (CIO) for the
Department of Health and Human Services (HHS). As an independent, non-partisan agency
that works for Congress, GAO’s mission is to support Congress in meeting its constitutional
responsibilities and help improve the performance and ensure the accountability of the
federal government. Our work includes investigating matters related to the use of public funds
and evaluating programs and activities of the U.S. Government at the request of congressional
committees and subcommittees, on the initiative of the Comptroller General, and as required by
public laws or committee reports. Our duties include reporting our findings and recommending
ways to increase economy and efficiency in government spending. The purpose of this letter is
to provide an overview of the open GAO recommendations to HHS that call for the attention of
the CIO.
We identified recommendations that relate to the CIO’s roles and responsibilities in effectively
managing IT. They include strategic planning, investment management, and information
security. We have previously reported on the significance of the CIO’s role in improving the
government’s performance in IT and related information management functions.
1
Your attention
to these recommendations will help ensure the secure and effective use of IT at the department.
Currently, HHS has 82 open recommendations, 37 of which are considered sensitive, that call
for the attention of the CIO. Further, 49 of the 82 open recommendations are relevant to
component-level CIOs. Each of the 82 recommendations relates to a GAO High-Risk area: (1)
Ensuring the Cybersecurity of the Nation or (2) Improving IT Acquisitions and Management.
2
1
See for example, GAO, Federal Chief Information Officers: Critical Actions Needed to Address Shortcomings and
Challenges in Implementing Responsibilities, GAO-18-93 (Washington, D.C.: Aug. 2, 2018).
2
GAO, High-Risk Series: Heightened Attention Could Save Billions More and Improve Government Efficiency and
Effectiveness, GAO-25-107743 (Washington, D.C.: Feb. 25, 2025).
