Data Modernization and Policies
When it comes to data modernization, technology and policy must evolve hand in hand. Policies, laws, and regulations can have major and lasting effects on the resources and direction for modernization efforts. They often help set the vision, define the rules, and drive necessary change. The links below will help you explore some of the major policies that continue to inform our work.
Learn more about:
- Specific policies and data standards that are advancing interoperability for public health
- Public health and data authority – and why it matters
Federal Policies
Policy developments at the federal level are strengthening our capabilities, connecting healthcare and public health, improving data accessibility, and changing how technologies are acquired.
The American Rescue Plan (ARP) Act of 2021 provided funding to CDC to advance surveillance and analytics infrastructure, as well as to establish a forecasting center for emerging biological threats.
The CARES Act of 2020 provided funding to support enhancement of public health information system capabilities to address COVID-19 reporting needs.
The ongoing COVID public health emergency declaration temporarily allowed CDC to directly receive reports of laboratory test results, hospitalizations, and nursing home/long-term care data that were not available nationally before the pandemic. As of May 11, 2023, the federal COVID-19 public health emergency has ended, ending CDC’s authorization to collect certain types of public health data.
The 21st Century Cures Act of 2016 defined the concept of interoperability, required that health information be made available electronically to patients and consumers, called for the development of a trusted framework of health information exchanges, and prohibited information blocking.
- Recommended reading: Public Health Data Modernization: Listening Session on Real-World Testing of 21st Century Cures Act Requirements explores what these changes mean for data standards and technologies.
In March 2020, the Office of the National Coordinator (ONC) for Health IT and the Centers for Medicare and Medicaid Services (CMS) publicly released their final regulations related to driving more interoperability and data exchange across the entire healthcare ecosystem.
- ONC’s Cures Act Final Rule supports seamless and secure access, exchange, and use of electronic health information. It covers important topics such as what is (and is not) considered information blocking, as well as specific requirements for certified health IT and electronic health record systems.
- The CMS Interoperability and Patient Access Final Regulation requires health plans doing business with federal health programs to implement certain data exchange capabilities so that members have more access to their health information.
The ONC Health IT Certification Program ensures that Certified Health Information Technology meets the technological capability, functionality, and security requirements adopted by the U.S. Department of Health and Human Services (HHS).
CMS established the Medicare Promoting Interoperability Program (first established in 2011 as the Medicare and Medicaid EHR Incentive Programs) to encourage eligible professionals, eligible hospitals, and critical access hospitals to adopt, implement, upgrade, and demonstrate meaningful use of certified electronic health record technology.
The Foundations for Evidence-Based Policymaking Act (Evidence Act) of 2018 requires agencies to advance evidence-building, support open-government data, and improve confidential information protection and statistical efficiency.
The September 2022 Evidence Commission After Five Years: A Progress Report on the Promise for a More Evidence-Informed Society follows up on the Foundations for Evidence-Based Policymaking Act.
The OPEN Government Data Act requires that all non-sensitive government data be made available in machine-readable formats by default. “OPEN” stands for Open, Public, Electronic and Necessary.
The Federal Information Technology Acquisition Reform Act (FITARA), passed by Congress in December 2014, is a historic law that represented the first major overhaul of Federal information Technology (IT) in almost 20 years.
The Federal Acquisition Regulation is the primary regulation for use by all executive agencies in their acquisition of supplies and services with appropriated funds. It is an important part of making acquisition processes more efficient and effective to allow CDC and its partners to get timely and flexible resources.
Learn more:
- ONC article E Pluribus Unum discusses the HHS department-wide management policy directing ONC to engage with HHS agencies to align and coordinate health IT-related activities in support of HHS health IT and interoperability goals.
- The TechFAR Hub describes flexibilities that exist right now within the acquisition regulations and laws to acquire digital services through contracts. It brings best practices from industry to federal digital service acquisitions.
Presidential Executive Orders
The White House Executive Order on Ensuring a Data-Driven Response to COVID-19 and Future High-Consequence Public Health Threats was signed by President Biden in January 2021.
- In March 2021, the Department of Health and Human Services (HHS) established several interagency workgroups to address the order’s requirements.
- CDC’s Data Modernization Initiative (DMI) leadership took part in the HHS interagency workgroup to enhance data collection and collaboration capabilities across public health, including strengthening the workforce and making federal data more open and secure, as required under Section 2 of the order.
- Recommended reading: See the Final Report of the Health Information Technology Advisory Committee’s Public Health Data Systems Task Force, which was submitted to ONC on July 14, 2021.
The White House Executive Order on Improving the Nation’s Cybersecurity of March 2021 lays out goals and requirements for federal agencies around security best practices; accelerating movement to secure cloud services; protecting privacy; and investing in both technology and personnel to match these modernization goals.
Note: In addition to these federal policy developments, there have been a number of state policy developments focusing primarily on privacy of health information collected, maintained, used, and disclosed by digital companies (such as the California Consumer Privacy Act), as well as enhanced cybersecurity protections and reporting requirements.
Aligning Strategically Across the Government
CDC’s Data Modernization Initiative strategy, activities, and goals are aligned with other key federal strategies for data and technology.
The Federal Data Strategy encompasses a 10-year vision for how the Federal Government will accelerate the use of data to deliver on its mission, serve the public, and steward resources while protecting security, privacy, and confidentiality. DMI activities are in line with this long-term vision.
In the Federal Health IT Strategic Plan (2020-2025), ONC outlines concrete steps federal partners can take to improve population health by advancing interoperability to support transparent, trusted, and seamless connectivity of Electronic Health Information using standards-based APIs.
The CDC IT Strategic Plan for Fiscal Years (FY) 2021-2023 is forged from our response to COVID-19, our efforts over the last three years, and CDC’s Data Modernization Initiative. It reflects the agency’s goal to deliver technology services, capabilities, and infrastructure that are modern, flexible, sustainable, and interoperable to improve the health and well-being of the public.
On December 1, 2023, CDC adopted a new approach to data use agreements (DUAs) with states, tribes, localities, and territories (STLTs) for core data sources – a “Core DUA” that aims to unify and enhance national data exchange. Following recommendations from the Advisory Committee to the Director (ACD) Data and Surveillance Workgroup, CDC is implementing a single agreement that formalizes agency-to-agency data sharing relationships. Jurisdictional and operational terms specific to six core data sources and others over time will be included and updated in addenda to the Core DUA. The Core DUA will reduce the administrative burden on CDC and STLT programs by incorporating common provisions designed to be consistent across all data sent from jurisdictions to CDC. This will also allow CDC and STLTs to work together to amend and update terms as technological, legal, and jurisdictional contexts change over time. CDC’s Office of Public Health Data, Surveillance, and Technology (OPHDST) will centralize governance for the Core DUA and, with programmatic leads, will enter into the Core DUA with STLTs in 2024.
State, local, tribal, and territorial (STLT) organizations have their own authority and autonomy to define and set policies around public health data. Visit our public health data authorities pages to learn more.