NASCIO says what began as broad requests for the federal government to organize its regulatory environment for state IT is now on "more solid footing."
A group representing state chief information officers says progress was made in private talks with federal officials Wednesday on solving state government’s woes in complying with a varied and sometimes conflicting mass of regulations.
The talks were held between approximately 60 senior state technology leaders and federal officials from the Federal Emergency Management Agency, the Internal Revenue Service's Office of Safeguards and the Federal Bureau of Investigation's Criminal Justice Information Services division, according to the National Association of State Chief Information Officers. Held as part of NASCIO’s annual “fly-in” event in Washington D.C., the discussions are a continuation of a push from state government initiated last year for a more cohesive and easy-to-follow set of regulations.
NASCIO Director of Government Affairs Yejin Jang told StateScoop that discussions are on “more solid footing” now and are progressing toward substantive change.
The talks are rooted in a request by NASCIO President and Oklahoma CIO Bo Reese as he testified before the Senate Homeland Security and Governmental Affairs Committee last June, supplying examples of ongoing struggles among government technology officials, particularly those in consolidated or unified IT organizations, to comply with a host of overlapping federal regulations that continues to grow each year.
“State CIOs find themselves operating in an increasingly complex regulatory environment driven by disjointed federal regulations,” Reese testified at the time, and then supplied a partial list of regulations with which state agencies must comply, including the IRS's Publication 1075, the FBI's CJIS division, and the Health Insurance Portability and Accountability Act, among others.
The main thrust of states' complaint with the federal regulatory environment is that it is most disruptive to IT organizations that are consolidated, which NASCIO considers to be a more efficient setup. Consolidated IT bureaus sometimes field repeated audits from the federal regulators as they return for information related to branches of state IT operations that, once separate, are now managed by a centralized office. Federal regulations and audits have not kept pace with trends in state government IT, the CIOs say.
NASCIO and the National Governors Association followed up Reese's visit to Capitol Hill with a letter last November asking the Office of Management and Budget’s Office of Information and Regulatory Affairs to examine the issue. Rep. Trey Gowdy (R-S.C.), the chairman of the House Oversight Committee, and Sen. Ron Johnson (R-Wis.), chairman of the Senate Homeland Security and Governmental Affairs Committee, have also prodded GAO to look into federal regulations' incompatibility with state IT.
Jang said NASCIO is pleased to hear that GAO has since begun to study the issue in earnest.
A report released by Gowdy in March brushes against the challenge the federal government will face in harmonizing disparate regulations, citing a federal code that now includes more than a million restrictions denoted by the words “shall” and “must.”
The volume of regulatory guidance provided by the federal government is both “vast and expanding” but the extent of the government’s regulatory guidance is also unknown. Gowdy’s report says many agencies submitted incomplete accounts of their guidance and others did not respond at all. The federal government does not maintain a complete inventory of these documents.
Jang said the talks that included FBI-CJIS and the IRS — two key regulators with which states must comply — were constructive.
“We had a really good honest conversation with them both and we talked about our process and I know they know the pain and burden our CIOs feel when they have to comply with the regulations that the federal government enforces against states,” Jang said.
A working group established by NASCIO in September has “already done the hard work” of comparing the IRS’s Publication 1075 against FBI-CJIS regulations, Jang said.
“That document is not public yet, but it is complete,” Jang said. “We are hoping to share that with our federal partners, specifically that GAO will look at it, that OMB-OIRA will look at it, and try to help us harmonize where there are disparate requirements on the same issue.”