2. Background

CalHHS implemented an agency-wide governance structure in October 2014. The governance structure acts both in a decision-making and advisory capacity to Agency leadership and its departments and offices. Implementation of the governance framework supports information technology (IT) initiatives that are more tightly aligned with meeting business objectives, enhanced project prioritization and improved strategic IT investment decisions. The Executive Sponsor is the Undersecretary of CalHHS. The Interdepartmental Advisory Council (IDAC) consists of representatives of senior leadership from departments and offices in the Agency. There are seven subcommittees that report to IDAC, which include the Risk Management and Data Subcommittees.

• A Data De-Identification Workgroup was convened by the Data Subcommittee with representation from all departments and offices in CalHHS to develop the first Agency DDG. That first CalHHS DDG was approved for release in 2016.

• The Risk Management Subcommittee’s DDG Workgroup, now known as the DDG Peer Review Team (PRT), developed the DDG Implementation Procedure (DDG-IP) and continues to support adoption and implementation by CalHHS departments.

  • The PRT membership of scientific researchers, privacy, security, or legal staff from CalHHS departments provide recommendations on topics related to the DDG-IP and DDG.

In addition, the PRT reviews and approves department DDGs and approves certain individuals to serve as a department’s Statistical De-Identification Expert or Statistical De-Identification Supervisor Expert as indicated in the DDG-IP. CalHHS is engaged in improving transparency and public reporting. Data is Publishable State Data if it meets one of the following criteria: (1) data that are public by law such as via the Public Records Act (PRA) or (2) the data are not prohibited from being released by any laws, regulations, policies, rules, rights, court order, or any other restriction. Data shall not be released if it is restricted under state or federal law. Data tables may fall into one of three categories:

• Level One: Data tables that can be released to the public and published without restriction;

• Level Two: Data tables that have some level of restriction or sensitivity but currently can be made available to interested parties with a signed data use agreement; or

• Level Three: Level three data are restricted due to HIPAA, state, or federal law.

Data can change from Level 3 to Level 1 if appropriate de-identification processes are employed. The CalHHS DDG described in this document will support departments and offices in the evaluation of data to determine whether it has been adequately de-identified so that it can be considered Level 1.

The rest of the section varies by department. See individual department DDGs for descriptions of each department’s commitment in relation to data sharing, transparency, as well as compliance with applicable privacy laws, and tie back to the relevance of data de-identification to accomplish those goals.