How Illinois’ CIO Got Buy-In for the State’s Data Sharing Agreement

In a Q&A, Hardik Bhatt discusses what he learned from the successful completion of the state data sharing agreement.

by / February 23, 2017
Illinois CIO Hardik Bhatt David Kidd/e.Republic

(Data-Smart City Solutions) — Last May, the state of Illinois made headlines with an enterprise memorandum of understanding between 13 state agencies that agreed to share data to enhance delivery of government services and improve overall efficiencies. I spoke with Illinois Chief Information Officer (CIO) Hardik Bhatt about what he learned from the successful completion of the state data sharing agreement.

Stephen Goldsmith: It’s easy to say you want to share data in municipal government, everyone will say yes until they say no, but how did you get the buy-in and authority to accomplish this kind of agreement?

Hardik Bhatt: The buy-in started at the top. From the beginning, the governor, deputy governor and I all agreed we must use data to drive decisions. We concluded that technology needs to be at the business table at all times. We are no longer the back-office operatives. We are the core drivers with business for major transformational work.

I got a seat at the table with all of the business leaders and agency directors to discuss the major transformational efforts the governor was focused on around health and human services. When we pulled together the transformational leadership group, I was considered a partner and peer with the other 12 agencies, including education, corrections, health and human services, aging, veterans’ affairs, and others.

I spent a lot of time with the directors, understanding their problems and emphasizing the value of data and the ways it will transform how we provide efficient services as a government. 

Always looking to learn from others, I met the CIO of Indiana at a conference, and we scheduled a visit. Ten people from my team and the governor's office came to learn about their analytics capabilities, the Management Performance Hub, and the journey it took to get there. The biggest lesson learned? It took them 18 months to get agencies to agree to share data. He said if they could start all over again, they would do one enterprise agreement, instead of multiple one-on-one agreements with each agency. But, he added, that seemed almost impossible to get 15 lawyers to agree on one thing.

With the groundwork and executive support already in place, everyone had come together around the value and urgency of data sharing. We brought this enterprise agreement idea to the transformation leadership team and emphasized the need for accelerated, holistic data interoperability. Why don’t we take this lesson learned from Indiana and create an enterprise agreement or an MOU? And everyone was on board. We started moving really fast, because you never know when the landscape could change.

The deputy counsel in the governor’s office was chosen to chair the task force. A CIO in one of the agencies with a JD degree stepped up to help. We brought 15 agency lawyers into a room, and got this done in seven months. That beat Indiana by almost a year. We had complete buy-in all the way from the governor to the agency directors, and we had shown a 360-degree view of how different systems could share data. We showed them the power of data sharing, through Google Concept, and they got it.

While we were doing the legal negotiation, we also solidified the business case, deliberately built a culture of collaboration, and got leadership buy-in, which were all critical. And while we don’t shy away from learning from other places, we also give credit to who we learn from. We publicly give Indiana a lot of credit for the success we have seen thus far.

During this time, Governor Bruce Rauner issued an Executive Order creating the Department of Innovation and Technology, which moved us from a commoditized shared service to a cabinet-level position. He put my position, the state CIO, as the data steward with access and responsibility for all the data in the executive branch. This was a strong signal from the top of the importance of this work.

Goldsmith: With this enterprise approach, somebody has to actually make decisions about allocating risk and interpreting federal rules around privacy, so who was the chair or leader of that legal group?

Bhatt: We had the then-deputy general counsels from the governor's office and Department of Human Services at that time to drive the initiative. But we didn’t leave it just in the hands of the lawyers. We included the business side and the technology side in on these conversations. Three of the CIO’s from the departments had JD degrees, so they were able to bring their technical, business and legal expertise to the table.

Goldsmith: Indiana decided to tackle infant mortality as a test case for data sharing not only because it was a serious issue but because the governor’s office thought it would motivate people to share data — what’s your view on whether to negotiate an agreement with a specific use case in mind or just start with a concept that we’re going to share data to make everybody (departments) better?

Bhatt: We took the latter approach and pursued an umbrella agreement to improve services across the board. And then, based on the specific use case or problem we’re trying address, we may get into specific approvals, not necessarily agreements, that may be needed for a particular dataset.

For example, if a dataset is coming from a system that is funded by the federal Centers for Medicare and Medicaid Services, you would need to go through that approval process.

What we did in the enterprise agreement or eMOU [Memorandum of Understanding], we have construct which is like FOIA [Freedom of Information Act] agreements. If you get a FOIA you have 10 business days to respond, whether you give the data, ask for extra time with a valid reason, or deny with a specific, valid reason. In the eMOU, we said that if we are going to be accountable like this to the external public who is asking for data, we need to be accountable when internally we are looking for data. So when we have a specific request, a department has 10 business days to disapprove this with a valid reason and the state CIO can overturn your decision if your reason is not valid and you cannot show a legal reason why you are not giving this data. Then the agency has the option to raise it to the governor’s chief operating officer, where the agency can bring their reason for not sharing, but a lot of this happens within 48 hours.

And in the case that they don’t respond within 10 days, then it is automatically approved and deemed that you have to share the data. Everyone agreed to that, knowing the fact that we need to move fast in order to transform government and services.

Goldsmith: My experience is that the folklore around federal privacy laws like FERPA and HIPAA can in some cases be worse than the law, so if you have that last legal review run by the agency’s lawyer who claims to own the expertise interpreting FERPA, is that an issue in Illinois?

Bhatt: With the leadership that Governor Rauner has shown as well as the eMOU team, we are all pushing in the same direction. For example, when Health and Family Services (HFS) lawyers push back, I can talk with the department director and she can review this and come back with a very neutral decision or reason why they should change their view or why I should change mine. We are very open to that kind of discussion.

Whatever we do, we want to ensure our work remains when leadership changes.

Goldsmith: In your role as data steward, is there already or are you planning to create a place where all this data is centrally stored?

Bhatt: No, we are not planning that. We are planning, however, to create a 360 degree model that keeps the data where it belongs, but allows us to just show it on the front end. When we do the predictive analytics work, agencies can go in and see the data right at its source, without having to extract and potentially expose data to security or privacy risk.

We have the infrastructure ready, a data analytics team ready, the tools are ready, and we are going to start working on the predictive aspects of it with this approach.

Goldsmith: How are you thinking about access, not just where the data is kept, but access for the analytics purposes?

Bhatt: We are focusing on infrastructure and security before we jump into analytics or bringing data out of secure locations. For over a year we have gone through an extensive exercise of encrypting every piece of PII (Personally identifiable information). We are at almost 97-98 percent, and working on the last two or three percent. So, I don’t want to recreate that risk. That’s why we are very diligent about figuring out how we want to manage this. While we do that, we need to show the businesses that this is working and has value. So we focus on these 360-degree views, which is more of a front-end view without bringing data outside of their systems.

Our philosophy is to create 360-degree views for our customers, whether it’s the Department of Children, a family, a senior, an offender, or a business without pulling data out of their systems. We can literally connect data crawlers that can go back into systems and create a valuable view for the business people. We don’t need to expose the data or put it at risk. For predictive analytics work, we will not bring PII out, but make it as anonymized as possible. It is all about big chunks of data as opposed to specifics regarding an individual, a family, or something like that.

Taking that approach is going to help us lead with value while keeping security and privacy at the forefront.

Also, as part of the Governor’s Advisory Board on Data Analytics, we have subcommittees on Cybersecurity and Data-Driven Value Creation, made up of people doing this work in the private sector for large companies. They have been strong partners, helping us make sure that we are building this the right way.

Goldsmith: Who is responsible for cleaning the data for analytics use?

Bhatt: Ultimately, the business is responsible. We have the State Data Practice (SDP) which has a CDO, assistant CDO, data architect, data scientists and other data analysts. That’s the team that is going to be working with the individual agency to clean the data before they use it. 

Government has a tremendous asset to be realized: data. As stewards of it, we took an accelerated, multi-pronged approach to harness its value, learning and leveraging everything that we could.  From the top down, the State Data Practice creates the standards and enterprise services around data. From the bottom up, the Analytics Center of Excellence is a virtual team of data practitioners across the state that share best practices, lessons learned and various assets such as tools and training. Within verticals like Health and Human Services, we have data interoperability efforts, called Innovation Incubators. Doing one thing at a time doesn’t serve our citizens well. Change can’t wait!

Thsi article was originally published on Data-Smart City Solutions.

Stephen Goldsmith

Stephen Goldsmith is the Daniel Paul Professor of the Practice of Government and the Director of the Innovations in American Government Program at Harvard's Kennedy School of Government. He previously served as Deputy Mayor of New York and Mayor of Indianapolis, where he earned a reputation as one of the country's leaders in public-private partnerships, competition and privatization. Stephen was also the chief domestic policy advisor to the George W. Bush campaign in 2000, the Chair of the Corporation for National and Community Service, and the district attorney for Marion County, Indiana from 1979 to 1990. He has written The Power of Social Innovation; Governing by Network: the New Shape of the Public Sector; Putting Faith in Neighborhoods: Making Cities Work through Grassroots Citizenship; The Twenty-First Century City: Resurrecting Urban America, and The Responsive City: Engaging Communities through Data-Smart Governance.