143B-1385. Government Data Analytics Center.
(a) Definitions. - The following definitions apply in this section:
(1) Business intelligence. - The process of collecting, organizing, sharing, and analyzing data through integrated data management, reporting, visualization, and advanced analytics to discover patterns and other useful information that will allow policymakers and State officials to make more informed decisions. Business intelligence also includes both of the following:
a. Broad master data management capabilities such as data integration, data quality and enrichment, data governance, and master data management to collect, reference, and categorize information from multiple sources.
b. Self-service query and reporting capabilities to provide timely, relevant, and actionable information to business users delivered through a variety of interfaces, devices, or applications based on their specific roles and responsibilities.
(2) Data analytics. - Data analysis, including the ability to use the data for assessment and extraction of policy relevant information.
(3) Enterprise-level data analytics. - Standard analytics capabilities and services leveraging data throughout all State agencies, departments, and institutions.
(4) Operationalize. - The implementation process whereby a State agency, department, or institution integrates analytical output into current business processes and systems in order to improve operational efficiency and decision making.
(b) GDAC. - The Government Data Analytics Center is established as a unit of the Department.
(1) Purpose. - The purpose of the GDAC is to utilize public-private partnerships as part of a statewide data integration and data-sharing initiative and to identify data integration and business intelligence opportunities that will generate greater efficiencies in, and improved service delivery by, State agencies, departments, and institutions. The intent is not to replace transactional systems but to leverage the data from those systems for enterprise-level State business intelligence. The GDAC shall continue the work, purpose, and resources of previous data integration efforts and shall otherwise advise and assist the State CIO in the management of the initiative. The State CIO shall make any organizational changes necessary to maximize the effectiveness and efficiency of the GDAC.
(2) Public-private partnerships. - The State CIO shall continue to utilize public-private partnerships and existing data integration and analytics contracts and licenses as appropriate to continue the implementation of the initiative. Private entities that partner with the State shall make appropriate contributions of funds or resources, including, but not limited to, knowledge transfer and education activities, software licensing, hardware and technical infrastructure resources, personnel resources, and such other appropriate resources as agreed upon by the parties.
(3) Powers and duties. - The State CIO shall, through the GDAC, do all of the following:
a. Manage and coordinate enterprise data integration efforts, including:
1. The deployment, support, technology improvements, and expansion of the Criminal Justice Law Enforcement Automated Data System (CJLEADS) and related intelligence-based case management systems.
2. The deployment, support, technology improvements, and expansion of the North Carolina Financial Accountability and Compliance Technology System (NCFACTS) in order to collect data that will create efficiencies and detect fraud, waste, and abuse across State government.
3. The development, deployment, support, technology improvements, and expansion of the GDAC Enterprise Solutions.
4. Individual-level student data and workforce data from all levels of education and the State workforce.
5. The integration of all available financial data to support more comprehensive State budget and financial analyses.
6. Other capabilities as developed by the GDAC.
b. Identify technologies currently used in North Carolina that have the capability to support the initiative.
c. Identify other technologies, especially those with unique capabilities that are complementary to existing GDAC analytic solutions that could support the State's business intelligence effort.
d. Compare capabilities and costs across State agencies.
e. Ensure implementation is properly supported across State agencies.
f. Ensure that data integration and sharing is performed in a manner that preserves data privacy and security in transferring, storing, and accessing data, as appropriate.
g. Immediately seek any waivers and enter into any written agreements that may be required by State or federal law to effectuate data sharing and to carry out the purposes of this section.
h. Coordinate data requirements and usage for State business intelligence applications in a manner that (i) limits impacts on participating State agencies as those agencies provide data and business knowledge expertise, (ii) assists in defining business rules so the data can be properly used, and (iii) ensures participating State agencies operationalize analytics and report outcomes.
i. Recommend the most cost-effective and reliable long-term hosting solution for enterprise-level State business intelligence as well as data integration, notwithstanding any other provision of State law or regulation.
j. Utilize a common approach that establishes standards for business intelligence initiatives for all State agencies and prevents the development of projects that do not meet the established standards.
k. Create efficiencies in State government by ensuring that State agencies use the GDAC for agency business intelligence requirements.
l. Assist State agencies in developing requirements for the integration or creation of an interface with State agencies' workflow processes and transactional systems to operationalize GDAC analytic solutions.
m. Establish clear metrics and definitions with participating State agencies for reporting outcomes for each GDAC project.
n. Evaluate State agency business intelligence projects to determine the feasibility of integrating analytics and reporting with the GDAC and to determine what GDAC services may support the projects.
(4) Application to State government. - The initiative shall include all State agencies, departments, and institutions, including The University of North Carolina, as follows:
a. All State agency business intelligence requirements, including any planning or development efforts associated with creating business intelligence capability, as well as any master data management efforts, shall be implemented through the GDAC.
b. The Chief Justice of the North Carolina Supreme Court and the Legislative Services Commission each shall designate an officer or agency to advise and assist the State CIO with respect to implementation of the initiative in their respective branches of government. The judicial and legislative branches shall fully cooperate in the initiative mandated by this section in the same manner as is required of State agencies.
(5) Project management. - The State CIO and State agencies, with the assistance of the Office of State Budget and Management, shall identify potential funding sources for expansion of existing projects or development of new projects. No GDAC project shall be initiated, extended, or expanded:
a. Without the specific approval of the General Assembly, unless the project can be implemented within funds appropriated for GDAC projects.
b. Without prior consultation to the Joint Legislative Commission on Governmental Operations and a report to the Joint Legislative Oversight Committee on Information Technology if the project can be implemented within funds appropriated for GDAC projects.
(c) Data Sharing. -
(1) General duties of all State agencies. - Except as limited or prohibited by federal law, the head of each State agency, department, and institution shall do all of the following:
a. Grant the State CIO and the GDAC access to all information required to develop and support State business intelligence applications pursuant to this section. The State CIO and the GDAC shall take all necessary actions and precautions, including training, certifications, background checks, and governance policy and procedure, to ensure the security, integrity, and privacy of the data in accordance with State and federal law and as may be required by contract.
b. Provide complete information on the State agency's information technology, operational, and security requirements.
c. Provide information on all of the State agency's information technology activities relevant to the State business intelligence effort.
d. Forecast the State agency's projected future business intelligence information technology needs and capabilities.
e. Ensure that the State agency's future information technology initiatives coordinate efforts with the GDAC to include planning and development of data interfaces to incorporate data into the initiative and to ensure the ability to leverage analytics capabilities.
f. Provide technical and business resources to participate in the initiative by providing, upon request and in a timely and responsive manner, complete and accurate data, business rules and policies, and support.
g. Identify potential resources for deploying business intelligence in their respective State agencies and as part of the enterprise-level effort.
h. Immediately seek any waivers and enter into any written agreements that may be required by State or federal law to effectuate data sharing and to carry out the purposes of this section, as appropriate.
(2) Specific agency requirements. - The following agency-specific requirements are designed to illustrate but not limit the type and extent of data and information required to be released under subdivision (1) of this subsection:
a. The North Carolina Industrial Commission shall release to the GDAC, or otherwise provide electronic access to, all data requested by the GDAC relating to workers' compensation insurance coverage, claims, appeals, compliance, and enforcement under Chapter 97 of the General Statutes.
b. The North Carolina Rate Bureau (Bureau) shall release to the GDAC, or otherwise provide electronic access to, all data requested by the GDAC relating to workers' compensation insurance coverage, claims, business ratings, and premiums under Chapter 58 of the General Statutes. The Bureau shall be immune from civil liability for releasing information pursuant to this subsection, even if the information is erroneous, provided the Bureau acted in good faith and without malicious or willful intent to harm in releasing the information.
c. The Department of Commerce, Division of Employment Security (DES), shall release to the GDAC, or otherwise provide access to, all data requested by the GDAC relating to unemployment insurance coverage, claims, and business reporting under Chapter 96 of the General Statutes.
d. The Department of Labor shall release to the GDAC, or otherwise provide access to, all data requested by the GDAC relating to safety inspections, wage and hour complaints, and enforcement activities under Chapter 95 of the General Statutes.
e. The Department of Revenue shall release to the GDAC, or otherwise provide access to, all data requested by the GDAC relating to the registration and address information of active businesses, business tax reporting, and aggregate federal tax Form 1099 data for comparison with information from DES, the Rate Bureau, and the Department of the Secretary of State for the evaluation of business reporting. Additionally, the Department of Revenue shall furnish to the GDAC, upon request, other tax information, provided that the information furnished does not impair or violate any information-sharing agreements between the Department and the United States Internal Revenue Service. Notwithstanding any other provision of law, a determination of whether furnishing the information requested by the GDAC would impair or violate any information-sharing agreements between the Department of Revenue and the United States Internal Revenue Service shall be within the sole discretion of the State Chief Information Officer. The Department of Revenue and the Office of the State CIO shall work jointly to assure that the evaluation of tax information pursuant to this sub-subdivision is performed in accordance with applicable federal law.
f. The North Carolina Department of Health and Human Services, pursuant to this Part, shall share (i) claims data from NCTRACKS and the accompanying claims data warehouse and (ii) encounter data with the GDAC in order to leverage existing public-private partnerships and subject matter expertise that can assist in providing outcome-based analysis of services and programs as well as population health analytics of the Medicaid and LME/MCO patient population.
(3) All information shared with the GDAC and the State CIO under this subsection is protected from release and disclosure in the same manner as any other information is protected under this subsection.
(d) Provisions on Privacy and Confidentiality of Information.
(1) Status with respect to certain information. - The State CIO and the GDAC shall be deemed to be all of the following for the purposes of this section:
a. A criminal justice agency (CJA), as defined under Criminal Justice Information Services (CJIS) Security Policy. The State CJIS Systems Agency (CSA) shall ensure that CJLEADS receives access to federal criminal information deemed to be essential in managing CJLEADS to support criminal justice professionals.
b. With respect to health information covered under the Health Insurance Portability and Accountability Act of 1996 (HIPAA), as amended, and to the extent allowed by federal law:
1. A business associate with access to protected health information acting on behalf of the State's covered entities in support of data integration, analysis, and business intelligence.
2. Authorized to access and view individually identifiable health information, provided that the access is essential to the enterprise fraud, waste, and improper payment detection program or required for future initiatives having specific definable need for such data.
c. Authorized to access all State and federal data, including revenue and labor information, deemed to be essential to the enterprise fraud, waste, and improper payment detection program or future initiatives having specific definable need for the data.
d. Authorized to develop agreements with the federal government to access data deemed to be essential to the enterprise fraud, waste, and improper payment detection program or future initiatives having specific definable need for such data.
(2) Release of information. - The following limitations apply to (i) the release of information compiled as part of the initiative, (ii) data from State agencies that is incorporated into the initiative, and (iii) data released as part of the implementation of the initiative:
a. Information compiled as part of the initiative. - Notwithstanding the provisions of Chapter 132 of the General Statutes, information compiled by the State CIO and the GDAC related to the initiative may be released as a public record only if the State CIO, in that officer's sole discretion, finds that the release of information is in the best interest of the general public and is not in violation of law or contract.
b. Data from State agencies. - Any data that is not classified as a public record under G.S. 132-1 shall not be deemed a public record when incorporated into the data resources comprising the initiative. To maintain confidentiality requirements attached to the information provided to the State CIO and the GDAC, each source agency providing data shall be the sole custodian of the data for the purpose of any request for inspection or copies of the data under Chapter 132 of the General Statutes.
c. Data released as part of implementation. - Information released to persons engaged in implementing the State's business intelligence strategy under this section that is used for purposes other than official State business is not a public record pursuant to Chapter 132 of the General Statutes.
d. Data from North Carolina Rate Bureau. - Notwithstanding any other provision of this section, any data released by or obtained from the North Carolina Rate Bureau under this initiative relating to workers' compensation insurance claims, business ratings, or premiums are not public records, and public disclosure of such data, in whole or in part, by the GDAC or State CIO, or by any State agency, is prohibited.
(e) Funding. - The Department of Information Technology, with the support of the Office of State Budget and Management, shall identify and make all efforts to secure any matching funds or other resources to assist in funding the GDAC. Savings resulting from the cancellation of projects, software, and licensing, as well as any other savings from the utilization of the GDAC, shall be returned to the General Fund and shall remain unexpended and unencumbered until appropriated by the General Assembly in a subsequent fiscal year. It is the intent of the General Assembly that expansion of the GDAC in subsequent fiscal years be funded with these savings and that the General Assembly appropriate funds for projects in accordance with the priorities identified by the State CIO.
(f) Reporting. - The State CIO shall:
(1) On or before March 1 of each year, submit and present a report on the activities described in this section to the Chairs of the House of Representatives Appropriations and Senate Base Budget/Appropriations Committees, to the Joint Legislative Oversight Committee on Information Technology, and to the Fiscal Research Division of the General Assembly. The report shall include the following:
a. A description of project funding and expenditures, cost savings, cost avoidance, efficiency gains, process improvements, and major accomplishments. Cost savings and cost avoidance shall include immediate monetary impacts as well as ongoing projections.
b. A description of the contribution of funds or resources by those private entities which are participating in public-private partnerships under this section, including, but not limited to, knowledge transfer and education activities, software licensing, hardware and technical infrastructure resources, personnel resources, and such other resources as agreed upon by the State and the private entity.
(2) Report the following information upon its occurrence or as requested:
a. Any failure of a State agency to provide information requested pursuant to this section. The failure shall be reported to the Joint Legislative Oversight Committee on Information Technology and to the Chairs of the House of Representatives Appropriations and Senate Base Budget/Appropriations Committees.
b. Any additional information to the Joint Legislative Commission on Governmental Operations and the Joint Legislative Oversight Committee on Information Technology that is requested by those entities.