Federal Reports

The VA Office of Inspector General (OIG) conducted a healthcare inspection to assess an allegation that a patient received poor care in the Emergency Department at the Baltimore VA Medical Center (facility) in Maryland, which resulted in an amputation at the patient’s left forearm at a non-VA hospital days later. The OIG identified additional concerns related to the patient’s primary care provider not maintaining the patient’s problem list in the electronic health record and Emergency Department providers’ failure to address the patient’s second chief complaint of knee pain.The OIG reviewed the care the patient received at the facility’s Emergency Department on two consecutive days in early fall 2021. During the first visit, the patient, with a medical history of poorly controlled type II diabetes, presented to the facility complaining of left hand pain with a ring stuck on the middle finger after sustaining a fall. The following day, the patient returned with left hand pain; redness, swelling, and a superficial open wound to the finger; and knee pain.The OIG substantiated the patient received poor Emergency Department care during the second visit when a physician assistant failed to obtain laboratory studies for a patient with diabetes and a hand infection, to complete a comprehensive clinical assessment of the patient, and to document a clinical consultation with an attending physician. Additionally, the overseeing attending failed to identify concerns with the physician assistant’s documented care of the patient. The OIG determined these failures may have contributed to the patient’s amputation. An institutional disclosure was conducted, which included a plan for staff training.The OIG made four recommendations to the Facility Director related to ensuring Emergency Department providers conduct comprehensive clinical assessments and address patients’ presenting complaints, evaluation of clinical consultation processes, staff training, and maintaining problem lists.

What We Looked AtThe Federal Aviation Administration's (FAA) Office of Audit and Evaluation (AAE) investigates alleged lapses in aviation safety and oversight; violations of FAA regulations, orders, standards, or policies; and other whistleblower disclosures. In December 2020, a Senate committee reported that AAE did not necessarily conduct independent, objective, or impartial investigations and evaluations. In January 2021, the Federal Aviation Administrator asked our office to conduct a review of the office's practices. Our objectives were to evaluate whether AAE (1) aligned its practices for investigations of internal whistleblower safety disclosures with applicable investigative standards, benchmarks, or best practices; (2) documented sufficiency reviews of hotline investigations it referred to FAA lines of business (LOB) with best practices; and (3) complied with requirements in the Aircraft Certification, Safety, and Accountability Act of 2020.What We FoundAAE's investigative practices align with applicable quality standards. However, the office lacks comprehensive written standard operating procedures to reinforce its internal controls. In addition, AAE does not have a method to track and document sufficiency reviews of hotline investigations it referred to FAA's LOBs. Specifically, AAE reviewers did not maintain documentation supporting their sufficiency review conclusions. As a result, AAE cannot demonstrate that its review of investigations it referred to LOBs was of quality and consistent. Finally, FAA has only partially met the Aircraft Certification, Safety, and Accountability Act's requirements for AAE's organizational structure. FAA reorganized AAE in February 2022--renaming one sub-office as the Office of Whistleblower Aviation Safety Investigations and adding an Office of Whistleblower Ombudsman. However, until FAA limits the duties of the AAE Director, which are currently broader, to the specific activities listed in the act, AAE will not have fully implemented the law's requirements.Our RecommendationsWe made four recommendations to improve AAE's compliance with applicable standards and statutory requirements for whistleblower investigations and hotline sufficiency reviews. FAA concurred with all four recommendations and provided appropriate actions and completion dates.

The VA Office of Inspector General (OIG) conducted a healthcare inspection to assess allegations related to the mental health care of a female patient at the VA Greater Los Angeles Healthcare System (facility) in California, which included that a psychiatry physician resident (psychiatry trainee) was inappropriate during treatment discussions with the patient. The psychiatry trainee utilized a modality called Intensive Short-Term Dynamic Psychotherapy in which a therapist seeks to understand a patient’s interpersonal difficulties, intensify and challenge resistance, analyze transference, explore conflict, and work through unconscious issues.The OIG did not substantiate that the psychiatry trainee’s behavior with the patient was inappropriate. Although the psychiatry trainee did not always engage in effective therapeutic intervention, the OIG was unable to determine that the treatment resulted in a decline in the patient’s mental health causing decreased trust and mental functioning.The OIG found the supervisor did not provide adequate supervision to the psychiatry trainee, to include the psychiatry trainee’s documentation and the supervisor’s documented oversight. The inadequate supervision may have impeded the supervisor’s ability to inform the therapy and hinder the opportunity to achieve a more desirable therapeutic outcome. In addition, the OIG substantiated that Mental Health Department leaders were not responsive to the patient’s concerns. During the inspection, the OIG identified an additional concern regarding the improper creation, storage, and disposition of video recordings and consent forms.The OIG made one recommendation to the Under Secretary for Health to assess the possible scope of current and former VA psychiatry residents being in possession of patients’ personal health information; two recommendations to the Veterans Integrated Service Network Director related to supervision, documentation, document control, and treatment protocols; and three recommendations to the Facility Director related to responses to the patient’s concerns, records, and utilization of video recordings.

We audited the U.S. Department of Housing and Urban Development’s (HUD) information technology (IT) infrastructure to support mandatory telework. During mandatory telework, more employees simultaneously needed remote access to HUD’s network and agency resources for an extended period, which presented unique risks and security requirements. While HUD is no longer operating under mandatory telework, understanding the challenges it faced is key to managing a flexible workforce and preparing for future emergencies.HUD experienced challenges with its IT infrastructure while under mandatory telework. We found (1) there were significant delays in processing computer security updates, (2) users encountered months of network performance issues, (3) the user password expiration policy was not enforced, and (4) the help desk system did not capture complete data. These conditions occurred because HUD’s virtual private network (VPN) bandwidth was not sufficient to accommodate the significant increase in users’ simultaneously needing remote access and because there were limitations in the technical environment and weaknesses in the help desk system’s controls. As a result, (1) HUD was vulnerable to cyber-attacks and unauthorized access, (2) HUD’s ability to accomplish its mission could be affected, and (3) HUD did not have assurance that all IT problems reported by users were resolved. Although HUD experienced challenges during mandatory telework, HUD continued its operations; increased network capacity; and plans to make additional network improvements, resume password policy enforcement, and potentially replace its help desk system. HUD needs to fully address the underlying causes of the issues identified so that it can manage its flexible workforce in a way that minimizes risk and prepares it for future emergencies.We recommend that HUD’s Office of the Chief Information Officer research, evaluate, and implement technical or alternative solutions to (1) deploy essential computer software updates using secure methods to ensure that computer security updates occur in a timely manner to minimize risk to HUD’s systems and operations; (2) provide additional improvements to VPN-related remote working capabilities, including performing routine VPN stress tests as part of its contingency planning and testing processes; (3) resolve user account management issues; and (4) assess its help desk system against other technical solutions and ensure that the help desk solution used captures complete data on technical support requests. These measures include but are not limited to ensuring that sequence gaps are properly documented or do not occur, valid transactions are accepted by the help desk system, rejected transactions are identified, and the history of each transaction is retained.