Federal Reports

The VA Office of Inspector General (OIG) conducted a healthcare inspection to review how facility leaders’ actions may have impacted intensive care unit (ICU) coverage, patient care, and resident education at the VA Eastern Colorado Health Care System in Aurora (facility).The OIG was unable to determine whether facility leaders implemented surgical ICU changes without adequate planning in April 2022. However, the OIG found that the subsequent lack of ICU provider coverage for surgical patients adversely affected the provision of cardiothoracic (CT) surgical services. CT surgeries were paused from September 2022 through August 2023 and the newly appointed Chief of Staff failed to notify VA Central Office through the Veterans Integrated Service Network (VISN) of the pause. The OIG substantiated that leaders’ actions to change the medical ICU from an open to a closed model were made without adequate planning and input from service and section leaders and staff. The OIG substantiated that the sudden implementation of a closed ICU model resulted in a lack of ICU resident supervision and an ineffective teaching environment for residents. The OIG did not substantiate that the medical ICU model change resulted in patient harm; however, the OIG identified a deficiency in the facility’s completion of a root cause analysis.The OIG made one recommendation to the Under Secretary for Health to evaluate the VISN leaders lack of awareness of the CT surgical pause; three recommendations to the VISN Director related to CT surgeries, facility high reliability organization implementation, and residents’ education needs; and two recommendations to the Facility Director related to call escalation and root cause analysis training.

The VA Office of Inspector General (OIG) conducted an inspection to assess allegations that senior leaders failed to practice high reliability organization (HRO) principles and created a culture of fear at the VA Eastern Colorado Health Care System (facility) in Aurora.The OIG substantiated the allegations and found key senior leaders created an environment where a significant number of clinical and administrative leaders and frontline staff, from a multitude of service lines, felt psychologically unsafe, deeply disrespected, and dismissed, and feared that speaking up or offering a difference of opinion would result in reprisal. Further, the OIG substantiated that following the addition of two key senior leaders to the peer review committee (PRC) in 2023, the culture of the committee changed to an environment perceived by six members, as well as non-PRC service leaders and staff, to be psychologically unsafe and punitive. When learning of concerns, key senior leaders missed opportunities to understand concerns and make efforts to foster a psychologically safe environment.The OIG substantiated that mid-level leadership had been eroded and three key senior leaders held a monopoly of control. The OIG found leadership instability at the service level, with many clinical service and section-level resignations and extended vacancies. Further, numerous former leaders left facility employment citing that a psychologically unsafe work environment was a major factor in their decision to leave. Despite these losses, key senior leaders did not seek or utilize employee exit survey data to identify and address employee retention challenges.Turnover in VISN leadership positions and ineffective communication contributed to the VISN Director’s lack of awareness regarding the extent of the staffing and culture challenges at the facility. The OIG made two recommendations to the Under Secretary for Health, four recommendations to the VISN Director, and one recommendation to the Facility Director.

The objective of our evaluation was to assess USPTO’s actions in response to the exposure of domicile addresses to determine whether USPTO complied with federal and U.S. Department of Commerce (the Department) information technology (IT) security standards.We found that USPTO mishandled the required reporting and notification to the affected trademark filers after domicile addresses had been exposed for 3 years. We also found that USPTO leadership allowed domicile addresses to remain publicly accessible after they were aware of the exposure, risking unauthorized disclosures in violation of the Privacy Act. Additionally, USPTO did not report that additional sensitive PII was exposed during the incident or notify the affected filers that additional data had been exposed. Lastly, the Department’s Chief Privacy Officer (CPO) did not assist USPTO in responding to this incident because of a lapse in the Department reporting process. See appendix B for a timeline of the events discussed in our findings.USPTO’s exposure of trademark filer data may not only reduce public confidence, but also may have equipped bad actors with additional data that could be used to defraud trademark holders. Bad actors could aggregate the pieces of exposed data to convincingly create official-looking USPTO correspondence or impersonate a filer’s attorney. Despite these risks, USPTO leadership did not comply with federal, departmental, and USPTO incident response reporting requirements and knowingly allowed domicile addresses to remain publicly accessible during incident mitigation. USPTO must improve its efforts in safeguarding trademark filers’ personal data to rebuild public trust and honor trademark holders’ privacy.

This report was issued in conjunction with the Office of Inspector General for the Railroad Retirement Board's Semiannual Report to the Congress. It was incorporated by reference in the corresponding Semiannual Report which is available at the link below.