Federal Reports

Under the home health prospective payment system (PPS), the Centers for Medicare & Medicaid Services pays home health agencies (HHAs) a standardized payment for each 60-day episode of care that a beneficiary receives. The PPS payment covers intermittent skilled nursing and home health aide visits, therapy (physical, occupational, and speech-language pathology), medical social services, and medical supplies.Our prior audits of home health services identified significant overpayments to HHAs. These overpayments were largely the result of HHAs improperly billing for services to beneficiaries who were not confined to the home (homebound) or were not in need of skilled services.Our objective was to determine whether Tender Touch Health Care Services (Tender Touch) complied with Medicare requirements for billing home health services on selected types of claims.

This audit report concluded that the FCC’s information security program was ineffective and not in compliance with FISMA legislation, OMB guidance, and applicable NIST Special Publications as of August 2020. Specifically, the FISMA evaluation report includes 8 findings and offers 17 recommendations intended to improve the effectiveness of the FCC’s information security program controls. The FCC has made improvements to processes within its information security program since the Fiscal Year 2019 FISMA evaluation in the areas of Identity and Access Management (i.e., separation of duties analysis, reviewing access for privileged users, and user authorization), Data Protection and Privacy (i.e., testing the FCC’s Data Breach Response Plan ), and Incident Response (i.e., documentation of incidents).

The Office of the Inspector General is required by the Federal Information Security Modernization Act of 2014 (FISMA) to conduct an annual independent evaluation that determines the effectiveness of the information security program (ISP) and practices of its respective agency. Our objective was to evaluate the Tennessee Valley Authority’s ISP and agency practices for ensuring compliance with FISMA and applicable standards, including guidelines issued by Office of Management and Budget and National Institute of Standards and Technology. Our audit scope was limited to answering the FY 2020 IG FISMA metrics developed as a collaborative effort by the Office of Management and Budget, Department of Homeland Security, and Council of Inspector Generals on Integrity and Efficiency in consultation with the Federal Chief Information Officer Council. The FY 2020 IG FISMA metrics recommend a majority of the functions be at a maturity level 4 (managed and measurable) or higher to be considered effective. Based on our analysis of the metrics and associated maturity levels defined with the IG FISMA metrics, we found TVA’s ISP was operating in an effective manner.