Federal Reports

The OIG investigated an allegation that several minority-owned and small disadvantaged (8a) businesses may have coordinated their respective proposals to gain an unfair advantage in awards related to six contracts for technical support services at the U.S. Geological Survey (USGS).We found that these companies did not conspire to manipulate the bidding process as alleged. We found that the companies used the same consulting company to draft their respective proposals, which contained nearly identical language. The USGS ultimately did not accept any of the proposals.This is a summary of an investigative report we issued to the USGS Director.

This Office of Inspector General (OIG) Comprehensive Healthcare Inspection Program report provides a focused evaluation of the quality of care delivered in the inpatient and outpatient settings of the Marion VA Medical Center and outpatient clinics in Illinois, Indiana, and Kentucky. The inspection covers key clinical and administrative processes that are associated with promoting quality care. This inspection focused on Leadership and Organizational Risks; Quality, Safety, and Value; Medical Staff Privileging; Environment of Care; Medication Management: Long-Term Opioid Therapy for Pain; Mental Health: Suicide Prevention Program; Care Coordination: Life-Sustaining Treatment Decisions; Women’s Health: Comprehensive Care; and High-Risk Processes: Reusable Medical Equipment. The executive leadership team had been working together for 17 months. Patient experience surveys indicated that patients appeared satisfied with their care. The OIG’s review of the medical center’s accreditation findings, sentinel events, and disclosures did not identify any substantial risk factors. The leadership team, specifically the Chief of Staff and Associate Director for Patient Care Services, had opportunities to improve their knowledge within their scopes of responsibility about Strategic Analytics for Improvement and Learning data and should continue to take actions to sustain and improve performance. The OIG issued 29 recommendations for improvement in eight areas: (1) Quality, Safety, and Value • Quality management activities • Utilization management processes (2) Medical Staff Privileging • Professional practice evaluations • Provider exit review forms (3) Environment of Care • Infection prevention procedures • Health information protection (4) Medication Management • Pain screening • Risk assessment • Urine drug testing • Informed consent • Patient follow-up • Pain Management Committee activities (5) Mental Health • Safety plans • Staff training (6) Care Coordination • Treatment notes (7) Women’s Health • Required staffing • Access to care and emergency contraceptives • Women Veterans Health Committee membership (8) High-Risk Processes • Required administrative processes • Staff training

In accordance with guidance from the Office of Management and Budget, we reviewed the “Payment Integrity” section in the U.S. Department of the Interior’s Agency Financial Report (AFR) for fiscal year (FY) 2019. Our objective was to determine whether the Department met the requirements of the Improper Payments Elimination and Recovery Act of 2010 (IPERA) and accurately and completely reported on improper payments in its AFR and accompanying materials.We found that the Department complied with all applicable IPERA reporting requirements for FY 2019, namely the first two requirements of six. We did not consider the four remaining IPERA reporting requirements applicable for this reporting period because the Department did not identify any programs that were susceptible to significant improper payments.We identified a minor reporting error. Specifically, the Department reported in its FY 2019 APR that it had risk assessed 93 programs when it had only risk assessed 86. Seven of the programs reported for FY 2019 were risk assessed in FY 2018. However, this reporting error does not change our determination that the Department complied with the requirement.

Due to the risk of personnel injury from arc flash hazards, we performed an evaluation to determine if (1) TVA’s arc flash procedures were being performed as required, (2) required personal protective equipment (PPE) was available and properly maintained, and (3) required training was completed. We determined some requirements of TVA’s arc flash procedure were not being performed. Specifically, we determined (1) some arc flash hazard analyses were not complete, reviewed timely, updated, or verified and submitted for record; (2) some identified arc flash hazards were not communicated accurately to workers; and (3) arc flash hazards were not consistently documented. In addition, we determined arc flash training needs improvement. Specifically, we determined (1) not all personnel assigned arc flash training had completed the training curriculum, (2) TVA’s identified population of individuals required to have arc flash training was incomplete and not a reliable indicator as to who is required by the Occupational Safety and Health Administration to receive the training, and (3) TVA does not require retraining at the frequency suggested by industry guidance. Also, while PPE was generally available and in good condition, PPE management practices could be improved.

HHS is one of the largest contracting agencies in the Federal Government and in fiscal year 2019 awarded contracts totaling approximately $27 billion, of which $7 billion related to Centers for Medicare & Medicaid Services (CMS) contracts. Congress has expressed concerns about and the media has reported on CMS's awarding of contracts for strategic communications services. Separately, OIG had begun preliminary work to review the strategic communications services contracts during CMS Administrator Seema Verma's tenure. Based on this preliminary work, we conducted an audit of these CMS contracts.

THE DEPARTMENT HAS DETERMINED THAT THIS REPORT CONTAINS SENSITIVE SECURITY INFORMATION (SSI) that is controlled under 49 CFR parts 15 and 1520 to protect Sensitive Security Information exempt from public disclosure. For U.S. Government agencies, public disclosure is governed by 5 U.S.C. 552 and 49 CFR parts 15 and 1520. A redacted version of the report will be posted here on our website when it is available. What We Looked AtThe Federal Aviation Administration (FAA) operates up to 172 Terminal Radar Approach Control (TRACON) facilities, which provide air traffic control services to pilots in the airspace immediately surrounding major airports. Currently, air traffic controllers use the Standard Terminal Automation Replacement System (STARS) to provide critical air traffic services at the 11 largest TRACONs, which handle about 33 percent of all TRACON traffic in the United States. Effective security controls and contingency plans at these 11 facilities are critical to maintaining the safety and security of the National Airspace System. Accordingly, we initiated this audit to (1) assess FAA’s identification and mitigation of security risks in STARS and (2) determine whether FAA’s contingency planning limits the effects caused by the loss of STARS operations at large TRACON facilities during emergencies. What We FoundFAA is identifying STARS’ security risks but is not mitigating vulnerabilities in a timely manner. In March 2019, for example, FAA found vulnerabilities in 53 of 73 STARS security controls but did not meet its own schedule for remediating them. DOT policy requires timely remediation of vulnerabilities to reduce the risk that an attacker could gain unauthorized access to mission-critical systems. In addition, the Agency’s STARS incident response policy does not comply with Federal requirements, and we found security control weaknesses that could make it harder for the Agency to ensure the confidentiality, integrity, and availability of STARS. Finally, FAA’s contingency plans for three large TRACONS are not sufficient to maintain continuity of air traffic operations during unplanned outages, as Agency policy requires. Our RecommendationsWe made 11 recommendations and consider recommendations 1–9 and 11 resolved but open pending completion of FAA’s planned actions. In accordance with DOT Order 8000.1C, we have asked the Agency to provide additional information on its planned actions for recommendation 10 within 30 days of the date of this report.