Federal Reports

The U.S. President’s Emergency Plan for AIDS Relief (PEPFAR) is a multi-year U.S. Government initiative to address the HIV pandemic. The PEPFAR program is managed and overseen by the U.S. Department of State’s Office of the U.S. Global AIDS Coordinator and Health Diplomacy (OGAC). Congress appropriates PEPFAR funds to the State Department, which OGAC allocates to the Peace Corps and other participating Federal agencies. The Peace Corps Office of Global Health and HIV (OGHH) serves as the primary point of contact for Peace Corps posts, regions, and other headquarter offices regarding PEPFAR operations. The regions and posts are responsible for executing PEPFAR programs in the field, including its programmatic and administrative management. The Peace Corps Office of the Chief Financial Officer (OCFO) is responsible for providing OGHH and the posts with the necessary PEPFAR strategic, technical, and financial guidance. OCFO and OGHH issue the Peace Corps PEPFAR Financial Guidance, which posts use to document how they will request, plan, and execute PEFPAR funding and its programs. Post staff must ensure expenses are correctly applied and distributed between PEPFAR and the Peace Corps’ direct appropriations and maintain the appropriate supporting documentation.The objective of this audit was to determine the basis and justifications for allocating expenses to PEPFAR funds following the global evacuation of Volunteers in March 2020.

Applicants for Veterans Health Administration (VHA) positions undergo background investigations as a condition of their employment to help ensure their suitability to care for veterans and be entrusted with sensitive information and resources. A 2018 VA Office of Inspector General (OIG) audit of VHA’s personnel suitability program found inadequate governance of the program and significant deficiencies. This follow-up audit was conducted to evaluate controls over the background investigation process and determine if adjudication actions were completed in a timely manner and reliably recorded.The OIG determined VA did not ensure background investigations were properly completed within required timelines for staff at medical facilities nationwide. Although VA took corrective actions between May 2018 and March 2021 in response to OIG reports, the new controls were not sustained or inadequately mitigated weaknesses. This audit revealed a small number of investigations were not initiated at all, an estimated 7 percent were not begun within the 14 days of an employee’s start date as required (on average 100 days), and about 23 percent were not adjudicated within the required 90-day period (on average over 200 days). Another estimated 48 percent of employees lacked a certificate of investigation to validate a favorable adjudication. These deficiencies allowed some personnel in direct patient care to be employed without vetting for long periods, although identified cases were eventually favorably adjudicated.The identified causes included deficient oversight and insufficient staffing at many levels. VA’s data and information systems were also incomplete and unreliable to track investigative actions. VA concurred with all OIG recommendations to improve monitoring using formal data-testing of relevant systems and a renewed inspection program; assess resources and allocate staff using updated metrics and hiring flexibilities; and ensure sufficient and appropriate data are collected, tested, and accessible through a single system.

Objective: To determine whether the Social Security Administration correctly processed workers’ compensation lump-sum settlements when they determined workers’ compensation offset of Disability Insurance benefits.

While personnel shortages existed in the health care community before the pandemic, the pandemic exacerbated these shortages. Maintaining an appropriate level of personnel in health care facilities is essential to providing a safe work environment for health care personnel and safe care to patients. The Pandemic Response Accountability Committee’s (PRAC) Health Care Subgroup developed this report to share insights into personnel shortages across four select federal health care programs, or the providers they reimburse. Together, these four programs provide health care services to approximately 20 million individuals.

The Office of Inspector General (OIG) conducted this inspection to determine whether the VA Beckley Healthcare System in West Virginia was meeting federal security guidance. The OIG selected the system because it had not previously been visited as part of the annual Federal Information Security Modernization Act of 2014 (FISMA) audit.The OIG identified security deficiencies with configuration management, security management, and access controls. The configuration management deficiencies involved incomplete and inaccurate information system entries on vulnerabilities needing remediation. The lack of accurate information slowed remediation efforts: the OIG team found that those efforts exceeded VA’s required 60-day time frame for 444 high-risk vulnerabilities on about 45 percent of computers. Among the weaknesses in security management, the team found the healthcare system’s special purpose system did not have an authorization to operate because it had not cleared the risk management framework established by the National Institute of Standards and Technology to meet FISMA requirements. The special purpose system comprises mechanisms that monitor the distribution of oxygen throughout the hospital, alert facility police of emergencies via panic buttons, limit access to the control room, and control the facility’s climate. As for access controls, network segments including those containing medical imaging devices were not separately controlled, allowing any network user to access them; not all systems were connected to a functional uninterrupted power supply; the medical center’s computer room and 19 communication closets had problems such as leaks, data lines being intertwined with electrical lines, and closets lacking cameras, dead bolts, and smoke detectors; and unencrypted hard drives were not being sanitized before they were shipped out for destruction.The OIG made 10 recommendations to address the deficiencies.