Federal Reports

The VA Office of Inspector General (OIG) reviewed the measures taken by the Veterans Health Administration’s (VHA) Homeless Program Office, medical facilities, and community service providers to mitigate COVID-19 risks in transitional housing programs for veterans experiencing homelessness.The OIG found that while transitional housing service providers successfully implemented four of six specific Centers for Disease Control and Prevention (CDC) COVID-19 risk mitigation measures, the providers could have strengthened implementation of two others.VHA and service provider staff said the Homeless Program Office allowed them the flexibility to isolate vulnerable veterans, facilitate telehealth exams, and coordinate the provision of medical care in the community. Some service providers and VA medical facilities also developed their own best practices for reducing COVID-19 risks. As the pandemic continues, VHA and its service providers will need to sustain their efforts and strengthen measures to minimize COVID-19 exposure among veterans experiencing or at risk for homelessness.Staff at all 14 facilities assessed by the OIG review team made substantial progress on four measures: cleaning frequently with disinfectant, screening veterans for symptoms, creating isolation site plans, and maintaining adequate cleansing and sanitation supplies and personal protective equipment. The OIG found improved communications from the Homeless Program Office to medical facilities helped these efforts. However, several facilities appeared to struggle with the remaining two measures: identifying high-risk veterans and communicating suggested precautions and social distancing.Interviewees expressed concerns about service providers’ ability to maintain enough personal protective equipment for veterans during the prolonged pandemic. Medical facility staff will need to coordinate with service providers to help them develop contingency plans. The OIG made four recommendations to the under secretary for health regarding additional measures VHA could take to strengthen the implementation of CDC guidelines at the service providers’ facilities.

The OIG investigated anonymous allegations that a Bureau of Indian Affairs (BIA) employee and another individual engaged in inappropriate behavior with two minors under their care. We conducted this investigation with assistance from the Federal Bureau of Investigation. Our investigation found insufficient evidence to prove or disprove the allegations. We coordinated our investigation with the responsible U.S. Attorney’s Office.

The OIG investigated allegations that National Park Service (NPS) employee Stephanie Wallace used another NPS employee’s Government purchase card to make personal purchases. We found that Wallace used the employee’s purchase card to pay for her children’s private school tuition.Wallace pleaded guilty to theft of Government property. She was sentenced to 5 days of home detention and a probationary term of 1 year, and she was ordered to pay restitution totaling $8,328.24.

The Office of Refugee Resettlement (ORR), a program office of the Administration for Children and Families (ACF) within HHS, manages the Unaccompanied Alien Children Program. ORR funds a network of about 195 facilities. ORR also operates influx care facilities to provide temporary emergency shelter and services for children. ORR contracted with Comprehensive Health Service, LLC (CHS), a medical management services provider, to operate a temporary influx care facility located in Homestead, Florida. Some members of Congress have expressed concerns about ORR’s awarding of a $341 million sole source contract to CHS.

The information security program of the Corporation for National and Community Service, now called AmeriCorps, remains Not Effective and has shown little progress over the past four years. While AmeriCorps has demonstrated some improvement on configuration management, key areas of organization-wide risk management strategy, standard baseline configurations, Personal Identity Verification (PIV) multifactor authentication, and vulnerability and patch management have remained stagnant at a low level of maturity. AmeriCorps continues to suffer a significant number of critical and high-risk vulnerabilities, which were not mitigated within the prescribed deadlines commensurate with their importance. Nor has AmeriCorps made significant progress in closing prior recommendations. Since last year, only eleven of the 58 open recommendations from the FY 2014 – FY 2019 FISMA evaluations have been resolved, yielding limited improvements in FISMA metric results. An inability to address critical deficiencies leaves AmeriCorps systems and data vulnerable to data breaches, which may expose sensitive information, including Personally Identifiable Information, to unauthorized access, use and disclosure. Our report offers nine recommendations (eight new and one modified repeat), which, together with the prior year recommendations, will assist AmeriCorps in addressing challenges in the development of a mature and effective information security program. AmeriCorps has committed to implementing corrective actions to our recommendations.