Federal Reports

Our objectives were to (1) assess the maturity of National Oceanic and Atmospheric Administration’s (NOAA’s) Polar Follow-On program missions’ system design for indications of cost, schedule or performance issues that would threaten the ability of the Joint Polar Satellite System (JPSS) program to execute to its baselines; (2) determine the extent to which NOAA has complied with requirements to report JPSS development costs; and (3) review NOAA efforts to plan for future satellite technologies.

The VA Office of Inspector General (OIG) conducted a healthcare inspection in response to a complaint that a primary care provider (PCP1) at a Veteran Integrated Service Network (VISN) 20 Facility (Facility) continued to prescribe controlled substances to a patient at high-risk for overdose. The OIG substantiated that PCP1 was aware the patient was getting controlled substances from outside pharmacies and had a history of benzodiazepine abuse, and family members reported that the patient was abusing controlled substances. The OIG substantiated that PCP1 prescribed the patient controlled substances when he was no longer the patient’s designated PCP and despite nonadherence to an Opioid Agreement. The OIG could not substantiate that PCP1 had a reputation among Facility staff of prescribing narcotics “recklessly.” The OIG did not substantiate that providers warned PCP1 about his prescribing practices. The OIG reviewed the Facility’s processes, policies, and procedures about controlled substance prescribing and identified limitations in controlled substance prescribing oversight. The Facility did not have regular processes in place for reviewing controlled substance prescribing for individual patients. The Facility lacked formalized processes and referral mechanisms for interdisciplinary collaboration for patients with complex clinical pain. The Facility had policies for state prescription drug monitoring programs (PDMP) and urine toxicology screens, although no mechanisms to monitor provider responses to positive PDMP and toxicology results. The Facility Board that is responsible for controlled substance safety oversight responsibility for patient record flags was not well defined and lacked established protocols and procedures. The Facility did not comply with the Veterans Health Administration’s peer review directive. The OIG made one recommendation to the VISN Director to review the patient’s care and provider’s practice and seven recommendations to the Facility Director related to prescribing practices and peer review processes.

The VA Office of Inspector General (OIG) conducted a healthcare inspection in response to a complainant’s allegations regarding an anesthesiologist who provided outpatient sedation services at the James E. Van Zandt VA Medical Center (Facility), Altoona, Pennsylvania. The OIG did not substantiate an allegation that the anesthesiologist failed to follow Veterans Health Administration (VHA) and Facility policies for controlled medication waste because the anesthesiologist documented that the entire amount was used. The OIG did not substantiate an allegation that the anesthesiologist failed to individualize patient medication dosing. The OIG substantiated allegations that the anesthesiologist used more anesthetic/sedation medication for outpatient procedures than Food and Drug Administration approved manufacturer’s instructions recommended, and Facility leaders did not provide oversight of the anesthesiologist according to VHA and Facility privileging and ongoing monitoring policies. The OIG determined that the Facility needs to reevaluate if the provider should be reported to the National Practitioner Data Bank or State Licensing Board for administering medications that were inconsistent with Food and Drug Administration approved manufacturer’s dosage instructions. Additionally, OIG staff determined that the anesthesiologist did not follow Facility policy for pre-procedure documentation for 14 of 20 identified patients and for transfer of a patient who required general anesthesia to a designated VA or non-VA Facility. In reviewing the Facility’s documented patient complaints, OIG staff did not find complaints regarding the anesthesiologist; however, the Facility’s Patient Advocate did not document and track complaints on the Patient Advocate Tracking System as required by VHA. The OIG made four recommendations related to anesthesia needs and services, provider oversight, National Practitioner Data Bank and State Licensing Board reporting, and Patient Advocate Tracking Systems database requirements.

We recently completed an audit of TVA’s use of fixed-wing aircraft (FWA). Subsequent to issuance of our report (on March 29, 2018), we received a concern that TVA-owned FWA flew to Oxford, Mississippi, home of TVA’s Board Chair, at least 76 times between January 2013 and February 2018. The concern stated “These trips to Oxford may represent additional occurrences of fraud and/or abuse, which deserve investigation by OIG. At the least, the Oxford trips are likely an inefficient use of TVA resources, which resulted in a significant number of flight legs where the aircraft [was] empty of passengers.” We performed a limited scope review of flights to and from Oxford, Mississippi, for the period January 9, 2013, through February 9, 2018, and determined none of the flights were for non-TVA business purposes. We did not look at the cost effectiveness of these flights because our previous audit determined one of the weaknesses of TVA’s FWA program was that cost comparison analyses prior to use of FWA were not performed.

What We Looked AtPart of the Federal Aviation Administration's (FAA) efforts to modernize and increase the efficiency of the Nation's aging air traffic system, Data Communications (DataComm) will play an important role in air traffic controller to flight crew communication. Thus, it is critical that FAA incorporate sufficient controls to protect against potential security threats to that communication, including an effective contingency plan to ensure a quick recovery from losses of DataComm availability. Accordingly, we initiated this audit to determine whether (1) FAA is identifying and properly mitigating security risks and (2) FAA's contingency plan is sufficient to limit the effects of DataComm availability losses. We focused on two DataComm systems during our review--the Data Communications Network Service (DCNS) and Tower Data Link Services (TDLS).What We FoundFAA is identifying--but is not mitigating--security risks in a timely manner. Specifically, two high-impact plans of action and milestones (POA&M) were scheduled to be completed in October 2017. However, as of May 10, 2018, FAA had not mitigated the two security control vulnerabilities. An Agency official stated that FAA is working with a vendor to complete the first POA&M by December 31, 2018, and the second POA&M by March 31, 2019. FAA's contingency plans for DCNS and TDLS are sufficient to limit the effects of DataComm unavailability.This report is marked For Official Use Only to protect sensitive information exempt from public disclosure under the Freedom of Information Act, 5 U.S.C. § 552. Accordingly, a redacted version of the report is posted on our website.Our RecommendationFAA concurred with our one recommendation to improve DataComm security controls.