Federal Reports

The Office of the Inspector General conducted a review to determine if TVA’s privacy program is effective and in compliance with applicable regulations, guidance, policies, and procedures. We found several areas of the privacy program to be generally effective, including (1) controls protecting privacy information on TVA-owned mobile devices, (2) privacy training taken by network users, (3) regular reviews of the privacy program by TVA management, (4) encryption controls protecting data in privacy systems, and (5) appropriate use and protection of reports in privacy systems. However, we identified several issues that should be addressed by TVA management to further increase the effectiveness of the privacy program. We also found gaps between TVA’s policies and procedures governing the privacy program and applicable federal privacy regulations and guidance. TVA management agreed with our findings and recommendations.

The Office of the Inspector General previously conducted an evaluation of Environmental Permitting and Compliance (EP&C) (Evaluation Report 2016-15366 issued September 28, 2016) and identified strengths and risks along with recommendations for addressing those risks. We conducted a follow-up evaluation (Evaluation Report 2017-15497 issued September 28, 2017) and determined that EP&C had taken actions to address most of the risks outlined in our initial organizational effectiveness evaluation; however, concerns with two managers’ behaviors remained unresolved. The objective of this follow-up evaluation was to assess management’s actions to address the remaining risks from our initial and follow-up EP&C organizational effectiveness evaluations. We determined EP&C has taken actions to address the remaining risks outlined in our initial organizational effectiveness evaluation. Specifically, EP&C (1) addressed the risks associated with management behaviors and (2) developed a metric to measure adherence to agreed schedules with business partners.

The VA Office of Inspector General (OIG) received allegations that a senior manager at a VA medical facility abused their position and VA resources. The senior manager allegedly instructed a subordinate to provide the senior manager’s family member with additional daily Home-Based Primary Care (HBPC) home nursing visits as well as additional fee-basis homemaker services. More specifically, the complainant alleged that the senior manager requested these services be provided to his/her family member while the senior manager was on vacation. The senior manager also allegedly misused his/her position when he/she instructed subordinates to waive any additional copayments for services rendered to his/her family member. Finally, the complainant alleged that the senior manager’s spouse acted as the senior manager’s surrogate by requesting expedited scheduling with VA Choice Program physicians while identifying themselves as the spouse of the senior manager. The OIG did not substantiate any of these allegations. Because the OIG did not substantiate any of the allegations, the identity of the senior manager will not be disclosed in this report.