Federal Reports

OIG conducted a healthcare inspection in response to an allegation received in 2016 that a patient died of an accidental methadone overdose 2 days after receiving a prescription for methadone from a primary care physician (PCP) at the Grand Junction VA Health Care System (System), Grand Junction, CO. We substantiated the allegation that the patient identified in the complaint died 2 days after receiving a prescription for methadone from a System PCP. We were unable to substantiate that methadone contributed to or was the cause of the patient’s death. Neither an autopsy or toxicology study was performed, so additional information was not available.The System lacked a process to ensure prescribers were aware of, or considered, current Veterans Health Administration (VHA) directives, policies, and guidance related to obtaining an electrocardiogram before prescribing methadone for the management of chronic pain. VHA’s “Consent for Long-Term Opioid Therapy for Pain” is an electronic document that is used to obtain consent for long-term opioid therapy. The template document may also be used as a patient education tool but does not include risk factors specific for methadone. System PCPs we interviewed were not aware of how to add methadone specific risk factors to the electronic consent form. After investigating the events surrounding the death of the patient identified in the complaint, System leaders did not confer with the Office of Chief Counsel to determine if an institutional disclosure was necessary. We made five recommendations.

We determined that the Office of Health Affairs (OHA) has not implemented an effective organizational framework for safeguarding personally identifiable information (PII). While OHA appointed a Privacy Officer, this official lacked authority and resources to carry out the required privacy management responsibilities. Given turnover in key positions, OHA leadership had not placed priority on instilling a culture of privacy which resulted in transparency and security control weaknesses. For example, OHA’s emergency medical first responders did not properly notify individuals of their privacy rights when collecting PII. OHA’s BioWatch web portal had been improperly categorized to properly safeguard PII and the portal operated on an untrusted internet site. We recommended that OHA inform its staff of the Privacy Officer’s statutory responsibilities and the need for all staff to comply with privacy requirements, implement a process to provide a Privacy Act Statement when collecting PII from individuals as required by law, and move the BioWatch web portal to a trusted domain to comply with system security requirements and to safeguard PII. We made eleven recommendations improve privacy stewardship and reduce privacy risks to PII that OHA collects and maintains.

As FEMA moves into the recovery phase for Hurricane Harvey in Texas, it will begin to obligate millions, if not billions, of dollars from the Disaster Relief Fund for administrative costs and for Public Assistance and Hazard Mitigation grants to eligible State, tribal, and local governments and certain nonprofit organizations. Texas, as a FEMA grant recipient, will be responsible for oversight and monitoring of the disaster grants to Texas subrecipients. Our prior reports identified FEMA faced resource challenges in its response to a May 2015 Texas flooding disaster and determined that Texas needs to improve its grant management efforts. We urge FEMA officials to be mindful of lessons learned from these prior reports in providing disaster assistance to Hurricane Harvey survivors and that they closely monitor Texas’ grant management activities. Doing so should provide reasonable, but not absolute, assurance that Federal disaster assistance funds are spent properly and that the risk of ineligible and excessive costs borne by taxpayers is mitigated.

We determined that the U.S. Citizenship and Immigration Services’ (USCIS) automation of the N-400 Application for Naturalization has not been successful. Specifically, we found that ELIS did not have the critical functionality necessary for end-to-end N-400 processing. The problems in N-400 automation can be attributed to poor program management practices, which have continued since prior ELIS releases. We made 5 recommendations for USCIS to address its training needs, perform a risk-based analysis of all unresolved ELIS technical issues, implement a plan for reducing ELIS technical debt, clearly define agency-wide business goals and objectives, and implement a plan to ensure that ELIS provides USCIS personnel with complete, timely, and accurate data to enable more effective benefits adjudication decisions. USCIS concurred with all 5 of our recommendations.

We determined that DHS did not always follow statutory requirements when entering, modifying, and overseeing its agreements. Inadequate internal policies contributed to DHS falling short of meeting all statutory requirements for using Other Transaction Authorities (OTA). In addition, DHS staff within the office responsible for DHS’ acquisition policy explained that competing priorities prevented timely reporting to Congress. As a result, DHS may have taken on more risks and costs than would otherwise be necessary, as well as impeded on Congress’ ability to oversee its use of OTAs. We recommended that DHS modify its policies regarding these matters and correctly report to Congress. We made three recommendations and DHS concurred with all of our recommendations.

The Omaha Tribe’s serious financial management weaknesses combined with inadequate and missing documentation resulted in unreliable financial records. As a result, we have little confidence that the transactions recorded in the accounting system actually occurred or that the tribe completed its FEMA-authorized projects. Therefore, we question $13.9 million as unsupported. Due to the unreliable financial information, we calculated the amount unsupported as the entire $16.9 million FEMA provided for both grants, less $2.8 million in unused Federal funding that FEMA should put to better use; $165,000 in unclaimed insurance coverage; and approximately $74,749 that we were able to verify as supported and eligible.

The Missouri Department of Social Services (State agency) did not always comply with Federal and State requirements when making payments under its Child Care subsidy program for State fiscal years 2014 and 2015. Client attendance records were not adequately documented for 124 of the 128 provider service months in our statistical sample; childcare payments made for claims in those 124 provider service months were therefore unallowable. (A provider service month includes all childcare payments paid to a childcare provider for a single month of service.)