Federal Reports

City governments around the country are taking on “smart city” initiatives that use big data technology to gather information and improve life for their residents. It is often difficult for cities to deploy this technology in enough locations to collect actionable data. The Postal Service, because of its vast presence in every city, could attach sensors to its physical infrastructure to quickly gather data from around the city. The OIG identified five pilot projects in which the Postal Service could participate in the short term that would involve little to no financial or operational commitment.

This is our audit report on the National Oceanic and Atmospheric Administration (NOAA) National Marine Fisheries Service (NMFS) Fisheries Finance Program (the Program). The purpose of our audit was to evaluate management’s controls over the Program’s loan approval, monitoring, and debt collection processes.

The Virginia Department of Medical Assistance Services (State agency) did not always use the correct Federal medical assistance percentage (FMAP) when processing claim adjustments reported on Form CMS-64. The State agency used the current FMAP on the date the adjustment was made. In doing so, the State agency repaid to the Federal Government a higher amount than it received for the original claim. Furthermore, when the State agency submitted the revised claim, it received a higher FMAP payment than it should have received. Taking into consideration both of the errors, the net effect resulted in no overpayment or underpayment. The State agency agreed with our finding and concurred with our recommendation.

The Minnesota's Health Insurance Marketplace (MNsure) had implemented security controls, policies, and procedures intended to prevent vulnerabilities in its Web applications (Web site), database, and other supporting information systems. However, it did not always comply with Federal and State information technology requirements when it implemented those security controls, policies, and procedures, which increased MNsure's risk that personally identifiable information (PII) could have been exposed. We conducted tests of MNsure's Web site, database, and supporting information systems and found weaknesses in MNsure systems. Although we did not identify evidence that the vulnerabilities had been exploited, exploitation could have resulted in unauthorized access to and disclosure of PII, as well as disruption of critical marketplace operations. The vulnerabilities were collectively and, in some cases, individually significant and could have potentially compromised the integrity of the marketplace.

Although the California Department of Health Care Services (State agency) made Medicaid electronic health record (EHR) incentive program payments to eligible hospitals, it did not always make these payments in accordance with Federal requirements. Specifically, from October 1, 2011, through December 31, 2015, the State agency made incorrect Medicaid EHR incentive payments to 61 of the 64 hospitals reviewed, totaling $23.2 million. These incorrect payments included both overpayments and underpayments, resulting in a net overpayment of $22 million. Because the incentive payment is calculated once and then paid out over 4 years, payments made after December 31, 2015, will also be incorrect. The adjustments to these payments total $6.3 million.

Environmental Operations (EO) is responsible for the environmental site and field support for all operations, including inspections, environmental sampling, regulatory reporting, and oversight. The OIG assessed strengths and risks that could affect EO's organizational effectiveness. Our review identified strengths in EO related to (1) organizational alignment, (2) positive work relationships with other organizations, (3) management support of employees, and (4) employee teamwork. However, we also identified issues that, if left unresolved, could increase the risk EO will be unable to effectively meet its responsibilities in the future. Specifically, our interviews of EO personnel and review of operational information disclosed issues related to (1) role clarity and relationship issues with Nuclear, (2) staffing concerns and environmental audit coverage, and (3) concerns with one manager's behavior.