Federal Reports

The VA Office of Inspector General (OIG) reviewed concerns related to the Patient Safety Program at the Tuscaloosa VA Medical Center (facility) and programmatic oversight provided by facility and Veterans Integrated Service Network (VISN) 7 leaders. While conducting a separate healthcare inspection at the facility, the OIG received a Veterans Health Administration (VHA) Issue Brief identifying Patient Safety Management Program concerns, including the failure to complete approximately 160 reported patient safety incidents within the required 14 days. These concerns followed the extended leave and abrupt retirement of the former Patient Safety Manager (PSM). Additional failures included not completing the required patient safety root cause analyses and risk assessments, and the former PSM not attending meetings with facility and VISN committees.The OIG substantiated the concerns, which the former PSM attributed in part to lack of support, supervisory engagement, and resources, and identified other concerns with program oversight and the facility’s culture of safety. The facility had multiple pathways for oversight but missed opportunities to identify and mitigate gaps in the program. The OIG concluded that lack of action by facility leaders contributed to these missed opportunities.VA concurred with the OIG’s 11 recommendations, including four addressed to the Under Secretary for Health related to granting specific positions access to patient safety program databases, reporting state licensing board actions to supervisors, patient safety program oversight, and publishing updated and relevant policies.The VISN Director also agreed to review patient safety event reports and the role of the Patient Safety/Risk Management Subcommittee in overseeing facility-level Patient Safety activity performance.The Facility Director concurred with recommendations for the timely completion and investigation of patient safety events, feedback to patient safety event reporters, reviews of events, and ensuring programmatic oversight and accountability, with documentation of discussion, review, and action.

This Management Advisory presents the results of meetings OIG employees conducted with EXIM employees assigned to 10 of the agency’s regional offices to increase their awareness of OIG’s role and obtain feedback on the role of the regional offices with respect to EXIM’s programs and operations.

Federal mineral lease operators are diverting natural gas to power electric generators for cryptomining operations without paying gas royalties.

For our final report on our evaluation of the U.S. Census Bureau’s (the Bureau’s) award and use of a cooperative agreement to participate in a joint statistical project with Research Triangle Institute (RTI), an independent nonprofit institution, our objective was to determine whether the cooperative agreement was properly authorized, executed, and administered in accordance with relevant laws and regulations. Specifically, we determined whether (1) the Bureau's award of the Ask U.S. Panel cooperative agreement was in accordance with applicable federal regulations and Bureau policies, and (2) the Bureau's administration of the agreement complied with terms and conditions established in it. We found that the Bureau’s use of a cooperative agreement was authorized by statute and the process for awarding the cooperative agreement followed the agency’s guidelines. However, the Bureau’s management and oversight of the cooperative agreement lacked transparency over key financial assistance award processes. Specifically, I. the Bureau lacked documentation to support the need for the Ask U.S. Panel and the decision to utilize a cooperative agreement; II. improper planning resulted in scope expansion; III. the Bureau reimbursed RTI without validating costs; and IV. the Bureau did not disclose its plans to terminate the cooperative agreement until after we completed our fieldwork.

Johnathan Pena, a medical marketer based in Los Angeles, California, was sentenced on February 27, 2023, to time served and three years’ probation for conspiracy to commit health care fraud and honest services mail fraud, as well as a violation of the Travel Act. Pena was also ordered to forfeit $134,336.78.Pena brokered kickbacks and bribe payments to doctors in exchange for their referrals of compounded medications, durable medical equipment, and other health care goods to certain providers. Specifically, our investigation found that Pena worked as a marketer for TYY Consulting, Inc., to provide medically unnecessary compounded drug prescriptions to Precise Compounding Pharmacy that were reimbursed by health care benefit programs, including Amtrak’s plan. As a result of the scheme, Amtrak’s insurance providers were fraudulently charged approximately $22,000.

EAC OIG audited funds received by the Commonwealth of the Northern Mariana Islands under the Help America Vote Act, totaling $1.2 million. This included Election Security and Coronavirus Aid, Relief, and Economic Security Act grants.

We initiated a limited-scope inquiry into GPO's role in Publishing Sensitive Information after receiving GPO's January 04. 2023 Personally Identifiable Information (PII) Incident Report. The focus of inquiry was to develop a timeline of the incident; understand how GPO receives information and posts the information to GovInfo; understand the aspects of the reported Privacy Incident; and analyze GPO’s role, responsibility, and processes, if any, for reviewing digitized content for PII destined for publication on GovInfo.

Our objective was to determine the effectiveness of the Postal Service’s fleet card program and identify opportunities for improvement. For this audit, we summarized previous audit findings and recommendations, interviewed Postal Service management, and engaged with a contractor to assess industry best practices for fleet card management.

The Department did not ensure grant funds and license revenue were used for allowable activities and did not follow applicable laws and regulations.

The personnel suitability program for the Veterans Health Administration (VHA) is intended to ensure that employees hired to care for patients or handle veterans’ sensitive information undergo background investigations and are suited to hold their positions. After a former nursing assistant pled guilty in 2020 to second-degree murder of seven patients at the Louis A. Johnson VA Medical Center in Clarksburg, West Virginia, the OIG undertook an inspection that found the Clarksburg facility did not adjudicate her background investigation within the required 90 days. This prompted a follow-up audit (still ongoing) of VHA’s personnel suitability program, during which the VA Office of Inspector General (OIG) identified issues with the background checks for the Beckley VA Medical Center in West Virginia.This report details the breakdowns in Beckley’s suitability process. Some employees did not have suitability checks initiated or were not fingerprinted as required, while other employees’ background investigations were delayed, discontinued in error, or not completed and evaluated within the required time.These issues occurred, in part, because only one employee was responsible for initiating and evaluating investigations at Beckley. Further, the VHA program office did not conduct required inspections of the Veterans Integrated Service Network (VISN) 5 human resource office to ensure suitability checks were adequately supported. Moreover, VISN 5 did not complete required oversight at Beckley (and other facilities) because it had lacked permanent staff to perform those functions.Consequently, some employees were caring for patients even though they had not yet passed suitability checks—although no evidence of patient harm was identified.VHA concurred with OIG’s three recommendations for VISN 5 to conduct an audit of background investigations for Beckley personnel, establish a plan to conduct compliance checks at other VISN 5 facilities, and evaluate staffing levels and allocate staff as needed for the personnel suitability program.

VA is responsible for securing its 171 nationwide medical facilities. Persistent police staffing shortages and growing concerns about incidents that put VA staff, patients, and visitors at risk led the OIG to conduct this review to provide VA leaders with a snapshot of observed conditions. OIG teams visited 70 VA medical facilities in September 2022 and assessed whether each had established minimum security plans and taken required actions in accordance with VA policy.The OIG identified multiple security vulnerabilities and deficiencies, most notably staffing shortages that contributed to the lack of a visible and active police presence. To meet VA’s established security requirements, facilities will need to fill police officer vacancies, as employing sufficient security personnel and correcting security weaknesses are inextricably linked. Other measures facilities can take to improve campus security include increasing security personnel resources, such as suitable police operations rooms, operable surveillance cameras with consistent monitoring, and adequate equipment, as well as securing doors and restricting public access to high-risk areas. Facilities could also improve communication with local law enforcement and incident readiness trainings. VA concurred with the OIG’s six recommendations: (1) delegating a responsible official to monitor and report monthly on facilities’ security-related vacancies; (2) authorizing sufficient staff to inspect VA police forces per the OIG’s 2018 unimplemented recommendation; (3) ensuring medical facility directors appropriately assess VA police staffing needs, authorize associated positions, and leverage available mechanisms to fill vacancies; (4) committing sufficient resources to ensure that facility security measures are adequate, current, and operational; (5) directing VISN police chiefs, in coordination with medical facility directors, facility police chiefs, and facility emergency management leaders, to present a plan to remedy identified security weaknesses; and (6) establishing policy that standardizes the review and retention requirements for facility security camera footage.

Ketrick Barron, a former Amtrak General Foreman, based in Washington, D.C., pleaded guilty on February 21, 2023, in U.S. District Court, District of Maryland, to one misdemeanor count of theft of government property after our investigation found that he misused an Amtrak-issued General Services Administration fuel card to fuel his personal vehicles. The total fuel purchase amounted to $6,580.20. His sentencing is pending.

OIG Investigations initiated this Special Inquiry in response to concerns that “Region II acted inappropriately and without authority with respect to performing independent spent fuel storage installation inspections,” that Region II failed to adhere to NRC policy by allowing resident inspectors who were not qualified the agency’s ISFSI inspection program to inspect ISFSIs, and that Region II deviated from the requirements in agency procedures for inspecting campaigns during which NRC licensees loaded spent fuel to dry cask storage. The OIG found that Region II improperly deviated from NRC policies when it authorized resident inspectors who were not qualified to inspect ISFSIs to inspect repeat spent fuel loading campaigns to dry cask storage. Furthermore, data from 2018 and 2019 show that collectively Region II’s resident inspectors spent only about 20 percent of the number of hours anticipated for ISFSI inspections stated in the applicable inspection procedure. The limited inspection hours charged appear to show that Region II did not accomplish all inspection requirements identified in the procedure. Region II’s actions potentially resulted in missed opportunities to adequately evaluate whether licensees met the NRC’s regulatory requirements. For example, from January 2021 to December 2022, after Region II began using properly qualified inspectors and following all the requirements in the applicable inspection procedure, those qualified inspectors identified numerous violations and other non-compliances during ISFSI inspections that could have been identified earlier. The OIG did not identify an immediate safety concern related to ISFSIs. The OIG did find, however, that Region II’s deviation from NRC policies resulted in licensees loading significant numbers of casks during repeat loading campaigns, from 2012 through 2020, that did not receive—and still have not received—adequate NRC inspections to ensure the licensees met regulatory requirements for long-term storage and retrievability.

As part of our annual audit plan, we performed an audit of physical access to Tennessee Valley Authority’s (TVA) substations. Our audit objective was to determine if substations had appropriate physical access controls. Our scope included substations that contain devices with TVA network connectivity.We found substations had overall appropriate physical access controls. However, we identified control weaknesses in TVA’s annual access review process and management of one of the physical access controls. Additionally, we determined TVA’s Standard Programs and Processes should be revised to define requirements for physical access reviews.

The Federal Emergency Management Agency (FEMA) did not consistently apply the information technology (IT) access controls needed to restrict unnecessary access to its systems and information. Specifically, FEMA did not promptly remove or adjust system and information access when personnel separated or changed positions.

We conducted this evaluation to assess the maturity of HUD’s Robotic process automation (RPA) activities and determine whether HUD had implemented related controls to address technology and program management risks. RPA is a software technology used to emulate human actions on a computer. RPA software programs, referred to as “bots,” can complete repetitive tasks quickly and consistently, freeing up employees to work on other, higher value activities. RPA has the potential to increase business process efficiency, improve the effectiveness and consistency of mission services, and lower costs. However, because RPA interacts with HUD information technology (IT) systems and can be used within important agency business processes, it can introduce new technology and operational risks for HUD programs.We found that HUD lacked adequate controls and capacity to operate its RPA program efficiently and effectively. After more than 3 years since its inception, HUD’s program had achieved minimal progress and results. HUD lacked adequate internal controls and staffing capacity to effectively oversee and manage the program. HUD had not established a clear vision for the RPA program or set measurable metrics to define program success. HUD also did not maintain adequate oversight of bot development and operations to ensure that limited RPA program funds were used efficiently. Finally, HUD lacked important IT controls related to the security and auditability of its RPA system. As a result of these weaknesses, HUD missed opportunities to capitalize on the potential benefits of RPA and expended IT resources inefficiently on projects that provided minimal value.This evaluation report contains four recommendations for HUD to implement new internal controls and further develop its internal capacity to manage and oversee the RPA program. Appendix A of the report includes opportunities for improvement that will not be tracked as formal recommendations but are noted as general suggestions to improve HUD’s RPA program effectiveness.

A clerk based in Beech Grove, Indiana, resigned from employment on February 16, 2023, prior to his administrative hearing. Our investigation found that the employee violated company policies by misusing his company-owned computer and email address for his personally owned business by downloading unauthorized software onto the company’s workstation. He also used his company email during regular work hours to solicit Amtrak employees and others to join his business ventures.

The Time and Attendance Collection System (TACS) is the primary application for collection of Postal Service employee time and attendance data. As of September 2021, the Postal Service had 653,167 employees, including more than 17,000 supervisors, who were compensated based on time entered in TACS. Supervisors are generally categorized as special exempt employees according to the Fair Labor Standards Act. Special exempt employees do not receive overtime but are eligible for extra straight time pay for extra hours worked.

This report presents a summary of the results of our self-initiated audits assessing the efficiency of selected processes at three selected retail units in the Massachusetts-Rhode Island (MA-RI) District (Project Number 22-188). These retail units include Fort Point Station, Woburn Post Office, and Norwood Post Office in the MA-RI District of the Atlantic Area. We previously issued interim reports1 to district management for each of these retail units regarding the conditions we identified.

This report presents a summary of the results of our self-initiated audits assessing mail delivery, customer service, and property conditions at six select delivery units in the Delaware–Pennsylvania 2 District in the Atlantic Area. These delivery units included the Germantown, Logan, and North Philadelphia Stations in Philadelphia, PA; and the Marshallton Branch, Edgemoor Branch, and Lancaster Avenue Station in Wilmington, DE.

Enforcement Investigations: Measures of Timeliness Showed SomeImprovement But Enforcement Can Better Communicate Capabilities forExpediting Investigations and Improve Internal Processes, Report No. 576

What We Looked AtWe queried and downloaded 74 single audit reports prepared by non-Federal auditors and submitted to the Federal Audit Clearinghouse between July 1, 2022, and September 30, 2022, to identify significant findings related to programs directly funded by the Department of Transportation (DOT). What We FoundWe found that reports contained a range of findings that impacted DOT programs. The auditors reported 17 incidents of significant noncompliance with Federal guidelines related to 13 grantees that require prompt action from DOT’s Operating Administrations (OA). Seven of these were repeat findings related to six grantees. The auditors also identified questioned costs totaling $3,546,767 for four grantees. Of this amount, $1,250,359 was related to the State of Rhode Island, and $1,350,319 was related to the Capital Area Transit System Baton Rouge, LA. Additionally, we identified nonmonetary findings that caused qualified opinions for the Chippewa Cree Tribe, the Government of Guam, the State of Illinois, the Klawock Cooperative Association, the City of Creswell, OR, and the Commonwealth Ports Authority of the Northern Marina Islands. RecommendationsWe recommend that DOT coordinate with the impacted OAs to develop corrective action plans to resolve and close the current and repeat findings identified in this report. We also recommend that DOT determine the allowability of the questioned transactions and recover $3,546,767, if applicable.

A civil settlement agreement was finalized between the United States Department of Justice and an Amtrak contractor on February 14, 2023. The contractor agreed to pay Amtrak $54,567 out of retainage held by Amtrak and an additional $9,822 to the United States for overbilling overhead rates above the maximum allowed for work performed on the New Jersey High Speed Rail Improvement Program from 2013 to 2017. Separate from the civil settlement agreement, the contractor also paid Amtrak $10,561 for overbilling overhead rates on the same project during the period from 2018 to 2020.

We found 13 properties with consecutive REAC scores below 60 that were missing the required flags in HUD’s Active Partners Performance System (APPS) for unacceptable physical condition. This condition occurred because HUD did not have a quality control program to ensure that the account executives manually entered the flags into APPS and there was no automated process for flagging a property once it received the second consecutive below-60 REAC score. As a result, HUD relied on incomplete previous participation information to make decisions about future participation. Not having sufficient information to assess its controlling participants could potentially impact the health and safety of residents at multifamily properties.

Final Close-Out, Second Follow-Up Review on FLRA's Appointment of Contracting Officer's Representatives

MEMORANDUM FOR DEPARTMENT OF DEFENSE LEAD INSPECTOR GENERAL

This Office of Inspector General Comprehensive Healthcare Inspection Program report describes the results of a focused evaluation of the inpatient and outpatient care provided at the Memphis VA Medical Center in Tennessee. This evaluation focused on five key operational areas:• Leadership and organizational risks• Quality, safety, and value• Medical staff privileging• Environment of care• Mental health (emergency department and urgent care center prevention initiatives)Survey results highlighted opportunities for executive leaders to improve patient satisfaction.The OIG issued six recommendations for improvement in two areas:1. Medical staff privileging• Ongoing Professional Practice Evaluation processes2. Environment of care• Patient care area inspections• Biohazard signage• Area designations• Video recording

KPMG LLP’s (KPMG) report on its financial statement audit of the National Credit Union Administration’s (NCUA) financial statements, which includes the Share Insurance Fund, the Operating Fund, the Central Liquidity Facility, and the Community Development Revolving Loan Fund, as of and for the years ended December 31, 2022 and 2021. The NCUA prepared financial statements in accordance with the Office of Management and Budget (OMB) Circular No. A-136 Revised, Financial Reporting Requirements, and subjected them to audit.

A Systems Engineer based in Philadelphia violated policies by installing unapproved software on two company-owned computers. The software provides a method to remotely administer workstations and could potentially be used to compromise computer systems. Amtrak management responded to our report on February 10, 2023, stating that the employee had been counseled. In addition, the company implemented several corrective action plans in response to our observations in our report.

Williams, Adley & Company – DC, LLP (Williams Adley), under contract with the Department of Homeland Security Office of Inspector General, concluded that DHS complied with applicable statutes, regulations, and policies governing grants and contracts awarded by any means OTFOC in fiscal year 2022. During that year, DHS awarded 30 noncompetitive grants worth approximately $31 million and 419 noncompetitive contracts worth approximately $518 million through means OTFOC.