Federal Reports

Cyberscope 2017

Prescriber identifiers are a valuable program integrity safeguard. They enable CMS and Part D plan sponsors to determine if legitimate practitioners have prescribed drugs for enrollees. Plan sponsors are required to include prescriber identifiers on the Part D prescription drug event (PDE) records they submit to CMS. The Medicare Access and CHIP Reauthorization Act of 2015 (MACRA) requires that, beginning in 2016, pharmacy claims for covered Part D drugs must contain valid prescriber National Provider Identifiers (NPIs). Additionally, the law requires the Secretary of the Department of Health and Human Services to establish procedures for determining the validity of these prescriber NPIs. The law also requires OIG to submit to Congress a report on the effectiveness of these procedures no later than January 1, 2018. This evaluation report fulfills OIG's MACRA mandate.

The objective of this review was to perform an independent assessment of the Peace Corps’ information security program, including testing the effectiveness of security controls for a subset of systems as required, for FY 2017. Our results demonstrate that the Peace Corps lacks an effective information security program because of problems related to people, processes, technology, and culture. The Peace Corps needs to embrace a risk-based culture and place greater emphasis on the importance of a robust information security program by involving senior leadership, ensuring agency policies are comprehensive, and prioritizing the time and resources necessary to become fully compliant with Federal laws and eliminate weaknesses.

This report was issued in conjunction with the Office of Inspector General for the Railroad Retirement Board’s Semiannual Report to the Congress. It was incorporated by reference in the corresponding Semiannual Report, which is available at the link below.