Federal Reports

A Management Advisory Recommending the Strengthening of the FTC Ethics Program by Extending Mandatory Annual Ethics Training to Employees at or Below the GS-13 Grade Level Who Occupy High Risk Positions.

Sleep Health Center (Sleep Health), based in Fort Myers, Florida, billed Medicare claims for polysomnography services that did not always comply with Medicare billing requirements. Of the 100 randomly selected beneficiaries that we reviewed, Sleep Health billed Medicare claims for polysomnography services that met Medicare billing requirements for 36 beneficiaries with 137 corresponding lines of service. However, Sleep Health billed Medicare claims for the remaining 64 beneficiaries with 149 corresponding lines of service that did not meet Medicare requirements, resulting in overpayments totaling $49,000. These errors occurred primarily because Sleep Health did not have adequate controls to ensure that it properly documented polysomnography services billed to Medicare. On the basis of our sample results, we estimated that Sleep Health received overpayments of at least $487,000 for the audit period.

The Centers for Medicare & Medicaid Services (CMS) had policies and procedures to ensure that payments were not made for Medicare services rendered to unlawfully present beneficiaries in accordance with Federal requirements, but it did not always follow those policies and procedures. When CMS's data systems indicated that at the time a claim was processed the beneficiary was unlawfully present, CMS had policies and procedures to prevent payment for Medicare services, and CMS followed those procedures.

To view the report, please click on the link below.

Audit report of NLRB's training and conferences from July 1, 2014 to June 30, 2015.

Our audit found that the Oregon Department of Education (Oregon) Consolidated Collection System, Oregon’s Statewide Longitudinal Data System, had a lack of documented internal controls in the system that increases the risk that Oregon will be unable to prevent or detectunauthorized access and disclosure of personally identifiable information. Specifically, we found that Oregon did not ensure that the Consolidated Collection System met the minimum requirements in Oregon’s Department of Administrative Services State Standards, which require the system controls and documentation of those controls. Since Oregon did not meet the minimum State requirements, it was notin compliance with Statewide Longitudinal Data Systems grant requirements. In addition, Oregon had policies and procedures that address reporting and responding to unauthorized access and disclosure of personally identifiable information in its data system. However, we could not determine whether the procedures were effective because Oregon had not reported any system breaches in the Consolidated CollectionSystem.