Federal Reports

While personnel shortages existed in the health care community before the pandemic, the pandemic exacerbated these shortages. Maintaining an appropriate level of personnel in health care facilities is essential to providing a safe work environment for health care personnel and safe care to patients. The Pandemic Response Accountability Committee’s (PRAC) Health Care Subgroup developed this report to share insights into personnel shortages across four select federal health care programs, or the providers they reimburse. Together, these four programs provide health care services to approximately 20 million individuals.

The EPA should track changes in air emissions in near port communities and develop guidance for using community group air-monitoring data.

The Office of Inspector General (OIG) conducted this inspection to determine whether the VA Beckley Healthcare System in West Virginia was meeting federal security guidance. The OIG selected the system because it had not previously been visited as part of the annual Federal Information Security Modernization Act of 2014 (FISMA) audit.The OIG identified security deficiencies with configuration management, security management, and access controls. The configuration management deficiencies involved incomplete and inaccurate information system entries on vulnerabilities needing remediation. The lack of accurate information slowed remediation efforts: the OIG team found that those efforts exceeded VA’s required 60-day time frame for 444 high-risk vulnerabilities on about 45 percent of computers. Among the weaknesses in security management, the team found the healthcare system’s special purpose system did not have an authorization to operate because it had not cleared the risk management framework established by the National Institute of Standards and Technology to meet FISMA requirements. The special purpose system comprises mechanisms that monitor the distribution of oxygen throughout the hospital, alert facility police of emergencies via panic buttons, limit access to the control room, and control the facility’s climate. As for access controls, network segments including those containing medical imaging devices were not separately controlled, allowing any network user to access them; not all systems were connected to a functional uninterrupted power supply; the medical center’s computer room and 19 communication closets had problems such as leaks, data lines being intertwined with electrical lines, and closets lacking cameras, dead bolts, and smoke detectors; and unencrypted hard drives were not being sanitized before they were shipped out for destruction.The OIG made 10 recommendations to address the deficiencies.