Federal Reports

The Office of Inspector General (OIG) evaluated the availability and utilization of metrics more than a year after the Mann-Grandstaff VA Medical Center became the first facility to implement the new Electronic Health Record (EHR) system. The OIG determined that, one year after go-live, gaps existed between required and available metrics using new EHR data.The OIG learned that many quality, patient safety, and organizational performance metrics were unavailable, including metrics needed for hospital accreditation. Additionally, the OIG found that access metrics were largely unavailable. The OIG remains concerned that deficits in new EHR metrics may negatively affect organizational performance, quality and patient safety, and access to care.Challenges with the new EHR’s metrics included the following: Cerner failed to deliver metrics reports, new EHR’s metrics could not be assessed prior to go-live, utility was impaired, and training was deficient. VHA-generated metrics using new EHR data also created challenges. VHA resources were insufficient for generating new EHR metrics, VHA metrics using new EHR data were not validated and unavailable, and VHA changed the metrics required from the facility.The OIG determined that deficiencies related to the new EHR’s metrics and challenges with VHA-generated metrics using new EHR data impaired the facility’s access to and utilization of metrics.The OIG is concerned that further deployment of the new EHR in VHA without addressing the gap in metrics available to the facility will affect the facility and future sites’ ability to utilize metrics effectively. Accordingly, to address the gaps in metrics available to the facility and future sites, VA must resolve the factors identified by the OIG that affect the availability of metrics.The OIG made two recommendations to the Deputy Secretary regarding evaluating gaps in new EHR metrics and the factors affecting the availability of metrics and taking action as warranted.

This report summarizes the oversight work performed by EAC OIG during the 6-month period ended March 31, 2022.

(May 2022) The Office of the Inspector General of the Intelligence Community (IC IG) recently released its Semiannual Report to the Director of National Intelligence (DNI) and Congress for the period of October 1, 2021, through March 31, 2022. The National Security Act of 1947 (as amended) requires the IC IG to prepare and submit to the DNI a classified and, as appropriate, unclassified report summarizing the work of the IC IG for the preceding six-month period.

In accordance with our Annual Performance Plan Fiscal Year 2022. dated November 2021, the Office of Inspector General (OIG) conducted a review of the United States Capitol Police (USCP or the Department) Communications Section's Dispatch and Call Taking Process. The scope of the review included existing policies and procedures related to the Communications Section for Fiscal Year 2021 through December 31. 2021.  OIG objectives were to determine if the Department (1) established adequate internal controls and processes for ensuring compliance with select Department policies and (2) complied with select policies and procedures, laws, regulations, and best practices.

The VA Office of Inspector General (OIG) conducts information technology (IT) inspections to assess whether VA facilities are meeting federal security requirements. They are typically conducted at selected facilities that have not been assessed in the sample for the annual audit required by the Federal Information Security Modernization Act of 2014 (FISMA) or at facilities that previously performed poorly. The OIG selected the Dallas Consolidated Mail Outpatient Pharmacy (CMOP) because it had not been previously visited as part of the annual FISMA audit.The OIG inspections are focused on four security control areas that apply to local facilities and have been selected based on their level of risk: configuration management controls, contingency planning controls, security management controls, and access controls. The OIG found deficiencies in configuration management and access controls at the Dallas CMOP, but none in contingency planning or security management controls.Without effective configuration management, users do not have adequate assurance that the system and network will perform as intended and to the extent needed to support the CMOP’s missions. The access control deficiencies create risks of unauthorized access to critical network resources, inability to respond effectively to incidents, loss of personally identifiable information, or loss of life.The OIG made 10 recommendations to the Dallas CMOP director aimed at fixing the control deficiencies. The assistant secretary for information and technology provided comments for the Dallas CMOP. The assistant secretary concurred with nine recommendations and did not concur with one recommendation. The OIG disagrees with the nonconcurrence.