Open Recommendations

Supply Chain Risk Management

We recommend that the Georgia Department of Community Health refund to the Federal Government $644,802 (Federal share) for single-source physicianadministered drug claims that were ineligible for Federal reimbursement.

We recommend that the Georgia Department of Community Health refund to the Federal Government $9,325 (Federal share) for top-20 multiple-source physician-administered drug claims that were ineligible for Federal reimbursement.

We recommend that the Georgia Department of Community Health work with CMS to determine and refund the unallowable portion of $52,837 (Federal share) for other multiple-source physician-administered drug claims that may have been ineligible for Federal reimbursement and consider invoicing drug manufacturers for rebates for those drug claims that CMS determines are allowable;

We recommend that the Under Secretary of Commerce for Standards and Technology and Director of NIST change policy to ensure (1) UPI is strategically reinvested into MEP and (2) if UPI is not reinvested into MEP, withhold federal funds until UPI is used to pay down allowable project expenses.

We recommend that the Under Secretary of Commerce for Standards and Technology and Director of NIST conduct a thorough review of executive compensation for reasonableness as required by Departmental and NIST criteria.

We recommend that the Under Secretary of Commerce for Standards and Technology and Director of NIST establish policy limits on executive compensation for MEP, including restrictions on Center and subrecipient salaries.

We recommend that the Under Secretary of Commerce for Standards and Technology and Director of NIST establish procedures to (1) ensure recipients disclose in writing any potential conflict of interest to NIST consistent with award terms and (2) promptly review any such disclosures.

We recommend that the Under Secretary of Commerce for Standards and Technology and the Director of NIST review all disclosed related party activities identified by us and previously reported to NIST and take any action deemed appropriate.

We recommended that Centers for Medicare and Medicaid Services direct the MACs (or other CMS-designated entities) to review a sample of claims for epidural steroid injection sessions administered during the period beginning on January 1, 2021, and ending on the date that the revised coverage limitations (i.e., up to four sessions per 12-month period) became effective in the relevant MAC's jurisdiction (I.e. December 5, 2021, and June 19, 2022), to identify instances in which Medicare paid physicians for injection sessions that exceeded the number of allowable sessions (in accordance with the applicable LCDs) and recover any improper payments identified.

We recommend that the Centers for Medicare and Medicaid Services direct the MACs to recover the $3,585,422 in improper payments made to physicians for epidural steroid injection sessions.

We recommend that the Centers for Medicare and Medicaid Services instruct the MACs to, based on the results of this audit, notify appropriate physicians (i.e. those for whom CMS determines this audit constitutes credible information of potential overpauments) so that the physicians can exercise reasonable diligence to identify, report, and return any overpayments in accordance with the 60-day rule and identify any of those returned overpayments as having been made in accordance with this recommendation.

Direct SNL to ensure MESA procurements of weapon products for use in nuclear weapons production are clearly identifiable in its records system and includes necessary attributes.

[Description omitted; DOJ has determined that this recommendation contains information that is limited official use or classified.]

[Description omitted; DOJ has determined that this recommendation contains information that is limited official use or classified.]

(U) Rec. 3: The DoD OIG recommended that the Under Secretary of Defense for Intelligence and Security review and update any applicable counterintelligence guidance and policy documents, including DoD Instruction C-5240.08 and DoD Instruction 5240.04, to address Anomalous Health Incident-related information and counterintelligence investigation requirements; and provide information security advice to the Office of the Under Secretary of Defense for Policy for the development of a Security Classification Guide for Anomalous Health Incidents.

Complete a usage study and document a decision regarding if the IRS will mandate that participants use the TFA IVES system.

FHFA should develop and maintain a complete and accurate cloud system component inventory, as required by NIST SP 800-53.

FHFA should develop and implement a solution to encrypt all data-at-rest on the cloud system as required by National Institute of Standards and Technology SP 800-53.

We recommend the CISA Director update CISA’s Continuity of Operations Plan and develop and implement an information system contingency plan, to ensure availability of redundant systems, capabilities, and communication methods to use if primary systems or networks are compromised.

We recommend the CISA Director require the facility and operations staff conduct an assessment to determine whether secure facility space is appropriately sized and configured to meet operational needs and document any changes necessary for staff to obtain and maintain appropriate access to intelligence information.

We recommend the CISA Director require an assessment to document the levels of staffing, resources, and intelligence access needed for operational divisions, cyber detection and mitigation capabilities, and support functions.

We recommend the CISA Director create and implement a long-term plan for the Cybersecurity Division that includes provisions for ownership, operations, and maintenance of the National Cybersecurity Protection System’s data analytics capabilities.

We recommend the Assistant Secretary for Occupational Safety and Health: Modify the Field Operations Manual to include a policy for mandatory interviews of complainants and witnesses or document the rationale for lack thereof and provide training to Compliance Safety and Health Officers on the updated requirements.

We recommend the Assistant Secretary for Occupational Safety and Health: Update the Field Operations Manual to require documented case file review and approvals by supervisors and provide training for Compliance Safety and Health Officers to ensure complete documentation of significant decisions and actions.