Open Recommendations

We recommend that Healthfirst Health Plan, Inc. identify, for the high-risk diagnoses included in this report, similar instances of noncompliance that occurred before or after our audit period and refund any resulting overpayments to the Federal Government.

We recommend that Healthfirst Health Plan, Inc. identify, for the potentially mis-keyed diagnosis codes described in this report, similar instances of noncompliance that occurred during our audit period but were not included in our non-statistical sample and refund any resulting overpayments to the Federal Government.

We recommend that Healthfirst Health Plan, Inc. continue its examination of existing compliance procedures to identify areas where improvements can be made to ensure that diagnosis codes that are at high risk for being miscoded comply with Federal requirements (when submitted to CMS for use in CMS’s risk adjustment program) and take the necessary steps to enhance those procedures.

Review all existing guidance to ensure that the use of Letters of Credit is not allowed for goods or services that should be procuredwith a Federal Acquisition Regulation contract.

Strengthen oversight of the National Flood Insurance Program cash management process to ensure Write Your Own insuranceproviders’ and NFIP Direct and Bureau and Statistical Agent contractors’ accounts receivable and accounts payable aging reports and bankreconciliations are reviewed.

Recommendation is not publicly available.

Recommendation is not publicly available.

Recommendation is not publicly available.

Recommendation is not publicly available.

Recommendation is not publicly available.

Recommendation is not publicly available.

We recommended that Noridian Healthcare Solutions, LLC, work with CMS to ensure that its final settlement of contract costs reflects an increase in Medicare pension costs of $620,072 for CYs 2014 through 2016.

We recommended that Noridian Healthcare Solutions, LLC, increase the Medicare segment pension assets by $1,207,983 and recognize $31,451,287 as the Medicare segment pension assets as of December, 31, 2016.

We recommended that Noridian Healthcare Solutions, LLC, increase Medicare's share of the Medicare segment excess pension assets as of December 31, 2016, by $2,261,097 and recognize $703,387 as Medicare's share of the pension assets as a result of the benefit curtailment.

We recommended that Noridian Healthcare Solutions, LLC, increase the Medicare segment PRB assets by $197,098 as of January 1, 2017.

We recommend that Noridian Healthcare Solutions, LLC, work with CMS to ensure that its final settlement of contract costs reflects an increase in Medicare PRB costs of $1,531,023 for CYs 2014 through 2016.

CMS should evaluate the potential impacts of updating the DRG window policy to include affiliated hospitals, and seek the necessary legislative authority to update the policy as appropriate.

The Commissioner, Wage and Investment Division, should establish specific performance measures and goals to effectively assess the assistance provided to LEP and visually impaired taxpayers.

Continue efforts to develop and implement role-based privacy training for users with significant privacy or data protection related duties.

Conduct a business impact assessment within every two years to assess mission essential functions and incorporate the results into strategy and mitigation planning activities.

Develop and implement role-based training with those who hold supply chain risk management roles and responsibilities to detect counterfeit system components.

Based on the results of this audit, exercise reasonable diligence to identify, report, and return any overpayments in accordance with the 60-day rule and identify any of those returned overpayments as having been made in accordance with this recommendation.

We recommend that the Chief Financial Officer and Assistant Secretary for Administration establish a Department-wide framework that includes written procedures and a quality assurance process to ensure prompt processing, independent and objective reviewing, thorough reporting, and tracking the status of H referrals from OIG.

We recommend that the Chief Financial Officer and Assistant Secretary for Administration enforce the reporting requirement on providing to OIG the H referral response as required in DAO 207-10. If the suspense date cannot be met, report its progress to and request an extension from OIG before the suspense date.

CMS should conduct additional outreach to beneficiaries to increase awareness about Medicare coverage for the treatment of opioid use disorder.

CMS should take steps to increase the number of providers and opioid treatment programs for Medicare beneficiaries with opioid use disorder.

CMS should assist SAMHSA by providing data about the number of Medicare beneficiaries receiving buprenorphine in office-based settings and the geographic areas where Medicare beneficiaries remain underserved.

CMS should take steps to increase the utilization of behavioral therapy among beneficiaries receiving medication to treat opioid use disorder.

CMS should create an action plan and take steps to address disparities in the treatment of opioid use disorder.

CMS should collect data on the use of telehealth in opioid treatment programs.

Design and implement an effective accountability system that includes clear expectations of goals, performance measures, estimated target dates, and monitoring to hold OIT leadership accountable for improving AmeriCorps’ information security program to an effective level. (New

Develop, document, and communicate an overall SCRM strategy, implementation plan, and related policies and procedures to guide and govern supply chain risk management activities. If AmeriCorps intends to limit its IT purchases to GSA vendors, it should so state, and indicate who, if anyone, must approve exceptions. (New)

FHFA’s Office of Technology and Information Management (OTIM) should request an assessment to be completed by December 1, 2022, and that assessment will be used to determine if OTIM has sufficient resources (staff, technology, etc.) to update, test, and execute the contingency plan requirements.

(U) Rec. 1: The DoD OIG recommended that the Defense Pricing and Contracting Principal Director review the Defense Federal Acquisition Regulation Supplement and Defense Federal Acquisition Regulation Supplement Procedures, Guidance, and Information to determine whether current policy adequately addresses when cost analysis should be required by contracting officials to determine price reasonableness for sole-source spare parts not subject to Truth in Negotiations Act. If the Principal Director determines that current policy is not sufficient, the Principal Director should initiate actions to revise and update policy and guidance.

Update the configuration settings on the servers to be in compliance with Commission IT Policy and ensure only essential capabilities are being provided.

Direct the Health Information Management program office in coordination with the Office of Community Care and facility chiefs of staff to ensure facilities are conducting post payment audits of billed acupuncture and chiropractic services to verify non VA providers are properly supporting their claims and to develop processes for corrective actions based on audit results.

Direct the Health Information Management program office, in coordination with the Office of Community Care and facility chiefs of staff, to ensure facilities are conducting postpayment audits of billed evaluation and management services to verify non VA providers are properly supporting their claims, including a focus on providers who frequently bill high level evaluation and management services and/or submit charges during periods when global surgery packages are in effect, and develop processes for corrective actions based on audit results.

We recommend that the Centers for Medicare & Medicaid Services expand the IRF transfer payment policy to apply to early discharges to home health care. If this expanded policy had been in place, Medicare could have saved $993,134,059 in 2017 and 2018.

Use Treasury’s DNP analysis to systemically flag COVID-19 EIDL and Emergency EIDL grant recipients who were found in Treasury’s DNP system and not previously reported by OIG. Review the applications and determine whether they are deemed ineligible. If the applicant is deemed ineligible, recover any disbursed funds, and flag the application as ineligible.

For all COVID-19 EIDLs and Emergency EIDL grants identified and flagged as potentially ineligible above, include those transactions in SBA’s 2021 improper payments estimation process.

In order to mitigate risks to the Station's structural integrity, ensure the risks associated with cracks and leaks in the Service Module Transfer Tunnel are identified and mitigated prior to agreeing to an ISS life extension.

We recommend the Director of CISA develop an implementation plan to conduct periodic assessments for monitoring theprogress of goals and activities and complete annual updates on action items, as required by the Cyber Action Plan and associated 2015 and 2018memorandums.

We recommend the Director of CISA conduct centralized tracking and completion of signed closeout summaries to reconcile the ongoing,outstanding, and open tasks and activities, as required by the Cyber Action Plan and associated 2015 and 2018 memorandums.

We recommend the Director of CISA establish performance measures to ensure the effectiveness and completion of the CyberAction Plan and associated 2015 and 2018 memorandum activities.

We recommend the Director of CISA establish the DHS governance structure and ensure it consists of an Executive Committee thatmeets at least semi-annually and a Steering Committee that meets at least quarterly, as required.

We recommend that the Centers for Medicare & Medicaid Services update its PDE guidance to address margin under sponsor delivery models in which a sponsor owns a pharmacy.

Develop information reports to identify beneficiaries in death suspense for prolonged periods and instruct management to ensure technicians take appropriate actions on the cases.

Verify and post death information, where appropriate, for the remaining beneficiaries in the State Death population.

Establish systems criteria to identify Old-age, Survivors and Disability Insurance beneficiaries in Address Suspense who are likely deceased, such as identifying beneficiaries suspended for prolonged periods who do not have activity on any Social Security Administration (SSA) records since their suspension. Once established, SSA should update policy to instruct technicians to search for death information.

Develop systems controls to alert technicians when SSA receives death information from sources, such as Centers for Medicare and Medicaid Services and the Department of the Treasury (Treasury), for beneficiaries in suspended payment status.