Recommendations
2065
| ID | Report Number | Report Title | Type | |
|---|---|---|---|---|
| 18-00334-164 | Comprehensive Healthcare Inspection Program Review of the VA Puget Sound Health Care System, Seattle, Washington | Comprehensive Healthcare Inspection Program | ||
1 The Deputy Director ensures required team members consistently participate on environment of care rounds and monitors team members’ compliance.
Closure Date:
2 The Deputy Director ensures all medical equipment at the South Sound VA Clinic is identified as safe for patient use and monitors compliance.
Closure Date:
3 The Chief of Staff ensures the Infection Control Committee consistently documents discussions of on-going construction activities and monitors compliance.
Closure Date:
4 The Assistant Director ensures temperature monitoring occurs in dry food storage areas and monitors compliance.
Closure Date:
5 The Facility Director ensures that reconciliation of controlled substance refills to automated dispensing units in patient care areas and returns to pharmacy stock are performed during controlled substance inspections and monitors compliance.
Closure Date:
| ||||
| 15-00022-139 | Audit of the Beneficiary Travel Program, Special Mode of Transportation, Eligibility and Payment Controls | Audit | ||
1 The OIG recommended the Under Secretary for Health require Veterans Integrated Service Networks to implement periodic reviews to ensure clinicians and Beneficiary Travel Office staff comply with Veterans Health Procedure Guide 1601B.05 eligibility requirements for authorizing Special Mode of Transportation services.
Closure Date:
2 The OIG recommended the Under Secretary for Health modify Veterans Health Administration Procedure Guide 1601B.05 to require the Beneficiary Travel Office staff to verify beneficiaries attended medical appointments prior to approving payment of Special Mode of Transportation vendor invoices.
Closure Date:
3 The OIG recommended the Under Secretary for Health require Veterans Integrated Service Networks to implement periodic reviews to ensure VA Medical Centers comply with Veterans Health Administration policies for verifying beneficiaries listed on vendor invoices had been properly authorized for Special Mode of Transportation services or attended medical appointments prior to approving payment of Special Mode of Transportation vendor invoices.
Closure Date:
4 The OIG recommended the Under Secretary for Health ensure the Improper Payments Elimination and Recovery Act reports provided to Veterans Integrated Service Networks are modified to include Special Mode of Transportation information specific to vendor payments by VA Medical Centers.
Closure Date:
5 The OIG recommended the Under Secretary for Health implement use of Centers for Medicare and Medicaid Services Rates when savings can be achieved for Special Mode of Transportation ambulance services in accordance with 38 U.S.C. Section 111(b)(3)(C).
Closure Date:
6 The OIG recommended the Under Secretary for Health implement controls to prevent beneficiaries using Special Mode of Transportation services from also obtaining mileage reimbursement for the same appointment(s).
Closure Date:
| ||||
| 16-04555-138 | Alleged Contracting and Appropriation Irregularities at the Office of Transition, Employment, and Economic Impact | Audit | ||
1 The OIG recommended the Executive in Charge for Benefits coordinate with the Head of VA Contracting Activity and the Office of General Counsel to determine what actions need to be taken to remedy the unauthorized commitment.
Closure Date:
2 The OIG recommended the Executive in Charge for Benefits obtain appropriate funding for all future information technology costs.
Closure Date:
3 The OIG recommended the Executive in Charge for Benefits coordinate with the Office of Information Technology, the Office of Management, and the Office of General Counsel to make accounting adjustments to debit the information technology account that should have been used and credit the general operating expense account that was inappropriately used, determine whether Antideficiency Act violations occurred, and report the violations as appropriate.
Closure Date:
| ||||
| 17-01257-136 | VA’s Federal Information Security Modernization Act Audit for Fiscal Year 2017 | Audit | ||
1 We recommended the Executive in Charge for Information and Technology fully implement an agency-wide risk management governance structure, along with mechanisms to identify, monitor, and manage risks across the enterprise. (This is a repeat recommendation from prior years.)
Closure Date:
2 We recommended the Executive in Charge for Information and Technology implement mechanisms to ensure sufficient supporting documentation is captured to justify closure of Plans of Action and Milestones. (This is a repeat recommendation from prior years.)
Closure Date:
3 We recommended the Executive in Charge for Information and Technology implement improved processes to ensure that all identified weaknesses are incorporated into the Governance Risk and Compliance tool, in a timely manner, and corresponding Plans of Actions and Milestones are developed to track corrective actions and remediation. (This is a repeat recommendation from prior years.)
Closure Date:
4 We recommended the Executive in Charge for Information and Technology implement clear roles, responsibilities, and accountability for developing, maintaining, completing, and reporting on Plans of Action and Milestones. (This is a repeat recommendation from prior years.)
Closure Date:
5 We recommended the Executive in Charge for Information and Technology develop mechanisms to ensure system security plans reflect current operational environments, include an accurate status of the implementation of system security controls, and all applicable security controls are properly evaluated. (This is a modified repeat recommendation from prior years.)
Closure Date:
6 We recommended the Executive in Charge for Information and Technology implement improved processes for reviewing and updating key security documents such as risk assessments and security control assessments on an annual basis and ensure the information accurately reflects the current environment. (This is a modified repeat recommendation from prior years.)
Closure Date:
7 We recommended the Executive in Charge for Information and Technology implement mechanisms to enforce VA password policies and standards on all operating systems, databases, applications, and network devices. (This is a repeat recommendation from prior years.)
Closure Date:
8 We recommended the Executive in Charge for Information and Technology implement periodic reviews to minimize access by system users with incompatible roles, permissions in excess of required functional responsibilities, and unauthorized accounts. (This is a repeat recommendation from prior years.)
Closure Date:
9 We recommended the Executive in Charge for Information and Technology enable system audit logs on all critical systems and platforms and conduct centralized reviews of security violations across the enterprise. (This is a repeat recommendation from prior years.)
Closure Date:
10 We recommended the Executive in Charge for Information and Technology fully implement two-factor authentication for all network access methods throughout the agency. (This is a repeat recommendation from prior years.)
Closure Date:
11 We recommended the Executive in Charge for Information and Technology implement more effective automated mechanisms to continuously identify and remediate security deficiencies on VA’s network infrastructure, database platforms, and web application servers. (This is a repeat recommendation from prior years.)
Closure Date:
12 We recommended the Executive in Charge for Information and Technology implement a more effective patch and vulnerability management program to address security deficiencies identified during our assessments of VA’s web applications, database platforms, network infrastructure, and workstations. (This is a repeat recommendation from prior years.)
Closure Date:
13 We recommended the Executive in Charge for Information and Technology maintain a complete and accurate security baseline configurations for all platforms and ensure all baselines are appropriately implemented for compliance with established VA security standards. (This is a modified repeat recommendation from prior years.)
Closure Date:
14 We recommended the Executive in Charge for Information and Technology implement improved network access controls to ensure medical devices and networks, not managed by the Office of Information and Technology, are appropriately segregated from general networks and mission-critical systems. (This is a repeat recommendation from prior years.)
Closure Date:
15 We recommended the Executive in Charge for Information and Technology consolidate the security responsibilities for networks not managed by the Office of Information and Technology, under a common control for each site and ensure vulnerabilities are remediated in a timely manner. (This is a repeat recommendation from prior years.)
Closure Date:
16 We recommended the Executive in Charge for Information and Technology implement improved processes to ensure that all devices and platforms are evaluated using credentialed vulnerability assessments. (This is a repeat recommendation from prior years.)
Closure Date:
17 We recommended the Executive in Charge for Information and Technology implement improved procedures to enforce a standardized system development and change control framework that integrates information security throughout the life cycle of each system. (This is a repeat recommendation from prior years.)
Closure Date:
18 We recommended the Executive in Charge for Information and Technology implement improved processes for ensuring the encryption of backup data prior to transferring the data offsite for storage. (This is a repeat recommendation from prior years.)
Closure Date:
19 We recommended the Executive in Charge for Information and Technology implement improved processes for the testing of contingency plans and failover capabilities for critical systems to ensure that all components can be recovered at the assigned sites and within stated timeframes. (This is a modified repeat recommendation from prior years.)
Closure Date:
20 We recommended the Executive in Charge for Information and Technology identify all external network interconnections and implement improved processes for monitoring VA networks, systems, and connections for unauthorized activity. (This is a repeat recommendation from prior years.)
Closure Date:
21 We recommended the Executive in Charge for Information and Technology implement more effective agency-wide incident response procedures to ensure timely reporting, updating, and resolution of computer security incidents in accordance with VA standards. (This is a repeat recommendation from prior years.)
Closure Date:
22 We recommended the Executive in Charge for Information and Technology ensure that VA’s Network Security and Operations Center has full access to all security incident data to facilitate an agency-wide awareness of information security events. (This is a repeat recommendation from prior years.)
Closure Date:
23 We recommended the Executive in Charge for Information and Technology implement improved safeguards to identify and prevent unauthorized vulnerability scans and data exfiltrations from VA networks. (This is a repeat recommendation from prior years.)
Closure Date:
24 We recommended the Executive in Charge for Information and Technology fully develop a comprehensive list of approved and unapproved software and implement continuous monitoring processes to prevent the use of unauthorized software on agency devices. (This is a repeat recommendation from prior years.)
Closure Date:
25 We recommended the Executive in Charge for Information and Technology develop a comprehensive software inventory process to identify major and minor software applications used to support VA programs and operations. (This is a repeat recommendation from prior years.)
Closure Date:
26 We recommended the Executive in Charge for Information and Technology implement improved procedures for overseeing contractor-managed cloud-based systems and ensure information security controls adequately protect VA sensitive systems and data. (This is a repeat recommendation from prior years.)
Closure Date:
27 We recommended the Executive in Charge for Information and Technology implement mechanisms for updating systems inventory, including contractor-managed systems and interfaces, and provide this information in accordance with Federal reporting requirements. (This is a repeat recommendation from prior years.)
Closure Date:
| ||||
| 15-03215-154 | Healthcare Inspection - Testosterone Replacement Therapy Initiation and Follow-Up Evaluation in VA Male Patients | National Healthcare Review | ||
1 The Under Secretary for Health ensures that providers establish clinical signs and symptoms consistent with androgen deficiency, prior to testing patients’ testosterone level for confirmation in alignment with Veterans Health Administration guidance.
Closure Date:
2 The Under Secretary for Health ensures that providers biochemically confirm hypogonadism through repeated testosterone testing prior to initiation of testosterone replacement therapy in alignment with Veterans Health Administration guidance.
Closure Date:
3 The Under Secretary for Health ensures that providers determine whether the etiology of hypogonadism is primary or secondary, prior to testosterone replacement therapy initiation in alignment with Veterans Health Administration guidance.
Closure Date:
4 The Under Secretary for Health ensures that providers discuss and document the risks and benefits of testosterone therapy with patients prior to initiation in alignment with Veterans Health Administration guidance.
Closure Date:
5 The Under Secretary for Health ensures that providers assess and document patients’ symptoms improvement and adverse effects within 3–6 months of initiation before continuing testosterone replacement therapy in alignment with Veterans Health Administration guidance.
Closure Date:
6 The Under Secretary for Health ensures that providers monitor patients’ hematocrit levels within 3–6 months of initiation, before continuing testosterone replacement therapy in alignment with Veterans Health Administration guidance.
Closure Date:
7 The Under Secretary for Health ensures that providers assess and document patients’ adherence to therapy and perform testosterone level test within 3–6 months of initiation, before continuing testosterone replacement therapy in alignment with Veterans Health Administration guidance.
Closure Date:
| ||||
| 17-05404-149 | Comprehensive Healthcare Inspection Program Review of the VA North Texas Health Care System, Dallas, Texas | Comprehensive Healthcare Inspection Program | ||
1 The Chief of Staff ensures practitioners’ Focused Professional Practice Evaluation competency reviews include clearly delineated timeframes and criteria and monitors compliance.
Closure Date:
2 The Chief of Staff ensures that Ongoing Professional Practice Evaluations include the review of service- and practitioner-specific data and monitors compliance.
Closure Date:
3 The Chief of Staff ensures that Ongoing Professional Practice Evaluations include the utilization of service-specific criteria and monitors compliance.
Closure Date:
4 The Chief of Staff and Associate Director for Patient Care Services ensure personal protective equipment is readily accessible and monitor compliance.
Closure Date:
5 The Facility Director ensures that reconciliation of controlled substance refills to automated dispensing units in patient care areas and reconciliation of returns to pharmacy stock are performed during controlled substance inspections and monitors compliance.
Closure Date:
6 The Chief of Staff ensures ordering providers or designees communicate mammogram results to patients and monitors providers’ compliance.
Closure Date:
| ||||
| 16-02742-77 | Review of Research Service Equipment and Facility Management, Eastern Colorado Health Care System | Audit | ||
1 The OIG recommended the VA Eastern Colorado Health Care System Director establish a policy requiring the Research Service implement a process to identify all accountable equipment annually that does not have a barcode label, and ensure these items are communicated to the Logistics Service so they receive a barcode label and are recorded in the automated inventory system.
Closure Date:
2 The OIG recommended the VA Eastern Colorado Health Care System Director develop an action plan that would ensure all Research Service sensitive information technology equipment is assigned to an information technology equipment inventory list.
Closure Date:
3 3. The OIG recommended the VA Eastern Colorado Health Care System Director implement a training program to ensure Information Technology, Research, and Logistics Service staffs are properly trained to enable them to identify and place sensitive information technology equipment under control.
Closure Date:
4 The OIG recommended the VA Eastern Colorado Health Care System Director implement a policy requiring the Logistics Service perform recurring, at least annually, quality reviews of Research Service automated equipment data to identify and correct incomplete, inaccurate, and unreliable records, maintain copies of the reviews, and provide the completed reviews to the director.
Closure Date:
5 The OIG recommended the VA Eastern Colorado Health Care System Director implement a policy requiring the Logistics Service perform recurring quality reviews, at least annually, to ensure equipment transaction records are maintained, logically organized, and easily accessible for assigned research equipment, in accordance with policy.
Closure Date:
6 The OIG recommended the VA Eastern Colorado Health Care System Director develop a local policy requiring the Logistics Service to perform recurring reviews of inventory dates for all Research Service accountable equipment and sensitive items, to ensure all equipment has been inventoried on an annual basis, which is from the month of completion to the next 12-month period, as required by VA Handbook 7002.
Closure Date:
7 The OIG recommended the VA Eastern Colorado Health Care System Director implement a procedure to ensure compliance with the VA Handbook 6500.1 requirement to attach VA Form 0751, Information Technology Equipment Sanitization Certificate, to VA Form 2237, Request, Turn-In, and Receipt for Property or Services, prior to disposal of sensitive information technology equipment.
Closure Date:
8 The OIG recommended the VA Eastern Colorado Health Care System Director take steps necessary to ensure required Report of Survey actions listed in VA Handbook 7002 are completed for the missing items reported lost by the Research Service on the eight Reports of Survey initiated in calendar year 2015.
Closure Date:
9 The OIG recommended the VA Eastern Colorado Health Care System Director require the accountable officer to follow policy, establish, and maintain a Report of Survey register by fiscal year, to track, monitor, and ensure required actions are completed timely.
Closure Date:
10 The OIG recommended the VA Eastern Colorado Health Care System Director ensure there are an adequate number of officials who have the required training to complete Report of Survey actions so Reports of Survey can be fully processed, timely.
Closure Date:
11 The OIG recommended the VA Eastern Colorado Health Care System Director implement a mechanism to ensure all Research Service Custodial Officers complete their required annual Custodial Officer’s training.
Closure Date:
12 The OIG recommended the VA Eastern Colorado Health Care System Director ensure Delegation of Authority letters for all current Research Service Custodial Officers are completed in accordance with VA Handbook 7002.
Closure Date:
13 The OIG recommended the VA Eastern Colorado Health Care System Director ensure all materials and specimens are stored in a freezer with a remote temperature monitoring system.
Closure Date:
14 The OIG recommended the VA Eastern Colorado Health Care System Director ensure exterior doors on Research Service buildings are repaired so they consistently lock upon closure.
Closure Date:
15 The OIG recommended the VA Eastern Colorado Health Care System Director ensure all exterior doors to Research Service buildings are secured by self-closing doors with automatic locking upon closure with access by keycard or a system that is equal to or exceeds the security of a keycard system.
Closure Date:
16 The OIG recommended the VA Eastern Colorado Health Care System Director establish procedures to timely decommission vacant laboratories, and collect, store or dispose of unused chemicals and personally identifiable information in accordance with applicable policies.
Closure Date:
| ||||
| 17-05407-141 | Comprehensive Healthcare Inspection Program Review of the Samuel S. Stratton VA Medical Center, Albany, New York | Comprehensive Healthcare Inspection Program | ||
1 The Chief of Staff ensures the Executive Committee of the Medical Staff uses the results of Ongoing Professional Practice Evaluations in the determination of whether to recommend continuation of licensed independent practitioners’ privileges and monitors compliance.
Closure Date:
2 The Chief of Staff ensures Physician Utilization Management Advisors consistently document their decisions in the National Utilization Management Integration database and monitors the advisors’ compliance.
Closure Date:
3 The Chief of Staff ensures the interdisciplinary group or committee that reviews utilization management data includes representatives from the Chief, Business Office Revenue-Utilization Review.
Closure Date:
4 The Facility Director ensures the Patient Safety Manager or designee provides feedback about root cause analysis actions to the reporting individuals or departments and monitors the Patient Safety Manager’s compliance.
Closure Date:
5 The Associate Director ensures environment of care rounds are conducted in all areas of the facility at the required frequency and monitors compliance.
Closure Date:
6 The Associate Director ensures required team members consistently participate on environment of care rounds and monitors team members’ compliance.
Closure Date:
7 The Associate Director ensures medical biohazardous waste storage rooms are secured and monitors compliance.
Closure Date:
8 The Facility Director ensures that controlled substances inspectors perform controlled substances order verification as required and monitors inspectors’ compliance.
Closure Date:
9 The Facility Director ensures controlled substances inspectors complete monthly pharmacy prescription pad inventories and monitors inspectors’ compliance.
Closure Date:
10 The Chief of Staff ensures providers communicate mammogram results to patients and monitors providers’ compliance.
Closure Date:
| ||||
| 17-03399-150 | Healthcare Inspection—Inadequate Intensivist Coverage and Surgery Service Concerns, Gulf Coast Veterans Healthcare System, Biloxi, Mississippi | Hotline Healthcare Inspection | ||
1 We recommended that the System Director continue to follow through on incomplete actions as discussed in Issues 1 and 2 of this report.
Closure Date:
2 We recommended that the Veterans Integrated Service Network Director provide oversight of intensive care unit and Surgery Service-related operations until corrective actions are completed and conditions have been resolved.
Closure Date:
3 We recommended that the System Director take action as appropriate related to Physicians A and B and their improper electronic health record documentation as discussed in this report.
Closure Date:
| ||||
| 17-05409-140 | Comprehensive Healthcare Inspection Program Review of the Martinsburg VA Medical Center, West Virginia | Comprehensive Healthcare Inspection Program | ||
1 The Acting Chief of Staff ensures the development and utilization of privilege-specific criteria for Focused Professional Practice Evaluations and monitors compliance.
Closure Date:
2 The Acting Chief of Staff ensures the development and utilization of service-specific criteria for Ongoing Professional Practice Evaluations and monitors compliance.
Closure Date:
3 The Associate Director ensures all required environment of care team members are assigned to and consistently participate on environment of care rounds and monitors compliance.
Closure Date:
4 The Facility Director ensures that Controlled Substance Inspectors complete controlled substance order verifications and monitors compliance.
Closure Date:
5 The Acting Chief of Staff ensures mammogram results are electronically linked to the radiology order and monitors compliance.
Closure Date:
| ||||
14957