Recommendations
2065
| ID | Report Number | Report Title | Type | |
|---|---|---|---|---|
| 16-01436-270 | Healthcare Inspection Review of VHA’s “Our Doctors” Website Accuracy | National Healthcare Review | ||
1 We recommended that the Acting Under Secretary for Health ensure that the Veterans Health Administration develops and implements a policy defining the purpose, responsibilities, and requirements for credentials information on the Our Doctors website.
Closure Date:
2 We recommended that the Acting Under Secretary for Health ensure that the Veterans Health Administration develops and implements an oversight process for accuracy of the information posted on the Our Doctors website.
Closure Date:
| ||||
| 17-00253-267 | Administrative Investigation - Misuse of Official Time and Failure to Properly Supervise, Oklahoma City VA Health Care System | Administrative Investigation | ||
1 We recommend that the VAHCS Director confer with the Offices of General Counsel and Human Resources to ensure a bill of collection is issued to Dr. [redacted] for VA hours he claimed and certified but did not work.
Closure Date:
2 We recommend that the VAHCS Director confer with the Offices of General Counsel and Human Resources to deterine the appropriate administrative action to take, if any, against Dr. [redacted].
Closure Date:
3 We recommend that the VA Designated Agency Ethics Official review Dr. [redacted] non-VA sanctioned travel to determine any potential violation of the Code of Ethics.
Closure Date:
4 We recommend that the VAHCS Director confer with the Offices of General Counsel and Human Resources to determine the appropriate administrative action to take, if any, against Dr. Comp.
Closure Date:
| ||||
| 16-04762-232 | Inspection of the VARO Boise, Idaho | Review | ||
1 We recommended the Boise VA Regional Office Director provide refresher training for increased special monthly compensation based on additional independent disabilities and assess the effectiveness of this training.
Closure Date:
2 We recommended the Boise VA Regional Office Director implement a plan to assess the effectiveness of the most recent refresher training for processing Specially Adapted Housing and Special Home Adaptation grants.
Closure Date:
3 We recommended the Boise VA Regional Office Director implement a plan to ensure oversight and prioritization of proposed rating reduction cases for completion at the end of the due process time period.
Closure Date:
4 We recommended the Boise VA Regional Office Director strengthen the review process for claims establishment and revise the claims establishment checklist.
Closure Date:
5 We recommended the Boise VA Regional Office Director implement a plan to provide refresher training on claims establishment procedures and monitor the effectiveness of that training.
Closure Date:
6 We recommended the Boise VA Regional Office Director refer the personally identifiable information violation to the VA Regional Office Privacy Officer to determine proper action, if any.
Closure Date:
7 We recommended the Boise VA Regional Office Director establish a plan to provide training to congressional liaison staff on processing special controlled correspondence and monitor the effectiveness of the training.
Closure Date:
8 We recommended the Boise VA Regional Office Director develop and implement a plan to assess the effectiveness of the special controlled correspondence checklist.
Closure Date:
| ||||
| 16-01949-248 | VA's Federal Information Security Modernization Act Audit for Fiscal Year 2016 | Audit | ||
1 We recommended the Acting Assistant Secretary for Information and Technology implement improved processes to ensure all VA systems and devices are formally “Authorized to Operate” and system security controls are evaluated before allowing such systems to connect to VA’s general network or the Internet. (This is a new recommendation.)
Closure Date:
2 We recommended the Acting Assistant Secretary for Information and Technology fully implement an agency-wide risk management governance structure, along with mechanisms to identify, monitor, and manage risks across the enterprise. (This is a repeat recommendation from prior years.)
Closure Date:
3 We recommended the Acting Assistant Secretary for Information and Technology implement mechanisms to ensure sufficient supporting documentation is captured to justify closure of Plans of Action and Milestones. (This is a repeat recommendation from prior years.)
Closure Date:
4 We recommended the Acting Assistant Secretary for Information and Technology implement improved processes to ensure that all identified weakness are incorporated into the Governance Risk and Compliance tool, in a timely manner, and corresponding Plans of Actions and Milestones are developed to track corrective actions and remediation. (This is a repeat recommendation from prior years.)
Closure Date:
5 We recommended the Acting Assistant Secretary for Information and Technology implement system enhancements to the Governance Risk and Compliance tool to prevent the automatic re-opening of closed Plans of Action and Milestones and such actions are updated to accurately reflect their current status. (This is a repeat recommendation from prior years.)
Closure Date:
6 We recommended the Acting Assistant Secretary for Information and Technology implement clear roles, responsibilities, and accountability for developing, maintaining, completing, and reporting on Plans of Action and Milestones. (This is a repeat recommendation from prior years.)
Closure Date:
7 We recommended the Acting Assistant Secretary for Information and Technology develop mechanisms to ensure system security plans reflect current operational environments, including accurate system interconnections, boundary, control, and ownership information. (This is a repeat recommendation from prior years.)
Closure Date:
8 We recommended the Acting Assistant Secretary for Information and Technology implement improved processes for reviewing and updating key security documents such as risk assessments, privacy impact assessments, and security control assessments on an annual basis and ensure all required information accurately reflects the current environment. (This is a repeat recommendation from prior years.)
Closure Date:
9 We recommended the Acting Assistant Secretary for Information and Technology implement mechanisms to enforce VA password policies and standards on all operating systems, databases, applications, and network devices. (This is a repeat recommendation from prior years.)
Closure Date:
10 We recommended the Acting Assistant Secretary for Information and Technology implement periodic reviews to minimize access by system users with incompatible roles, permissions in excess of required functional responsibilities, and unauthorized accounts. (This is a repeat recommendation from prior years.)
Closure Date:
11 We recommended the Acting Assistant Secretary for Information and Technology enable system audit logs on all systems and platforms and conduct centralized reviews of security violations across the enterprise. (This is a modified repeat recommendation from prior years.)
Closure Date:
12 We recommended the Acting Assistant Secretary for Information and Technology fully implement two-factor authentication for all network access methods throughout the agency. (This is a modified repeat recommendation from prior years.)
Closure Date:
13 We recommended the Acting Assistant Secretary for Information and Technology implement more effective automated mechanisms to continuously identify and remediate security deficiencies on VA’s network infrastructure, database platforms, and Web application servers. (This is a repeat recommendation from prior years.)
Closure Date:
14 We recommended the Acting Assistant Secretary for Information and Technology implement a more effective patch and vulnerability management program to address security deficiencies identified during our assessments of VA’s Web applications, database platforms, network infrastructure, and workstations. (This is a repeat recommendation from prior years.)
Closure Date:
15 We recommended the Acting Assistant Secretary for Information and Technology maintain complete and accurate baseline configurations and ensure all baselines are appropriately implemented for compliance with established VA security standards. (This is a modified repeat recommendation from prior years.)
Closure Date:
16 We recommended the Acting Assistant Secretary for Information and Technology implement improved network access controls to ensure medical devices and networks, not managed by OI&T, are appropriately segregated from general networks and mission-critical systems. (This is a repeat recommendation from prior years.)
Closure Date:
17 We recommended the Acting Assistant Secretary for Information and Technology consolidate the security responsibilities for networks, not managed by OI&T, under a common control for each site and ensure vulnerabilities are remediated in a timely manner. (This is a repeat recommendation from prior years.)
Closure Date:
18 We recommended the Acting Assistant Secretary for Information and Technology implement improved processes to ensure that all devices and platforms are evaluated using credentialed vulnerability assessments. (This is a new recommendation.)
Closure Date:
19 We recommended the Acting Assistant Secretary for Information and Technology implement improved procedures to enforce a standardized system development and change control framework that integrates information security throughout the life cycle of each system. (This is a modified repeat recommendation from prior years.)
Closure Date:
20 We recommended the Acting Assistant Secretary for Information and Technology implement improved processes to ensure information system contingency plans are updated with the required information. (This is a modified repeat recommendation from prior years.)
Closure Date:
21 We recommended the Acting Assistant Secretary for Information and Technology implement improved processes for ensuring the encryption of backup data prior to transferring the data offsite for storage. (This is a modified repeat recommendation from prior years.)
Closure Date:
22 We recommended the Acting Assistant Secretary for Information and Technology implement improved processes for the testing of contingency plans and failover capabilities for critical systems to ensure that all components can be recovered at an alternate site in the event of a system failure or disaster. (This is a modified repeat recommendation from prior years.)
Closure Date:
23 We recommended the Acting Assistant Secretary for Information and Technology document a Business Impact Analysis for all systems and incorporate applicable Recovery Point Objectives for those systems. (This is a modified repeat recommendation from prior years.)
Closure Date:
24 We recommended the Acting Assistant Secretary for Information and Technology identify all external network interconnections and implement improved processes for monitoring VA networks, systems, and connections for unauthorized activity. (This is a repeat recommendation from prior years.)
Closure Date:
25 We recommended the Acting Assistant Secretary for Information and Technology implement more effective agency-wide incident response procedures to ensure timely reporting, updating, and resolution of computer security incidents in accordance with VA standards. (This is a repeat recommendation from prior years.)
Closure Date:
26 We recommended the Acting Assistant Secretary for Information and Technology ensures that VA’s Network Security and Operations Center has full access of all security incident data to facilitate an agency-wide awareness of information security events. (This is a new recommendation.)
Closure Date:
27 We recommended the Acting Assistant Secretary for Information and Technology implement improved safeguards to identify and prevent unauthorized vulnerability scans and data exfiltrations from VA networks. (This is a modified repeat recommendation from prior years.)
Closure Date:
28 We recommended the Acting Assistant Secretary for Information and Technology fully develop a comprehensive list of approved and unapproved software and implement continuous monitoring processes to prevent the use of unauthorized software on agency devices. (This is a repeat recommendation from prior years.)
Closure Date:
29 We recommended the Acting Assistant Secretary for Information and Technology develop a comprehensive software inventory process to identify major and minor software applications used to support VA programs and operations. (This is a repeat recommendation from prior years.)
Closure Date:
30 We recommended the Acting Assistant Secretary for Information and Technology implement procedures for overseeing contractor-managed cloud-based systems and ensure information security controls adequately protect VA sensitive systems and data. (This is a repeat recommendation from prior years.)
Closure Date:
31 We recommended the Acting Assistant Secretary for Information and Technology implement mechanisms for updating systems inventory, including contractor-managed systems and interfaces, and provide this information in accordance with Federal reporting requirements. (This is a modified repeat recommendation from prior years.)
Closure Date:
| ||||
| 16-00556-244 | Clinical Assessment Program Review of the White River Junction VA Medical Center, White River Junction, Vermont | Comprehensive Healthcare Inspection Program | ||
1 We recommended that the Quality Management Board is chaired or co-chaired by the Facility Director.
Closure Date:
2 We recommended that the Quality Management Board routinely review aggregated data.
Closure Date:
3 We recommended that facility clinical managers consistently review Ongoing Professional Practice Evaluation data every 6 months and that facility managers monitor compliance.
Closure Date:
4 We recommended that facility clinical managers ensure completion of at least 75 percent of all utilization management reviews and that facility managers monitor compliance.
Closure Date:
5 We recommended that facility clinical managers ensure an interdisciplinary group reviews utilization management data and that facility managers monitor compliance.
Closure Date:
6 We recommended that the Patient Safety Manager ensures completion of eight root cause analyses each fiscal year and that facility managers monitor compliance.
Closure Date:
7 We recommended that the facility collect quality assurance data for the anticoagulation management program, that the Medication Use and Evaluation Committee annually review the data, and that facility managers monitor compliance.
Closure Date:
8 We recommended that facility managers ensure anticoagulation clinicians consistently obtain all required laboratory tests prior to initiating warfarin treatment.
Closure Date:
9 We recommended that for patients transferred out of the facility, providers consistently include date of transfer and patient or surrogate informed consent in transfer documentation and that facility managers monitor compliance.
Closure Date:
10 We recommended that for inter-facility transfers, facility managers ensure acceptable designees document staff/attending physician approval as evidenced by the presence of the approving staff/attending physician countersignature and monitor compliance.
Closure Date:
11 We recommended that for patients transferred out of the facility, sending nurses document transfer assessments/notes and that facility managers monitor compliance.
Closure Date:
12 We recommended that providers include all the required elements in the history and physical and the pre-sedation assessment and that clinical managers monitor compliance.
Closure Date:
13 We recommended that clinical employees document post-procedure assessments of patients' pain levels and that clinical managers monitor compliance.
Closure Date:
14 We recommended that clinical employees discharge moderate sedation outpatients in the company of a responsible adult and that clinical managers monitor compliance.
Closure Date:
15 We recommended that clinical managers ensure that clinical employees who perform or assist with moderate sedation procedures have current training for the provision of moderate sedation care, that training is documented, and that clinical managers monitor compliance.
Closure Date:
16 We recommended that clinical teams keep resuscitation equipment in moderate sedation procedure rooms/areas and that clinical managers monitor compliance.
Closure Date:
17 We recommended that facility managers ensure the Community Nursing Home Oversight Committee includes representation by all required clinical disciplines.
Closure Date:
18 We recommended that facility managers ensure social workers and registered nurses conduct and document cyclical clinical visits with the frequency required by Veterans Health Administration policy for community nursing home oversight and monitor compliance.
Closure Date:
19 We recommended that the facility implement an Employee Threat Assessment Team or an alternate group that addresses employee-related disruptive behavior and a disruptive behavior reporting and tracking system.
Closure Date:
20 We recommended that the facility collect and analyze data from disruptive or violent behavior incidents.
Closure Date:
21 We recommended that facility clinical managers ensure clinicians inform patients about the Patient Record Flags and the right to request to amend/appeal Patient Record Flag placement.
Closure Date:
22 We recommended that facility clinical managers ensure clinicians review the continuing need for Patient Record Flags every 2 years and document the review.
Closure Date:
23 We recommended that facility managers ensure appropriate individuals conduct debriefings after incidents of disruptive or violent behavior and monitor compliance.
Closure Date:
24 We recommended that facility managers ensure all employees receive Level 1 Prevention and Management of Disruptive Behavior training and additional training as required for their assigned risk area within 90 days of hire and that the training is documented in employee training records.
Closure Date:
| ||||
| 15-02994-269 | Healthcare Inspection- Alleged Mismanagement and Quality of Care Issues in Surgical Service, John D. Dingell VA Medical Center, Detroit, Michigan | Hotline Healthcare Inspection | ||
1 We recommended that the Facility Director explore and implement measures to improve communication and interpersonal dynamics in the operating room.
Closure Date:
2 We recommended that the Facility Director ensure that surgeons follow processes for scheduling add-on operating room cases and monitor compliance.
Closure Date:
3 We recommended that the Facility Director ensure that the Associate Chief of Staff of Surgical Service complies with facility policy for completion of post-operative notes immediately following surgeries
Closure Date:
4 We recommended that the Facility Director ensure that the presence of the Associate Chief of Staff of Surgical Service during surgeries is accurately documented in operative reports.
Closure Date:
5 We recommended that the Facility Director ensure that the Associate Chief of Staff of Surgical Service communicates a designated backup surgeon to the surgical team in the event of his absence from the operating room.
Closure Date:
6 We recommended that the Facility Director ensure that the cases identified in this report are reviewed, and for patients who suffered adverse outcomes and poor quality of care, confer with the Office of Chief Counsel regarding the appropriateness of disclosures to patients and families.
Closure Date:
7 We recommended that the Facility Director explore reasons why an autopsy was not performed per a family’s request (Patient 1 of this report) and take action as necessary.
Closure Date:
8 We recommended that the Facility Director ensure that facility staff comply with Veterans Health Administration policies on peer review and the care of Patient 4 is evaluated and a peer review is completed.
Closure Date:
| ||||
| 15-03303-206 | Review of VHA Care and Privacy Standards for Women Veterans | National Healthcare Review | ||
1 We recommended that the Acting Under Secretary for Health ensure that the Office of Women’s Health Services routinely reviews and when appropriate, strengthens the requirements for women’s health provider designation and facilitates the updating of requirements for all designated women health providers with supporting documentation that details how the requirements were satisfied.
Closure Date:
| ||||
| 15-05123-254 | Healthcare Inspection – Alleged Misdiagnosis and Delay in Treatment, Providence VA Medical Center, Providence, Rhode Island | Hotline Healthcare Inspection | ||
1 We recommended that the Facility Director ensure that peer reviews are completed and reported as required by Veterans Health Administration policy.
Closure Date:
2 We recommended that the Facility Director ensure that peer reviews are completed and reported as required by Veterans Health Administration policy.
Closure Date:
| ||||
| 17-01542-273 | Healthcare Inspection Sterile Compounding Environment and Practices, Overton Brooks VA Medical Center, Shreveport, Louisiana | Hotline Healthcare Inspection | ||
1 We recommended that the Veterans Integrated Service Network Director ensure that facility leaders implement corrective actions and processes to fully comply with United States Pharmacopeia 797> requirements, test the effectiveness of these actions and processes before resuming full compounded sterile preparations operations, and monitor compliance of key elements through a facility or Veterans Integrated Service Network-level committee.
Closure Date:
2 We recommended that the Veterans Integrated Service Network Director issue guidance to facility staff requiring that results of external reviews be provided to facility leaders as soon as those results are available.
Closure Date:
| ||||
| 15-03678-210 | Review of Alleged Unauthorized Commitments for Prosthetic Purchases at VA Network Contracting Office 3 | Audit | ||
1 We recommend the Director of Contracting, NCO 2 submit a ratification request for the unauthorized commitments identified in this report to the cognizant Head of Contracting Activity – Executive Director, Service Area Office East.
Closure Date:
2 We recommend the Director of Contracting, NCO 2 submit a ratification request for the unauthorized commitments identified in this report to the cognizant Head of Contracting Activity – Executive Director, Service Area Office East.
Closure Date:
3 We recommend the Executive Director, Service Area Office East conduct a review of Network Contracting Office operations to ensure internal controls, such as segregation of duties, are monitored and enforced.
Closure Date:
| ||||
14957