Recommendations
2055
| ID | Report Number | Report Title | Type | |
|---|---|---|---|---|
| 24-02430-152 | Delays in Pension Automation Updates Led to Some Burial Transportation Benefits Being Incorrectly Processed | Review | ||
1 Update the relevant sections on transportation expenses in the Veterans Benefits Administration’s Adjudication Procedures Manual to align with each other.
Closure Date:
2 Ensure automation is consistent with the policy for processing the transportation benefit.
| ||||
| 24-00615-163 | Healthcare Facility Inspection of the Sheridan VA Health Care System in Wyoming | Healthcare Facility Inspection | ||
1 The OIG recommends facility leaders implement tools to help sensory-impaired veterans navigate the facility.
2 The OIG recommends facility leaders ensure the facility has a policy for test result communication that includes methods to monitor the effectiveness of the patient notification process.
3 The OIG recommends facility leaders ensure staff develop workflows for the communication of test results for each service.
| ||||
| 24-00613-162 | Healthcare Facility Inspection of the VA Boston Healthcare System in Massachusetts | Healthcare Facility Inspection | ||
1 The OIG recommends the Director ensures staff have processes to prevent repeat environment of care findings.
2 The OIG recommends the Veterans Integrated Service Network 1 Director monitors for similar or repeated environment of care findings and ensures facility staff sustain improvements.
3 The OIG recommends the Veterans Integrated Service Network 1 Director ensures facility leaders identify environment of care trends and establish performance improvement plans with outcome measures to address them.
4 The OIG recommends the Director ensures staff post biological hazard signs on doors where potentially infectious materials may be present.
5 The OIG recommends the Director ensures staff keep patient care areas clean and safe.
6 The OIG recommends the Director ensures only authorized staff have access to medication storage areas.
7 The OIG recommends the Director ensures staff conduct an inventory of all the facility’s medication storage areas, and the Chief of Pharmacy approves them.
8 The OIG recommends the Chief of Pharmacy ensures pharmacy staff inspect each approved medication storage area monthly.
9 The OIG recommends the Director ensures staff monitor temperature and humidity in medication storage areas and track possible deviations, even those that may occur when the areas are closed.
10 The OIG recommends the Director ensures the Brockton VA Medical Center’s Urgent Care Center operates according to VHA Directive 1101.13 and obtains an appropriate waiver from the VHA National Program Office of Emergency Medicine as applicable.
Closure Date:
11 The OIG recommends facility leaders review the local policy to ensure it complies with VHA directives specific to which staff receive notification of critical test results.
| ||||
| 24-00610-164 | Healthcare Facility Inspection of the VA Connecticut Healthcare System in West Haven | Healthcare Facility Inspection | ||
1 The OIG recommends facility leaders develop and implement a plan to address veterans’ unanswered phone calls.
2 The OIG recommends the Associate Director ensures staff identify environment of care trends and establish performance improvement plans with outcome measures to address them.
3 The OIG recommends the Associate Director ensures the manufacturer satisfies contractual requirements to perform preventive maintenance for beds and stretchers and documents the service.
4 The OIG recommends the Veterans Integrated Service Network Director works with facility and primary care leaders to address the network call center’s effect on primary care team efficiency and workload and reduce the risk of adverse patient safety events.
| ||||
| 24-02806-157 | Deficiencies in Credentialing, Privileging, and Evaluations for Surgeons at the St. Cloud VA Medical Center in Minnesota | Hotline Healthcare Inspection | ||
1 The St. Cloud VA Medical Center Director completes a comprehensive review of surgical service credentialing and privileging processes, ensures facility policy and practice in alignment with Veterans Health Administration policy, and as necessary, consults with Veterans Integrated Service Network leaders, and monitors for compliance.
2 The St. Cloud VA Medical Center Director reviews the processes specific to ongoing professional practice evaluations, ensures alignment with Veterans Health Administration policy, including surgical service chief consideration of the use of specialty-specific metrics, including surgical procedures performed in the operating room, and monitors compliance.
3 The St. Cloud VA Medical Center Director completes a review of Medical Staff Executive Council meeting minutes, specific to focused and ongoing professional practice evaluations for the surgical service chief, identifies deficiencies, and takes action as warranted to ensure completion according to Veterans Health Administration requirements.
4 The St. Cloud VA Medical Center Director, in conjunction with Veterans Integrated Service Network leaders, ensures that Veterans Health Administration state licensing board reporting processes are followed for surgeon A consistent with Veterans Health Administration Directive 1100.18.
Closure Date:
| ||||
| 24-02142-105 | VA Needs to Prioritize Accessibility for Individuals with Disabilities When Procuring Information Technology Systems | Audit | ||
1 Ensure staff involved with acquiring information and communication technology are adequately trained on federal and VA requirements for Section 508 standards.
2 Update VA Handbook 6221 to clearly identify roles and responsibilities related to ensuring Section 508 compliance during procurement.
3 Establish a way to ensure compliance documentation and market research on any information and communication technology being procured are submitted to the VA Office of 508 Compliance for approval so that the office can determine whether the technology is the most compliant under Section 508.
4 Collaborate with the VA Office of 508 Compliance to develop policies and procedures to ensure VA’s information and communication technology procurements comply with Section 508 requirements.
| ||||
| 24-01862-151 | Mental Health Inspection of the VA Philadelphia Healthcare System in Pennsylvania | Mental Health Inspection Program | ||
1 The Facility Director establishes a mental health executive council that operates in accordance with Veterans Health Administration requirements.
2 The Facility Director ensures development and implementation of a multi-year recovery transformation plan.
3 The Associate Chief of Staff for Behavioral Health ensures a minimum of four hours of recovery-oriented, interdisciplinary programming on weekdays and weekends on the inpatient mental health units.
4 The Facility Director ensures inpatient mental health units are in good repair and the environment reflects recovery-oriented principles.
5 The Facility Director ensures veterans’ privacy in restraint rooms on the inpatient mental health units.
6 The Associate Chief of Staff for Behavioral Health develops written guidance to ensure staff and veterans’ safety during outdoor breaks.
7 The Facility Director formalizes processes to monitor and track compliance with state involuntary commitment laws.
8 The Chief of Staff ensures the completion of comprehensive inpatient mental health treatment plans and monitors for compliance.
9 The Chief of Staff ensures documentation of discussions between prescribers and veterans on the risks and benefits of newly prescribed medications and monitors for compliance.
10 The Chief of Staff ensures mental health treatment coordinators are included in care coordination.
11 The Chief of Staff ensures discharge instructions for veterans include appointment locations written in easy-to-understand language.
12 The Chief of Staff ensures discharge instructions for veterans include the purpose for each listed medication in easy-to-understand language.
13 The Chief of Staff ensures discharge instructions for veterans include an explanation when both trade and generic names are used for the same medication.
14 The Chief of Staff ensures staff complete the Columbia-Suicide Severity Rating Scale within 24 hours before discharge and monitors for compliance.
15 The Chief of Staff ensures safety plans address ways to make the veteran’s environment safer from potentially lethal means and monitors for compliance.
16 The Facility Director ensures staff comply with timely completion of VA S.A.V.E. training requirements and monitors for compliance.
17 The Facility Director ensures the Interdisciplinary Safety Inspection Team adheres to Veterans Health Administration requirements, including recording meeting minutes and including all required members, and monitors for compliance.
18 The Facility Director implements processes to ensure Interdisciplinary Safety Inspection Team staff accurately identify and document safety hazards within the Patient Safety Assessment Tool and monitors for compliance.
19 The Facility Director ensures staff address identified Mental Health Environment of Care Checklist deficiencies in accordance with Veterans Health Administration guidelines and monitors for compliance.
20 The Facility Director ensures Interdisciplinary Safety Inspection Team members comply with Mental Health Environment of Care Checklist training requirements and monitors for compliance.
| ||||
| 24-01861-144 | Mental Health Inspection of the VA Salem Healthcare System in Virginia | Mental Health Inspection Program | ||
1 The Facility Director ensures the mental health executive council operates in accordance with VHA requirements.
2 The Chief of Mental Health identifies barriers and implements processes to provide a minimum of four hours of recovery-oriented, interdisciplinary programming on weekends on the inpatient mental health unit and monitors for compliance.
3 The Facility Director develops and implements processes to monitor and track compliance with involuntary commitment requirements.
4 The Chief of Staff ensures timely documentation of informed consent discussions between the prescriber and veteran on the risks and benefits of newly prescribed medications and monitors for compliance.
5 The Chief of Staff ensures discharge instructions for veterans are written in easy-to-understand language and include the purpose for each medication.
6 The Chief of Staff directs staff to complete the Columbia-Suicide Severity Rating Scale within 24 hours before discharge and monitors for compliance.
7 The Chief of Staff directs staff to complete or review safety plans with veterans prior to discharge and monitors for compliance.
8 The Chief of Staff directs staff to address ways to make the veteran’s environment safer from potentially lethal means in safety plans and monitors for compliance.
9 The Facility Director directs staff to comply with Lethal Means Safety training and monitors for compliance.
10 The Facility Director directs staff to comply with Skills Training for Evaluation and Management of Suicide training and monitors for compliance.
11 The Facility Director directs staff to comply with VA S.A.V.E. training and monitors for compliance.
12 The Facility Director ensures Interdisciplinary Safety Inspection Team requirements are met and monitors for compliance.
13 The Facility Director implements processes to ensure the Interdisciplinary Safety Inspection Team applies Mental Health Environment of Care Checklist standards to all sections on the inpatient mental health unit and monitors for compliance.
14 The Facility Director uses VHA guidelines to develop a facility-specific policy for the use of restraint chairs.
15 The Facility Director directs staff to comply with Mental Health Environment of Care Checklist training requirements and monitors for compliance.
| ||||
| 24-01233-90 | Federal Information Security Modernization Act Audit for Fiscal Year 2024 | Audit | ||
1 We recommended the Assistant Secretary for Information and Technology consistently implement an improved continuous monitoring program in accordance with the National Institute of Standards and Technology (NIST) Risk Management Framework (RMF). Specifically, implement an independent security control assessment process to evaluate the effectiveness of security controls prior to granting authorization decisions.
2 We recommended the Assistant Secretary for Information and Technology implement improved processes for reviewing and updating key security documentation, including Security Control Assessments, Risk Assessments, and Privacy Impact Assessments as needed. Such updates will ensure all required information is included and accurately reflects the current environment, new security risks, and applicable federal standards.
3 We recommended the Assistant Secretary for Information and Technology implement improved processes to ensure System Security Plans reflect the status of security control implementations and risks are accurately reported to support a comprehensive risk management program across the organization.
4 We recommended the Assistant Secretary for Information and Technology implement improved mechanisms to ensure system owners and information system security officers follow procedures for establishing, tracking, and updating POA&Ms for all known risks and weaknesses including those identified during security control and other assessments.
5 We recommended the Assistant Secretary for Information and Technology implement measures to ensure that system stewards and other officials responsible for system level POA&Ms are closing items with relevant support that shows sufficient remediation of the identified weakness.
6 We recommended the VA Office of Personnel Security, Human Resources, and Contract Offices strengthen processes to ensure appropriate levels of background investigations are performed timely and completed for applicable VA employees and contractors.
7 We recommended the Office of Personnel Security, Human Resources, and Contract Offices implement improved processes for establishing and maintaining accurate investigation data within VA systems used for background investigations.
8 We recommended the Assistant Secretary for Information and Technology ensure contingency plans for all systems and applications are updated and tested in accordance with VA requirements.
9 We recommended the Assistant Secretary for Information and Technology implement improved procedures to ensure that system outages are resolved within stated recovery time objectives.
10 We recommended the Assistant Secretary for Information and Technology ensure system owners consistently implement processes for periodic reviews of user account access. Remove unnecessary and inactive accounts on systems and networks.
11 We recommend the Assistant Secretary for Information and Technology coordinate with system owners and local system management to ensure the consistent monitoring and reviewing of privileged accounts, service accounts, and accounts for individuals with access to source code repositories are performed across VA systems and platforms.
12 We recommend the Assistant Secretary for Information and Technology implement improved processes to ensure compliance with VA password policy and security configuration baselines on domain controllers, operating systems, databases, application, and network devices.
13 We recommended the Assistant Secretary for Information and Technology ensure established change control procedures are consistently followed for testing and approval of system changes for VA applications and networks.
14 We recommended the Assistant Secretary for Information and Technology implement and consistently enforce established procedures for preventing and detecting potential unauthorized changes across all platforms and applications in the environment.
15 We recommended the Assistant Secretary for Information and Technology ensure that all systems and platforms are monitored for compliance with documented VA standards for baseline configurations. Ensure that system owners consistently implement and monitor their configurations.
16 We recommended the Assistant Secretary for Information and Technology implement automated software management processes on all agency platforms to identify and prevent the use of unauthorized software on agency devices.
17 We recommended the Assistant Secretary for Information and Technology implement improved procedures for establishing, documenting, and monitoring an accurate software and logical hardware inventory for system boundaries across the enterprise.
18 We recommended the Assistant Secretary for Information and Technology implement improved processes for monitoring and analyzing significant system audit events for unauthorized or unusual activities across all systems and platforms in accordance with VA policy. Ensure privileged activity is monitored on all systems and applications.
19 We recommended the Assistant Secretary for Information and Technology enable system audit logs on all critical systems and platforms and conduct centralized reviews of security violations across the enterprise.
20 We recommended the Assistant Secretary for Information and Technology implement improved mechanisms to continuously identify and remediate security deficiencies on VA’s network infrastructure, database platforms, and Web application servers in accordance with established policy timeframes. If patches cannot be applied or are unavailable, other protections or mitigations should be documented and implemented to address the specific risks.
21 We recommended the Assistant Secretary for Information and Technology continue to implement improved segmentation controls that restrict vulnerable medical devices from unnecessary access from the general network.
22 We recommended the Assistant Secretary for Information and Technology implement improved processes to require system owners and management to provide adequate credentials to ensure security scans are authenticated to end devices where feasible and the subsequent vulnerabilities are remediated in a timely manner.
23 We recommended the Assistant Secretary for Information and Technology improve the process for tracking and resolving vulnerabilities that cannot be addressed by enterprise processes within policy timeframes. Implement mitigations for identified security deficiencies by applying security patches, system software updates, or configuration changes to reduce applicable security risks.
| ||||
| 24-00616-139 | Healthcare Facility Inspection of the Hershel "Woody" Williams VA Medical Center in Huntington, West Virginia | Healthcare Facility Inspection | ||
1 The OIG recommends the facility Director ensures leaders provide a safe and clean environment of care for veterans, including having adequate staff to clean floors, protecting patient information, and ensuring food is dated and has not expired.
| ||||
14917