Recommendations
2065
| ID | Report Number | Report Title | Type | |
|---|---|---|---|---|
| 21-02491-129 | Quality of Care Concerns and Leaders’ Responses at the Amarillo VA Health Care System in Texas | Hotline Healthcare Inspection | ||
1 The Amarillo VA Healthcare System Director ensures Emergency Department staff follow established protocols for clinical assessment, frequency, and intervention regarding abnormal vital signs, and monitors for compliance.
Closure Date:
2 The Amarillo VA Healthcare System Director completes an evaluation of the registered nurse’s failure to ensure the patient received urgent medical attention after presenting to the clinic with stroke-like symptoms and takes appropriate action as indicated.
Closure Date:
3 The Amarillo VA Healthcare System Director reiterates expectations that patient aligned care team staff engage in respectful communications with patients and their families, and monitors patient advocate data as well as patient satisfaction survey data for evidence of compliance.
Closure Date:
4 The Amarillo VA Healthcare System Director completes a retrospective review of critical view alerts and other quality of care elements of the subject provider for the two years immediately preceding the subject provider’s summary suspension, takes clinical and administrative actions in accordance with Veterans Health Administration guidelines, and monitors for compliance.
Closure Date:
5 The Amarillo VA Healthcare System Director ensures patient aligned care team staff follow communication protocols and electronic health record documentation requirements, and monitors for compliance.
Closure Date:
6 The Veterans Integrated Service Network Director evaluates the system leaders’ actions in this case related to ongoing professional practice evaluation and focused professional practice evaluation for cause processes, focused clinical care review, and institutional disclosure; takes action related to staff training and other identified deficits, as needed; and monitors for compliance.
Closure Date:
| ||||
| 21-01309-74 | Federal Information Security Modernization Act Audit for Fiscal Year 2021 | Audit | ||
1 We recommended the Assistant Secretary for Information and Technology consistently implement an improved continuous monitoring program in accordance with the NIST Risk Management Framework. Specifically, implement an independent security control assessment process to evaluate the effectiveness of security controls prior to granting authorization decisions. (This is a repeat recommendation from prior years.)
Closure Date:
2 We recommended the Assistant Secretary for Information and Technology implement improved mechanisms to ensure system stewards and Information System Security Officers follow procedures for establishing, tracking, and updating Plans of Action and Milestones for all known risks and weaknesses including those identified during security control assessments. (This is a repeat recommendation from prior years.)
Closure Date:
3 We recommended the Assistant Secretary for Information and Technology implement controls to ensure that system stewards and responsible officials obtain appropriate documentation prior to closing Plans of Action and Milestones. (This is a repeat recommendation from prior years.)
Closure Date:
4 We recommended the Assistant Secretary for Information and Technology develop mechanisms to ensure system security plans reflect current operational environments, include an accurate status of the implementation of system security controls, and all applicable security controls are properly evaluated. (This is a repeat recommendation from prior years.)
Closure Date:
5 We recommended the Assistant Secretary for Information and Technology implement improved processes for reviewing and updating key security documents such as security plans, risk assessments, and interconnection agreements on an annual basis and ensure the information accurately reflects the current environment. (This is a repeat recommendation from prior years.)
Closure Date:
6 We recommended the Assistant Secretary for Information and Technology implement improved processes to ensure compliance with VA password policy and security standards on domain controls, operating systems, databases, applications, and network devices. (This is a repeat recommendation from prior years.)
Closure Date:
7 We recommended the Assistant Secretary for Information and Technology implement periodic reviews to minimize access by system users with incompatible roles, permissions in excess of required functional responsibilities, and unauthorized accounts. (This is a repeat recommendation from prior years.)
Closure Date:
8 We recommended the Assistant Secretary for Information and Technology enable system audit logs on all critical systems and platforms and conduct centralized reviews of security violations across the enterprise. (This is a repeat recommendation from prior years.)
Closure Date:
9 We recommended the Office of Personnel Security, Human Resources, and Contract Offices implement improved processes for establishing and maintaining accurate data within VA’s authoritative system of record for background investigations. (This is a modified repeat recommendation from prior years.)
Closure Date:
10 We recommended the Office of Personnel Security, Human Resources, and Contract Offices strengthen processes to ensure appropriate levels of background investigations are completed for applicable VA employees and contractors. (This is a modified repeat recommendation from prior years.)
Closure Date:
11 We recommended the Assistant Secretary for Information and Technology implement more effective automated mechanisms to continuously identify and remediate security deficiencies on VA’s network infrastructure, database platforms, and web application servers. (This is a repeat recommendation from prior years.)
Closure Date:
12 We recommended the Assistant Secretary for Information and Technology implement a more effective patch and vulnerability management program to address security deficiencies identified during our assessments of VA’s web applications, database platforms, network infrastructure, and workstations. (This is a repeat recommendation from prior years.)
Closure Date:
13 We recommended the Assistant Secretary for Information and Technology maintain a complete and accurate security baseline configuration for all platforms and ensure all baselines are appropriately monitored for compliance with established VA security standards. (This is a repeat recommendation from prior years.)
Closure Date:
14 We recommended the Assistant Secretary for Information and Technology implement improved network access controls that restrict medical devices from systems hosted on the general network. (This is a repeat recommendation from prior years.)
Closure Date:
15 We recommended the Assistant Secretary for Information and Technology consolidate the security responsibilities for networks not managed by the Office of Information and Technology, under a common control for each site and ensure vulnerabilities are remediated in a timely manner. (This is a repeat recommendation from prior years.)
Closure Date:
16 We recommended the Assistant Secretary for Information and Technology implement improved processes to ensure that all devices and platforms are evaluated using credentialed vulnerability assessments. (This is a repeat recommendation from prior years.)
Closure Date:
17 We recommended the Acting Assistant Secretary for Information and Technology implement improved procedures to enforce standardized system development and change control processes that integrates information security throughout the life cycle of each system. (This is a repeat recommendation from prior years.)
Closure Date:
18 We recommended the Assistant Secretary for Information and Technology review system boundaries, recovery priorities, system components, and system interdependencies and implement appropriate mechanisms to ensure that established system recovery objectives can be measured and met. (This is a modified repeat recommendation from prior years.)
Closure Date:
19 We recommended the Assistant Secretary for Information and Technology ensure that contingency plans for all systems are updated to include critical inventory components and are tested in accordance with VA requirements. (This is a repeat recommendation from prior years.)
Closure Date:
20 We recommended the Assistant Secretary for Information and Technology implement more effective agency-wide incident response procedures to ensure timely notification, reporting, updating, and resolution of computer security incidents in accordance with VA standards. (This is a repeat recommendation from prior years.)
Closure Date:
21 We recommended the Assistant Secretary for Information and Technology ensure that VA’s Cybersecurity Operations Center has full access to all security incident data to facilitate an agency-wide awareness of information security events. (This is a repeat recommendation from prior years.)
Closure Date:
22 We recommended the Assistant Secretary for Information and Technology implement improved safeguards to identify and prevent unauthorized vulnerability scans on VA networks. (This is a repeat recommendation from prior years.)
Closure Date:
23 We recommended the Assistant Secretary for Information and Technology implement improved measures to ensure that all security controls are assessed in accordance with VA policy and that identified issues or weaknesses are adequately documented and tracked within POA&Ms. (This is a repeat recommendation from prior years.)
Closure Date:
24 We recommended the Assistant Secretary for Information and Technology fully develop a comprehensive list of approved and unapproved software and implement continuous monitoring processes to prevent the use of prohibited software on agency devices. (This is a repeat recommendation from prior years.)
Closure Date:
25 We recommended the Assistant Secretary for Information and Technology develop a comprehensive inventory process to identify connected hardware, software, and firmware used to support VA programs and operations. (This is a repeat recommendation from prior years.)
Closure Date:
26 We recommended the Assistant Secretary for Information and Technology implement improved procedures for monitoring contractor-managed systems and services and ensure information security controls adequately protect VA sensitive systems and data. (This is a repeat recommendation from prior years.)
Closure Date:
| ||||
| 20-00827-126 | Noncompliant and Deficient Processes and Oversight of State Licensing Board and National Practitioner Data Bank Reporting Policies by VA Medical Facilities | Hotline Healthcare Inspection | ||
1 The Under Secretary for Health reviews the State Licensing Board reporting processes at the facility level to ensure compliance with Veterans Health Administration policy, identifies noncompliance, and takes action as warranted.
Closure Date:
2 The Under Secretary for Health ensures that the National Practitioner Data Bank facility reporting practices align with federal regulations and Veterans Health Administration policy.
3 The Under Secretary for Health instructs facility directors to submit National Practitioner Data Bank reports regarding physicians and dentists consistent with Veterans Health Administration policy.
Closure Date:
4 The Under Secretary for Health ensures programmatic oversight of facility State Licensing Board and National Practitioner Data Bank reporting processes.
Closure Date:
| ||||
| 21-00290-116 | Comprehensive Healthcare Inspection of the VA Western New York Healthcare System in Buffalo | Comprehensive Healthcare Inspection Program | ||
1 The Director evaluates and determines the reasons for noncompliance and makes certain that leaders accurately identify and report adverse events as sentinel events when criteria are met.
Closure Date:
2 The Chief of Staff evaluates and determines any additional reasons for noncompliance and ensures that the Peer Review Committee recommends improvement actions for Level 3 peer reviews.
Closure Date:
3 The Director evaluates and determines any additional reasons for noncompliance and makes certain that required members attend Surgical Work Group meetings.
Closure Date:
4 The Chief of Staff and Associate Director for Patient/Nursing Services evaluate and determine any additional reasons for noncompliance and make certain that staff monitor and evaluate all transfers as part of VHA’s Quality Management Program.
Closure Date:
5 The Chief of Staff and Associate Director for Patient/Nursing Services evaluate and determine any additional reasons for noncompliance and ensure all required representatives attend Disruptive Behavior Committee meetings.
Closure Date:
6 The Director evaluates and determines any additional reasons for noncompliance and ensures that staff complete the required prevention and management of disruptive behavior training based on the risk level assigned to their work areas.
Closure Date:
7 The Director evaluates and determines any additional reasons for noncompliance and makes certain that Employee Threat Assessment Team members complete the required training.
Closure Date:
| ||||
| 21-01221-24 | Inspection of Information Technology Security at the VA Financial Services Center | Information Security Inspection | ||
1 The Financial Services Center director implements measures to maintain an accurate system inventory.
Closure Date:
2 The Financial Services Center director implements a more effective patch and vulnerability management program that can accurately identify vulnerabilities and enforce patch application.
Closure Date:
3 The Financial Services Center director implements systems and information integrity procedures that detail how policies are applied to local systems, and create a mechanism for informing employees of new or updated policies and procedures.
Closure Date:
4 The Financial Services Center director, in conjunction with the system owner, develops and implements capabilities for all systems to generate audit logs and collect and forward audit events to the Cybersecurity Operations Center for review, analysis, and reporting.
Closure Date:
5 The Financial Services Center director continues to upgrade the video surveillance system and ensure new capabilities provide full surveillance and video retention to improve monitoring and incident response.
Closure Date:
| ||||
| 21-00237-114 | Comprehensive Healthcare Inspection of Veterans Integrated Service Network 6: VA Mid-Atlantic Health Care Network in Durham, North Carolina | Comprehensive Healthcare Inspection Program | ||
1 The Chief Medical Officer evaluates and determines any additional reasons for noncompliance and makes certain to review the credentials files and approve the VA appointments of physicians who had potentially disqualifying licensure actions.
Closure Date:
2 The Network Director evaluates and determines any additional reasons for noncompliance and makes certain that the Veterans Integrated Service Network’s Emergency Management Committee meets at least quarterly.
Closure Date:
3 The Network Director evaluates and determines any additional reasons for noncompliance and ensures the Emergency Manager completes an annual review of the collective Veterans Integrated Service Network-wide strengths, weaknesses, priorities, and requirements for improvement.
Closure Date:
4 The Network Director evaluates and determines any additional reasons for noncompliance and ensures that the Lead Women Veterans Program Manager completes annual site visits at each facility within the Veterans Integrated Service Network.
Closure Date:
5 The Network Director evaluates and determines any additional reasons for noncompliance and makes certain that the Lead Women Veterans Program Manager completes assessments to identify staff’s women’s health education gaps and develops or adapts educational programs, materials, or resources where gaps are identified.
Closure Date:
| ||||
| 21-02458-94 | Financial Efficiency Review of the Durham VA Health Care System in North Carolina | Financial Inspection | ||
1 Ensure finance office staff are made aware of policy requirements and reviews are conducted on all inactive open obligations as required by VA Financial Policy, vol. 2, chap. 5, “Obligations Policy.”
Closure Date:
2 Ensure quarterly purchase card audits are performed as required by the Veterans Health Administration’s standard operating procedure, “Internal Audits—Purchase Cards and Convenience Checks.”
Closure Date:
3 Establish controls to confirm approving officials and purchase cardholders review their purchases and make sure contracting is used when it is in the best interest of the government.
Closure Date:
4 Require purchase cardholders to submit a request for ratification for any unauthorized commitments identified.
Closure Date:
5 Develop measures to confirm that completed VA Form 0242 submissions are accurate and updated for all cardholders.
Closure Date:
6 Ensure cardholders comply with record retention requirements as stated in VA’s Financial Policy, vol. 16, “Charge Card Programs.”
Closure Date:
7 Establish controls to make certain that budget or accounting staff review the salary cost data each pay period and promptly address cost center corrections with human resources staff as needed.
Closure Date:
8 Ensure service chiefs and supervisors review labor mapping for accuracy and completeness.
Closure Date:
9 Develop and implement a plan to increase inventory turnover closer to the VHA recommended level.
Closure Date:
10 Develop and implement a plan to complete facility based inventory audits of noncontrolled drug line items in compliance with VHA policy.
Closure Date:
| ||||
| 21-01503-112 | Comprehensive Healthcare Inspection Summary Report: Evaluation of Medical Staff Privileging in Veterans Health Administration Facilities, Fiscal Year 2020 | National Healthcare Review | ||
1 The Under Secretary for Health, in conjunction with Veterans Integrated Service Network directors and facility senior leaders, ensures service chiefs include the minimum specialty criteria for focused professional practice evaluations of gastroenterology, pathology, nuclear medicine, and radiation oncology practitioners.
Closure Date:
2 The Under Secretary for Health, in conjunction with Veterans Integrated Service Network directors and facility senior leaders, makes certain that service chiefs include service-specific criteria in ongoing professional practice evaluations.
Closure Date:
3 The Under Secretary for Health, in conjunction with Veterans Integrated Service Network directors and facility senior leaders, ensures executive committees of the medical staff recommend continuing licensed independent practitioners’ privileges based on professional practice evaluation results.
Closure Date:
4 The Under Secretary for Health, in conjunction with Veterans Integrated Service Network directors and facility senior leaders, makes certain that provider exit review forms are completed within seven business days of licensed healthcare professionals’ departure from a medical facility.
Closure Date:
5 The Under Secretary for Health, in conjunction with Veterans Integrated Service Network directors and facility senior leaders, makes certain that provider exit review forms are signed by the service chief, the chief of staff, and the medical facility director if the licensed healthcare professional failed to meet the generally-accepted standards of care.
Closure Date:
6 The Under Secretary for Health, in conjunction with Veterans Integrated Service Network directors and facility senior leaders, ensures credentialing and privileging managers initiate the state licensing board reporting process within the required time frame when licensed healthcare professionals fail to meet generally-accepted standards of care.
Closure Date:
| ||||
| 21-00510-105 | Improved Governance Would Help Patient Advocates Better Manage Veterans’ Healthcare Complaints | Audit | ||
1 Review and update, as appropriate, program policy to formally align with the Office of Patient Advocacy’s program expectations, including when complaints must be entered into a patient advocate tracking system and the responsibilities of patient advocate supervisors.
Closure Date:
2 Implement controls that require facility patient advocate supervisors and Veterans Integrated Service Network patient advocate coordinators to perform regular, documented reviews of records in the patient advocate tracking system to monitor that the required information is entered properly.
Closure Date:
3 Provide guidance to medical facility directors to ensure they fulfill their required Patient Advocacy Program management duties, including timely complaint resolution and trending complaint data.
Closure Date:
| ||||
| 21-00282-111 | Comprehensive Healthcare Inspection of the W.G. (Bill) Hefner VA Medical Center in Salisbury, North Carolina | Comprehensive Healthcare Inspection Program | ||
1 The Medical Center Director evaluates and determines any additional reasons for noncompliance and ensures leaders conduct institutional disclosures for all sentinel events.
Closure Date:
2 The Medical Center Director determines the reasons for noncompliance and ensures the Systems Redesign Manager participates on the Veterans Integrated Service Network Systems Redesign Review Advisory Group.
Closure Date:
3 The Medical Center Director evaluates and determines any additional reasons for noncompliance and makes certain that required members regularly attend Surgical Workgroup meetings.
Closure Date:
4 The Medical Center Director evaluates and determines any additional reasons for noncompliance and ensures that staff complete all required prevention and management of disruptive behavior training.
Closure Date:
| ||||
14957