VA Office of Inspector General Releases Denver Construction Report
OIG review identifies factors that increased the cost and delayed construction of the Denver replacement medical center in Aurora, Colorado.
Review of the Replacement of the Denver Medical Center, Eastern Colorado Health Care System
The concept for the Denver Medical Center Replacement project dates back to the late 1990s and was in response to the region’s growth in the veteran population and the need to replace an aging and inadequate facility built in 1951. The new facility will be larger than the current facility by approximately 600,000 square feet. The Denver project will provide additional functional capability, such as more examination, treatment and dental procedure rooms, as well as 30 beds designated for Spinal Cord Injury patients. (The existing hospital has none.) The project took years to start due to decisions under five former VA Secretaries that resulted in extensive changes to the concept, scope, and design of the project from 2000 through 2009. Significant and unnecessary cost overruns and schedule slippages related to the construction of Denver Medical Center were primarily the result of poor business decisions, inexperience with the type of contract used, and mismanagement by VA senior leaders. The OIG’s review identified major points of failure that encompass a series of questionable business decisions by VA senior officials concerning planning and design, construction, acquisition, and change order issues. Congress appropriated $800 million between 2004 and 2012 for land acquisition, design, construction, and consultant services. VA’s 2009 acquisition plan initially estimated construction would be finished in 2013. However, 2015 project estimates place the final cost at approximately $1.675 billion or more than twice VA’s fiscal year 2009 approved $800 million project budget. The project is estimated to be completed mid to late 2018, or almost 20 years after VA identified the need to replace and expand its aging facility in Denver.
Review of VA’s Award of the PC3 Contracts
We reviewed Department of Veterans Affairs (VA) Patient-Centered Community Care (PC3) contracts to determine whether they were adequately developed and awarded. In September 2013, VA awarded the PC3 contracts to provide veterans with a comprehensive, nationwide network of high quality, specialty health care services. The contracts were awarded for an estimated $9.4 billion, with a potential cost to VA of $27 billion. We found significant weaknesses in the planning, evaluation, and award of the PC3 contracts. The PC3 contracts were not developed or awarded in accordance with acquisition regulations and VA policy intended to ensure services acquired are based on need and at fair and reasonable prices. The contracting officials solicited proposals from vendors without clearly articulating VA’s requirements. Thus, the vendors bidding on the solicitation did not have sufficient information on the type of specialty health care services they would need to provide, where to provide them, and the frequency. Therefore, VA increased the risk of not achieving the objectives of PC3 by inadequately identifying its health care service requirements. We found that documentation supporting vital contract award decisions was either not in VA’s Electronic Contract Management System or incomplete. Of the documents available, we noted that the awarded costs were actually negotiated at a higher rate than originally proposed by one of the vendors. The evidence for these decisions was not documented in the price negotiation memo. Accountability for ensuring the effective award of these contracts was not vested with a senior executive at VA. Although the contracting officer had the authority to execute these contracts, the level of oversight for this degree of contract risk did not provide reasonable assurance that VA’s interests were adequately protected. The Veterans Access, Choice, and Accountability Act of 2014 (Choice) was enacted on August 7, 2014. According to VA’s Under Secretary for Health in a memo dated July 7, 2016, since implementing the Hierarchy of Care memorandum in May 2015, the use of Choice has increased tremendously, while PC3 use has dwindled. We recommended the Principal Executive Director for Acquisition, Logistics, and Construction improve oversight and accountability, and ensure sufficient planning on all high dollar value and complex acquisitions. The Principal Executive Director concurred with our recommendations and provided technical comments. An acceptable corrective action plan was provided and we will follow up on its implementation.
Review of Alleged Breach of Privacy and Confidentiality of Personally Identifiable Information at the Milwaukee VARO
In October 2015, the Office of Inspector General received a request from U.S. Senators Richard Blumenthal and Tammy Baldwin to review an incident concerning the improper dissemination of veterans’ personally identifiable information (PII) by a Wisconsin Department of Veterans Affairs (WDVA) employee to an unauthorized recipient over VA’s email server. We substantiated the allegation that on April 1, 2015, a WDVA employee improperly disseminated over VA’s email server a monthly claims report. The report contained updates of Wisconsin veterans’ disability claims, to unaccredited County and Tribal Veterans Service Organization employees not authorized to handle sensitive information, as well as to a Wisconsin veteran. The Milwaukee VA Regional Office (VARO) sharing of claims information with WDVA was consistent with Federal policy. This incident occurred because VA did not have adequate processes and information security controls in place to safeguard against unauthorized disclosure of PII. The VA Office of Information and Technology (OI&T) did not adequately configure VA’s information security filtering software to block the dissemination of unencrypted sensitive data before releasing information to WDVA. In addition, the VARO did not have a formal agreement with WDVA for sharing PII. As a result, VA put Wisconsin veterans’ PII at unnecessary risk of interception and misuse. Further, VA’s 2015 Federal Information Security Modernization Act audit reported security deficiencies similar in type to those identified in this report as material weaknesses over the last few years. We recommended the Assistant Secretary for Information and Technology improve VA’s email security filtering software controls, establish formal agreements with third-party organizations, evaluate whether permanent encryption controls are needed for non-VA employees with VA accounts, and conduct reviews of processes and controls at VAROs collaborating with third party organizations, to ensure security of sensitive veterans’ information. The Assistant Secretary for Information and Technology nonconcurred with our recommendations and stated that VA’s position was unchanged since its response in February 2016 to the Senate Committee on Homeland Security and Governmental Affairs. The Assistant Secretary believed that all policies, procedures, and required training were already in place. However, we continue to maintain our position that VA did not have adequate processes and information security controls in place to safeguard against unauthorized disclosure of PII.
Lynn Man Pleads Guilty to Stealing Veterans Benefits
Massachusetts man pleads guilty to theft of nearly $80,000 in veterans benefits.
Cannon Design to Pay $12 Million as Part of Criminal Enforcement Agreement
Joint OIG and FBI investigation results in Cannon Design signing a Criminal Enforcement Agreement that includes a $12 million penalty.
Collin County Man Sentenced for Disabled Vet Related Fraud
Texas man sentenced to prison for fraudulently obtaining Service-Disabled Veteran-Owned Small Business set-aside contracts.