Oversight Reports

No. 1   to Veterans Health Administration (VHA)

The Facility Director requires the Patient Safety Manager to ensure completion of the required minimum of eight root cause analyses each fiscal year and monitors the Patient Safety Manager’s compliance.

No. 2   to Veterans Health Administration (VHA)

The Chief of Staff ensures that service chiefs include service-specific performance data for Ongoing Professional Practice Evaluations and monitors compliance.

No. 3   to Veterans Health Administration (VHA)

The Associate Director ensures required team members participate on environment of care rounds and monitors compliance.

No. 4   to Veterans Health Administration (VHA)

The Associate Director requires the Nutrition and Food Services Chief to develop and implement a Hazard Analysis Critical Control Point Food Safety plan and monitors the Chief’s compliance.

No. 5   to Veterans Health Administration (VHA)

The Associate Director requires the Nutrition and Food Services Chief to establish a food service-focused inspection process to occur at no less than quarterly intervals and monitors compliance.

No. 6   to Veterans Health Administration (VHA)

The Associate Director requires the Nutrition and Food Services Chief to ensure that food items are properly labeled and monitors compliance.

No. 7   to Veterans Health Administration (VHA)

The Chief of Staff ensures that providers complete suicide risk assessments, within the required timeframe, for patients with positive post-traumatic stress disorder screens and monitors the providers’ compliance.

No. 8   to Veterans Health Administration (VHA)

The Associate Director for Patient Care Services ensures that nursing staff involved in managing central lines receive the required central line-associated bloodstream infection prevention education and monitors staff compliance.

No. 1   to Veterans Health Administration (VHA)

The Executive in Charge, Office of the Under Secretary for Health, develops a timeline to reduce improper payments under the 10 percent threshold for the Beneficiary Travel; Communications, Utilities, and Other Rents; Medical Care Contracts and Agreements; Prosthetics; Purchased Long Term Services and Support; Supplies and Materials; and VA Community Care Programs and activities. This is a repeat finding and recommendation for the Purchased Long Term Services and Support and VA Community Care programs from our FY 2015 and 2016 reports.

No. 2   to Veterans Health Administration (VHA)

The Executive in Charge, Office of the Under Secretary for Health, implements steps to achieve stated reduction targets for the Beneficiary Travel; Civilian Health and Medical Program of the Department of Veterans Affairs; Purchased Long Term Services and Support; Supplies and Materials; and VA Community Care Programs and activities. This is a repeat finding for all five programs from our FY 2016 report.

No. 3   to Veterans Benefits Administration (VBA)

The Executive in Charge, Veterans Benefits Administration, implements steps to achieve reduction targets for the Pension and Post-9/11 GI Bill Programs.

No. 4   to Veterans Health Administration (VHA)

The OIG recommended the Executive in Charge, Office of the Under Secretary for Health, implement procedures to ensure thorough testing of sample items used to estimate improper payments for Supplies and Materials purchases under indefinite delivery contracts.

No. 5   to Veterans Benefits Administration (VBA)

The OIG recommended the Executive in Charge, Veterans Benefits Administration, continue working with the Department of Defense to increase the frequency of drill pay adjustments from annually to monthly. This is a repeat recommendation from our FY 2016 report.

No. 6   to Veterans Benefits Administration (VBA)

The OIG recommended the Executive in Charge, Veterans Benefits Administration, continue to report statutory barriers preventing complete resolution of drill pay improper payments in future Agency Financial Reports until resolved.

No. 1   to Veterans Health Administration (VHA)

The Lexington VA Medical Center Director develops a clear action plan to resolve the Podiatry Department work environment issues and monitors compliance to ensure patient safety.

No. 1   to Veterans Health Administration (VHA)

The Deputy Director ensures required team members consistently participate on environment of care rounds and monitors team members’ compliance.

No. 2   to Veterans Health Administration (VHA)

The Deputy Director ensures all medical equipment at the South Sound VA Clinic is identified as safe for patient use and monitors compliance.

No. 3   to Veterans Health Administration (VHA)

The Chief of Staff ensures the Infection Control Committee consistently documents discussions of on-going construction activities and monitors compliance.

No. 4   to Veterans Health Administration (VHA)

The Assistant Director ensures temperature monitoring occurs in dry food storage areas and monitors compliance.

No. 5   to Veterans Health Administration (VHA)

The Facility Director ensures that reconciliation of controlled substance refills to automated dispensing units in patient care areas and returns to pharmacy stock are performed during controlled substance inspections and monitors compliance.

No. 1   to Veterans Health Administration (VHA)

The OIG recommended the Under Secretary for Health require Veterans Integrated Service Networks to implement periodic reviews to ensure clinicians and Beneficiary Travel Office staff comply with Veterans Health Procedure Guide 1601B.05 eligibility requirements for authorizing Special Mode of Transportation services.

No. 2   to Veterans Health Administration (VHA)

The OIG recommended the Under Secretary for Health modify Veterans Health Administration Procedure Guide 1601B.05 to require the Beneficiary Travel Office staff to verify beneficiaries attended medical appointments prior to approving payment of Special Mode of Transportation vendor invoices.

No. 3   to Veterans Health Administration (VHA)

The OIG recommended the Under Secretary for Health require Veterans Integrated Service Networks to implement periodic reviews to ensure VA Medical Centers comply with Veterans Health Administration policies for verifying beneficiaries listed on vendor invoices had been properly authorized for Special Mode of Transportation services or attended medical appointments prior to approving payment of Special Mode of Transportation vendor invoices.

No. 4   to Veterans Health Administration (VHA)

The OIG recommended the Under Secretary for Health ensure the Improper Payments Elimination and Recovery Act reports provided to Veterans Integrated Service Networks are modified to include Special Mode of Transportation information specific to vendor payments by VA Medical Centers.

No. 5   to Veterans Health Administration (VHA)

The OIG recommended the Under Secretary for Health implement use of Centers for Medicare and Medicaid Services Rates when savings can be achieved for Special Mode of Transportation ambulance services in accordance with 38 U.S.C. Section 111(b)(3)(C).

No. 6   to Veterans Health Administration (VHA)

The OIG recommended the Under Secretary for Health implement controls to prevent beneficiaries using Special Mode of Transportation services from also obtaining mileage reimbursement for the same appointment(s).

No. 1   to Veterans Benefits Administration (VBA); Office of Acquisitions, Logistics, and Construction (OALC); Office of General Counsel (OGC)

The OIG recommended the Executive in Charge for Benefits coordinate with the Head of VA Contracting Activity and the Office of General Counsel to determine what actions need to be taken to remedy the unauthorized commitment.

No. 2   to Veterans Benefits Administration (VBA)

The OIG recommended the Executive in Charge for Benefits obtain appropriate funding for all future information technology costs.

No. 3   to Veterans Benefits Administration (VBA); Office of Management; Office of Information and Technology (OIT); Office of General Counsel (OGC)

The OIG recommended the Executive in Charge for Benefits coordinate with the Office of Information Technology, the Office of Management, and the Office of General Counsel to make accounting adjustments to debit the information technology account that should have been used and credit the general operating expense account that was inappropriately used, determine whether Antideficiency Act violations occurred, and report the violations as appropriate.

No. 1   to Veterans Health Administration (VHA)

The Under Secretary for Health ensures that providers establish clinical signs and symptoms consistent with androgen deficiency, prior to testing patients’ testosterone level for confirmation in alignment with Veterans Health Administration guidance.

No. 2   to Veterans Health Administration (VHA)

The Under Secretary for Health ensures that providers biochemically confirm hypogonadism through repeated testosterone testing prior to initiation of testosterone replacement therapy in alignment with Veterans Health Administration guidance.

No. 3   to Veterans Health Administration (VHA)

The Under Secretary for Health ensures that providers determine whether the etiology of hypogonadism is primary or secondary, prior to testosterone replacement therapy initiation in alignment with Veterans Health Administration guidance.

No. 4   to Veterans Health Administration (VHA)

The Under Secretary for Health ensures that providers discuss and document the risks and benefits of testosterone therapy with patients prior to initiation in alignment with Veterans Health Administration guidance.

No. 5   to Veterans Health Administration (VHA)

The Under Secretary for Health ensures that providers assess and document patients’ symptoms improvement and adverse effects within 3–6 months of initiation before continuing testosterone replacement therapy in alignment with Veterans Health Administration guidance.

No. 6   to Veterans Health Administration (VHA)

The Under Secretary for Health ensures that providers monitor patients’ hematocrit levels within 3–6 months of initiation, before continuing testosterone replacement therapy in alignment with Veterans Health Administration guidance.

No. 7   to Veterans Health Administration (VHA)

The Under Secretary for Health ensures that providers assess and document patients’ adherence to therapy and perform testosterone level test within 3–6 months of initiation, before continuing testosterone replacement therapy in alignment with Veterans Health Administration guidance.

No. 1   to Veterans Health Administration (VHA)

We recommended the Executive in Charge for Information and Technology fully implement an agency-wide risk management governance structure, along with mechanisms to identify, monitor, and manage risks across the enterprise. (This is a repeat recommendation from prior years.)

No. 2   to Veterans Health Administration (VHA)

We recommended the Executive in Charge for Information and Technology implement mechanisms to ensure sufficient supporting documentation is captured to justify closure of Plans of Action and Milestones. (This is a repeat recommendation from prior years.)

No. 3   to Veterans Health Administration (VHA)

We recommended the Executive in Charge for Information and Technology implement improved processes to ensure that all identified weaknesses are incorporated into the Governance Risk and Compliance tool, in a timely manner, and corresponding Plans of Actions and Milestones are developed to track corrective actions and remediation. (This is a repeat recommendation from prior years.)

No. 4   to Veterans Health Administration (VHA)

We recommended the Executive in Charge for Information and Technology implement clear roles, responsibilities, and accountability for developing, maintaining, completing, and reporting on Plans of Action and Milestones. (This is a repeat recommendation from prior years.)

No. 5   to Veterans Health Administration (VHA)

We recommended the Executive in Charge for Information and Technology develop mechanisms to ensure system security plans reflect current operational environments, include an accurate status of the implementation of system security controls, and all applicable security controls are properly evaluated. (This is a modified repeat recommendation from prior years.)

No. 6   to Veterans Health Administration (VHA)

We recommended the Executive in Charge for Information and Technology implement improved processes for reviewing and updating key security documents such as risk assessments and security control assessments on an annual basis and ensure the information accurately reflects the current environment. (This is a modified repeat recommendation from prior years.)

No. 7   to Veterans Health Administration (VHA)

We recommended the Executive in Charge for Information and Technology implement mechanisms to enforce VA password policies and standards on all operating systems, databases, applications, and network devices. (This is a repeat recommendation from prior years.)

No. 8   to Veterans Health Administration (VHA)

We recommended the Executive in Charge for Information and Technology implement periodic reviews to minimize access by system users with incompatible roles, permissions in excess of required functional responsibilities, and unauthorized accounts. (This is a repeat recommendation from prior years.)

No. 9   to Veterans Health Administration (VHA)

We recommended the Executive in Charge for Information and Technology enable system audit logs on all critical systems and platforms and conduct centralized reviews of security violations across the enterprise. (This is a repeat recommendation from prior years.)

No. 10   to Veterans Health Administration (VHA)

We recommended the Executive in Charge for Information and Technology fully implement two-factor authentication for all network access methods throughout the agency. (This is a repeat recommendation from prior years.)

No. 11   to Veterans Health Administration (VHA)

We recommended the Executive in Charge for Information and Technology implement more effective automated mechanisms to continuously identify and remediate security deficiencies on VA’s network infrastructure, database platforms, and web application servers. (This is a repeat recommendation from prior years.)

No. 12   to Veterans Health Administration (VHA)

We recommended the Executive in Charge for Information and Technology implement a more effective patch and vulnerability management program to address security deficiencies identified during our assessments of VA’s web applications, database platforms, network infrastructure, and workstations. (This is a repeat recommendation from prior years.)

No. 13   to Veterans Health Administration (VHA)

We recommended the Executive in Charge for Information and Technology maintain a complete and accurate security baseline configurations for all platforms and ensure all baselines are appropriately implemented for compliance with established VA security standards. (This is a modified repeat recommendation from prior years.)

No. 14   to Veterans Health Administration (VHA)

We recommended the Executive in Charge for Information and Technology implement improved network access controls to ensure medical devices and networks, not managed by the Office of Information and Technology, are appropriately segregated from general networks and mission-critical systems. (This is a repeat recommendation from prior years.)

No. 15   to Veterans Health Administration (VHA)

We recommended the Executive in Charge for Information and Technology consolidate the security responsibilities for networks not managed by the Office of Information and Technology, under a common control for each site and ensure vulnerabilities are remediated in a timely manner. (This is a repeat recommendation from prior years.)

No. 16   to Veterans Health Administration (VHA)

We recommended the Executive in Charge for Information and Technology implement improved processes to ensure that all devices and platforms are evaluated using credentialed vulnerability assessments. (This is a repeat recommendation from prior years.)

No. 17   to Veterans Health Administration (VHA)

We recommended the Executive in Charge for Information and Technology implement improved procedures to enforce a standardized system development and change control framework that integrates information security throughout the life cycle of each system. (This is a repeat recommendation from prior years.)

No. 18   to Veterans Health Administration (VHA)

We recommended the Executive in Charge for Information and Technology implement improved processes for ensuring the encryption of backup data prior to transferring the data offsite for storage. (This is a repeat recommendation from prior years.)

No. 19   to Veterans Health Administration (VHA)

We recommended the Executive in Charge for Information and Technology implement improved processes for the testing of contingency plans and failover capabilities for critical systems to ensure that all components can be recovered at the assigned sites and within stated timeframes. (This is a modified repeat recommendation from prior years.)

No. 20   to Veterans Health Administration (VHA)

We recommended the Executive in Charge for Information and Technology identify all external network interconnections and implement improved processes for monitoring VA networks, systems, and connections for unauthorized activity. (This is a repeat recommendation from prior years.)

No. 21   to Veterans Health Administration (VHA)

We recommended the Executive in Charge for Information and Technology implement more effective agency-wide incident response procedures to ensure timely reporting, updating, and resolution of computer security incidents in accordance with VA standards. (This is a repeat recommendation from prior years.)

No. 22   to Veterans Health Administration (VHA)

We recommended the Executive in Charge for Information and Technology ensure that VA’s Network Security and Operations Center has full access to all security incident data to facilitate an agency-wide awareness of information security events. (This is a repeat recommendation from prior years.)

No. 23   to Veterans Health Administration (VHA)

We recommended the Executive in Charge for Information and Technology implement improved safeguards to identify and prevent unauthorized vulnerability scans and data exfiltrations from VA networks. (This is a repeat recommendation from prior years.)

No. 24   to Veterans Health Administration (VHA)

We recommended the Executive in Charge for Information and Technology fully develop a comprehensive list of approved and unapproved software and implement continuous monitoring processes to prevent the use of unauthorized software on agency devices. (This is a repeat recommendation from prior years.)

No. 25   to Veterans Health Administration (VHA)

We recommended the Executive in Charge for Information and Technology develop a comprehensive software inventory process to identify major and minor software applications used to support VA programs and operations. (This is a repeat recommendation from prior years.)

No. 26   to Veterans Health Administration (VHA)

We recommended the Executive in Charge for Information and Technology implement improved procedures for overseeing contractor-managed cloud-based systems and ensure information security controls adequately protect VA sensitive systems and data. (This is a repeat recommendation from prior years.)

No. 27   to Veterans Health Administration (VHA)

We recommended the Executive in Charge for Information and Technology implement mechanisms for updating systems inventory, including contractor-managed systems and interfaces, and provide this information in accordance with Federal reporting requirements. (This is a repeat recommendation from prior years.)

No. 1   to Office of the Secretary

The VA Deputy Secretary confers with the Offices of General Counsel and Human Resources to determine the appropriate administrative action to take, if any, against Mr. Fleck.

No. 2   to Office of the Secretary

The VA Deputy Secretary confers with the Offices of General Counsel and Human Resources to determine the appropriate administrative action to take, if any, against Ms. KW.

No. 3   to Office of the Secretary

The VA Deputy Secretary confers with the Offices of General Counsel and Human Resources to determine the total amount of funds unlawfully expended to pay for Ms. KW’s salary since her initial VA appointment on January 8, 2017, and ensures that a bill of collection is issued to Ms. KW in that amount.

No. 4   to Office of the Secretary

The VA Deputy Secretary confers with the Offices of General Counsel and Human Resources to determine the appropriate corrective action to take concerning Ms. KW’s VA appointment and takes such action.

No. 5   to Office of the Secretary

The VA Deputy Secretary confers with VA’s Designated Agency Ethics Official to ensure Deputy General Counsel for Legal Policy staff members receive appropriate ethics training as related to our findings in this report.