OIG Reports

No. 1   to Office of Information and Technology (OIT)

Implement a vulnerability management program that ensures system changes within established deadlines.

No. 2   to Office of Information and Technology (OIT)

Develop and approve a system security plan and an authorization to operate for the special-purpose system.

No. 3   to Office of Information and Technology (OIT)

Include language for contractors to follow federal and VA information technology security requirements in contracts that have an information technology component.

No. 4   to Office of Information and Technology (OIT)

Verify that access control lists have been applied to network segments that contain medical systems.

No. 5   to Office of Information and Technology (OIT)

Develop and implement a process to retain database logs for a period consistent with VA’s record retention policy.

No. 6   to Veterans Health Administration (VHA)

Develop and implement controls to remove an individual’s access rights to computer rooms when access is no longer necessary.

No. 7   to Veterans Health Administration (VHA)

Implement a process to regularly review applicable reports to ensure that only authorized individuals have computer room access and update the system access authorization memo to include only those individuals necessary to perform job functions.

No. 8   to Veterans Health Administration (VHA)

Validate that appropriate physical and environmental security measures are implemented and functioning as intended.

No. 9   to Veterans Health Administration (VHA)

Inventory and verify that records containing personally identifiable information and personal health information are adequately secured.

No. 1   to Office of Information and Technology (OIT)

Implement a more effective vulnerability management program to address security deficiencies identified during the inspection.

No. 2   to Office of Information and Technology (OIT)

Ensure vulnerabilities are remediated within established time frames.

No. 3   to Office of Information and Technology (OIT)

Ensure all databases at the Tuscaloosa VA Medical Center are part of the periodic database scan process.

No. 4   to Office of Information and Technology (OIT)

Implement improved mechanisms to ensure system stewards are updating plans of actions and milestones for all known risks and weaknesses, including those identified during security control assessments.

No. 5   to Office of Information and Technology (OIT)

Ensure network segmentation controls are applied to all network segments with medical devices and special-purpose systems.

No. 6   to Office of Information and Technology (OIT)

Implement capabilities for generating database audit logs and forwarding audit events for review, analysis, and reporting.

No. 7   to Veterans Health Administration (VHA)

Ensure communication rooms with infrastructure equipment have adequate environmental controls.

No. 8   to Veterans Health Administration (VHA)

Install uninterruptible power supplies in the communication rooms supporting infrastructure equipment.

No. 1   to Veterans Benefits Administration (VBA)

Update the process for developing, approving, and issuing guidance for accommodating veterans with visual impairments to include steps for consulting with the Office of General Counsel; Office of Resolution Management, Diversity and Inclusion; and the Department of Justice Civil Rights Division.

No. 2   to Veterans Benefits Administration (VBA)

Coordinate with the Office of General Counsel; Office of Resolution Management, Diversity and Inclusion; and the Department of Justice Civil Rights Division to bring the existing Veterans Benefits Administration’s Adjudication Procedures Manual for accommodating veterans with visual impairments into compliance with38 C.F.R. § 14.500, VA Directive 5975, and Executive Order 12250.

No. 3   to Veterans Benefits Administration (VBA)

Develop and implement a quality assurance mechanism to ensure compliance with accessibility requirements, including mandated telephone calls to veterans with visual impairments.

No. 4   to Veterans Benefits Administration (VBA)

Assign accessibility coordinators, publicize their names, and conduct a self-evaluation of policies as outlined in VA accessibility requirements.

No. 5   to Veterans Benefits Administration (VBA)

Coordinate a process to ensure veterans with visual impairments are informed of the availability of accommodations, regardless of their level of disability.

No. 1   to Veterans Health Administration (VHA)

Work with the Centers for Medicare and Medicaid Services to establish a data sharing agreement with VA to limit potential duplicate claim payments.

No. 2   to Veterans Health Administration (VHA)

Identify overpayments made for care provided to dual eligible veterans that were not authorized by VHA and ensure either documentation of care is completed, or VA seeks reimbursement for any care without prior approval.

No. 3   to Veterans Health Administration (VHA)

Make sure all nonemergent community care is preauthorized and that documentation for all authorizations is complete and properly stored before treatment is provided.

No. 1   to Veterans Health Administration (VHA)

Monitor facility follow-up rates by type of care and on a month-over-month basis, establish monitoring metrics, and assist facilities if they fall below these metrics.

No. 2   to Veterans Health Administration (VHA)

Evaluate and update, as appropriate, whether activities that occurred before cancellation and notations of “No Action Other Reason” should be tracked as follow-up.

No. 1   to Human Resources and Administration/Operations, Security, and Preparedness (HRA/OSP)

Consider seeking legislative relief from Congress regarding the language related to reporting potential hires under the element of section 3008(a)(E)(iii) of the Johnny Isakson and David P. Roe, M.D. Veterans Health Care and Benefits Improvement Act of 2020.

No. 2   to Human Resources and Administration/Operations, Security, and Preparedness (HRA/OSP)

Absent such relief, provide information detailing the limitations that prevent VA from reporting the average number of days that potential title 38 or hybrid title 38 hires spent in each phase of the hiring model in accordance with section 3008(a)(E)(iii) of the Johnny Isakson and David P. Roe, M.D. Veterans Health Care and Benefits Improvement Act of 2020.

No. 1   to Veterans Health Administration (VHA)

Assign specific roles and responsibilities to the Office of Integrated Veteran Care to ensure effective oversight of the Referral Coordination Initiative.

No. 2   to Veterans Health Administration (VHA)

Make certain that staff with Referral Coordination Initiative responsibilities are sufficiently trained on how to triage, communicate key information on options to veterans, schedule, or document consults, according to their respective duties.

No. 3   to Veterans Health Administration (VHA)

Direct relevant VA medical facilities to establish local processes by which VA medical facility staff identify and share available community care wait time data with referral coordination team members within each facility, and then establish controls to help ensure that this information is consistently communicated to patients.

No. 4   to Veterans Health Administration (VHA)

Establish a mechanism or update the Referral Coordination Initiative checklist to effectively track and monitor each facility’s challenges with implementation and progress toward implementing the initiative for all relevant specialty services.

No. 5   to Veterans Health Administration (VHA)

Develop and then disseminate to all relevant VA medical facilities best practices and lessons learned for implementing the Referral Coordination Initiative.

No. 6   to Veterans Health Administration (VHA)

Make sure that VA medical facility staff are completely and accurately tracking andmonitoring consults processed through the Referral Coordination Initiative using theConsult Toolbox 2.0 or the most current system and version.

No. 7   to Veterans Health Administration (VHA)

Develop measures and processes to assess whether facility staff are meeting the Referral Coordination Initiative’s intent of reducing scheduling times, providing veterans with key information, and minimizing facility providers’ administrative burden of managing consults.