Recommendations
2079
| ID | Report Number | Report Title | Type | |
|---|---|---|---|---|
| 22-00048-120 | Comprehensive Healthcare Inspection of the VA Loma Linda Healthcare System in California | Comprehensive Healthcare Inspection Program | ||
1 The Director evaluates and determines reasons for noncompliance and ensures leaders evaluate sentinel events and conduct institutional disclosures when criteria are met.
Closure Date:
2 The Director evaluates and determines any additional reasons for noncompliance and ensures that for all events assigned an actual or potential safety assessment code score of three, staff either complete an individual root cause analysis or include the event in an aggregated patient safety review.
Closure Date:
3 The Chief of Staff evaluates and determines any additional reasons for noncompliance and ensures clinical managers use Focused Professional Practice Evaluation criteria that are defined in advance and accepted by the practitioner.
Closure Date:
4 The Chief of Staff evaluates and determines any additional reasons for noncompliance and makes certain clinical managers define time frames for Focused Professional Practice Evaluations.
Closure Date:
5 The Chief of Staff evaluates and determines any additional reasons for noncompliance and verifies that the Medical Executive Council’s meeting minutes consistently reflect the data reviewed for licensed independent practitioners’ re-privileging requests and the rationale for the recommendations.
Closure Date:
| ||||
| 22-00052-121 | Comprehensive Healthcare Inspection of the Northern Arizona VA Health Care System in Prescott | Comprehensive Healthcare Inspection Program | ||
1 The Chief of Staff evaluates and determines any additional reasons for noncompliance and ensures service chiefs define Focused Professional Practice Evaluation criteria in advance using objective criteria accepted by the licensed independent practitioner.
Closure Date:
2 The Chief of Staff evaluates and determines any additional reasons for noncompliance and ensures service chiefs establish service-specific criteria in the Ongoing Professional Practice Evaluations of licensed independent practitioners.
Closure Date:
3 The Chief of Staff evaluates and determines any additional reasons for noncompliance and ensures service chiefs base determinations to continue current privileges on Ongoing Professional Practice Evaluation activities.
Closure Date:
4 The Associate Director evaluates and determines any additional reasons for noncompliance and ensures staff remove sterile supplies from storage when the packaging is damaged or compromised.
Closure Date:
5 The Associate Director evaluates and determines any additional reasons for noncompliance and ensures staff keep clinical areas in good repair and maintain a safe and clean environment throughout the healthcare system.
Closure Date:
6 The Medical Center Director evaluates and determines any additional reasons for noncompliance and ensures staff post notices in areas that are subject to photography or video recording.
Closure Date:
| ||||
| 22-00040-115 | Comprehensive Healthcare Inspection of the South Texas Veterans Health Care System in San Antonio | Comprehensive Healthcare Inspection Program | ||
1 The Director determines the reasons for noncompliance and ensures leaders evaluate adverse events and conduct institutional disclosures when criteria are met.
Closure Date:
2 The Chief of Staff evaluates and determines any additional reasons for noncompliance and ensures service chiefs consider service-specific Ongoing Professional Practice Evaluation data when recommending licensed independent practitioners’ continued privileges.
Closure Date:
3 The Director evaluates and determines any additional reasons for noncompliance and ensures staff conduct follow-up within one week for intermediate, high-acute, or chronic risk-for-suicide patients who were discharged home from the emergency department.
Closure Date:
| ||||
| 22-01576-72 | Federal Information Security Modernization Act Audit for Fiscal Year 2022 | Audit | ||
1 We recommended the Assistant Secretary for Information and Technology consistently implement an improved continuous monitoring program in accordance with the NIST Risk Management Framework. Specifically, implement an independent security control assessment process to evaluate the effectiveness of security controls prior to granting authorization decisions. (This is a repeat recommendation from prior years.)
Closure Date:
2 We recommended the Assistant Secretary for Information and Technology implement improved mechanisms to ensure system stewards and Information System Security Officers follow procedures for establishing, tracking, and updating Plans of Action and Milestones for all known risks and weaknesses including those identified during security control assessments. (This is a repeat recommendation from prior years.)
Closure Date:
3 We recommended the Assistant Secretary for Information and Technology implement controls to ensure that system stewards and responsible officials obtain appropriate documentation prior to closing Plans of Action and Milestones. (This is a repeat recommendation from prior years.)
Closure Date:
4 We recommended the Assistant Secretary for Information and Technology develop mechanisms to ensure system security plans reflect current operational environments, include an accurate status of the implementation of system security controls, and all applicable security controls are properly evaluated. (This is a repeat recommendation from prior years.)
Closure Date:
5 We recommended the Assistant Secretary for Information and Technology implement improved processes for reviewing and updating key security documents such as security plans, risk assessments, and interconnection agreements on an annual basis and ensure the information accurately reflects the current environment. (This is a repeat recommendation from prior years.)
Closure Date:
6 We recommended the Assistant Secretary for Information and Technology implement improved processes to ensure compliance with VA password policy and security standards on domain controls, operating systems, databases, applications, and network devices. (This is a repeat recommendation from prior years.)
Closure Date:
7 We recommended the Assistant Secretary for Information and Technology implement periodic reviews to minimize access by system users with incompatible roles, permissions in excess of required functional responsibilities, and unauthorized accounts. (This is a repeat recommendation from prior years.)
Closure Date:
8 We recommended the Assistant Secretary for Information and Technology enable system audit logs on all critical systems and platforms and conduct centralized reviews of security violations across the enterprise. (This is a repeat recommendation from prior years.)
Closure Date:
9 We recommended the Office of Personnel Security, Human Resources, and Contract Offices implement improved processes for establishing and maintaining accurate data within VA’s authoritative system of record for background investigations. (This is a modified repeat recommendation from prior years.)
Closure Date:
10 We recommended the Office of Personnel Security, Human Resources, and Contract Offices strengthen processes to ensure appropriate levels of background investigations are completed for applicable VA employees and contractors. (This is a modified repeat recommendation from prior years.)
Closure Date:
11 We recommended the Assistant Secretary for Information and Technology implement more effective automated mechanisms to continuously identify and remediate security deficiencies on VA’s network infrastructure, database platforms, and web application servers. (This is a repeat recommendation from prior years.)
Closure Date:
12 We recommended the Assistant Secretary for Information and Technology implement a more effective patch and vulnerability management program to address security deficiencies identified during our assessments of VA’s web applications, database platforms, network infrastructure, and workstations. (This is a repeat recommendation from prior years.)
Closure Date:
13 We recommended the Assistant Secretary for Information and Technology maintain a complete and accurate security baseline configuration for all platforms and ensure all baselines are appropriately monitored for compliance with established VA security standards. (This is a repeat recommendation from prior years.)
Closure Date:
14 We recommended the Assistant Secretary for Information and Technology implement improved network access controls that restrict medical devices from systems hosted on the general network. (This is a repeat recommendation from prior years.)
Closure Date:
15 We recommended the Assistant Secretary for Information and Technology consolidate the security responsibilities for networks not managed by the Office of Information and Technology, under a common control for each site and ensure vulnerabilities are remediated in a timely manner. (This is a repeat recommendation from prior years.)
Closure Date:
16 We recommended the Assistant Secretary for Information and Technology implement improved processes to ensure that all devices and platforms are evaluated using credentialed vulnerability assessments. (This is a repeat recommendation from prior years.)
Closure Date:
17 We recommended the Acting Assistant Secretary for Information and Technology implement improved procedures to enforce standardized system development and change control processes that integrates information security throughout the life cycle of each system. (This is a repeat recommendation from prior years.)
Closure Date:
18 We recommended the Assistant Secretary for Information and Technology review system boundaries, recovery priorities, system components, and system interdependencies and implement appropriate mechanisms to ensure that established system recovery objectives can be measured and met. (This is a modified repeat recommendation from prior years.)
Closure Date:
19 We recommended the Assistant Secretary for Information and Technology ensure that contingency plans for all systems are updated to include critical inventory components and are tested in accordance with VA requirements. (This is a repeat recommendation from prior years.)
Closure Date:
20 We recommended the Assistant Secretary for Information and Technology implement more effective agency-wide incident response procedures to ensure timely notification, reporting, updating, and resolution of computer security incidents in accordance with VA standards. (This is a repeat recommendation from prior years.)
Closure Date:
21 We recommended the Assistant Secretary for Information and Technology ensure that VA’s Cybersecurity Operations Center has full access to all security incident data to facilitate an agency-wide awareness of information security events. (This is a repeat recommendation from prior years.)
Closure Date:
22 We recommended the Assistant Secretary for Information and Technology implement improved safeguards to identify and prevent unauthorized vulnerability scans on VA networks. (This is a repeat recommendation from prior years.)
Closure Date:
23 We recommended the Assistant Secretary for Information and Technology implement improved measures to ensure that all security controls are assessed in accordance with VA policy and that identified issues or weaknesses are adequately documented and tracked within POA&Ms. (This is a repeat recommendation from prior years.)
Closure Date:
24 We recommended the Assistant Secretary for Information and Technology fully develop a comprehensive list of approved and unapproved software and implement continuous monitoring processes to prevent the use of prohibited software on agency devices. (This is a repeat recommendation from prior years.)
Closure Date:
25 We recommended the Assistant Secretary for Information and Technology develop a comprehensive inventory process to identify connected hardware, software, and firmware used to support VA programs and operations. (This is a repeat recommendation from prior years.)
Closure Date:
26 We recommended the Assistant Secretary for Information and Technology implement improved procedures for monitoring contractor-managed systems and services and ensure information security controls adequately protect VA sensitive systems and data. (This is a repeat recommendation from prior years.)
Closure Date:
| ||||
| 21-03312-114 | Comprehensive Healthcare Inspection of the Tennessee Valley Healthcare System in Nashville | Comprehensive Healthcare Inspection Program | ||
1 The Executive Director determines the reasons for noncompliance and ensures leaders conduct institutional disclosures for all applicable sentinel events.
Closure Date:
2 The Executive Director evaluates and determines any additional reasons for noncompliance and ensures staff complete final peer reviews within 120 calendar days or approves a written extension request.
Closure Date:
3 The Executive Director evaluates and determines any additional reasons for noncompliance and ensures that for all patient safety events assigned an actual or potential safety assessment code score of three, the Patient Safety Manager conducts an individual root cause analysis or includes the events in an aggregate review.
Closure Date:
4 The Chief of Staff evaluates and determines any additional reasons for noncompliance and ensures service chiefs use Focused Professional Practice Evaluation criteria that are defined in advance and accepted by the practitioners.
Closure Date:
5 The Chief of Staff evaluates and determines any additional reasons for noncompliance and ensures the Medical Executive Committee reviews professional practice evaluations for licensed independent practitioners’ privileging requests and documents the review in meeting minutes.
Closure Date:
6 The Chief of Staff evaluates and determines any additional reasons for noncompliance and ensures service chiefs establish service-specific criteria for reprivileging decisions.
Closure Date:
7 The Chief of Staff evaluates and determines any additional reasons for noncompliance and ensures service chiefs recommend reprivileging based, in part, on Ongoing Professional Practice Evaluations completed by practitioners with similar training and privileges.
Closure Date:
8 The Deputy Health System Director evaluates and determines any additional reasons for noncompliance and ensures staff identify and minimize physical environmental risks to reduce suicide or suicide attempts in acute inpatient mental health units.
Closure Date:
| ||||
| 22-00037-117 | Comprehensive Healthcare Inspection of the West Texas VA Health Care System in Big Spring | Comprehensive Healthcare Inspection Program | ||
1 The Chief of Staff evaluates and determines any additional reasons for noncompliance and makes certain that service chiefs’ recommendations to continue current privileges are based on Ongoing Professional Practice Evaluation activities.
Closure Date:
| ||||
| 22-01116-110 | Deficient Care of a Patient Who Died by Suicide and Facility Leaders’ Response at the Charlie Norwood VA Medical Center in Augusta, Georgia | Hotline Healthcare Inspection | ||
1 The Charlie Norwood VA Medical Center Director ensures primary care teams adhere to Veterans Health Administration policies related to mental health screenings, consult management, and care coordination, and monitors compliance.
Closure Date:
2 The Charlie Norwood VA Medical Center Director reviews processes for consult scheduling, including community care referrals, and ensures patients are offered timely appointments in the pain management clinic, per Veterans Health Administration policies.
Closure Date:
3 The Charlie Norwood VA Medical Center Director confirms pain management clinic staff receive education of Veterans Health Administration policies related to mandatory suicide risk assessments.
Closure Date:
4 The Charlie Norwood VA Medical Center Director develops a process to ensure that Emergency Department staff communicate patients’ referral information from the Veterans Crisis Line to Emergency Department providers.
Closure Date:
5 The Charlie Norwood VA Medical Center Director ensures that suicide prevention staff documentation is complete and accurate, and actions are taken to resolve issues identified in Veterans Crisis Line referrals prior to closure.
Closure Date:
6 The Charlie Norwood VA Medical Center Director reviews Veterans Health Administration policy and guidance regarding completed suicides on VA campuses and actions required as a result, and provides education to relevant staff.
Closure Date:
7 The Charlie Norwood VA Medical Center Director ensures completion of accurate and comprehensive Behavioral Health Autopsies and Family Interview Tool Contact forms.
Closure Date:
8 The Charlie Norwood VA Medical Center Director reviews and evaluates the peer review process to ensure peer reviews are conducted according to Veterans Health Administration policy.
Closure Date:
9 The Charlie Norwood VA Medical Center Director reviews and evaluates the February 2022 clinical review to identify open actions and monitors the implementation and efficacy of action items to closure.
Closure Date:
| ||||
| 21-03101-73 | VHA Can Improve Controls Over Its Use of Supplemental Funds | Audit | ||
1 Assess the iFAMS configuration to determine whether integration with the payroll subsystems can be accomplished to resolve some of the payroll-related issues that require the need for expenditure transfers.
Closure Date:
2 Establish guidance that outlines the type of documentation required to support the amounts identified in the manual journal vouchers when processing expenditure transfers.
Closure Date:
3 Require medical facility staff have documented authority, through proper delegation, to make purchases.
Closure Date:
4 Verify that medical facility staff segregate duties so that the same person is not both authorizing and receiving goods and services.
Closure Date:
5 Make certain the purchase card holder is not the requestor or approver for the purchase.
Closure Date:
6 Ensure contracting officer’s representatives know and understand their duties and responsibilities for the certification and payment of invoices.
Closure Date:
7 Check vendors’ compliance with contract terms to include the comparison of invoiced amounts with the contract line-item unit costs.esponse to the pandemic and develop appropriate action plans to integrate oversight roles, responsibilities, and clear guidance into the use of supplemental funds.
Closure Date:
8 Ensure that medical facility staff track the receipt of goods to make certain they are the correct quantity.
Closure Date:
9 Conduct an assessment of lessons learned from the emergency response to the pandemic and develop appropriate action plans to integrate oversight roles, responsibilities, and clear guidance into the use of supplemental funds.
Closure Date:
| ||||
| 22-00041-105 | Comprehensive Healthcare Inspection of the Central Texas Veterans Health Care System in Temple | Comprehensive Healthcare Inspection Program | ||
1 The Executive Director evaluates and determines any additional reasons fornoncompliance and ensures leaders conduct institutional disclosures for allapplicable sentinel events.
Closure Date:
2 The Chief of Staff evaluates and determines any additional reasons fornoncompliance and ensures service chiefs complete Ongoing Professional PracticeEvaluations.
Closure Date:
| ||||
| 22-02188-109 | Mental Health Emergency Response Documentation Inaccuracy, and Policy and Practice Inconsistencies at the VA San Diego Healthcare System in California | Hotline Healthcare Inspection | ||
1 The VA San Diego Healthcare System Director ensures the accuracy of code green documentation.
Closure Date:
2 The VA San Diego Healthcare System Director evaluates the VA San Diego Healthcare System Memorandum 116A-06, “Code Green/Code Yellow,” and aligns definitions, requirements, and responsibilities with purpose and practice, and monitors compliance.
Closure Date:
| ||||
15039