Recommendations
2079
| ID | Report Number | Report Title | Type | |
|---|---|---|---|---|
| 21-03916-103 | Atlanta VA Health Care System’s Unopened Mail Backlog with Patient Health Information and Community Care Provider Claims | Review | ||
1 The director of VISN 7 ensures the Atlanta VA Health Care System develops and implements a plan for the routine proper and prompt processing of mail. That plan should include adequate staffing of the mailroom and sufficient training for mailroom personnel.
Closure Date:
2 The director of VISN 7 assists the Atlanta VA Health Care System in taking steps when appropriate to recoup money owed from expired checks that were identified in the mail backlog.
Closure Date:
3 The under secretary for health assess the negative effects of this mail backlog on veterans, community care providers, and other parties, and where possible take steps to remedy those effects.
Closure Date:
4 The under secretary for health determines if unprocessed mail backlogs exist at other VA medical facilities.
Closure Date:
5 The under secretary for health develops procedures and controls to make certain that medical facility personnel taking over POM on-site mail processing have the necessary resources and expertise to accomplish this work accurately and within prescribed timelines.
Closure Date:
| ||||
| 21-02889-134 | The Electronic Health Record Modernization Program Did Not Fully Meet the Standards for a High-Quality, Reliable Schedule | Audit | ||
1 The executive director of the Electronic Health Record Modernization Program Management Office complies with internal guidance and ensures the development of an integrated master schedule for the Electronic Health Record Modernization program that complies with standards adopted from GAO for scheduling.
2 The executive director of the Electronic Health Record Modernization Program Management Office takes action to improve stakeholder coordination in the development of the program schedules to ensure activities from all relevant VA entities are included.
3 The executive director of the Electronic Health Record Modernization Program Management Office develops procedures for when and how staff should perform an initial schedule risk analysis for the program and conduct periodic updates as needed.
4 The executive director of the Electronic Health Record Modernization Program Management Office ensures consistency between contract language and program office plans or other guidance identifying the entity or individuals responsible for developing and maintaining the program’s work breakdown structure and integrated master schedule.
5 The executive director of the Electronic Health Record Modernization Program Management Office evaluates the contract requirements for schedule management and modifies as needed to ensure clear roles and expectations for further development and maintenance of the program’s integrated master schedule.
Closure Date:
6 The executive director of the Electronic Health Record Modernization Program Management Office complies with the Federal Acquisition Regulation and issue guidance to accept deliverables not separately priced before invoice payment.
Closure Date:
| ||||
| 21-00836-124 | Additional Actions Can Help Prevent Benefits Payments from Being Sent to Deceased Veterans | Review | ||
1 The under secretary for benefits implements procedures to identify failed automated weekly death matches and demonstrate progress towards processing all failed matches.
Closure Date:
2 The under secretary for benefits implements a process to review the social security number verification program and demonstrate progress towards ensuring the accuracy of social security numbers in VBA’s electronic systems.
Closure Date:
3 The under secretary for benefits implements an intra-agency data-sharing process with the Veterans Health Administration and demonstrate progress in obtaining information on veterans’ deaths.
Closure Date:
| ||||
| 21-00294-128 | Comprehensive Healthcare Inspection of the Syracuse VA Medical Center in New York | Comprehensive Healthcare Inspection Program | ||
1 The Medical Center Director determines the reasons for noncompliance and makes certain that leaders identify adverse events as sentinel events when criteria are met.
Closure Date:
2 The Medical Center Director evaluates and determines any additional reasons for noncompliance and ensures that leaders conduct institutional disclosures for all sentinel events.
Closure Date:
3 The Medical Center Director evaluates and determines any additional reasons for noncompliance and ensures the Systems Redesign Coordinator consistently participates in Veterans Integrated Service Network Systems Redesign Review Advisory Group meetings.
Closure Date:
4 The Medical Center Director evaluates and determines any additional reasons for noncompliance and ensures that the Surgical Work Group meets monthly and core members consistently attend meetings.
Closure Date:
5 The Chief of Staff evaluates and determines any additional reasons for noncompliance and makes certain that the Surgical Work Group analyzes efficiency and utilization metrics and evaluates critical surgical events.
Closure Date:
6 The Chief of Staff and Associate Director for Patient and Nursing Services evaluate and determine any additional reasons for noncompliance and ensure all required representatives attend Disruptive Behavior Committee meetings.
Closure Date:
7 The Medical Center Director evaluates and determines any additional reasons for noncompliance and ensures staff complete all required prevention and management of disruptive behavior training based on the risk level assigned to their work areas.
Closure Date:
| ||||
| 21-02491-129 | Quality of Care Concerns and Leaders’ Responses at the Amarillo VA Health Care System in Texas | Hotline Healthcare Inspection | ||
1 The Amarillo VA Healthcare System Director ensures Emergency Department staff follow established protocols for clinical assessment, frequency, and intervention regarding abnormal vital signs, and monitors for compliance.
Closure Date:
2 The Amarillo VA Healthcare System Director completes an evaluation of the registered nurse’s failure to ensure the patient received urgent medical attention after presenting to the clinic with stroke-like symptoms and takes appropriate action as indicated.
Closure Date:
3 The Amarillo VA Healthcare System Director reiterates expectations that patient aligned care team staff engage in respectful communications with patients and their families, and monitors patient advocate data as well as patient satisfaction survey data for evidence of compliance.
Closure Date:
4 The Amarillo VA Healthcare System Director completes a retrospective review of critical view alerts and other quality of care elements of the subject provider for the two years immediately preceding the subject provider’s summary suspension, takes clinical and administrative actions in accordance with Veterans Health Administration guidelines, and monitors for compliance.
Closure Date:
5 The Amarillo VA Healthcare System Director ensures patient aligned care team staff follow communication protocols and electronic health record documentation requirements, and monitors for compliance.
Closure Date:
6 The Veterans Integrated Service Network Director evaluates the system leaders’ actions in this case related to ongoing professional practice evaluation and focused professional practice evaluation for cause processes, focused clinical care review, and institutional disclosure; takes action related to staff training and other identified deficits, as needed; and monitors for compliance.
Closure Date:
| ||||
| 21-01309-74 | Federal Information Security Modernization Act Audit for Fiscal Year 2021 | Audit | ||
1 We recommended the Assistant Secretary for Information and Technology consistently implement an improved continuous monitoring program in accordance with the NIST Risk Management Framework. Specifically, implement an independent security control assessment process to evaluate the effectiveness of security controls prior to granting authorization decisions. (This is a repeat recommendation from prior years.)
Closure Date:
2 We recommended the Assistant Secretary for Information and Technology implement improved mechanisms to ensure system stewards and Information System Security Officers follow procedures for establishing, tracking, and updating Plans of Action and Milestones for all known risks and weaknesses including those identified during security control assessments. (This is a repeat recommendation from prior years.)
Closure Date:
3 We recommended the Assistant Secretary for Information and Technology implement controls to ensure that system stewards and responsible officials obtain appropriate documentation prior to closing Plans of Action and Milestones. (This is a repeat recommendation from prior years.)
Closure Date:
4 We recommended the Assistant Secretary for Information and Technology develop mechanisms to ensure system security plans reflect current operational environments, include an accurate status of the implementation of system security controls, and all applicable security controls are properly evaluated. (This is a repeat recommendation from prior years.)
Closure Date:
5 We recommended the Assistant Secretary for Information and Technology implement improved processes for reviewing and updating key security documents such as security plans, risk assessments, and interconnection agreements on an annual basis and ensure the information accurately reflects the current environment. (This is a repeat recommendation from prior years.)
Closure Date:
6 We recommended the Assistant Secretary for Information and Technology implement improved processes to ensure compliance with VA password policy and security standards on domain controls, operating systems, databases, applications, and network devices. (This is a repeat recommendation from prior years.)
Closure Date:
7 We recommended the Assistant Secretary for Information and Technology implement periodic reviews to minimize access by system users with incompatible roles, permissions in excess of required functional responsibilities, and unauthorized accounts. (This is a repeat recommendation from prior years.)
Closure Date:
8 We recommended the Assistant Secretary for Information and Technology enable system audit logs on all critical systems and platforms and conduct centralized reviews of security violations across the enterprise. (This is a repeat recommendation from prior years.)
Closure Date:
9 We recommended the Office of Personnel Security, Human Resources, and Contract Offices implement improved processes for establishing and maintaining accurate data within VA’s authoritative system of record for background investigations. (This is a modified repeat recommendation from prior years.)
Closure Date:
10 We recommended the Office of Personnel Security, Human Resources, and Contract Offices strengthen processes to ensure appropriate levels of background investigations are completed for applicable VA employees and contractors. (This is a modified repeat recommendation from prior years.)
Closure Date:
11 We recommended the Assistant Secretary for Information and Technology implement more effective automated mechanisms to continuously identify and remediate security deficiencies on VA’s network infrastructure, database platforms, and web application servers. (This is a repeat recommendation from prior years.)
Closure Date:
12 We recommended the Assistant Secretary for Information and Technology implement a more effective patch and vulnerability management program to address security deficiencies identified during our assessments of VA’s web applications, database platforms, network infrastructure, and workstations. (This is a repeat recommendation from prior years.)
Closure Date:
13 We recommended the Assistant Secretary for Information and Technology maintain a complete and accurate security baseline configuration for all platforms and ensure all baselines are appropriately monitored for compliance with established VA security standards. (This is a repeat recommendation from prior years.)
Closure Date:
14 We recommended the Assistant Secretary for Information and Technology implement improved network access controls that restrict medical devices from systems hosted on the general network. (This is a repeat recommendation from prior years.)
Closure Date:
15 We recommended the Assistant Secretary for Information and Technology consolidate the security responsibilities for networks not managed by the Office of Information and Technology, under a common control for each site and ensure vulnerabilities are remediated in a timely manner. (This is a repeat recommendation from prior years.)
Closure Date:
16 We recommended the Assistant Secretary for Information and Technology implement improved processes to ensure that all devices and platforms are evaluated using credentialed vulnerability assessments. (This is a repeat recommendation from prior years.)
Closure Date:
17 We recommended the Acting Assistant Secretary for Information and Technology implement improved procedures to enforce standardized system development and change control processes that integrates information security throughout the life cycle of each system. (This is a repeat recommendation from prior years.)
Closure Date:
18 We recommended the Assistant Secretary for Information and Technology review system boundaries, recovery priorities, system components, and system interdependencies and implement appropriate mechanisms to ensure that established system recovery objectives can be measured and met. (This is a modified repeat recommendation from prior years.)
Closure Date:
19 We recommended the Assistant Secretary for Information and Technology ensure that contingency plans for all systems are updated to include critical inventory components and are tested in accordance with VA requirements. (This is a repeat recommendation from prior years.)
Closure Date:
20 We recommended the Assistant Secretary for Information and Technology implement more effective agency-wide incident response procedures to ensure timely notification, reporting, updating, and resolution of computer security incidents in accordance with VA standards. (This is a repeat recommendation from prior years.)
Closure Date:
21 We recommended the Assistant Secretary for Information and Technology ensure that VA’s Cybersecurity Operations Center has full access to all security incident data to facilitate an agency-wide awareness of information security events. (This is a repeat recommendation from prior years.)
Closure Date:
22 We recommended the Assistant Secretary for Information and Technology implement improved safeguards to identify and prevent unauthorized vulnerability scans on VA networks. (This is a repeat recommendation from prior years.)
Closure Date:
23 We recommended the Assistant Secretary for Information and Technology implement improved measures to ensure that all security controls are assessed in accordance with VA policy and that identified issues or weaknesses are adequately documented and tracked within POA&Ms. (This is a repeat recommendation from prior years.)
Closure Date:
24 We recommended the Assistant Secretary for Information and Technology fully develop a comprehensive list of approved and unapproved software and implement continuous monitoring processes to prevent the use of prohibited software on agency devices. (This is a repeat recommendation from prior years.)
Closure Date:
25 We recommended the Assistant Secretary for Information and Technology develop a comprehensive inventory process to identify connected hardware, software, and firmware used to support VA programs and operations. (This is a repeat recommendation from prior years.)
Closure Date:
26 We recommended the Assistant Secretary for Information and Technology implement improved procedures for monitoring contractor-managed systems and services and ensure information security controls adequately protect VA sensitive systems and data. (This is a repeat recommendation from prior years.)
Closure Date:
| ||||
| 20-00827-126 | Noncompliant and Deficient Processes and Oversight of State Licensing Board and National Practitioner Data Bank Reporting Policies by VA Medical Facilities | Hotline Healthcare Inspection | ||
1 The Under Secretary for Health reviews the State Licensing Board reporting processes at the facility level to ensure compliance with Veterans Health Administration policy, identifies noncompliance, and takes action as warranted.
Closure Date:
2 The Under Secretary for Health ensures that the National Practitioner Data Bank facility reporting practices align with federal regulations and Veterans Health Administration policy.
3 The Under Secretary for Health instructs facility directors to submit National Practitioner Data Bank reports regarding physicians and dentists consistent with Veterans Health Administration policy.
Closure Date:
4 The Under Secretary for Health ensures programmatic oversight of facility State Licensing Board and National Practitioner Data Bank reporting processes.
Closure Date:
| ||||
| 21-00290-116 | Comprehensive Healthcare Inspection of the VA Western New York Healthcare System in Buffalo | Comprehensive Healthcare Inspection Program | ||
1 The Director evaluates and determines the reasons for noncompliance and makes certain that leaders accurately identify and report adverse events as sentinel events when criteria are met.
Closure Date:
2 The Chief of Staff evaluates and determines any additional reasons for noncompliance and ensures that the Peer Review Committee recommends improvement actions for Level 3 peer reviews.
Closure Date:
3 The Director evaluates and determines any additional reasons for noncompliance and makes certain that required members attend Surgical Work Group meetings.
Closure Date:
4 The Chief of Staff and Associate Director for Patient/Nursing Services evaluate and determine any additional reasons for noncompliance and make certain that staff monitor and evaluate all transfers as part of VHA’s Quality Management Program.
Closure Date:
5 The Chief of Staff and Associate Director for Patient/Nursing Services evaluate and determine any additional reasons for noncompliance and ensure all required representatives attend Disruptive Behavior Committee meetings.
Closure Date:
6 The Director evaluates and determines any additional reasons for noncompliance and ensures that staff complete the required prevention and management of disruptive behavior training based on the risk level assigned to their work areas.
Closure Date:
7 The Director evaluates and determines any additional reasons for noncompliance and makes certain that Employee Threat Assessment Team members complete the required training.
Closure Date:
| ||||
| 21-01221-24 | Inspection of Information Technology Security at the VA Financial Services Center | Information Security Inspection | ||
1 The Financial Services Center director implements measures to maintain an accurate system inventory.
Closure Date:
2 The Financial Services Center director implements a more effective patch and vulnerability management program that can accurately identify vulnerabilities and enforce patch application.
Closure Date:
3 The Financial Services Center director implements systems and information integrity procedures that detail how policies are applied to local systems, and create a mechanism for informing employees of new or updated policies and procedures.
Closure Date:
4 The Financial Services Center director, in conjunction with the system owner, develops and implements capabilities for all systems to generate audit logs and collect and forward audit events to the Cybersecurity Operations Center for review, analysis, and reporting.
Closure Date:
5 The Financial Services Center director continues to upgrade the video surveillance system and ensure new capabilities provide full surveillance and video retention to improve monitoring and incident response.
Closure Date:
| ||||
| 21-02458-94 | Financial Efficiency Review of the Durham VA Health Care System in North Carolina | Financial Inspection | ||
1 Ensure finance office staff are made aware of policy requirements and reviews are conducted on all inactive open obligations as required by VA Financial Policy, vol. 2, chap. 5, “Obligations Policy.”
Closure Date:
2 Ensure quarterly purchase card audits are performed as required by the Veterans Health Administration’s standard operating procedure, “Internal Audits—Purchase Cards and Convenience Checks.”
Closure Date:
3 Establish controls to confirm approving officials and purchase cardholders review their purchases and make sure contracting is used when it is in the best interest of the government.
Closure Date:
4 Require purchase cardholders to submit a request for ratification for any unauthorized commitments identified.
Closure Date:
5 Develop measures to confirm that completed VA Form 0242 submissions are accurate and updated for all cardholders.
Closure Date:
6 Ensure cardholders comply with record retention requirements as stated in VA’s Financial Policy, vol. 16, “Charge Card Programs.”
Closure Date:
7 Establish controls to make certain that budget or accounting staff review the salary cost data each pay period and promptly address cost center corrections with human resources staff as needed.
Closure Date:
8 Ensure service chiefs and supervisors review labor mapping for accuracy and completeness.
Closure Date:
9 Develop and implement a plan to increase inventory turnover closer to the VHA recommended level.
Closure Date:
10 Develop and implement a plan to complete facility based inventory audits of noncontrolled drug line items in compliance with VHA policy.
Closure Date:
| ||||
15039