All Reports

Improve vulnerability management processes to ensure system changes occur within organization timelines.

Develop and approve an authorization to operate for the special-purpose system.

The Executive Director evaluates and determines additional reasons for noncompliance and ensures leaders conduct and accurately document institutional disclosures for applicable sentinel events.

The Assistant Director Clinical Services evaluates and determines any additional reasons for noncompliance and ensures mental health staff attempt weekly follow-up until care is established for patients discharged from the emergency department who are at intermediate or high acute or chronic risk of suicide.

The under secretary for benefits reduces improper and unknown payments to below 10 percent for the Pension Program.

The under secretary for health reduces improper and unknown payments to below 10 percent for the Purchased Long-Term Services and Supports Program.

Director of the Veterans Transportation Program determines what system changes are needed to meet auto-adjudication goals and implement these changes.

Director of the Veterans Transportation Program conducts outreach to users, solicits feedback, and considers whether system changes are needed based on feedback, to increase self-service portal usage.

Assistant Under Secretary for Health for Operations create an action plan to phase out continued use of the VistA beneficiary travel function.

Assistant Under Secretary for Health for Operations coordinates with the veteran’s health administration office of finance and assess whether duplicate payments were made to veterans requesting travel reimbursement since the new system went live.

The Director determines the reasons for noncompliance and ensures leaders conduct institutional disclosures for applicable sentinel events.

The District Director determines reasons administrative quality review remediation plans did not include documentation of deficiency resolution and the time frame of resolution for the Dundalk, Raleigh, and Richmond Vet Centers; takes indicated actions to ensure completion; and monitors compliance.

The District Director determines reasons for lack of evidence for administrative quality review deficiency resolution for the Dundalk, Raleigh, and Richmond Vet Centers; takes indicated actions to ensure completion; and monitors compliance.

The District Director ensures the intake portion of the psychosocial assessment is completed and monitors compliance across all zone vet centers.

The District Director ensures suicide risk assessments are completed on the first clinical visit and monitors compliance across all zone vet centers.

The District Director ensures clinical staff complete safety plans for clients that are assessed at intermediate or high suicide risk level in either acute, chronic, or both categories as required; and monitors compliance across all zone vet centers.

The District Director ensures clinical staff consult with the vet center director, external clinical consultant, associate district director for counseling, or support VA medical facility mental health provider following a client’s suicide risk assessment as required; and monitors compliance across all zone vet centers.

The District Director, in collaboration with the support VA medical facility clinical or administrative liaisons, determines the reasons for noncompliance with staff participation on the mental health council for the Baltimore, Dundalk, Raleigh, and Richmond Vet Centers; and takes action as indicated to ensure compliance with Readjustment Counseling Services requirements.

The District Director determines reasons for noncompliance with High Risk Suicide Flag SharePoint site requirements and the tracking of continuity of care for clients at risk at the Raleigh Vet Center and takes action to ensure requirements are met, and monitors compliance.

The District Director determines the reasons for noncompliance with staff access to critical event plans that included a desktop reference at the Baltimore and Dundalk Vet Centers and takes actions as indicated to ensure compliance with Readjustment Counseling Service requirements.

The District Director determines reasons for noncompliance with a process for completing and tracking four hours of external clinical consultation per month at the Baltimore, Dundalk, and Raleigh Vet Centers; ensures vet center directors implement processes; and monitors compliance.

The District Director determines reasons employees at the Baltimore, Dundalk, Raleigh, and Richmond Vet Centers did not complete required trainings; ensures all staff complete mandatory trainings; and monitors compliance.

The District Director reviews reasons for noncompliance with maintaining a current and comprehensive emergency and crisis plan at the Raleigh and Richmond Vet Centers and ensures all emergency and crisis plans are updated and comprehensive as required.

The District Director determines reasons for lack of evidence that clinical quality review deficiencies were resolved at the Center City, Huntington, Northeast, and Scranton Vet Centers; takes indicated actions to ensure completion; and monitors compliance.

The District Director determines reasons administrative quality review remediation plans did not include documentation of deficiency resolution and the time frame for resolution for the Center City, Huntington, Northeast, and Scranton Vet Centers; takes indicated actions to ensure completion; and monitors compliance.

The District Director determines reasons for lack of evidence for administrative quality review deficiency resolution for the Center City, Huntington, Northeast, and Scranton Vet Centers; takes indicated actions to ensure completion; and monitors compliance.

The District Director ensures the intake portion of the psychosocial assessment is completed, and monitors compliance across all zone vet centers.

The District Director ensures suicide risk assessments are completed on the first clinical visit, and monitors compliance across all zone vet centers.

The District Director ensures clinical staff consult and coordinate care with the support VA medical facility for shared clients flagged as high risk for suicide, and monitors compliance across all zone vet centers.

The District Director confirms clinical staff make timely notification to the suicide prevention coordinator at the support VA medical facility for clients with significant safety risks, and monitors compliance across all zone vet centers.

The District Director ensures clinical staff complete safety plans for clients that are assessed at intermediate or high suicide risk level in either acute, chronic, or both categories as required, and monitors compliance across all zone vet centers.

The District Director ensures clinical staff consult with the vet center director, external clinical consultant, associate district director for counseling, or support VA medical facility mental health provider following a client’s suicide risk assessment as required, and monitors compliance across all zone vet centers.

The District Director, in collaboration with the support VA medical facility clinical or administrative liaisons, determines the reasons for noncompliance with staff participation on the mental health council for the Center City, Huntington, Northeast, and Scranton Vet Centers, and takes actions as indicated to ensure compliance with Readjustment Counseling Service requirements.

The District Director determines reasons employees at the Center City, Huntington, Northeast, and Scranton Vet Centers did not complete required trainings; ensures all staff complete mandatory trainings; and monitors compliance.

The District Director reviews reasons for noncompliance with having a current and comprehensive emergency and crisis plan at the Center City and Northeast Vet Centers, ensures completion of a current and comprehensive emergency and crisis plan, and monitor’s compliance.

The Director evaluates and determines reasons for noncompliance and ensures leaders evaluate sentinel events and conduct institutional disclosures when criteria are met.

The Director evaluates and determines any additional reasons for noncompliance and ensures that for all events assigned an actual or potential safety assessment code score of three, staff either complete an individual root cause analysis or include the event in an aggregated patient safety review.

The Chief of Staff evaluates and determines any additional reasons for noncompliance and ensures clinical managers use Focused Professional Practice Evaluation criteria that are defined in advance and accepted by the practitioner.

The Chief of Staff evaluates and determines any additional reasons for noncompliance and makes certain clinical managers define time frames for Focused Professional Practice Evaluations.

The Chief of Staff evaluates and determines any additional reasons for noncompliance and verifies that the Medical Executive Council’s meeting minutes consistently reflect the data reviewed for licensed independent practitioners’ re-privileging requests and the rationale for the recommendations.

The Chief of Staff evaluates and determines any additional reasons for noncompliance and ensures service chiefs define Focused Professional Practice Evaluation criteria in advance using objective criteria accepted by the licensed independent practitioner.

The Chief of Staff evaluates and determines any additional reasons for noncompliance and ensures service chiefs establish service-specific criteria in the Ongoing Professional Practice Evaluations of licensed independent practitioners.

The Chief of Staff evaluates and determines any additional reasons for noncompliance and ensures service chiefs base determinations to continue current privileges on Ongoing Professional Practice Evaluation activities.

The Associate Director evaluates and determines any additional reasons for noncompliance and ensures staff remove sterile supplies from storage when the packaging is damaged or compromised.

The Medical Center Director evaluates and determines any additional reasons for noncompliance and ensures staff post notices in areas that are subject to photography or video recording.

We recommended the Assistant Secretary for Information and Technology consistently implement an improved continuous monitoring program in accordance with the NIST Risk Management Framework. Specifically, implement an independent security control assessment process to evaluate the effectiveness of security controls prior to granting authorization decisions. (This is a repeat recommendation from prior years.)

We recommended the Assistant Secretary for Information and Technology implement improved mechanisms to ensure system stewards and Information System Security Officers follow procedures for establishing, tracking, and updating Plans of Action and Milestones for all known risks and weaknesses including those identified during security control assessments. (This is a repeat recommendation from prior years.)

We recommended the Assistant Secretary for Information and Technology implement controls to ensure that system stewards and responsible officials obtain appropriate documentation prior to closing Plans of Action and Milestones. (This is a repeat recommendation from prior years.)

We recommended the Assistant Secretary for Information and Technology develop mechanisms to ensure system security plans reflect current operational environments, include an accurate status of the implementation of system security controls, and all applicable security controls are properly evaluated. (This is a repeat recommendation from prior years.)

We recommended the Assistant Secretary for Information and Technology implement improved processes for reviewing and updating key security documents such as security plans, risk assessments, and interconnection agreements on an annual basis and ensure the information accurately reflects the current environment. (This is a repeat recommendation from prior years.)

We recommended the Assistant Secretary for Information and Technology implement improved processes to ensure compliance with VA password policy and security standards on domain controls, operating systems, databases, applications, and network devices. (This is a repeat recommendation from prior years.)

We recommended the Assistant Secretary for Information and Technology implement periodic reviews to minimize access by system users with incompatible roles, permissions in excess of required functional responsibilities, and unauthorized accounts. (This is a repeat recommendation from prior years.)

We recommended the Assistant Secretary for Information and Technology enable system audit logs on all critical systems and platforms and conduct centralized reviews of security violations across the enterprise. (This is a repeat recommendation from prior years.)

We recommended the Office of Personnel Security, Human Resources, and Contract Offices implement improved processes for establishing and maintaining accurate data within VA’s authoritative system of record for background investigations. (This is a modified repeat recommendation from prior years.)

We recommended the Office of Personnel Security, Human Resources, and Contract Offices strengthen processes to ensure appropriate levels of background investigations are completed for applicable VA employees and contractors. (This is a modified repeat recommendation from prior years.)

We recommended the Assistant Secretary for Information and Technology implement more effective automated mechanisms to continuously identify and remediate security deficiencies on VA’s network infrastructure, database platforms, and web application servers. (This is a repeat recommendation from prior years.)

We recommended the Assistant Secretary for Information and Technology implement a more effective patch and vulnerability management program to address security deficiencies identified during our assessments of VA’s web applications, database platforms, network infrastructure, and workstations. (This is a repeat recommendation from prior years.)

We recommended the Assistant Secretary for Information and Technology maintain a complete and accurate security baseline configuration for all platforms and ensure all baselines are appropriately monitored for compliance with established VA security standards. (This is a repeat recommendation from prior years.)

We recommended the Assistant Secretary for Information and Technology implement improved network access controls that restrict medical devices from systems hosted on the general network. (This is a repeat recommendation from prior years.)

We recommended the Assistant Secretary for Information and Technology consolidate the security responsibilities for networks not managed by the Office of Information and Technology, under a common control for each site and ensure vulnerabilities are remediated in a timely manner. (This is a repeat recommendation from prior years.)

We recommended the Assistant Secretary for Information and Technology implement improved processes to ensure that all devices and platforms are evaluated using credentialed vulnerability assessments. (This is a repeat recommendation from prior years.)

We recommended the Acting Assistant Secretary for Information and Technology implement improved procedures to enforce standardized system development and change control processes that integrates information security throughout the life cycle of each system. (This is a repeat recommendation from prior years.)

We recommended the Assistant Secretary for Information and Technology review system boundaries, recovery priorities, system components, and system interdependencies and implement appropriate mechanisms to ensure that established system recovery objectives can be measured and met. (This is a modified repeat recommendation from prior years.)

We recommended the Assistant Secretary for Information and Technology ensure that contingency plans for all systems are updated to include critical inventory components and are tested in accordance with VA requirements. (This is a repeat recommendation from prior years.)

We recommended the Assistant Secretary for Information and Technology implement more effective agency-wide incident response procedures to ensure timely notification, reporting, updating, and resolution of computer security incidents in accordance with VA standards. (This is a repeat recommendation from prior years.)

We recommended the Assistant Secretary for Information and Technology ensure that VA’s Cybersecurity Operations Center has full access to all security incident data to facilitate an agency-wide awareness of information security events. (This is a repeat recommendation from prior years.)

We recommended the Assistant Secretary for Information and Technology implement improved safeguards to identify and prevent unauthorized vulnerability scans on VA networks. (This is a repeat recommendation from prior years.)

We recommended the Assistant Secretary for Information and Technology implement improved measures to ensure that all security controls are assessed in accordance with VA policy and that identified issues or weaknesses are adequately documented and tracked within POA&Ms. (This is a repeat recommendation from prior years.)

We recommended the Assistant Secretary for Information and Technology fully develop a comprehensive list of approved and unapproved software and implement continuous monitoring processes to prevent the use of prohibited software on agency devices. (This is a repeat recommendation from prior years.)

We recommended the Assistant Secretary for Information and Technology develop a comprehensive inventory process to identify connected hardware, software, and firmware used to support VA programs and operations. (This is a repeat recommendation from prior years.)

We recommended the Assistant Secretary for Information and Technology implement improved procedures for monitoring contractor-managed systems and services and ensure information security controls adequately protect VA sensitive systems and data. (This is a repeat recommendation from prior years.)

The Director determines the reasons for noncompliance and ensures leaders evaluate adverse events and conduct institutional disclosures when criteria are met.

The Chief of Staff evaluates and determines any additional reasons for noncompliance and ensures service chiefs consider service-specific Ongoing Professional Practice Evaluation data when recommending licensed independent practitioners’ continued privileges.

The Executive Director determines the reasons for noncompliance and ensures leaders conduct institutional disclosures for all applicable sentinel events.

The Executive Director evaluates and determines any additional reasons for noncompliance and ensures staff complete final peer reviews within 120 calendar days or approves a written extension request.

The Chief of Staff evaluates and determines any additional reasons for noncompliance and ensures service chiefs use Focused Professional Practice Evaluation criteria that are defined in advance and accepted by the practitioners.

The Chief of Staff evaluates and determines any additional reasons for noncompliance and ensures the Medical Executive Committee reviews professional practice evaluations for licensed independent practitioners’ privileging requests and documents the review in meeting minutes.

The Chief of Staff evaluates and determines any additional reasons for noncompliance and ensures service chiefs establish service-specific criteria for reprivileging decisions.

The Chief of Staff evaluates and determines any additional reasons for noncompliance and ensures service chiefs recommend reprivileging based, in part, on Ongoing Professional Practice Evaluations completed by practitioners with similar training and privileges.

The Charlie Norwood VA Medical Center Director ensures primary care teams adhere to Veterans Health Administration policies related to mental health screenings, consult management, and care coordination, and monitors compliance.

The Charlie Norwood VA Medical Center Director develops a process to ensure that Emergency Department staff communicate patients’ referral information from the Veterans Crisis Line to Emergency Department providers.

The Charlie Norwood VA Medical Center Director ensures that suicide prevention staff documentation is complete and accurate, and actions are taken to resolve issues identified in Veterans Crisis Line referrals prior to closure.

Establish guidance that outlines the type of documentation required to support the amounts identified in the manual journal vouchers when processing expenditure transfers.

Require medical facility staff have documented authority, through proper delegation, to make purchases.

Verify that medical facility staff segregate duties so that the same person is not both authorizing and receiving goods and services.

Make certain the purchase card holder is not the requestor or approver for the purchase.

Ensure contracting officer’s representatives know and understand their duties and responsibilities for the certification and payment of invoices.

Check vendors’ compliance with contract terms to include the comparison of invoiced amounts with the contract line-item unit costs.esponse to the pandemic and develop appropriate action plans to integrate oversight roles, responsibilities, and clear guidance into the use of supplemental funds.

Ensure that medical facility staff track the receipt of goods to make certain they are the correct quantity.

The Chief of Staff evaluates and determines any additional reasons fornoncompliance and ensures service chiefs complete Ongoing Professional PracticeEvaluations.

The VA Black Hills Health Care System Director reviews the sexual harassment policy to ensure that leaders and supervisors can identify, thoroughly investigate, and respond to sexual harassment allegations.

The VA Black Hills Health Care System Director ensures that facility policy addresses the safety and rights of patients who are both VA employees and participants in the Transitional Residence program.