Recommendations
617
| ID | Report Number | Report Title | Type | |
|---|---|---|---|---|
| 22-03591-231 | VA Needs to Strengthen Controls to Address Electronic Health Record System Major Performance Incidents | Audit | ||
1 Assess electronic health record major performance incident data needs and contractually commit to real-time data sharing that will provide greater awareness of system operations.
2 Develop a formal procedure for verifying performance metrics and associated credits to ensure the department receives the remedies it is due under the contract.
3 Update the process for prioritizing major performance incidents to ensure that notification and resolution occur in a consistent manner.
4 Develop effective notification and resolution metrics that consistently capture results for all major performance incidents, regardless of the owner, and enforce them.
5 Identify the information needed in post-resolution reports, such as corrective and preventative actions, and require the contractor to consistently collect, verify, and report that information as a contract deliverable.
6 Develop a plan to ensure all clinicians are familiar with the national downtime procedures.
7 Identify the appropriate backup system and develop a training strategy to ensure clinicians can use the system during downtime.
8 Assess facilities’ patient safety reports identified during this audit to determine if additional actions need to be taken and, if so, provide an action plan.
9 Develop a mechanism to better identify major performance incidents and negative patient outcomes and provide a plan to prioritize and address their causes.
| ||||
| 24-00153-248 | Financial Efficiency Inspection of the VA Northeast Ohio Healthcare System | Financial Inspection | ||
1 Establish a plan to use VA’s cost accounting system information to identify alternative ways to reduce costs, enhance efficiency, and inform business decisions as identified by VA financial policy. This could include implementing federal financial accounting standard practices to use cost information for performance measurement, budgeting, cost control, and making economic choices.
Closure Date:
2 Consider requiring that the managerial cost accounting team review the Intermediate Product Cost Outlier report to identify cost outliers that may occur at the healthcare system.
Closure Date:
3 Ensure healthcare services are completing monthly data validation memos for their managerial cost accounting data.
Closure Date:
4 Ensure that healthcare system staff follow policy requirements; and that fiscal staff conduct reviews on all open obligations as required by VA Financial Policy, vol. 2, chap. 5, “Obligations” (2020), updated May 2023.
Closure Date:
5 Ensure that healthcare contracting staff follow federal acquisition regulations when terminating contracts for convenience to the government.
Closure Date:
6 Establish controls to ensure cardholders comply with record retention requirements, confirm approving officials and cardholders review purchases for VA policy compliance, and ensure contracting is used when it is in the best interest of the government.
Closure Date:
7 Require cardholders to submit a request for ratification for any unauthorized commitments identified.
Closure Date:
8 Develop and implement a plan to ensure data accuracy and reliability in the Generic Inventory Package.
Closure Date:
9 Develop and maintain a standardized training program for logistics and clinical staff on the proper recording of items as they are removed from primary and secondary inventory points.
Closure Date:
10 Ensure that MSPV facility-level contracting officer’s representatives are appointed and designated properly and perform all required duties according to the scope and limitation of the designee’s authority.
Closure Date:
| ||||
| 24-00122-247 | VA Continues Moving toward Full Compliance with Geospatial Data Covered Agency Responsibilities | Audit | ||
1 Reevaluate the risk determination for the Veterans Health Administration Geographic Information System and determine if the system should be set to a security categorization level of “moderate” based on the personally identifiable information and other sensitive data maintained in the system.
Closure Date:
2 Ensure the Data Breach Response Service director instructs staff associated with the incident response process that each security and privacy incident that occurs must be captured on a separate Privacy Security Events Tracking System ticket, confirms document investigation details are accurate, and reassesses whether the security incidents were a breach.
Closure Date:
| ||||
| 22-02161-200 | Independent Audit Report of a Dialysis Provider’s Contract Pricing and Billing Compliance | Audit | ||
1 Request that the contractor perform a self-audit of local VA claims.
Closure Date:
2 Verify that the contractor has completed the process of refunding local VA claims.
Closure Date:
| ||||
| 23-02610-226 | Additional Controls Are Needed to Improve the Reliability of Grant and Per Diem Program Data | Review | ||
1 Establish policies and procedures for Grant and Per Diem liaisons to obtain reliable discharge information from grantees when veterans exit from the Grant and Per Diem Program.
2 Implement controls, including enhanced medical facility and grantee guidance and training, to ensure grantee files and VA medical record documentation of veteran housing outcomes are consistent with Homeless Operations, Management, and Evaluation System data definitions and support the data in the Homeless Operations, Management, and Evaluation System.
3 Implement controls, such as quality reviews, to ensure Homeless Operations, Management, and Evaluation System outcome data are supported by and consistent with veteran medical records and grantee files.
| ||||
| 22-00879-249 | VA’s Compliance with the VA Transparency & Trust Act of 2021 Semiannual Report: September 2024 | Review | ||
1 Confirm VA has resumed submitting biweekly reports and, therefore, has submitted reports from June 2023 to present as required by the VA Transparency & Trust Act of 2021.
2 Confirm that the American Rescue Plan Act of 2021 section 8002 quarterly reports are submitted to Congress within the time frame established on the Consolidated Appropriations Acts of 2022 and 2023, which is no later than 30 days after the end of each fiscal quarter.
3 Coordinate with administration and staff office chief financial officers to ensure that the finance office staff responsible for the management of open obligations know and understand VA financial policy requirements for the review of open obligations included in quarterly obligation reports.
| ||||
| 24-01170-232 | Action Needed to Ensure VA Meets Staffing and Vacancy Reporting Requirements under the MISSION Act of 2018 | Review | ||
1 Ensure that annual reports to Congress include the steps VA is taking to improve the onboard timeline for facilities for which the duration of the onboarding process exceeds the metrics laid out in the Veterans Health Administration’s time-to-hire model, or successor model, as required by section 3008(b) of the Johnny Isakson and David P. Roe, M.D. Veterans Health Care and Benefits Improvement Act of 2020.
Closure Date:
| ||||
| 23-02123-202 | Improved Oversight Is Needed to Correct VISN-Identified Deficiencies in Medical Facilities’ Supply Chain Management | Audit | ||
1 Track facilities’ supply chain personnel vacancies as part of the quality control reviews and take appropriate action.
2 Develop guidelines that define when facility supply chain management problems require additional interventions and then routinely identify them for network director action.
3 Ensure facility and network directors work with the Procurement and Logistics Office on a plan to identify resources and milestones to resolve identified supply chain management problems for identified facilities.
4 Direct the program office to develop a process to provide resources when needed to help networks and facilities resolve persistent supply chain management deficiencies, including those identified in this report.
5 Continue Procurement and Logistics Office efforts to automate tracking that will accurately capture and monitor all quality control review results, corrective action plans, and implementation of those plans.
6 Update the Procurement and Logistics Office audits of the quality control program to apply risk‑based sampling, evaluate action plan sufficiency and implementation, and use the results to continuously improve quality control review guidance and requirements.
| ||||
| 23-03278-233 | Financial Efficiency Inspection of the VA Pittsburgh Healthcare System | Financial Inspection | ||
1 Establish a plan to use VA’s cost accounting system information to identify alternative ways to reduce costs, enhance efficiency, and inform business decisions as identified by VA financial policy.
Closure Date:
2 Consider a plan to align VA Pittsburgh Healthcare System financial management practices with federal financial accounting standard practices, which could include using cost information for performance measurement, budgeting, cost control, and making economic decisions.
Closure Date:
3 Ensure requesting offices are trained to effectively communicate status of open obligations in a timely manner so healthcare system finance staff can comply with VA Financial Policy, vol. 2, chap. 5, “Obligation.” by ensuring monthly that open obligations balances are valid and should remain open or are closed in a timely manner.
Closure Date:
4 Establish an escalation process to notify the appropriate leaders if the requesting office does not provide a response to the finance office’s monthly request for status of outstanding obligations.
Closure Date:
5 Establish controls to confirm approving officials and cardholders review purchases for VA policy compliance, ensuring purchases are not being split and that strategic sourcing is pursued for ongoing or repetitive purchases.
Closure Date:
6 Ensure supply chain managers implement a plan to detect and correct data validity issues within inventory systems.
Closure Date:
| ||||
| 23-03721-180 | Follow-Up Information Security Inspection at the Southwest Consolidated Mail Order Pharmacy in Tucson, Arizona | Information Security Inspection | ||
1 Improve vulnerability management processes to ensure plans of action and milestones are created for vulnerabilities that cannot be mitigated within OIT timelines.
Closure Date:
2 Implement a more effective system life-cycle process to ensure network devices are running operating systems that are configured to approved baselines and free of vulnerabilities.
Closure Date:
3 Implement a process to verify that when employees are terminated, all their accounts are disabled.
Closure Date:
4 Ensure network segmentation controls are applied to all network segments with special-purpose systems.
Closure Date:
5 Implement a process to retain database logs for a period consistent with VA’s record retention policy.
Closure Date:
| ||||
11259