Reports

Department of Health & Human Services OIG

Although IHS Allocated COVID-19 Testing Funds To Meet Community Needs, It Did Not Ensure That the Funds Were Always Used in Accordance With Federal Requirements

Audit | 7/20/2023

23-A-07-091.01 - Open

We recommend that the Indian Health Service correct Purpose Statute violations totaling $19,912 relating to funds not used on COVID-19 testing and other testing-related activities from the Pine Ridge Service Unit (an IHS Direct program), and, if IHS is unable to correct those violations, report any Antideficiency Act violations.

23-A-07-091.02 - Open

We recommend that the Indian Health Service identify and correct any other Purpose Statute violations relating to funds not used on COVID-19 testing and other testing-related activities from the Families First Act and Paycheck Protection Act funds allocated to the IHS Direct programs within the GPAO, and, if IHS is unable to correct those violations, report any Antideficiency Act violations.

23-A-07-091.03 - Open

We recommend that the Indian Health Service recover $460,525 in funds not used on COVID-19 testing and other testing-related activities from the applicable sampled Tribal and UIO programs.

23-A-07-091.04 - Open

We recommend that the Indian Health Service identify and recover amounts not used for COVID-19 testing or other testing-related activities that we did not sample from remaining Tribal and UIO programs within the GPAO.

23-A-07-091.05 - Open

We recommend that the Indian Health Service develop and implement procedures to identify and deobligate any unused Families First Act funds that expired on September 30, 2022, from all locations within the GPAO.

23-A-07-091.06 - Open

We recommend that the Indian Health Service develop and provide adequate guidance to programs within the GPAO on the proper use of Paycheck Protection Act funds in accordance with Federal requirements.

23-A-07-091.07 - Open

We recommend that the Indian Health Service strengthen its review process to ensure that modifications to ISDEAA agreements and IHCIA/FAR contracts contain complete and accurate information, including the funding source, amount awarded, and applicable language required under the funding source.

23-A-07-091.08 - Open

We recommend that the Indian Health Service provide adequate guidance to the programs on how to track and account for funds allocated and used under the Paycheck Protection Act.

23-A-07-091.09 - Open

We recommend that the Indian Health Service work with Tribal and UIO programs within the GPAO that we did not sample to ensure that they have properly tracked and accounted for funds used under the Paycheck Protection Act.

Department of Health & Human Services OIG

HRSA Made COVID-19 Uninsured Program Payments to Providers on Behalf of Individuals Who Had Health Insurance Coverage and for Services Unrelated to COVID-19

Full Details: Oversight.gov Report Page

Audit | 7/13/2023

Department of Health & Human Services OIG

Seventeen of Thirty Selected Health Centers Did Not Use or May Not Have Used Their HRSA COVID-19 Supplemental Grant Funding in Accordance With Federal Requirements

Full Details: Oversight.gov Report Page

Audit | 5/18/2023

Department of Health & Human Services OIG

Montana Generally Complied With Requirements for Telehealth Services During the COVID-19 Pandemic

Full Details: Oversight.gov Report Page

Audit | 5/17/2023

Department of Health & Human Services OIG

Medicare Improperly Paid Providers for Some Psychotherapy Services, Including Those Provided via Telehealth, During the First Year of the COVID-19 Public Health Emergency

Full Details: Oversight.gov Report Page

Audit | 5/02/2023

23-A-09-068.01 - Open

We recommend that the Centers for Medicare & Medicaid Services work with the MACs to recover $35,560 in improper payments made to providers for the 128 sampled enrollee days that did not meet Medicare requirements.

23-A-09-068.02 - Closed

We recommend that the Centers for Medicare & Medicaid Services work with the MACs to based upon the results of this audit, notify appropriate providers (i.e., those for whom CMS determines this audit constitutes credible information of potential overpayments) so that the providers can exercise reasonable diligence to identify, report, and return any overpayments in accordance with the 60-day rule and identify any of those returned overpayments as having been made in accordance with this recommendation.

23-A-09-068.03 - Open

Now that CMS has reinstituted most program integrity measures, we also recommend that CMS take the following steps, which if in effect during the audit period could have saved Medicare an estimated $579,667,510 during that period: Conduct medical reviews of psychotherapy services, including services provided via telehealth, to verify that the services are documented and billed in accordance with Medicare requirements.

23-A-09-068.04 - Open

Now that CMS has reinstituted most program integrity measures, we also recommend that CMS take the following steps, which if in effect during the audit period could have saved Medicare an estimated $579,667,510 during that period: Implement system edits for psychotherapy services, including services provided via telehealth, to prevent payments for services that were billed incorrectly.

23-A-09-068.05 - Open

Now that CMS has reinstituted most program integrity measures, we also recommend that CMS take the following steps, which if in effect during the audit period could have saved Medicare an estimated $579,667,510 during that period: Strengthen educational efforts to make providers aware of educational materials on how to meet Medicare requirements and guidance for psychotherapy services, including services provided via telehealth.

23-A-09-068.06 - Open

Now that CMS has reinstituted most program integrity measures, we also recommend that CMS work with the MACs to take the following steps, which if in effect during the audit period could have saved Medicare an estimated $579,667,510 during that period: Review MAC jurisdictions' LCD requirements for psychotherapy services to identify which provisions effectively promote program integrity, and consider additional steps that CMS could undertake to ensure appropriate coverage and payment for psychotherapy services across all jurisdictions.

Department of Health & Human Services OIG

Illinois Generally Complied With Requirements for Claiming Medicaid Reimbursement for Telehealth Payments During COVID-19

Full Details: Oversight.gov Report Page

Audit | 12/21/2022

Department of Health & Human Services OIG

IHS Did Not Always Provide the Necessary Resources and Assistance To Help Ensure That Tribal Programs Complied With All Requirements During Early COVID-19 Vaccination Program Implementation

Full Details: Oversight.gov Report Page

Audit | 10/17/2022

Social Security Administration OIG

The Social Security Administration’s Enumeration Services During the COVID-19 Pandemic

Objective: To determine whether the Social Security Administration (SSA) complied with its enumeration policies and procedures and had adequate controls over managing evidentiary documents submitted to support Social Security number (SSN) card applications during the COVID-19 pandemic.

Full Details: Oversight.gov Report Page

Audit | 9/30/2022

1 - Closed

Develop and periodically conduct comprehensive refresher training on topics including but not limited to:
- processing original Social Security Number (SSN) cards for individuals aged 12 or older and emphasize requirements and documentation of the in-person interview;
- acceptable forms of evidentiary documents, and
- processing new (different) and replacement SSN cards when adoption

10 - Open

Complete the privacy assessments for the WorkTrack application.

2 - Open

Update quality control reviews to include comparison of SSNAP inputs to an applicant-submitted Form SS-5 and evidentiary documents, and provide feedback to the technicians who made input errors (such as race and ethnicity) or did not use the appropriate evidentiary documents.

3 - Open

Revise enumeration policy to include clear instructions for when Form SSA-5002 is required and how to properly document the form.

4 - Closed

Update Program Operations Manual System (POMS) to provide current instructions for enumeration notices and archive outdated policy.

5 - Open

Retain enumeration notices in the Online Retrieval System for individuals with assigned SSNs.

6 - Open

Create and implement automated tools to assist staff in navigating through enumeration evidentiary document requirements.

7 - Closed

Take corrective action on all keying errors and cross-referencing errors we identified.

8 - Closed

Require managers to verify that incident reports are submitted through the Personally Identifiable Information (PII) Loss Reporting Tool before they approve reimbursement to customers for replacing lost original documents.

9 - Closed

Update the National Mail Handling Business Process to include standard Agency-wide mitigation steps for misdirected mail including original documents.

Small Business Administration OIG

COVID-19 and Disaster Assistance Information Systems Security Controls

This report presents the results of our audit to determine whether the U.S. Small Business Administration (SBA) maintained effective management control activities and monitoring of the design and implementation of third-party operated SBA systems. SBA needed information technology systems from third-party service providers that could improve the system efficiency and productivity to process high transaction volumes, transmit data between other information systems, and safeguard the integrity and confidentiality of the personally identifiable information processed by the programs. We found the...

Full Details: Oversight.gov Report Page

Audit | 9/27/2022

1 - Open

Ensure the existing SBA System Development Methodology is updated to include supply chain risk-management practices as required by OMB Circular A-130 and high-value asset system designation guidance. Also, ensure high-value asset system risks are incorporated into the enterprise risk management framework, as recommended by OMB M-19-03 and SBA SOP 90 47 6.

10 - Open

Implement an automated process to document and monitor system changes as recommended by NIST SP 800-53 Rev. 5.

2 - Open

Communicate and enforce the SBA System Development Methodology in which a traceability matrix is used to ensure that system requirements can be tested and demonstrated in the operational system. Ensure all requirements are aligned with the contractual acceptance criteria.

3 - Open

Implement in updated agency guidance, the requirements of OMB Circular No. A-123 that stipulate a SOC 1 Type 2 report is needed for all new and existing financial systems. This guidance should also require confirmation at least annually that the controls are functioning as designed.

4 - Closed

Enforce the requirement to establish and implement internal controls to ensure appropriate program officials perform and document contract reviews to ensure that information security is appropriately addressed in the contracting language, as required by OMB Circular A-130 and SBA SOP 90 47 6.

5 - Open

In conjunction with the Enterprise Risk Management Board, implement enterprise-wide privacy risk mitigation practices that can be assimilated into new and existing system program designs.

6 - Open

Complete an initial assessment and authorization for each information system and all agency-designated common controls before operation.

7 - Open

Transition information systems and common controls to an ongoing authorization process (when eligible for such a process) with the formal approval of the respective authorizing officials or reauthorize information systems and common controls as needed, on a time or event-driven basis in accordance with agency risk tolerance, as required by OMB Circular No. A-130 and SOP 90 47 6.

8 - Open

Review and update POA&Ms at least quarterly as required by SOP 90 47 6.

9 - Closed

Ensure data-sharing agreements are reviewed annually as required by SBA SOP 90 47 6.

Small Business Administration OIG

COVID-19 Economic Injury Disaster Loan Applications Submitted from Foreign IP Addresses

We evaluated the U.S. Small Business Administration’s (SBA) controls to flag or prevent potentially fraudulent Coronavirus Disease 2019 (COVID-19) Economic Injury Disaster Loan (EIDL) applications submitted from foreign Internet Protocol (IP) addresses. Although the agency implemented several layers of controls to prevent or reduce fraud from foreign countries, individuals at foreign IP addresses were able to access the COVID-19 EIDL application system. SBA received millions of attempts to submit COVID-19 EIDL applications from foreign IP addresses and stopped most of them; however, the agency...

Full Details: Oversight.gov Report Page

Audit | 9/12/2022

Date Range

Report Type

Report Category

Submitting Agency

State/Local Agency

State (State and Local Reports)

Fraud Type

Agency Reviewed

Related Organizations

Management Challenges

Any Recommendations

Any Open Recommendations

Reports

Although IHS Allocated COVID-19 Testing Funds To Meet Community Needs, It Did Not Ensure That the Funds Were Always Used in Accordance With Federal Requirements

HRSA Made COVID-19 Uninsured Program Payments to Providers on Behalf of Individuals Who Had Health Insurance Coverage and for Services Unrelated to COVID-19

Seventeen of Thirty Selected Health Centers Did Not Use or May Not Have Used Their HRSA COVID-19 Supplemental Grant Funding in Accordance With Federal Requirements

Montana Generally Complied With Requirements for Telehealth Services During the COVID-19 Pandemic

Medicare Improperly Paid Providers for Some Psychotherapy Services, Including Those Provided via Telehealth, During the First Year of the COVID-19 Public Health Emergency

Illinois Generally Complied With Requirements for Claiming Medicaid Reimbursement for Telehealth Payments During COVID-19

IHS Did Not Always Provide the Necessary Resources and Assistance To Help Ensure That Tribal Programs Complied With All Requirements During Early COVID-19 Vaccination Program Implementation

The Social Security Administration’s Enumeration Services During the COVID-19 Pandemic

COVID-19 and Disaster Assistance Information Systems Security Controls

COVID-19 Economic Injury Disaster Loan Applications Submitted from Foreign IP Addresses

Glossary

Glossary name will go here