Reports

Department of Health & Human Services OIG

Illinois Generally Complied With Requirements for Claiming Medicaid Reimbursement for Telehealth Payments During COVID-19

Full Details: Oversight.gov Report Page

Audit | 12/21/2022

Department of Health & Human Services OIG

IHS Did Not Always Provide the Necessary Resources and Assistance To Help Ensure That Tribal Programs Complied With All Requirements During Early COVID-19 Vaccination Program Implementation

Full Details: Oversight.gov Report Page

Audit | 10/17/2022

Small Business Administration OIG

COVID-19 and Disaster Assistance Information Systems Security Controls

This report presents the results of our audit to determine whether the U.S. Small Business Administration (SBA) maintained effective management control activities and monitoring of the design and implementation of third-party operated SBA systems. SBA needed information technology systems from third-party service providers that could improve the system efficiency and productivity to process high transaction volumes, transmit data between other information systems, and safeguard the integrity and confidentiality of the personally identifiable information processed by the programs. We found the...

Full Details: Oversight.gov Report Page

Audit | 9/27/2022

1 - Open

Ensure the existing SBA System Development Methodology is updated to include supply chain risk-management practices as required by OMB Circular A-130 and high-value asset system designation guidance. Also, ensure high-value asset system risks are incorporated into the enterprise risk management framework, as recommended by OMB M-19-03 and SBA SOP 90 47 6.

10 - Open

Implement an automated process to document and monitor system changes as recommended by NIST SP 800-53 Rev. 5.

2 - Open

Communicate and enforce the SBA System Development Methodology in which a traceability matrix is used to ensure that system requirements can be tested and demonstrated in the operational system. Ensure all requirements are aligned with the contractual acceptance criteria.

3 - Open

Implement in updated agency guidance, the requirements of OMB Circular No. A-123 that stipulate a SOC 1 Type 2 report is needed for all new and existing financial systems. This guidance should also require confirmation at least annually that the controls are functioning as designed.

4 - Closed

Enforce the requirement to establish and implement internal controls to ensure appropriate program officials perform and document contract reviews to ensure that information security is appropriately addressed in the contracting language, as required by OMB Circular A-130 and SBA SOP 90 47 6.

5 - Open

In conjunction with the Enterprise Risk Management Board, implement enterprise-wide privacy risk mitigation practices that can be assimilated into new and existing system program designs.

6 - Open

Complete an initial assessment and authorization for each information system and all agency-designated common controls before operation.

7 - Open

Transition information systems and common controls to an ongoing authorization process (when eligible for such a process) with the formal approval of the respective authorizing officials or reauthorize information systems and common controls as needed, on a time or event-driven basis in accordance with agency risk tolerance, as required by OMB Circular No. A-130 and SOP 90 47 6.

8 - Open

Review and update POA&Ms at least quarterly as required by SOP 90 47 6.

9 - Closed

Ensure data-sharing agreements are reviewed annually as required by SBA SOP 90 47 6.

Small Business Administration OIG

COVID-19 Economic Injury Disaster Loan Applications Submitted from Foreign IP Addresses

We evaluated the U.S. Small Business Administration’s (SBA) controls to flag or prevent potentially fraudulent Coronavirus Disease 2019 (COVID-19) Economic Injury Disaster Loan (EIDL) applications submitted from foreign Internet Protocol (IP) addresses. Although the agency implemented several layers of controls to prevent or reduce fraud from foreign countries, individuals at foreign IP addresses were able to access the COVID-19 EIDL application system. SBA received millions of attempts to submit COVID-19 EIDL applications from foreign IP addresses and stopped most of them; however, the agency...

Full Details: Oversight.gov Report Page

Audit | 9/12/2022

Department of Health & Human Services OIG

An Estimated 91 Percent of Nursing Home Staff Nationwide Received the Required COVID-19 Vaccine Doses, and an Estimated 56 Percent of Staff Nationwide Received a Booster Dose

Full Details: Oversight.gov Report Page

Department of Health & Human Services OIG

National Snapshot of Trends in the National Domestic Violence Hotline's Contact Data Before and During the COVID-19 Pandemic

Full Details: Oversight.gov Report Page

Department of Health & Human Services OIG

The Assistant Secretary for Administration Awarded and Managed Five Sole Source Contracts for COVID-19 Testing in Accordance With Federal and Contract Requirements

The Department of Health and Human Services (HHS) is one of the largest contracting agencies in the Federal Government. In fiscal year 2020, HHS awarded over $14 billion in contracts in response to the COVID-19 pandemic. Of these contracts, HHS's Assistant Secretary for Administration (ASA) awarded five sole source COVID-19 testing contracts to national pharmacy and grocery retail chains to provide Americans convenient access to COVID-19 testing at testing site locations throughout the United States. The contracts provided a flat-fee payment to participating retailers for each test...

Full Details: Oversight.gov Report Page

Department of Health & Human Services OIG

Six of Eight Home Health Agency Providers Had Infection Control Policies and Procedures That Complied With CMS Requirements and Followed CMS COVID-19 Guidance To Safeguard Medicare Beneficiaries, Caregivers, and Staff During the COVID-19 Pandemic

Full Details: Oversight.gov Report Page

Department of Health & Human Services OIG

CMS's COVID-19 Data Included Required Information From the Vast Majority of Nursing Homes, but CMS Could Take Actions To Improve Completeness and Accuracy of the Data

The United States currently faces a nationwide public health emergency because of the COVID-19 pandemic. Federal regulations, effective May 8, 2020, required nursing homes to report COVID-19 information, such as the number of confirmed COVID-19 cases among residents, at least weekly to the Centers for Disease Control and Prevention’s (CDC’s) National Healthcare Safety Network. Each week, CDC aggregates the reported information and sends the data to the Centers for Medicare & Medicaid Services (CMS) for posting to the CMS website. These data are used to assist with national surveillance of...

Full Details: Oversight.gov Report Page

Audit | 9/01/2021

271069 - Closed

We recommend that the Centers for Medicare & Medicaid Services assess the costs and benefits of implementing the following recommendations and if CMS determines that the benefits outweigh the costs, take action to develop a process to identify nursing homes that do not report required data for all of the data elements related to COVID-19 cases and deaths among residents and staff and PPE and supplies and request that they submit the required data.

271070 - Closed

We recommend that the Centers for Medicare & Medicaid Services assess the costs and benefits of implementing the following recommendations and if CMS determines that the benefits outweigh the costs, take action to revise its quality assurance checks for ratios 1, 3, 5, and 6, which use the number of all beds in the denominator, to ensure that it does not exclude from its COVID-19 data nursing homes' data that should be included.

271071 - Closed

We recommend that the Centers for Medicare & Medicaid Services assess the costs and benefits of implementing the following recommendations and if CMS determines that the benefits outweigh the costs, take action to revise its quality assurance checks for ratios 2 and 4, which use the numbers of confirmed cases and admissions among residents and confirmed cases among staff in the denominator, by adding the number of suspected COVID-19 cases to the denominator in both ratios and adjust the ratios' thresholds to reflect the change.

271072 - Closed

We recommend that the Centers for Medicare & Medicaid Services assess the costs and benefits of implementing the following recommendations and if CMS determines that the benefits outweigh the costs, take action to identify the nursing homes that reported more total COVID-19 deaths than total deaths from any cause and request that they verify or correct the reported data.

271073 - Closed

We recommend that the Centers for Medicare & Medicaid Services assess the costs and benefits of implementing the following recommendations and if CMS determines that the benefits outweigh the costs, take action to contact nursing homes that failed quality assurance checks to verify the accuracy of reported data or to correct inaccurate data.

271074 - Closed

We recommend that the Centers for Medicare & Medicaid Services assess the costs and benefits of implementing the following recommendations and if CMS determines that the benefits outweigh the costs, take action to work with CDC and with State health departments to determine the feasibility of using comparable data elements to collect COVID-19 data and the feasibility of monitoring substantial differences in the data and, if determined feasible, take actions to provide the public with more complete and accurate COVID-19 data for nursing homes.

Department of Health & Human Services OIG

CMS’s Controls Related to Hospital Preparedness for an Emerging Infectious Disease Were Well-Designed and Implemented but Its Authority Is Not Sufficient for It To Ensure Preparedness at Accredited Hospitals

Hospitals that cannot control the spread of emerging infectious diseases within their facilities risk spreading a disease such as COVID-19 to patients and staff. OIG therefore developed a plan to assess the Centers for Medicare & Medicaid Services’ (CMS’s) controls related to hospital preparedness for emerging infectious diseases.The objective of this audit was to determine whether CMS designed and implemented effective internal controls related to hospital preparedness for emerging infectious diseases such as COVID-19.

Full Details: Oversight.gov Report Page

Audit | 6/24/2021

Date Range

Report Type

Report Category

Submitting Agency

State/Local Agency

State (State and Local Reports)

Fraud Type

Agency Reviewed

Related Organizations

Management Challenges

Any Recommendations

Any Open Recommendations

Reports

Illinois Generally Complied With Requirements for Claiming Medicaid Reimbursement for Telehealth Payments During COVID-19

IHS Did Not Always Provide the Necessary Resources and Assistance To Help Ensure That Tribal Programs Complied With All Requirements During Early COVID-19 Vaccination Program Implementation

COVID-19 and Disaster Assistance Information Systems Security Controls

COVID-19 Economic Injury Disaster Loan Applications Submitted from Foreign IP Addresses

An Estimated 91 Percent of Nursing Home Staff Nationwide Received the Required COVID-19 Vaccine Doses, and an Estimated 56 Percent of Staff Nationwide Received a Booster Dose

National Snapshot of Trends in the National Domestic Violence Hotline's Contact Data Before and During the COVID-19 Pandemic

The Assistant Secretary for Administration Awarded and Managed Five Sole Source Contracts for COVID-19 Testing in Accordance With Federal and Contract Requirements

Six of Eight Home Health Agency Providers Had Infection Control Policies and Procedures That Complied With CMS Requirements and Followed CMS COVID-19 Guidance To Safeguard Medicare Beneficiaries, Caregivers, and Staff During the COVID-19 Pandemic

CMS's COVID-19 Data Included Required Information From the Vast Majority of Nursing Homes, but CMS Could Take Actions To Improve Completeness and Accuracy of the Data

CMS’s Controls Related to Hospital Preparedness for an Emerging Infectious Disease Were Well-Designed and Implemented but Its Authority Is Not Sufficient for It To Ensure Preparedness at Accredited Hospitals

Glossary

Glossary name will go here