Report Type
Report Category
Submitting Agency
- (-) Department of Defense OIG (8)
- (-) Department of Education OIG (10)
- (-) Department of Health & Human Services OIG (27)
- (-) Environmental Protection Agency OIG (5)
- (-) Federal Deposit Insurance Corporation OIG (1)
- (-) Pandemic Response Accountability Committee (1)
- Department of Agriculture OIG (2)
- Department of Commerce OIG (1)
- Department of Homeland Security OIG (17)
- Department of Housing and Urban Development OIG (1)
- Department of Justice OIG (6)
- Department of Labor OIG (27)
- Department of the Interior OIG (6)
- Department of the Treasury OIG (30)
- Department of Transportation OIG (5)
- Department of Veterans Affairs OIG (17)
- Election Assistance Commission OIG (5)
- General Services Administration OIG (1)
- National Security Agency OIG (1)
- Railroad Retirement Board OIG (5)
- Small Business Administration OIG (29)
- Social Security Administration OIG (3)
- Tennessee Valley Authority OIG (1)
- Treasury Inspector General for Tax Administration (10)
- U.S. Agency for International Development OIG (4)
- U.S. Postal Service OIG (9)
State/Local Agency
State (State and Local Reports)
Fraud Type
Agency Reviewed
Related Organizations
Management Challenges
Any Recommendations
Any Open Recommendations
Reports
Four States Reviewed Received Increased Medicaid COVID-19 Funding Even Though They Terminated Some Enrollees' Coverage for Unallowable or Potentially Unallowable Reasons
We recommend that the Centers for Medicare & Medicaid Services work with the four States to determine what amount, if any, of the funding they received because of the increased COVID-19 FMAP should be refunded to the Federal Government.
We recommend that the Centers for Medicare & Medicaid Services work with Minnesota to determine whether Medicaid enrollees were responsible for any cost-sharing for COVID-19 testing, services, or treatments and, if any cost-sharing is identified, work with Minnesota to ensure that enrollees are reimbursed for any out-of-pocket expenses incurred.
Washington’s Oversight of Local Educational Agency ARP ESSER Plans and Spending
We recommend that the Assistant Secretary for the Office of Elementary and Secondary Education— For LEAs with
approved ARP ESSER plans, ensure that Washington has taken appropriate corrective actions so that these plans meet
all ARP ESSER requirements.
We recommend that the Assistant Secretary for the Office of Elementary and Secondary Education— For LEAs that have
not yet submitted their ARP ESSER plans, require Washington to fully document its review and approval of these plans,
once they have been submitted, to ensure that they comply with all ARP ESSER requirements.
We recommend that the Assistant Secretary for the Office of Elementary and Secondary Education require that
Washington— In order to address the heightened risk associated with ARP ESSER funds, for the reimbursement and
monitoring processes, develop and implement protocols to sample LEA expenditures charged to ARP ESSER, and to
review supporting documentation, including procurement process documentation, to ensure that applicable Federal, State,
and local requirements are met.
Although IHS Allocated COVID-19 Testing Funds To Meet Community Needs, It Did Not Ensure That the Funds Were Always Used in Accordance With Federal Requirements
We recommend that the Indian Health Service correct Purpose Statute violations totaling $19,912 relating to funds not used on COVID-19 testing and other testing-related activities from the Pine Ridge Service Unit (an IHS Direct program), and, if IHS is unable to correct those violations, report any Antideficiency Act violations.
We recommend that the Indian Health Service identify and correct any other Purpose Statute violations relating to funds not used on COVID-19 testing and other testing-related activities from the Families First Act and Paycheck Protection Act funds allocated to the IHS Direct programs within the GPAO, and, if IHS is unable to correct those violations, report any Antideficiency Act violations.
We recommend that the Indian Health Service recover $460,525 in funds not used on COVID-19 testing and other testing-related activities from the applicable sampled Tribal and UIO programs.
We recommend that the Indian Health Service identify and recover amounts not used for COVID-19 testing or other testing-related activities that we did not sample from remaining Tribal and UIO programs within the GPAO.
We recommend that the Indian Health Service develop and implement procedures to identify and deobligate any unused Families First Act funds that expired on September 30, 2022, from all locations within the GPAO.
We recommend that the Indian Health Service develop and provide adequate guidance to programs within the GPAO on the proper use of Paycheck Protection Act funds in accordance with Federal requirements.
We recommend that the Indian Health Service strengthen its review process to ensure that modifications to ISDEAA agreements and IHCIA/FAR contracts contain complete and accurate information, including the funding source, amount awarded, and applicable language required under the funding source.
We recommend that the Indian Health Service provide adequate guidance to the programs on how to track and account for funds allocated and used under the Paycheck Protection Act.
We recommend that the Indian Health Service work with Tribal and UIO programs within the GPAO that we did not sample to ensure that they have properly tracked and accounted for funds used under the Paycheck Protection Act.
HRSA Made COVID-19 Uninsured Program Payments to Providers on Behalf of Individuals Who Had Health Insurance Coverage and for Services Unrelated to COVID-19
We recommend that HRSA recover the $294,294 in improper UIP payments identified in our sample.
We recommend that HRSA identify additional improper UIP payments for services provided to insured individuals
or services unrelated to COVID-19, which we estimate to be $783.6 million, and take remedial action.
We recommend that HRSA commit to strengthening its procedures that may apply to future programs of a similar nature to expand insurance verifications using additional data fields on each patient for whom an SSN is not submitted as part of a prepayment check or postpayment review process to identify potential exact matches for health insurance coverage, ensure data sources used to verify health insurance coverage are reliable, and develop in a timely manner an assessment strategy to ensure claims are appropriately reimbursed to providers.
Audit of the Reliability of the DoD Coronavirus Disease–2019 Patient Health Data
Rec. 1: The DoD OIG recommended that the Director of the Defense Health Agency work with the Program Executive Officer of the Program Executive Office, Defense Healthcare Management Systems to document and implement the process for identifying and collecting patient health data of DoD patients in the Military Health System in current and future registries within their purview in a written document, such as a standard operating procedure. The procedure should identify, at a minimum, the internal controls throughout the process, the relevant data sources, data fields, and diagnostic codes used in the computer scripts, and should be reviewed and approved when updates occur.
Rec. 2: The DoD OIG recommended that the Senior Contracting Official of the U.S. Army Medical Research Acquisition Activity and the Chief of the Joint Trauma System work with the Joint Trauma System contracting officer's representative to revise the quality assurance surveillance plan. The plan should include an appropriate sampling methodology for selecting patient health records from the Coronavirus Disease-2019 Registry to verify that the contractor is achieving the contract-required accuracy rate for entering patient data, and submit the revised quality assurance surveillance plan to the contracting officer.
Rec. 2: The DoD OIG recommended that the Senior Contracting Official of the U.S. Army Medical Research Acquisition Activity and the Chief of the Joint Trauma System work with the Joint Trauma System contracting officer's representative to revise the quality assurance surveillance plan. The plan should include an appropriate sampling methodology for selecting patient health records from the Coronavirus Disease-2019 Registry to verify that the contractor is achieving the contract-required accuracy rate for entering patient data, and submit the revised quality assurance surveillance plan to the contracting officer.
Rec. 3: The DoD OIG recommended that the Chief of the Joint Trauma System conduct an analysis to determine whether the patient data entered into the Coronavirus Disease-2019 Registry met the 90 percent accuracy rate requirement for contract W81XWH-20-P-0197 and contract W81XWH-22-C-0151.
Rec. 3.a: If the contractor did not meet the 90 percent accuracy requirement, the DoD OIG recommended that the Chief of the Joint Trauma System work with the Senior Contracting Official of the U.S. Army Medical Research Acquisition Activity to update the contractor's rating in the contractor's performance assessment reports for contract W81XWH-22-C-0151 and contract W81XWH-20-P-0197, when feasible.
Rec. 3.b: If the contractor did not meet the 90 percent accuracy requirement, the DoD OIG recommended that the Chief of the Joint Trauma System work with the Senior Contracting Official of the U.S. Army Medical Research Acquisition Activity to recoup any of the $3.9 million in questioned costs paid for services that did not comply with the terms of contract W81XWH-20-P-0197, if feasible.
Rec. 3.c: If the contractor did not meet the 90 percent accuracy requirement, the DoD OIG recommended that the Chief of the Joint Trauma System work with the Senior Contracting Official of the U.S. Army Medical Research Acquisition Activity to recoup any of the $2.3 million in questioned costs paid for services that did not comply with the terms of contract W81XWH-22-C-0151.
Rec. 3.d: If the contractor did not meet the 90 percent accuracy requirement, the DoD OIG recommended that the Chief of the Joint Trauma System work with the Senior Contracting Official of the U.S. Army Medical Research Acquisition Activity to consider all available contract remedies for contract W81XWH-22-C-0151, including modifying and, if necessary, terminating and re-competing the contract, and take action to ensure that the Department receives full value for the funds it expends for contract W81XWH-22-C-0151.
Rec. 3.e: If the contractor did not meet the 90 percent accuracy requirement, the DoD OIG recommended that the Chief of the Joint Trauma System work with the Senior Contracting Official of the U.S. Army Medical Research Acquisition Activity to delegate an official to review the concerns identified in this report, including the actions of the contracting officials, and take administrative actions, as necessary. The review should include a determination on whether the contractor's performance assessment reports were accurate and make updates as necessary.
Rec. 4.a: The DoD OIG recommended that the Director of the Defense Health Agency work with the Chief of the Joint Trauma System establish and implement a process for selecting Coronavirus Disease-2019 events for entry into the Coronavirus Disease-2019 Registry to limit selection bias.
Rec. 4.b: The DoD OIG recommended that the Director of the Defense Health Agency work with the Chief of the Joint Trauma System to include a bias disclosure notice on all reports generated from the Coronavirus Disease-2019 Registry until the Coronavirus Disease-2019 Registry data represent the population of DoD patients who had a Coronavirus Disease-2019 event.
Rec. 5.a: The DoD OIG recommended that the Assistant Secretary of Defense (Health Affairs) establish and implement a policy for developing and populating patient registries that aligns with the Department of Health and Human Services best practices, "Agency for Healthcare Research and Quality, Registries for Evaluating Patient Outcomes: A User?s Guide," current edition.
Rec. 5.b: The DoD OIG recommended that the Assistant Secretary of Defense (Health Affairs) conduct a review of all patient registries in the Military Health System to verify the reliability of data in each registry and implement corrective actions, as necessary.
Seventeen of Thirty Selected Health Centers Did Not Use or May Not Have Used Their HRSA COVID-19 Supplemental Grant Funding in Accordance With Federal Requirements
We recommend that the Health Resources and Services Administration require the 10 health centers identified in our report as having charged unallowable COVID-19 supplemental grant funding costs to refund $787,152 (less any amounts health centers voluntarily refunded as a result of our audit) to the Federal Government.
We recommend that the Health Resources and Services Administration work with the 13 health centers identified in our report that may not have properly allocated COVID-19 supplemental grant funding costs to determine what portion of the $15,056,835 is allocable to their COVID-19 supplemental grant funding and require the health centers to refund the improperly allocated funds to the Federal Government.
We recommend that the Health Resources and Services Administration assist the 17 health centers identified in our report as having charged unallowable costs or potentially improperly allocated costs to implement HRSA's guidance for developing and maintaining financial management systems and internal controls that ensure that only allowable, allocable, and documented costs are charged to their HRSA supplemental grant funding.
Montana Generally Complied With Requirements for Telehealth Services During the COVID-19 Pandemic
We recommend that the Montana Department of Public Health and Human Services develop and implement edits in its claim payment system so that the State agency pays only telehealth claims whose HCPCS codes denote the associated services as eligible to be performed via telehealth.
FDIC Examinations of Government-Guaranteed Loans
Develop and implement guidance to examination staff on the credit, operational (including fraud), liquidity, and compliance risks related to Government-guaranteed loans to ensure staff adequately plans and conducts examinations to identify and address emerging risks.
Develop and implement a training plan to ensure examination staff are trained on the requirements and risks of Government-guaranteed loan programs.
Update, develop, and distribute to FDIC examination personnel a list of FDIC examiners who have significant experience examining banks that specialize in Government-guaranteed loan programs to regional offices.
Develop and implement a process to obtain improved data regarding Government-guaranteed lending activities of FDIC-supervised financial
institutions.
Update the [redacted] MOU to include the sharing of loan portfolio information such as historical loan performance, status of guaranty, and loan-level risk characteristics.
Establish arrangements with other Federal agencies that administer Government-guaranteed loan programs to facilitate information sharing and
proactive identification of risk.
Develop and implement processes and procedures for the routine sharing, receipt, and storage of confidential information with Federal agencies that administer Government-guaranteed loan programs.
Develop and implement guidance to provide instruction to FDIC bank examination staff requiring communication and information sharing with Federal agencies that administer Government-guaranteed loan programs to ensure FDIC staff and the Federal agencies are aware of any emerging risks.
Determine whether other Federal agencies that administer Government-guaranteed loan programs have a list of FDIC-supervised banks with high risk factors associated with such programs and develop protocols to share information with relevant FDIC personnel, including examiners.
Develop and implement guidance to ensure relevant risk information exchanged with Federal Government agencies that administer Government-guaranteed loan programs is shared internally within the FDIC on an ongoing basis with the appropriate FDIC employees.
Develop and implement updated FDIC examination guidance to establish an appropriate timeframe for uploading complete supervisory business records to RADD.
Develop and implement guidance to examination staff to ensure the staff consistently evaluate Government-guaranteed loans in their review of loan classification, assessment of off-balance sheet risk, concentration risk, and ongoing monitoring.
Update and implement the Examination Profile Script to include additional questions on financial institution participation in Government-guaranteed loan programs in order to identify and address emerging risk.
Develop and implement additional items to the Safety and Soundness Request List to identify Government-guaranteed loans, the performance of those loans, and status of the guaranty.
Issue and implement guidance to require that examination staff conduct a fraud risk assessment on future Government-guaranteed loan programs involving FDIC-insured and FDIC-supervised financial institutions to inform policy decisions.
Ensure guidance on future Government-guaranteed loan programs includes all risks associated with such programs and has instructions to allow for consistency in supervisory activities.
Issue and implement guidance for examiners clarifying the FDIC supervisory expectations for reviewing bank PPP activities, including the level of PPP loan volume triggering a heightened review, how examiners should assess the PPP activities of banks that have existing BSA/AML weaknesses, and protocols for examination staff to communicate observed weaknesses.
Revise and implement FDIC guidance and practices for assessing concentrations and loan classification to ensure uniform application with the other Federal bank regulators of supervisory approaches to banks
Coordinate with the other Federal bank regulators to ensure uniform application of supervisory approaches to banks regarding concentrations and loan classification.
Medicare Improperly Paid Providers for Some Psychotherapy Services, Including Those Provided via Telehealth, During the First Year of the COVID-19 Public Health Emergency
We recommend that the Centers for Medicare & Medicaid Services work with the MACs to recover $35,560 in improper payments made to providers for the 128 sampled enrollee days that did not meet Medicare requirements.
We recommend that the Centers for Medicare & Medicaid Services work with the MACs to based upon the results of this audit, notify appropriate providers (i.e., those for whom CMS determines this audit constitutes credible information of potential overpayments) so that the providers can exercise reasonable diligence to identify, report, and return any overpayments in accordance with the 60-day rule and identify any of those returned overpayments as having been made in accordance with this recommendation.
Now that CMS has reinstituted most program integrity measures, we also recommend that CMS take the following steps, which if in effect during the audit period could have saved Medicare an estimated $579,667,510 during that period: Conduct medical reviews of psychotherapy services, including services provided via telehealth, to verify that the services are documented and billed in accordance with Medicare requirements.
Now that CMS has reinstituted most program integrity measures, we also recommend that CMS take the following steps, which if in effect during the audit period could have saved Medicare an estimated $579,667,510 during that period: Implement system edits for psychotherapy services, including services provided via telehealth, to prevent payments for services that were billed incorrectly.
Now that CMS has reinstituted most program integrity measures, we also recommend that CMS take the following steps, which if in effect during the audit period could have saved Medicare an estimated $579,667,510 during that period: Strengthen educational efforts to make providers aware of educational materials on how to meet Medicare requirements and guidance for psychotherapy services, including services provided via telehealth.
Now that CMS has reinstituted most program integrity measures, we also recommend that CMS work with the MACs to take the following steps, which if in effect during the audit period could have saved Medicare an estimated $579,667,510 during that period: Review MAC jurisdictions' LCD requirements for psychotherapy services to identify which provisions effectively promote program integrity, and consider additional steps that CMS could undertake to ensure appropriate coverage and payment for psychotherapy services across all jurisdictions.
Audit of DoD Actions Taken to Implement Cybersecurity Protections Over Remote Access Software in the Coronavirus Disease–2019 Telework Environment
Rec. A.1: The DoD OIG recommended that the Director of the U.S. Southern Command - Joint Interagency Task Force South Command, Control, Communications, Computers, Cyber and Intelligence direct its network administrators to scan the VMware Horizon main virtual desktop for malware in accordance with the McAfee Endpoint Security Technical Implementation Guide, develop compensating controls, or formally accept the risk of not scanning the main virtual desktop.
Rec. A.2.a: The DoD OIG recommended that the Chief Information Officer of the Department of the Air Force revise its policy to align with the Windows 10 Security Technical Implementation Guide requirement for disabling inactive user accounts after no more than 35 days.
Rec. A.2.b: The DoD OIG recommended that the Chief Information Officer of the Department of the Air Force direct network and system administrators to disable inactive user accounts after no more than 35 days of inactivity in accordance with the Windows 10 Security Technical Implementation Guide, develop compensating controls, or formally accept the risk of not disabling the inactive user accounts.
Rec. A.3: The DoD OIG recommended that the Chief Information Officer of the Naval Surface Warfare Center - Panama City Division direct network and system administrators to disable inactive user accounts after no more than 35 days of inactivity in accordance with the Windows 10 Security Technical Implementation Guide, develop compensating controls, or formally accept the risk of not disabling the inactive user accounts.
Rec. A.4.a: The DoD OIG recommended that the Chief Information Officer of the Defense Intelligence Agency revise its policy to align with the Windows 10 Security Technical Implementation Guide requirement for disabling inactive users after no more than 35 days.
Rec. A.4.b: The DoD OIG recommended that the Chief Information Officer of the Defense Intelligence Agency direct network and system administrators to disable inactive user accounts after no more than 35 days of inactivity in accordance with the Windows 10 Security Technical Implementation Guide, develop compensating controls, or formally accept the risk of not disabling the inactive user accounts.
Rec. A.5.a: The DoD OIG recommended that the Director of the Marine Corps Information Command, Control, Communications, and Computers revise the organization's policy to align with the Windows 10 Security Technical Implementation Guide requirement for disabling inactive users after no more than 35 days.
Rec. A.5.b: The DoD OIG recommended that the Director of the Marine Corps Information Command, Control, Communications, and Computers direct network and system administrators to disable inactive user accounts after no more than 35 days of inactivity in accordance with the Windows 10 Security Technical Implementation Guide, develop compensating controls, or formally accept the risk of not disabling the inactive user accounts.
Rec. A.6: The DoD OIG recommended that the Director of the Defense Information Systems Agency Joint Service Provider direct network and system administrators to disable inactive user accounts after no more than 35 days of inactivity in accordance with the Windows 10 Security Technical Implementation Guide, develop compensating controls, or formally accept the risk of not disabling the inactive user accounts.
Rec. B.1: The DoD OIG recommended that the Director of the Defense Information Systems Agency Joint Service Provider direct network and system administrators to revise the vulnerability management program to include mitigation timeframes for all vulnerabilities and develop plans of actions and milestones for all vulnerabilities that cannot be mitigated in a timely manner.