 |
 |
|
 |
||
Print 
Download Reader 
|
|
|
|
||
Print Download Reader
 |
Appendix A - FY 2004 Top Management Challenges Identified by the Office of Inspector GeneralManagement Challenge 1: Implementation of the Medicare Modernization Act (MMA)Management Challenge:At nearly 700 pages and 12 titles, the Medicare Prescription Drug, Improvement and Modernization Act of 2003 (MMA) sets forth the most comprehensive changes to the Medicare program since its inception in 1965. Implementation of this new statute is a huge undertaking involving massive dollars and complex new benefit programs. Primarily, MMA establishes a new program in Medicare to provide a prescription drug benefit, Medicare Part D, which will become available on January 1, 2006. MMA also provides that Medicare beneficiaries may enroll in the Prescription Drug Discount Card program until the Part D benefit becomes available. In addition to the creation of new programs, MMA sets forth numerous changes to existing programs, including a revised Managed Care program, certain payment reforms, rural health care improvements, and other changes involving administrative improvements, regulatory reduction, administrative appeals, and contracting reform. As a result of the creation of new programs and reform of existing programs, the Department of Health and Human Services (HHS) has acquired numerous new responsibilities. These include developing and implementing new programs, issuing regulations, conducting a variety of studies through surveys and audits, preparing and submitting reports to Congress, and enforcing program rules. Numerous components within HHS, including the Centers for Medicare & Medicaid Services (CMS), the Food and Drug Administration (FDA), the Agency for Healthcare Research and Quality (AHRQ), and the Office of Inspector General (OIG) have specific responsibilities set forth under MMA. Thus, implementation of MMA requires a high level of collaboration and coordination that extends across the Department to ensure these new programs and changes are implemented in such a way to guard against opportunities for waste, fraud, and abuse. Assessment of Progress in Addressing the Challenge:To address the challenges in implementing the numerous responsibilities HHS has under MMA, HHS has established MMA implementation teams and a tracking database. In addition, HHS components have set up various working groups to address MMA implementation issues. Components within HHS have already provided substantial assistance to one another with regard to implementation of MMA and will continue to coordinate HHS-wide to ensure HHS has fulfilled its responsibilities. Implementation of all provisions of this law merits significant thoroughness, scrutiny, and oversight. Management Response:Since enactment of the MMA, CMS leadership has involved the entire organization to implement numerous management initiatives to ensure the successful and timely implementation of the MMA. Challenges:Establishing Partnerships and Strategic Planning CMS has established, both internally and externally, a number of cross-component leadership and staff level teams, that convene regularly in collaboration with HHS, to ensure major policy and operational issues are fully vetted and that critical program decisions are made in a timely manner. In addition, CMS has focused significant energy on strengthening its working relationships with other Federal agencies, including the Executive Office of the President, Office of Personnel Management, Small Business Administration, Social Security Administration, the Department of Labor, and the Department of the Treasury, to secure their necessary participation in MMA implementation activities. CMS has also implemented both project planning and management reporting systems that afford CMS and Department leadership routine and timely information on critical timeframes, decision points, and the status of MMA implementation activities as well as summary information on the Agency's accomplishments. For example, the project plans developed for implementation of the new prescription drug benefit and the new Medicare Advantage program, both of which are effective on January 1, 2006, quickly highlighted the need for "Final Rules" implementing both programs to be published no later than January 2005. This will ensure adequate lead time for contracting for and operationalizing the new pharmacy benefit managers and for the health plans to develop and price the required new benefits, prepare marketing materials, and conduct open enrollment. Contractor reform is another area that CMS is undertaking to ensure that standards are met, and fraud, waste, and abuse are eliminated. Resource Management CMS has developed and implemented detailed financial plans to ensure that the resources Congress made available for implementation of MMA are fully leveraged and readily accessible in accord with the critical dates and milestones in the Agency's project plans. These plans, combined with the Agency's recently approved direct hire authority, have allowed CMS to recruit critical new skill sets that were previously unavailable in the Agency and are essential to successful implementation. Education and Beneficiary Outreach One of the major challenges to successful implementation is communicating the improvements and changes to beneficiaries and other stakeholders. CMS has invested heavily to ensure beneficiaries have access to the information they need, when they need it. The Agency has engaged beneficiaries and other stakeholders through 1-800-MEDICARE, www.medicare.gov, targeted open door forums, and town hall meetings. CMS has engaged numerous external organizations and other governmental agencies to help with outreach efforts. All efforts have been supplemented with awareness campaigns utilizing print, radio, and television media. For example, to ensure beneficiaries obtain maximum utilization of the time-limited Medicare Drug Discount Card, CMS and the Administration on Aging (AoA) recently made $4 million available to over 100 community-based organizations and coalitions representing nearly 700 individual organizations to help educate and enroll seniors in the Drug Discount Card program. In addition, over the next 2 years CMS will make over $50 million available to the State Health Insurance Assistance programs for outreach activities and training of their volunteers who provide one-on-one counseling to Medicare beneficiaries. Accomplishments to Date:CMS is responsible for implementing 416 separate MMA provisions within eight years (2003-2011). The legislation was intentionally front-end loaded, calling for 149 provisions (40 percent) to be implemented within the first six months. CMS implemented 91 percent of the provisions within the first six months after enactment and work is well underway for the remaining 15 provisions. CMS has published over 6,000 pages of regulations to ensure Congressional intent is carried out and has released 75 issuances that impact MMA provisions. Noteworthy accomplishments are highlighted below. Medicare-Approved Prescription Drug Discount Card The Medicare-Approved Prescription Drug Discount Card program is a bridge between the current lack of outpatient drug coverage for Medicare beneficiaries and the formal benefit effective in 2006. A prime example of CMS' management success is the full implementation of the new program within 6 months of enactment. Within 6 days of passage of the MMA, CMS published the "Federal Rules" establishing the Prescription Drug Card program, thus ensuring its timely implementation. CMS built an entirely new infrastructure to implement the drug card and developed a website to allow individuals to make educated and informed decisions regarding their prescription drug coverage. CMS augmented these efforts through partnerships with various pharmaceutical providers (pharmacy benefit managers, wholesalers, retail pharmacies, insurers, and Medicare Advantage plans), collaborations with external partners (AoA, States, beneficiary groups, etc.), and a comprehensive outreach campaign for Medicare beneficiaries. These efforts resulted in the enrollment of over 4 million beneficiaries through the end of August 2004. Beneficiaries have realized significant savings overall in addition to the $600 credit available to the most needy beneficiaries. New and Improved Benefits Beginning in 2005, Medicare will cover new preventive services. CMS proposed rules for these new preventive services, which include a one-time initial wellness physical exam, cardiovascular screenings, and diabetes screenings. These new benefits can be used to screen Medicare beneficiaries for many illnesses and conditions that, if caught early, can be treated and managed, and can result in far fewer serious health consequences. Such conditions as obesity, Diabetes, heart disease, and Asthma could be made far less severe for millions of Medicare beneficiaries. Increased Beneficiary Choice and Access CMS has already published "Final Rules" providing enhanced payments to institutional providers in rural and underserved geographic areas to increase beneficiary access to care. CMS has also proposed similar changes in provider payment and fee schedules to increase and expand beneficiary choice and access to care and to increase quality of care. Quality The MMA includes a number of provisions to improve beneficiary access to quality care. To date, CMS has implemented demonstration projects focusing on drug replacement alternatives for beneficiaries to receive cancer, arthritis, and multiple sclerosis medications in non-physician office settings, and on chronic care management alternatives. CMS has instituted numerous quality measures and reporting systems for hospitals to ensure beneficiary health and safety. In addition, the Agency is collaborating with the private sector and other governmental agencies to establish an effective e-prescribing system as one component of the Department's vision for health information technology. New Drug Benefit and Medicare Advantage In late July 2004, CMS published proposed rules for the two largest components of the MMA, the Prescription Drug Plan and Employer Subsidy (Title I) and the Medicare Advantage program (Title II). As noted above, these regulations are effective January 1, 2006, but "Final Rules" must be published in January 2005. Title I will provide affordable prescription drug coverage and Title II will provide enhanced access to health care services. Education and Outreach Through the end of August, CMS has conducted 17 open door forums on MMA-related activities with 15,000 participants and numerous town hall meetings. In early March 2004, CMS launched the Medicare Modernization Update website to keep the public and provider communities informed of MMA implementation activities and plans. To date the website, which is updated monthly, has had over 124,000 "hits" and has over 5,500 subscribers. In addition, early this summer CMS enhanced the Medicare.gov website to include information on the Medicare-Approved Drug Discount Card program. The timelines required under MMA for implementing these important new benefits are ambitious and have required prudent planning and a wise use of resources. The CMS has met and exceeded its required obligations for implementation of the MMA and is continuing to work diligently to accomplish the remaining tasks. Management Challenge 2: Payment for Prescription DrugsManagement Challenge:Numerous OIG and Government Accountability Office (GAO) reports consistently found that the Medicare and Medicaid programs pay too much for prescription drugs. These programs reimbursed drug costs based on inflated published average wholesale prices (AWP) rather than the prices actually paid by suppliers and physicians. For example, Medicare Part B payments for 24 leading drugs with the highest total Medicare payment in 2000 were $887 million higher than actual wholesale prices available to physicians and suppliers and $1.9 billion higher than prices available through the General Services Administration's Federal Supply Schedule. In an August 2001 report, OIG estimated that the Medicaid program could have saved as much as $1 billion if brand name prescription drug reimbursement (not including the dispensing fee) had been in line with the pharmacies' estimated acquisition costs for drugs. The OIG concluded that Medicare and Medicaid paid too much for prescription drugs because their payment methodologies are flawed. The MMA changed the Medicare reimbursement of Part B drugs based on the vulnerabilities identified by OIG and GAO. Beginning in 2005, Medicare will pay for drugs based on the new average sales price (ASP) methodology. In 2006, MMA provides doctors with an annual choice between two payment and delivery systems. Physicians will have a choice of being paid 106 percent of ASP or having the drugs furnished to them by contractors selected by CMS using prices established through a competitive bidding process. Hopefully, these reforms will prevent the Medicare Part B program from paying inflated drug costs and more accurately reflect market prices. MMA also created a new prescription drug benefit for Medicare beneficiaries. Prior to MMA, Medicare covered only a limited set of approximately 450 drugs under Part B. Effective January 2006, Medicare will provide a comprehensive drug benefit under the new Part D. Until 2006, qualified Medicare beneficiaries may receive discounts on their prescription drugs by enrolling in the temporary Prescription Drug Discount Card program. The expansion of Medicare drug heightens the significance of accurately and appropriately paying for prescription drugs. The MMA did not address the AWP vulnerabilities in the Medicaid drug reimbursement. Therefore, most Medicaid State programs will continue to reimburse for pharmaceuticals based on inflated AWPs. It is imperative to monitor these prices, whether provided through risk-bearing private plans or otherwise, to ensure that HHS is a prudent purchaser. Assessment of Progress in Addressing the Challenge:The MMA brings new responsibilities to HHS and increases the challenges in providing an adequate level of prudent oversight to the Medicare program. CMS has implemented the prescription drug discount card, promulgated MMA regulations for calculating ASP, is developing a plan for the selection of a payment safeguard contractor to audit the discount card program, and recently issued regulations on the new Medicare prescription drug benefit. It is critical that the new Part B reimbursement methodology, the Medicare prescription drug discount card, and new Medicare prescription drug benefit are implemented in an efficient and effective manner and not be subjected to fraud, waste, and abuse. If history is an indicator of future events, then OIG's past experience in auditing, evaluating, and investigating Medicare and Medicaid drug reimbursement shows that HHS oversight needs to be especially vigilant in this area. Management Response:The CMS is committed to ensuring access to Medicare-covered prescription drugs while paying fair prices for them. The MMA modified the Medicare program to include coverage of prescription drugs under Part D in 2006 and market-based payment methodologies for covered Part B drugs and biologicals beginning in 2005. In addition as of June 2004, the Medicare-Approved Prescription Drug Discount Card and Transitional Assistance program affords qualifying beneficiaries the opportunity to receive help paying for drugs and access to lower prices prior to implementation of the new Part D drug benefit. Although implementing these reforms presents many challenges, CMS has successfully accomplished numerous initial tasks. Medicare Drug Benefit - 2006 Forward CMS has received comments on proposed regulations for implementing the Part D drug benefit and will develop final regulations and selection procedures within the next few months. Working closely with its State partners and the Social Security Administration - as well as its HHS partners - CMS will implement a number of systems and oversight activities to ensure the integrity of the drug benefit and operations of the program.
Drug Card Sponsor Monitoring and Compliance Process - 2004-2005 CMS' approach for overseeing the Medicare-Approved Prescription Drug Discount Card program emphasizes analysis of program data to enable CMS to know where best to focus its program oversight, compliance, and enforcement resources. The oversight program utilizes the resources of CMS' central office, 10 regional offices, and a Medicare program safeguard contractor (IntegriGuard). CMS' response to program violations can include conducting educational calls with sponsors, issuing warning letters, imposing corrective action plans, levying civil monetary penalties, and imposing intermediate sanctions and terminating card sponsors from the program. Card sponsors thought to be engaging in fraudulent activities are referred to the HHS OIG or the Department of Justice. Also, CMS has released six analyses on savings available to its beneficiaries under the Medicare-Approved Prescription Drug Discount Card program. These analyses consistently show the substantial savings available to Medicare beneficiaries, particularly those with low incomes. Average Sales Price Methodology and Competitive Acquisition CMS has received two quarters of ASP data from drug manufacturers, and is actively working with manufacturers to improve the quality of reporting. In addition, CMS has received comments on the MMA regulations for calculating ASP and implementation of the ASP methodology, and has issued a "Final Rule" revising the estimation methodology for price concession data that is available on a lagged basis. Based on early ASP data, the new Part B reimbursement methodology will bring significant savings to the program and to beneficiaries. CMS is collaborating with the OIG on several tasks that are critical for ensuring the successful implementation of the ASP methodology. CMS looks forward to working closely with the OIG to evaluate and act upon ASP data that differs from widely available prices or Medicaid best price data as the statute permits. The Agency has begun a number of activities critical for timely implementation of the competitive acquisition program in 2006, in recognition that it is essential for the ASP methodology to be implemented accurately to set the basis for a successful competitive acquisition program. Management Challenge 3: Bioterrorism PreparednessManagement Challenge:The tragedy of September 11, 2001 and events since then underscore the importance of having a national health care infrastructure and resources to respond to threatened and actual acts of terrorism and bioterrorism, as well as other public health emergencies. Because HHS manages most of the Nation's Federal health resources through research, surveillance, coordination, and delivery of programs, OIG work has focused on vulnerabilities in those programs. The OIG assesses how well programs recognize and respond to outside health threats, the security of HHS laboratory facilities, the management of these grant programs and funds by the Department and grantees, and the readiness and capacity of responders at all levels of government to protect the public's health. Since 2001, OIG has completed numerous audits and evaluations of the Department's programs for bioterrorism preparedness and response. In evaluating the effectiveness of the Centers for Disease Control and Prevention (CDC) bioterrorism preparedness efforts, OIG assessed the ability of 12 State and 36 local health departments to detect and respond to bioterrorist events. Additionally, the OIG conducted a review in 11 States and 21 localities of their ability to receive and deploy the National Pharmaceutical Stockpile (now known as the Strategic National Stockpile). The stockpile is designed to supplement and restock State and local public health agency pharmaceutical supplies in the event of a biological or chemical incident. In both studies, the OIG found these States and localities were under-prepared both to detect and respond to bioterrorist events in general, and that their planning documents tended to overstate preparedness. At CDC's request, the OIG conducted follow-up reviews of progress made by the same States and localities. The OIG noted that while some progress had been made, CDC needs to continue working with States and localities to ensure that a priority planning system is in place. The OIG also reviewed States' progress in developing and implementing jurisdiction-wide laboratory response programs for bioterrorism, which included Level A laboratories. These Level A laboratories are clinical labs that may be involved in the early detection of a bioterrorism event and can conduct initial testing to rule out critical agents of bioterrorism (such as Anthrax) and refer suspected specimens to higher level laboratories. They are generally hospital-based, freestanding, or local public health laboratories. The OIG found that virtually all States had begun creating their programs by drafting plans and identifying, contacting, educating, and assessing the capabilities of at least some Level A laboratories. However, the OIG noted key vulnerabilities, including insufficient training, a lack of critical emergency communication systems, and States' use of inconsistent standards to identify Level A laboratories. The OIG also performed reviews in 14 States and four major metropolitan areas assessing grantees' efforts to comply with the financial accounting and reporting requirements of CDC's and the Health Resources and Services Administration's (HRSA) bioterrorism grant programs. The OIG found that grantees did not always follow program regulations with respect to recording, summarizing, and reporting bioterrorism grant expenditures; monitoring subrecipient expenditures; and timely obligating grant funds. In the period following the terrorist attacks, the OIG assessed security at laboratories operated by CDC, the National Institutes of Health (NIH), FDA, and several colleges and universities, as well as CDC's role in regulating select agents. In FY 2004, the OIG followed up on its original assessment of security controls at Departmental laboratories and found that the Agencies had implemented, or developed plans to implement, most of its prior recommendations. Because legal requirements for the possession of select agents have become more stringent and detailed in the last several years, the OIG plans to conduct additional audits to determine if the entities using select agents have security programs that comply with these requirements and to assess CDC's regulatory oversight. The OIG also initiated reviews to examine hospitals' planning and preparedness to deal with surge capacity (an overwhelming number of human casualties and injuries) in the event of a bioterrorist event as part of their use of HRSA Hospital Bioterrorism program funding; State health departments' 24-hour, 7-day-per-week urgent disease reporting systems; and accountability for funds under the Hospital Bioterrorism program and the CDC Bioterrorism Cooperative Grant. Additionally, with the Department of Homeland Security and Environmental Protection Agency OIGs, the HHS OIG will evaluate respective roles for shared responsibility of implementation of the BioWatch program, which is a joint program of surveillance for environmental exposure caused by intentional release of biological agents. Assessment of Progress in Addressing the Challenge:HHS Agencies have sought additional resources and are working on corrective action plans responsive to OIG-reported concerns. Federal, State, and local health departments are striving to work cooperatively to ensure that potential bioterrorist attacks are detected early and responded to appropriately. CDC has taken steps to expand the availability of pharmaceuticals needed in the event of chemical, biological, or radiological attacks. States and localities are currently strengthening their bioterrorism preparedness programs, and recent increases in HHS funding address some of the OIG's concerns. However, the OIG continues to believe that the general readiness of State and local governments to detect and respond to bioterrorist attacks is below acceptable levels. Until the OIG confirms that its recommendations regarding laboratory security have been implemented, it also remains concerned about significant vulnerabilities in this area. Management Response:CDC: To address the challenges associated with public health emergencies and terrorist threats, CDC continues to intensify its efforts to increase the preparedness and response capacity of the Nation's public health system. CDC has taken steps to implement the changes recommended in the FY 2003 PAR. CDC's major contributions to this effort include:
FDA: The OIG previously conducted audits of 11 FDA laboratories, assessing physical security and security controls on the labs containing select agents. During their audits, the OIG made over 300 recommendations. In FY 2004, a series of follow-up audits were conducted by KPMG. KPMG's audits found that over 92 percent of the OIG's recommendations had been fully implemented by alternate actions, or were in the process of being implemented. FDA actions taken since KPMG's audit now put the number at over 96 percent. The FDA is continuing its efforts to strengthen the security of its select agent labs. These efforts include the installation of biometric readers, motion detectors, and closed circuit television cameras with digital recording for all FDA select agent laboratories. Additional closed circuit television cameras are being installed around laboratory building perimeters, parking lots, and loading docks. Management Challenge 4: Integrity of Medicare and Medicaid PaymentsManagement Challenge:For FY 2003, the Medicare, Medicaid and State Children's Health Insurance Program (SCHIP) benefit payments totaled about $433 billion, which represents payments by Medicare contractors, CMS, and Medicaid State agencies to health care providers for their services. In view of the 42 million Medicare beneficiaries, 42.9 million Medicaid enrollees, over 1 billion Medicare claims processed and paid annually, complex reimbursement rules, decentralized operations, and health care consumers who may not be alert to improper charges, the Medicare and Medicaid programs are at high risk for payment errors. Medicare From FY 1996 through FY 2002, OIG developed and reported on the annual Medicare Fee-for-Service paid claims error rate. In FY 2003, CMS assumed responsibility for the error rate development. In its 2003 financial report, CMS reported an adjusted error rate of 5.8 percent ($11.6 billion) and an unadjusted rate of 9.8 percent ($19.6 billion) for the FY. The unadjusted rate reflects an unusually high rate of nonresponse by the providers in the sample (54.7 percent) to requests for medical records. CMS believes that this was due to the impact of Health Insurance Portability and Accountability Act (HIPAA) privacy rules, record requests made by an unfamiliar entity, and general difficulties with providers' unresponsiveness to record requests. CMS adjusted the nonresponse rate to reflect OIG's years of experience with nonresponsiveness. Targeted audits and inspections by OIG and CMS itself continue to identify improper payments and problem areas in specific parts of the program. These reviews have revealed payments for unallowable services, inpatient hospital transfers to postacute care settings improperly coded as home discharges, community mental health center excessive outlier payments, and other types of improper payments. For example, the OIG found over $45 million in improper payments for equipment and supplies separately billed by durable medical equipment suppliers for beneficiaries residing in skilled nursing facilities. OIG and CMS discovered substantial abuses of medical equipment suppliers billing Medicare for power wheelchairs that were never delivered, equipment that was medically unnecessary, and billing for high-cost equipment when lesser-cost equipment was provided. Similarly, the OIG found that a major hospital had manipulated the Medicare rules for outpatient outlier payments, receiving a disproportionate share of these payments because of dramatic increases in billed charges. OIG audits continue to show that Medicare has serious internal control weaknesses in its financial systems and processes for producing financial statements. For example, the reporting mechanism that Medicare contractors use to reconcile and report funds expended depends heavily on inefficient, labor-intensive, manual processes subject to the increased risk of submitting inconsistent, incomplete, or inaccurate information to CMS. These matters are indicative of serious systemic issues that must be resolved. Assessment of Progress in Addressing the Challenge:The FY 2003 adjusted error rate is less than half of the 13.8 percent reported in FY 1996. CMS has demonstrated continued vigilance in monitoring the error rate and developing appropriate corrective action plans. In addition, due to CMS's work with the provider community to clarify reimbursement rules and to impress upon health care providers the importance of fully documented services, the overwhelming majority of health care providers follow Medicare reimbursement rules and bill correctly. CMS has taken a number of steps to strengthen Medicare coverage and reimbursement requirements to help curb inappropriate payments. For example, CMS has agreed to establish or enhance billing controls to ensure compliance with the consolidated billing provision, identify "best practices" in both consolidated billing and postacute care transfers, and aggressively scrutinize new applications for durable medical equipment supplier numbers. CMS received an unqualified opinion on its 2003 financial statements. However, the lack of a fully integrated financial management system and insufficient oversight of the Medicare contractors continued to impair the reporting of accurate financial information. Weaknesses were identified in general and application controls at Medicare contractors, at data centers where Medicare claims are processed, at sites that maintain the "shared" application system software used in claims processing, and at the CMS central office. In addition, although there were improvements in CMS's oversight of Medicare contractors, continuing weaknesses affected CMS's ability to analyze and accurately report financial information on a timely basis. To address these problems, CMS has initiated steps to implement the Healthcare Integrated General Ledger System (HIGLAS), expected to be fully operational at the end of FY 2007. In the interim, corrective action is needed to address persistent weaknesses in internal controls throughout the Medicare system. Medicaid Payment accuracy in the Medicaid program helps ensure fairness across all State Medicaid programs and also ensures that State and Federal health care dollars reach and achieve their maximum intended health care purposes. Until recently, little was known about payment error rates in the Medicaid program. This represents a substantial vulnerability in preventing fraud, waste, and abuse perpetrated by health care providers. Understanding errors is particularly difficult due to the varied nature of State programs and their unique administrative and control systems. In addition to provider payment fraud and abuse, the OIG is aware of significant problems in State Medicaid financing arrangements involving intergovernmental transfers, upper payment limits, and disproportionate share payments to hospitals. The OIG found that some States inappropriately inflated the Federal share of Medicaid by billions of dollars by requiring public providers to return Medicaid payments to the State governments through intergovernmental transfers. Once the payments were returned, the States used the funds for other purposes, some of which were unrelated to Medicaid. Although this abusive practice could potentially occur with any type of Medicaid payment to public facilities, and is not legally prohibited, the OIG identified serious problems with this practice in Medicaid enhanced payments available under upper payment limits and Medicaid disproportionate share hospital payments. These Federal/State enhanced payments are made to nursing homes or hospitals, and these facilities then return the monies to the States through intergovernmental transfers. Assessment of Progress in Addressing the Challenge:In July 2001, CMS invited States to participate in a demonstration project to develop a payment accuracy measurement (PAM) methodology for Medicaid, i.e., a single methodology that can produce both State-specific and national level payment error estimates for Medicaid and SCHIP. The PAM model was later modified to comply with the new requirements of the Improper Payments Information Act of 2002. CMS will produce the final specifications for the CMS model of the PAM project at the conclusion of year 3. As required by the Improper Payments Information Act, the new model refers to erroneous payment and/or payment error, not payment accuracy. FY 2004 is the final year of pilot testing. On June 20, 2003, CMS solicited proposals from States interested in voluntarily participating in year 3 (FY 2004) of the PAM project. Twenty-seven States in total received PAM project grants to test the CMS model in their Medicaid and/or SCHIP programs. Year 3 was the first year SCHIP programs were included in the PAM project. The PAM project will be implemented nationwide in FY 2006 through regulation and renamed the Payment Error Rate Measurement (PERM) program. CMS will require all States to participate in PERM beginning in October 2005 (FY 2006). This year the OIG has reviews underway to oversee and monitor the PAM project and States' implementation of the core requirements. To curb abuses in the State Medicaid financing arrangements, CMS issued "Final Rules" (effective March 13, 2001, November 5, 2001, and May 14, 2002), which modified upper payment limit regulations in accordance with the Benefits Improvement and Protection Act of 2000. The regulatory actions created three aggregate upper payment limits-one each for private, State, and non-State government-operated facilities. The new regulations will be gradually phased in and become fully effective on October 1, 2008. CMS projects that these revisions combined will save $90 billion in Federal Medicaid funds over the next 10 years. However, when fully implemented, these changes will only limit, not eliminate, the amount of State financial manipulation of the Medicaid program because the regulations do not require that the targeted facilities retain the enhanced funds to provide medical services to Medicaid beneficiaries. The OIG also believes that the transition periods included in the regulations are longer than needed for States to adjust their financial operations. CMS has developed procedures for conducting financial management reviews to ensure State accountability with respect to disproportionate share payments to hospitals. The OIG is continuing audit work in this area and will recommend program improvements once the work is completed. Management Response:The OIG's assessment of progress for addressing this challenge is correct. CMS is working aggressively with the Comprehensive Error Rate Testing contractor and the OIG to follow up with providers to reduce the nonresponse rate in the development of the annual Fee-for-Service payment error rate. In addition, CMS initiated "Operation Wheeler Dealer" to reduce fraud and abuse in supplier billing of power wheelchairs. CMS plans to issue improved guidance to clarify power wheelchair coverage, enhance coding requirements, and facilitate billing through a consolidated mobility Certificate of Medical Necessity. On July 13, 2004, CMS solicited proposals from States interested in voluntarily implementing the PERM pilot program. The States will review a small sample of Medicaid and SCHIP claims and determine a payment error rate. CMS also published a "Proposed Rule" on August 27, 2004, which would require States to annually estimate their payment error rate in the Medicaid and SCHIP programs. Management Challenge 5: Nursing FacilitiesManagement Challenge:With the large number of people approaching retirement, there is a significant need to remain vigilant in ensuring quality of care on behalf of long-term care beneficiaries so that Federal dollars are well spent purchasing appropriate care for nursing home recipients today and in the future. OIG has had longstanding concerns regarding payment and quality issues in nursing facilities. Many family members are uncertain about the quality of nursing home care provided to their loved ones. Indeed, in prior work, the OIG found increases in the total number of deficiencies and in the proportion of nursing homes being cited for substandard care deficiencies. In addition, OIG work identified inconsistencies in how deficiencies are cited by the various State survey agencies, which resulted from variations in survey focus, unclear guidelines, lack of a common review process for draft survey reports, and high turnover of surveyor staff. Nursing home residents and their families may not be receiving the most current information regarding the quality of care in nursing homes. For example, in the OIG's recent evaluation of the accuracy of the information in the Medicare Nursing Home Compare website, while it noted that almost all Medicare and Medicaid nursing homes were included in this database, 19 percent of these nursing homes had one or more surveys missing. OIG continues to find vulnerabilities in programs that are to ensure quality and protect residents of nursing homes. When it examined the accuracy of the nurse aide registries maintained by States, it found that some States failed to adequately update registries with information on substantiated adverse findings against nurse aides. In fact, some individuals with criminal records in one State were actively certified in other States, and some in multiple States. Without accurate nurse aide registry information, nursing homes may inadvertently hire aides who have committed such offenses as abuse, neglect, and theft, thus placing residents at considerable risk. Most recently, the OIG completed the first in a series of reports related to enforcement actions used by CMS and States to address deficiencies in quality of care or safety standards. In this report, it found that while $81.7 million in civil monetary penalties (CMP) were imposed during 2000 and 2001, CMS had collected only $34.6 million (42 percent) by the end of 2002. Low imposition rates and slow and/or difficult collection efforts may minimize the effect that CMPs ultimately have on noncompliant facilities. The OIG is concerned that enforcement mechanisms may not be working in a sufficiently effective manner to bring nursing homes with serious deficiencies back into compliance in the interest of quality of care for residents. Some nursing home care problems are so serious that they constitute "failure of care" and thereby implicate the False Claims Act. OIG continues to work with U.S. Attorneys' Offices and the Department of Justice on development and settlement of these egregious cases. It develops exclusion actions against individuals and entities whose actions cause the furnishing of poor care, with particular emphasis on higher-level officials of nursing facilities and chains. The OIG continues to negotiate quality-of-care Corporate Integrity Agreements (CIAs) as part of the settlement of such False Claims Act cases. All of these CIAs require an outside monitor and include effective enforcement remedies for breach of the CIA, such as specific performance, stipulated penalties, and exclusion. Currently there are 10 active quality-of-care CIAs that cover approximately 1,000 nursing facilities. Additionally, the OIG ensures that long-term care providers are implementing quality-of care-CIAs appropriately. It continues to fine-tune provisions of the quality-of-care CIAs and to develop uniform guidelines and practices for quality monitors and means of measuring success of existing CIAs. OIG is continuing to devote considerable resources to monitor the overall quality of care provided in nursing homes, track the adequacy of enforcement actions, and evaluate the adequacy of processes designed to safeguard nursing home residents. While its work is generally directed to assessing the effectiveness of Medicare and Medicaid nursing home quality-of-care enforcement and assurance systems, the OIG is also conducting inspections to identify and describe promising practices being undertaken by nursing homes to improve the care and quality of life of their patients. OIG is also concerned whether payments to nursing homes are made correctly and whether the funds are being used for patient care-related activities. It is now examining the adequacy of Medicaid payments to nursing facilities in States that have enhanced payment programs for public nursing facilities. As part of these studies, the OIG is determining whether Medicaid reimbursements to States for nursing home care are being diverted from the nursing homes to other State programs. For instance, the OIG found that a nursing home in New York State was required by the State and county to return about 90 percent of its enhanced funding, despite the fact that the nursing home had received the most unfavorable rating that a State can issue. If the nursing home had retained more of its enhanced funding, it might have provided better quality of care. Assessment of Progress in Addressing the Challenge:CMS has undertaken several initiatives to strengthen the survey and certification process. For example, it has developed clearer guidance for State survey agencies that will enable their surveyors to better identify specific deficiencies and investigate whether a deficiency is a result of substandard care. It also plans to provide additional guidance to these agencies to improve their complaint investigation process. Additionally, CMS indicated that it would require State agencies to verify the most recent inspection results, which are contained on the Nursing Home Compare website. Management Response:CMS has engaged a number of approaches to improve and refine a number of survey and certification actions, protocols, survey tools, and State agency guidance/instruction. The OIG has touched on a number of concerns ranging from enforcement actions, Nursing Home Compare data, inconsistencies in deficiency citations, and the nurse aide registries. In Fall 2004, CMS will implement, in all States, a new, electronic automated enforcement manager for all types of enforcement actions in nursing homes. CMS and States annually conduct a vast number of on-site visits or investigations to the Nation's nursing homes. Investment in critical infrastructure to ensure appropriate tracking and management of enforcement actions, though usually "unseen" and unglamorous, is vital. Implementation of the electronic enforcement manager represents an important milestone. The work of Federal and State officials has resulted in a survey and certification process that is demonstrably better than in the past. For example, CMS' new State Performance Standards System provides specific feedback to States on 18 different indicators (seven main measures plus multiple submeasures). Considerable progress has been made in a number of quality measures for nursing homes. These include reducing restraints, (reduced by about 15 percent from 1999 through 2003), reducing the prevalence of dehydration (reduced by about 41 percent), and reducing the prevalence of weight loss (down about 10 percent). The OIG finding that 19 percent of the nursing homes on Nursing Home Compare website had one or more surveys missing, initially concerned CMS greatly. However, CMS has since determined that most of the "missing" data were instead "slow or delayed" data, and that the ability of consumers to rely on the website is not significantly impaired as a result. CMS would further note that, while OIG uses the term "late data entry," such inputs are not always "late." Informal dispute resolution requirements, appeals, settlements, and other factors may require an interruption of the process while nursing homes are afforded due process. The data are entered when it is appropriate according to any additional time that was used by the adjudication process. To address the above phenomena, CMS posts the most recent past three surveys. In terms of the OIG's recommendations on the vulnerabilities associated with the failures to adequately update State nurse aide registries, CMS has provided the State agency directors guidance and instruction on the law and CMS policy, as well as the importance of the nurse aide registries. The guidance included instructions that: (1) all findings of abuse, neglect, and misappropriation of resident property must be included in the nurse aide registry by the State survey agency within 10 working days of the finding, and (2) the names of nurse aides who have performed no nursing or nursing-related services for 24 consecutive months must be promptly removed from the nurse aide registry. In addition, through its regional offices, CMS will formalize expected follow up with some of the States that seem to have the most serious problems in maintaining an effectively functioning nurse aide registry system. Management Challenge 6: Grants ManagementManagement Challenge:Departmental discretionary grants, estimated to total over $37 billion in FY 2004, must be used appropriately to achieve their intended purposes. Many HHS Agencies rely on the grant and cooperative agreement mechanisms as pivotal tools in meeting mission objectives, such as providing critical health and social services to underserved individuals, researching the causes and treatments of disease, elevating the social and economic status of vulnerable populations, and supporting the nationwide infrastructure for the health surveillance and prevention network. These programs are numerous and diverse, and vigilance is required to ensure that specific awards are well managed and free of abuse, and that the monitoring systems used to manage them can identify and respond to management challenges and improper behavior, including possible conflicts of interest that could undermine the integrity of the grant process. It is incumbent upon HHS to award these funds to the most worthy and competent organizations and to adequately monitor program performance and results, as well as the use of Federal funds. Because of these inherent vulnerabilities, the OIG initiated reviews that focus on the effectiveness and efficiency of management controls over Federal grants. The OIG is systematically studying several HHS Agencies' grant-making and oversight processes. At the same time, it is assessing individual grantees' program performance-based outcomes and stewardship of funds. This strategy is designed so that findings and recommendations derived at the Agency level can be used in examinations at the grantee and subgrantee level and vice versa. Thus far, primarily through its recent reviews of Acquired Immunodeficiency Syndrome/Human Immunodeficiency Virus (HIV/AIDS) grants programs, the OIG has found inadequate performance on the part of some grantees in achieving grant objectives, limited required reporting to Federal offices on progress in meeting program objectives, and the misuse of grant funds. In addition, the OIG noted poor oversight on the part of Federal program offices and inadequate follow up on significant identified problems. The OIG also conducted oversight work at NIH, examining the causes and impact of late awards by NIH and late closeouts by grantees. The OIG made several recommendations to NIH to improve the timeliness of awards and to better monitor the closeout process. The OIG has initiated several related reviews, including reviewing the extent to which the Administration for Children and Families (ACF) ensures adequate State monitoring of subgrantees in the Foster Care program; examining the use of the Departmental Alert List of high-risk grantees as a grants management tool by CDC and HRSA; and determining the extent to which single audits assess universities' compliance with time and effort reporting requirements among NIH grantees. The OIG has a special interest in controls related to ethical considerations. It is imperative that program administrators and grantees adhere to ethical standards that preclude conflicts of interest that could negatively affect program outcomes. Both the grantees and the HHS program administrators must be ever-vigilant to ensure that conflicts of interest are prevented in the extramural research arena. The importance of safeguarding the integrity of HHS research dollars was recently illustrated by an audit of a HRSA cooperative agreement implementing an HIV/AIDS peer treatment education program at a major university. The OIG found that the university had not resolved a conflict of interest situation in which the program's co-principal investigator was at the same time a university employee hired specifically for the program and also the chief executive officer of the subcontractor. At a minimum, this "one person wearing two hats" situation gives the appearance that the expenditure of Federal funds was not adequately safeguarded. The school agreed to strengthen its procedures for identifying, reviewing, and resolving potential and actual conflicts of interest. As the OIG continues to investigate conflicts of interest at the grantee level, it recognizes a corresponding need to ensure that Departmental systems are also effective in preventing and detecting internal conflicts of interest and is encouraging maximum compliance by HHS employees. The OIG expects to issue the results of its assessments at both the grantee and Departmental levels in FY 2005. Because of their critical nature, these assessments will be reported separately from the OIG's grant management work. Assessment of Progress in Addressing the Challenge:Through the government-wide Federal Grant Streamlining program, the HHS grant management environment is undergoing significant changes. The program is intended to implement the Federal Financial Assistance Management Improvement Act of 1999 (Public Law (P.L.) 106-107), which requires agencies to improve the effectiveness and performance of their grant programs, simplify the grant application and reporting process, improve the delivery of services to the public, and increase communication among entities responsible for delivering services. The initiative requires grant officials to examine the way they do business, focusing not only on streamlining the grant process but also on ensuring that results are achieved and Federal funds are used appropriately for the maximum benefit of program recipients. Additionally, it is crucial that HHS agencies adequately manage and monitor their grantees and, to the extent possible, their subgrantees' program performance and require fiscal accountability. Management Response:The Office of Grants Management and Policy (OGMP), under the Office of the Assistant Secretary for Administration and Management, continues to conduct a variety of Departmental activities which complement the various studies being conducted by OIG. OGMP activities include targeted reviews of HHS grant programs, P.L. 106-107 activities to streamline the grants process, Grants.gov to allow grant applicants the ability to find and apply for grant opportunities in one place, balanced scorecard (BSC) surveys to measure the reliability of grant administration processes across the Department, collaboration with OIG to improve Agencies' use of the Alert List, and Departmental review of funding opportunity announcements. OGMP has initiated targeted reviews to ensure that grant practices are in compliance with established Departmental grant policies and regulations. These reviews focus on evaluating preaward processes, examining postaward monitoring activities (including performance and financial report submissions), improving consistency between Agencies, and identifying best practices to share across the Department. To date, the reviews have identified mismatches in policy documents and flawed business processes, as well as some Agency-specific practices that could serve as models across the Department. OGMP has worked collaboratively with OIG in conducting targeted reviews, so that each office is kept abreast of the various grant oversight activities and reviews being conducted. Beginning in FY 2005, OGMP will advise Agencies of those discretionary grant programs that have been designated for review in the upcoming fiscal year. In FY 2006, OGMP plans to increase the number of grant program reviews conducted annually. Also, the results of the OIG reviews and studies are being analyzed by OGMP so that appropriate strategies for generalizing solutions across programs can be developed and shared through effective training modules with Departmental staff responsible for monitoring grantee and subgrantee performance based outcomes and stewardship of funds. Through effective training, Departmental staff will be able to achieve improvement in these areas. HHS' Grants Management BSC is a self-administered review protocol enabling HHS Agencies to assess perceptions of performance by soliciting feedback from a variety of internal and external users/customers. The results provide indicators as to how well an HHS Agency is performing a variety of preaward and postaward grant monitoring activities, enabling HHS Agencies to develop and implement action plans to address areas targeted for improvement. Beginning in second quarter FY 2005, all HHS Agencies will administer Phase One of the BSC (which consists of internal HHS Agency surveys; Phase Two consists of external surveys of grant recipients). HHS Agencies' results from this second initiation of BSC surveys will be compared to those results from the 2003 survey results (where applicable). HHS Agencies such as HRSA, AHRQ, and AoA, for example, developed and implemented process improvements after the 2003 surveys. OGMP anticipates that their improvements will be reflected in the 2005 round of surveys. Grants.gov is a government-wide electronic government (e-Gov) initiative managed by HHS, working in collaboration with the 26 Federal grant-making agencies. The deployment of the Grants.gov portal was a major step taken to migrate all Federal agencies to the envisioned system called for by the President's Management Agenda and P.L. 106-107. Deployment of the portal assists the Agencies in meeting their mission objectives by providing a common system to support interactions with the grants community, which includes potential applicants, applicants, and grantees. Grants.gov's Find functionality (www.grants.gov/Find) allows Federal agencies to post discretionary grant opportunities on Grants.gov and potential applicants to conduct a search of these opportunities. Since October 2003, all grant-making agencies have posted their discretionary funding opportunities on Grants.gov. As of October 5, 2004, over 4,200 Federal discretionary grant opportunities have been posted. HHS has posted approximately 1,430 opportunities since October 2003. Grants.gov's Apply functionality (www.grants.gov/Apply) allows Federal agencies to post their application packages on Grants.gov, and allows applicants to download the application package and complete it offline based on agency instructions. After applicants have completed all required forms, they can electronically submit the package to Grants.gov. Upon receipt of the application, Grants.gov sends an electronic acknowledgment to the applicant and delivers the application to the Agency. The Grants.gov Apply functionality was launched in October 2003. As of October 5, 2004, approximately 185 application packages have been posted by Federal agencies and 1,090 electronic applications have been received from the grants community. HHS has posted 120 application packages and received 657 electronic applications. HHS has also developed a "ramp up" schedule for posting application packages on Grants.gov, and has scheduled or completed system-to-system integration testing with ACF, HRSA, and NIH. The HHS grants management environment is continuing to undergo changes. The grant streamlining initiative is a government-wide effort required by P.L. 106-107, which requires all Federal agencies to improve the effectiveness and performance of their grant programs, simplify the grant application and reporting process, improve the delivery of services to the public, and increase communication among entities responsible for delivering services. As the lead agency in this multi-year initiative, HHS continues to provide both strategic oversight for the Act's implementation as well as a leadership role in the various streamlining and simplification work groups. Achievements to date include, but are not limited to: (1) the establishment of the Grants.gov Find data elements for the Grants.gov portal which allows applicants to find grant opportunity announcements in one centralized location (Grants.gov); (2) the Standard Grant Announcement Template which enforces a single way of formatting grant funding announcements across the 26 grant-making agencies; (3) registration with Dun and Bradstreet for a DUNS number, thereby allowing all grantees to have a single unique identification number across the government. This will enhance the traceability of grant funds from Federal agency to Federal agency; (4) consolidation of all OMB guidance and Federal agency implementing regulations to a new Title (2 CFR) so that grant applicants and awardees can look to one place to find the Federal grant administrative policies and regulations; and (5) a new Circular A-133, Audits of States, Local Governments, and Non-Profit Organizations' single audit threshold of $500,000 in order to decrease the single audit burden on very small grantee organizations. OGMP within HHS leads this effort through collaboration with all 26 Federal grant-making agencies and Grants.gov in order to realize the requirements for P.L. 106-107; and has several internal HHS Executive Committee on Grants Administration and Policy subcommittees that specifically address the implementation of P.L. 106-107 and Grants.gov within the Department. HHS, in collaboration with OIG, is working to improve Agency use of the HHS Alert List as a grants management tool. HHS maintains its Alert List in order to notify all HHS awarding offices of entities considered "high risk/special award conditions" by one or more awarding offices and/or those for which the OIG has issued an alert. This allows other Agencies to decide whether they should include special terms and conditions in awards they make to the same entity. If an award contains special conditions, the HHS Agencies must ensure that the grantee is aware of those conditions and understands the action that is necessary to satisfy them. Furthermore, HHS Agencies develop a corrective action plan with the affected grantee, monitor improvement, and assess, at the conclusion of the corrective action period, whether the special award conditions can be removed. As one of several initiatives designed to ensure that the Department meets the President's Management Agenda goal for improving the management and performance of the Federal Government, OGMP was authorized by the Secretary to conduct a Departmental review of grants management activities involving the pre-award process. Special interest was given to the development of funding announcements in order to afford greater efficiencies and increased accountability, and ensure that announcements are consistent with regulations and Departmental policies. The Departmental review has identified various recommendations for improvements in announcement preparation and presentation, which have subsequently been promulgated through a directed action transmittal to the awarding components. The FY 2004 review had a special focus to ensure that Agencies' funding opportunity announcements were compliant with OMB's new policy directive requiring the use of a government-wide standard program announcement format. All HHS Agencies are implementing the standard format and, as a result, program announcements have greater consistency across the Department. In FY 2005, the next steps will be integrating "Topic Area" comparisons between Agencies into the reviews, having 100 percent compliance with OMB requirements including use of Grants.gov and the OMB standard announcement format, and any additional requirements directed by OMB as the result of ongoing P.L. 106-107 initiatives. HHS and OGMP have implemented various methods for assuring compliance to 5 CFR 2635, Standards of Ethical Conduct for Employees of the Executive Branch. HHS has a financial disclosure and outside activities approval requirement that all grants management and program officials within the Department (who have responsibilities that affect non-Federal entities) must complete in order to anticipate/avoid any conflicts or interest. In addition, HHS has an ethics training requirement that all HHS management must adhere to on an annual basis. OGMP has a grants management training course entitled "New Orientation for Quality Grants Management" that has a module/video on grantsmanship ethics. This training course has been required for Level I grants management certification. Further, OGMP encourages grants management offices to perform grants management financial/business process site visits to the grantees in order to identify any financial/business process internal control weaknesses. If weaknesses are found, grantees are required to submit corrective action plans which, if necessary can be, placed in the terms and conditions of the grant award. Ineffective compliance to the correction of a "weakness" as identified in the terms and conditions can result in a suspension or termination of the grant. All of the initiatives referenced above require grant officials throughout the Department to examine their current business processes. The Department anticipates that through the implementation of the aforementioned initiatives, grant officials will not only focus on streamlining the various HHS grant processes but, also ensure that: (1) appropriate methods are put in place to achieve programmatic goals and objectives, (2) collection and distribution of meaningful evaluation data will be enhanced, and (3) effective stewardship of all Federal funds will be achieved. Management Challenge 7: Protection of Critical Systems and InfrastructureManagement Challenge:Through Presidential Decision Directive 63, the Federal Information Security Management Act (FISMA), and Homeland Security Presidential Directive 7, the Federal Government has been mandated to assess the controls in place to protect assets critical to the Nation's well-being and to report on their vulnerability. The events of September 11, 2001 greatly heightened the importance of protecting the physical and cyber-based systems essential to the minimum operations of the economy and the government. However, reviews at contractors, grantees, HHS Agencies, and States continue to disclose significant impediments to the creation of an effective security program. HHS also faces the additional challenge of ensuring the privacy of medical records in electronic systems and transmissions, as required by HIPAA of 1996, effective April 14, 2003. Assessment of Progress in Addressing the Challenge:HHS has made progress in securing the most critical of essential assets, both physical and cyber-based, such as Department laboratories, computer systems, and data communication networks. Core requirements for security controls were established and distributed, and systems architecture documents are being developed. However, recent OIG assessments found numerous control weaknesses in entitywide security; access controls; service continuity; application security, development, and program change control; and segregation of duties. A collective assessment of deficiencies in Medicare systems resulted in the reporting of a material weakness in the FY 2003 HHS financial statement audit. Although the OIG has not found any evidence that these weaknesses have been exploited, they leave HHS vulnerable to unauthorized access to and disclosure of sensitive information, malicious changes that could interrupt data processing or destroy data files, improper payments, or disruption of critical operations. The OIG's FY 2004 FISMA reviews identified a significant deficiency for contingency planning. While continuing to assess Medicare and Medicaid systems controls, OIG reviews will place new emphasis on compliance with HIPAA privacy rules and on security plans as new systems are developed, such as the Unified Financial Management System (UFMS) and HIGLAS. Management Response:FDA: Over the course of this past year, the FDA Information Technology (IT) program has undergone significant restructuring, in which all aspects of FDA IT have been reorganized under the Office of the Chief Information Officer (CIO), with full IT operations and budget responsibility residing with the FDA CIO. The resulting organization provides a structure that lends itself to better information security program management, the propagation of standards, and consistent processes across FDA IT. As this IT organization evolves over time, these processes will become a more disciplined approach in the day-to-day operations, application development, and strategic vision of FDA IT. Recently, the FDA has worked in conjunction with HHS and the Department of Homeland Security to identify and validate those FDA IT assets that support nationally critical functions and services. This validation process identified several nationally critical assets which, if unavailable, would have an unacceptably debilitating impact on FDA's ability to efficiently and effectively promote and protect the public health. Additional review has helped FDA to identify critical dependencies and single points of failure in system and business processing, to improve strategic and operational plans for ensuring mission accomplishment, to increase the security posture of those critical assets, and to integrate those nationally critical assets into the overall HHS and FDA business continuity and disaster recovery (DR) efforts. The FDA understands the importance of having a robust DR capability and has taken a system-level approach to contingency planning and DR to date. Currently, system-specific contingency plans have been developed to provide guidance and procedures for restoring required functionality to damaged systems. The FDA Office of the CIO has formed a DR working group with the goal of developing an Agency-wide DR capability, focusing initially on nationally critical FDA systems and infrastructures, and expanding over time to all FDA mission critical assets. This DR working group is collaborating with the FDA Business Process planning group to identify prioritized mission-critical functions, and their supportive IT systems. To ensure continued mission support in the event of a disaster, FDA is also seeking a secondary data processing facility for DR outside of the Washington, DC metropolitan area. Having such a capability provides needed assurance that FDA can continue timely support of its mission commitments, including its nationally critical and bioterrorism responsibilities. FDA has attempted, in previous years, to advance that capability by arranging for an alternate data processing facility. However, that acquisition has proven problematic because from a single Agency perspective acquiring the site and meeting logistic requirements remain prohibitively expensive. As a result, FDA has requested assistance from HHS' CIO in leveraging the combined buying power of the Department while still meeting specific Agency needs, as this makes the strongest and most effective business case for HHS and FDA. NIH: As a participant in the "Secure One HHS" IT security program, NIH has implemented several Agency initiatives to support its research mission and operating environment. Examples are provided below:
|
|
