Recommendation: The Office of Special Counsel should require federal employees who are filing whistleblower disclosures or retaliation complaints to identify on their complaint forms their status as a permanent or probationary employee.

Agency: Office of Personnel Management: Office of Special Counsel
Status: Open

Comments: When we confirm what actions the agency has taken in response to this recommendation, we will provide updated information.

Recommendation: The DOD Inspector General should coordinate with the IGs of the military services to take additional actions to improve performance against unmet timeliness goals. This includes steps to improve performance of senior official misconduct investigations and military service reprisal intakes, and to resolve disagreement on notifications. (Recommendation 1)

Agency: Department of Defense
Status: Open

Comments: The DOD Inspector General concurred with this recommendation, and in December 2019 reported to the Chairs of the Senate and House Armed Services Committees that the DOD and military service Inspectors General had convened a working group to coordinate performance improvement on unmet timeliness goals. According to the IG, the working group's recommendations are being incorporated into uniform standards for reprisal investigations that are expected to be finalized in the second quarter of fiscal year 2020. We will update the status of this recommendation once we confirm what actions the department has taken.

Recommendation: The Air Force Inspector General should establish procedures to fully reflect and implement DOD policy on the protection of whistleblower confidentiality. (Recommendation 3)

Agency: Department of Defense
Status: Open

Comments: The Air Force Inspector General concurred with this recommendation, and the DOD Officer of Inspector General stated in December 2019 that the Air Force Inspector General was in the process of implementing it. We will update the status of this recommendation once we confirm what actions the department has taken.

Recommendation: The Marine Corps Inspector General should establish procedures to fully reflect and implement DOD policy on the protection of whistleblower confidentiality. (Recommendation 4)

Agency: Department of Defense
Status: Open

Comments: The Marine Corps Inspector General concurred with this recommendation, and the DOD Office of Inspector General stated in December 2019 that the Marine Corps Inspector General was in the process of implementing it. We will update the status of this recommendation once we confirm what actions the department has taken.

Recommendation: The Naval Inspector General should establish procedures to fully reflect and implement DOD policy on the protection of whistleblower confidentiality. (Recommendation 5)

Agency: Department of Defense
Status: Open

Comments: The Naval Inspector General concurred with this recommendation, and the DOD Office of Inspector General stated in December 2019 that the Naval Inspector General was in the process of implementing it. We will update the status of this recommendation once we confirm what actions the department has taken.

Recommendation: The DOD Inspector General should consider interim actions as the whistleblower enterprise case management system is being developed to help ensure that access to sensitive whistleblower information in the current case management system and associated document repository is limited to information that is necessary to accomplish assigned tasks. (Recommendation 6)

Agency: Department of Defense
Status: Open

Comments: The DOD Inspector General concurred with this recommendation, and stated in December 2019 that the DOD Office of Inspector General was in the process of implementing it. We will update the status of this recommendation once we confirm what actions the department has taken.

Recommendation: The DOD Inspector General should coordinate with the IGs of the military services to develop a plan to fully restrict case access in the future whistleblower enterprise case management system so that user access is limited to information necessary to accomplish assigned tasks in accordance with organizational missions and business functions. (Recommendation 7)

Agency: Department of Defense
Status: Open

Comments: The DOD Inspector General concurred with this recommendation, and in December 2019 reported to the Chairs of the Senate and House Armed Services Committees that the future whistleblower case management system would incorporate design limits providing for access to information only by personnel necessary to accomplish assigned tasks in accordance with organizational missions and business functions. According to the IG, the system is scheduled to deploy in the third quarter of fiscal year 2020. We will update the status of this recommendation once we confirm what actions the department has taken.

Recommendation: The DOD Inspector General should enhance its process for periodically reviewing whistleblower case management system and document repository user privileges by including steps to ensure that such privileges remain valid after system updates, as appropriate. (Recommendation 8)

Agency: Department of Defense
Status: Open

Comments: The DOD Inspector General concurred with this recommendation, and stated in December 2019 that the DOD Office of Inspector General was in the process of implementing it. We will update the status of this recommendation once we confirm what actions the department has taken.

Recommendation: The Air Force Inspector General should consider interim actions as the whistleblower enterprise case management system is being developed to help ensure that access for users of existing applications is limited to information that is necessary to accomplish assigned tasks in accordance with organizational missions and business functions. (Recommendation 9)

Agency: Department of Defense
Status: Open

Comments: The Air Force Inspector General concurred with this recommendation, and stated in December 2019 that an update scheduled for the end of April 2020 would enhance access control measures in its existing applications. We will update the status of this recommendation once we confirm what actions the department has taken.

Recommendation: The Army Inspector General should consider interim actions as the whistleblower enterprise case management system is being developed to help ensure that access for users of existing applications is limited to information that is necessary to accomplish assigned tasks in accordance with organizational missions and business functions. (Recommendation 10)

Agency: Department of Defense
Status: Open

Comments: The Army Inspector General concurred with this recommendation, and the DOD Office of Inspector General stated in December 2019 that the Army Inspector General was in the process of implementing it. We will update the status of this recommendation once we confirm what actions the department has taken.

Recommendation: The Marine Corps Inspector General should develop a plan to ensure that its redesigned whistleblower case management application restricts user access to information based on what is needed to accomplish assigned tasks in accordance with organizational missions and business functions. (Recommendation 11)

Agency: Department of Defense
Status: Open

Comments: The Marine Corps Inspector General concurred with this recommendation, and the DOD Office of Inspector General stated in December 2019 that the Marine Corps Inspector General was in the process of implementing it. We will update the status of this recommendation once we confirm what actions the department has taken.

Recommendation: The Naval Inspector General should consider interim actions as the whistleblower enterprise case management system is being developed to help ensure that access for users of existing applications is limited to information that is necessary to accomplish assigned tasks in accordance with organizational missions and business functions. (Recommendation 12)

Agency: Department of Defense
Status: Open

Comments: The Naval Inspector General concurred with this recommendation, and the DOD Office of Inspector General stated in December 2019 that the Naval Inspector General was in the process of implementing it. We will update the status of this recommendation once we confirm what actions the department has taken.

Recommendation: The Administrator of CMS should provide fraud-awareness training relevant to risks facing CMS programs and require new hires to undergo such training and all employees to undergo training on a recurring basis. (Recommendation 1)

Agency: Department of Health and Human Services: Centers for Medicare and Medicaid Services
Status: Open

Comments: The agency agreed with this recommendation. In July 2018, CMS reported that it is strengthening its efforts to ingrain fraud risk management principles throughout the Agency and is developing a training video, module, and curriculum to train staff agency-wide on fraud risks. In November 2019, CMS provided fraud-awareness training videos for new and current CMS employees. GAO requested and is awaiting documentation to show mandatory nature and annual frequency of the training in order to assess the extent to which the training is consistent with leading practices in fraud risk management.

Recommendation: The Administrator of CMS should conduct fraud risk assessments for Medicare and Medicaid to include respective fraud risk profiles and plans for regularly updating the assessments and profiles. (Recommendation 2)

Agency: Department of Health and Human Services: Centers for Medicare and Medicaid Services
Status: Open

Comments: Agency agreed with this recommendation. In July 2018, CMS reported that it has initiated the fraud risk assessment for some programs in Medicare, including the Medicare Diabetes Prevention Program expanded model. CMS also reported that it is also continuing to draft fraud risk profiles for the Comprehensive End-Stage Renal Disease (ESRD) Care model, the Comprehensive Primary Care Plus model, the permanent Medicare Shared Savings Program, and the new Medicare Beneficiary Identifier. Additionally, CMS reported that it is assessing the Quality Payment Program, established by the Medicare Access and CHIP Reauthorization Act of 2015 (MACRA), utilizing the GAO fraud risk assessment framework. We will continue to monitor CMS's progress in this area. In November 2019, CMS provided a diagram depicting CMS approach to assessing fraud risks and a document for Home Health Request for Anticipated Payment, stating that fraud risk assessments on Medicare Diabetes Prevention Program and Quality Payment Program are under development. We requested and are awaiting additional information on CMS's approach and plans for conducting fraud risk assessments in Medicare programs, including the reasoning for program selection, overall order, and anticipated timeframes.

Recommendation: The Administrator of CMS should, using the results of the fraud risk assessments for Medicare and Medicaid, create, document, implement, and communicate an antifraud strategy that is aligned with and responsive to regularly assessed fraud risks. This strategy should include an approach for monitoring and evaluation. (Recommendation 3)

Agency: Department of Health and Human Services: Centers for Medicare and Medicaid Services
Status: Open

Comments: Agency agreed with this recommendation. In November 2019, CMS reported on activities to conduct fraud risk assessments in Medicare programs (see Recommendation 2), however this work is ongoing and the recommendation remains open. Because completion of a fraud risk assessment is necessary before developing an antifraud strategy, this recommendation also remains open. We will continue to monitor CMS's progress in this area.

Recommendation: To help ensure that DOD is implementing the fraud, waste, and abuse prevention requirements to the OIGs, the Inspectors General of the Army, Navy, and Air Force should implement the requirements themselves or delegate the implementation of the requirements to the investigative services.

Agency: Department of Defense: Department of the Navy: Naval Inspector General
Status: Open

Comments: DOD concurred with the recommendation in its comments on the draft report. In June 2020, we requested information on the status of the recommendation. When we confirm the actions the Navy has taken, we will provide updated information.

Recommendation: To help ensure that DOD is implementing the fraud, waste, and abuse prevention requirements to the OIGs, the Inspectors General of the Army, Navy, and Air Force should implement the requirements themselves or delegate the implementation of the requirements to the investigative services.

Agency: Department of Defense: Department of the Army: Office of the Inspector General
Status: Open

Comments: DOD concurred with the recommendation in its comments on the draft report. As of July 2020, the Army had drafted a memorandum that would delegate the requirements to the investigative services or program office. We will update the status of this recommendation after the Army issues the final memorandum.