New York State Comptroller Thomas P. DiNapoli announced the following State Department and Agency audits were issued on July 13, 2023.
Click on the text highlighted in color to access the entire audit report.
Department of Health - Improper Medicaid Managed Care
Payments for Durable Medical Equipment, Prosthetics, Orthotics, and Supplies on
Behalf of Recipients in Nursing Homes (Follow-Up) (2023-F-12)
For Medicaid recipients enrolled in managed care, the Department of Health pays
managed care organizations (MCOs) a monthly premium for each recipient and, in
turn, the MCOs arrange for their health care services, including necessary
durable medical equipment, prosthetics, orthotics, and supplies (DMEPOS). For
recipients in nursing homes, Medicaid nursing home reimbursement rates
generally include the cost of most DMEPOS and separate payments for DMEPOS
should not be made when the cost of these items is included in the rate. The
initial audit, issued in April 2022, identified $9.6 million in potential
overpayments by MCOs for DMEPOS items that likely were already covered under
the all-inclusive rate. The follow-up report found DOH made some progress in
addressing the problems identified; however, additional actions are needed. In
particular, the Office of the Medicaid Inspector General, which investigates
and recovers improper Medicaid payments on behalf of the Department of Health,
needs to review and recover, as appropriate, the $9.6 million in DMEPOS claims
identified. Of the initial report’s four audit recommendations, one was
implemented, one was partially implemented, and two were not yet implemented.
Department of Taxation and Finance – Sales Tax Vendor
Registration Practices (Follow-Up) (2023-F-5)
Provisions of State Tax Law impose a tax on sales of tangible personal property
and certain services, and require vendors that make these sales, including
out-of-state sellers and online marketplaces, to register for a Certificate of
Authority (COA), collect the tax from customers, and remit the tax to the
State. The initial audit, issued in October 2021, found the Department of
Taxation and Finance could do more to ensure sales tax vendors that are
required to register do so. Auditors identified vendors that were denied a COA
but continued to operate and likely make taxable sales. In addition, auditors
found unregistered vendors submitted sales tax returns showing taxable sales.
The follow-up report determined the Department of Taxation and Finance made
progress addressing past issues identified and implemented the one
recommendation from the initial audit.
New York State Health Insurance Program – CVS Health –
Accuracy of Empire Plan Medicare Rx Drug Rebate Revenue Remitted to the
Department of Civil Service (2022-S-1)
The Department of Civil Service has contracted with CVS Health to administer
the Empire Plan’s prescription drug program. Under the Contract, CVS Health is
required to negotiate agreements with drug manufacturers for rebates,
discounts, and other consideration and remit the rebate revenue to Civil
Service. However, for the period January 2014 through December 2019, auditors
identified more than $10.7 million in rebates that CVS Health should have, but
did not, invoice or collect – and did not remit to Civil Service.
New York State Office for the Aging – Monitoring of
Select Programs (Follow-Up) (2023-F-2)
The New York State Office for the Aging (NYSOFA) helps New York residents aged
60 or older be as independent as possible for as long as possible through
support services that help them stay in their homes and avoid higher levels of
publicly financed care. In 2015, more than 10,000 older New Yorkers though were
on waiting lists for these services, which can include home health aides,
home-delivered meals, and transportation. As a result, the state earmarked $15
million each from 2019-2020 and 2021-2022 to address the waitlists. However,
NYSOFA fell short on delivering all the funding, and of the $30 million, $5.9
million went unspent by agencies who provide services at the county level. The
follow-up found that limited progress had been made by NYSOFA to both fund
services properly and improve its oversight of the Area Agencies on Aging
(AAA). Of the initial report’s five audit recommendations, three were partially
implemented and two were not implemented.
Office of Information Technology Services – Windows
Domain Administration and Management (2022-S-19)
As part of its services, the Office of Information Technology Services (ITS)
maintains Active Directory domains on behalf of the state’s Executive agencies.
Each Active Directory uses servers, or domain controllers, to manage the access
and authentication of stored user credentials, determining who can access file
servers and other network resources. Since the Active Directory and the
associated domain controllers ultimately control access and authorization in a
Microsoft Windows environment, appropriate security measures are vital.
However, the audit found that ITS did not have certain security controls in
place to ensure appropriate management and monitoring of its Active Directory
environment.
Office of Mental Health - Benefits Advisement Services
for Individuals With Disabilities Seeking Employment (Follow-Up) 2023-F-11
A 2015 report from the New York State Employment First Commission established
an Employment First Policy for New York State with the main goal of increasing
the employment rate of individuals with disabilities by 5% while also
decreasing their poverty rate by 5%. This report tasked the Office of Mental
Health (OMH) with developing a life coaching network for individuals with
disabilities seeking economic self-sufficiency and creating an interactive
web-based platform to provide accurate information and benefits calculators so
individuals with disabilities could better assess how work would impact their
benefits. The initial audit, issued in July 2021, found that OMH had created a
benefits advisement system but had not included all recommended components. The
follow-up found that OMH has made progress in implementing these
recommendations. Of the initial report’s four audit recommendations, two were
partially implemented and 2 were fully implemented.
State Education Department – Licensing and Monitoring of Proprietary
Schools (Follow-Up) (2023-F-1)
Non-degree-granting proprietary schools provide training in a broad range of
disciplines, such as business, computer/information technology, and English as
a second language. The State Education Department (SED) is responsible for
overseeing these schools to ensure students’ education interests and their
tuition investments are protected. A prior audit report, issued in January
2021, found that SED did not perform due diligence in assessing proprietary
schools’ financial viability and issued licenses to schools despite evidence of
insufficient resources, potentially jeopardizing students’ future employment
prospects and their ability to repay loans. The follow-up found that SED made
significant progress in addressing the problems identified. Of the initial
report’s six audit recommendations, five were implemented and one was partially
implemented.
State Education Department – Privacy and Security of
Student Data (2021-S-29)
The increased reliance on technology for virtual learning during the COVID-19
pandemic gave rise to an escalation of cybersecurity threats for schools.
According to a U.S. Government Accountability Office report, the number of
students impacted by cyberattacks rose from 39,000 in 2018 to nearly 1.2
million in 2020. The audit found that the State Education Department, which
oversees more than 700 school districts with 2.4 million students, did not take
appropriate, proactive steps to ensure schools were complying with regulations
intended to safeguard the safety and privacy of student data, nor did it fully
comply with its own data security protection policies.