New York State Comptroller Thomas P. DiNapoli announced today the following audits have been issued.
Department of Health – Improper Medicaid Managed Care Payments for Durable Medical Equipment, Prosthetics, Orthotics, and Supplies on Behalf of Recipients in Nursing Homes (Follow-Up) (2023-F-12)
For Medicaid recipients enrolled in managed care, the Department of Health pays managed care organizations (MCOs) a monthly premium for each recipient and, in turn, the MCOs arrange for their health care services, including necessary durable medical equipment, prosthetics, orthotics, and supplies (DMEPOS). For recipients in nursing homes, Medicaid nursing home reimbursement rates generally include the cost of most DMEPOS and separate payments for DMEPOS should not be made when the cost of these items is included in the rate. The initial audit, issued in April 2022, identified $9.6 million in potential overpayments by MCOs for DMEPOS items that likely were already covered under the all-inclusive rate. The follow-up report found DOH made some progress in addressing the problems identified; however, additional actions are needed. In particular, the Office of the Medicaid Inspector General, which investigates and recovers improper Medicaid payments on behalf of the Department of Health, needs to review and recover, as appropriate, the $9.6 million in DMEPOS claims identified. Of the initial report’s four audit recommendations, one was implemented, one was partially implemented, and two were not yet implemented.
Department of Taxation and Finance – Sales Tax Vendor Registration Practices (Follow-Up) (2023-F-5)
Provisions of State Tax Law impose a tax on sales of tangible personal property and certain services, and require vendors that make these sales, including out-of-state sellers and online marketplaces, to register for a Certificate of Authority (COA), collect the tax from customers, and remit the tax to the State. The initial audit, issued in October 2021, found the Department of Taxation and Finance could do more to ensure sales tax vendors that are required to register do so. Auditors identified vendors that were denied a COA but continued to operate and likely make taxable sales. In addition, auditors found unregistered vendors submitted sales tax returns showing taxable sales. The follow-up report determined the Department of Taxation and Finance made progress addressing past issues identified and implemented the one recommendation from the initial audit.
New York State Health Insurance Program – CVS Health – Accuracy of Empire Plan Medicare Rx Drug Rebate Revenue Remitted to the Department of Civil Service (2022-S-1)
The Department of Civil Service has contracted with CVS Health to administer the Empire Plan’s prescription drug program. Under the Contract, CVS Health is required to negotiate agreements with drug manufacturers for rebates, discounts, and other consideration and remit the rebate revenue to Civil Service. However, for the period January 2014 through December 2019, auditors identified more than $10.7 million in rebates that CVS Health should have, but did not, invoice or collect – and did not remit to Civil Service.
New York State Office for the Aging – Monitoring of Select Programs (Follow-Up) (2023-F-2)
The New York State Office for the Aging (NYSOFA) helps New York residents aged 60 or older be as independent as possible for as long as possible through support services that help them stay in their homes and avoid higher levels of publicly financed care. In 2015, more than 10,000 older New Yorkers though were on waiting lists for these services, which can include home health aides, home-delivered meals, and transportation. As a result, the state earmarked $15 million each from 2019-2020 and 2021-2022 to address the waitlists. However, NYSOFA fell short on delivering all the funding, and of the $30 million, $5.9 million went unspent by agencies who provide services at the county level. The follow-up found that limited progress had been made by NYSOFA to both fund services properly and improve its oversight of the Area Agencies on Aging (AAA). Of the initial report’s five audit recommendations, three were partially implemented and two were not implemented.
Office of Information Technology Services – Windows Domain Administration and Management (2022-S-19)
As part of its services, the Office of Information Technology Services (ITS) maintains Active Directory domains on behalf of the state’s Executive agencies. Each Active Directory uses servers, or domain controllers, to manage the access and authentication of stored user credentials, determining who can access file servers and other network resources. Since the Active Directory and the associated domain controllers ultimately control access and authorization in a Microsoft Windows environment, appropriate security measures are vital. However, the audit found that ITS did not have certain security controls in place to ensure appropriate management and monitoring of its Active Directory environment.
Office of Mental Health – Benefits Advisement Services for Individuals With Disabilities Seeking Employment (Follow-Up) (2023-F-11)
A 2015 report from the New York State Employment First Commission established an Employment First Policy for New York State with the main goal of increasing the employment rate of individuals with disabilities by 5% while also decreasing their poverty rate by 5%. This report tasked the Office of Mental Health (OMH) with developing a life coaching network for individuals with disabilities seeking economic self-sufficiency and creating an interactive web-based platform to provide accurate information and benefits calculators so individuals with disabilities could better assess how work would impact their benefits. The initial audit, issued in July 2021, found that OMH had created a benefits advisement system but had not included all recommended components. The follow-up found that OMH has made progress in implementing these recommendations. Of the initial report’s four audit recommendations, two were partially implemented and two were fully implemented.
State Education Department – Licensing and Monitoring of Proprietary Schools (Follow-Up) (2023-F-1)
Non-degree-granting proprietary schools provide training in a broad range of disciplines, such as business, computer/information technology, and English as a second language. The State Education Department (SED) is responsible for overseeing these schools to ensure students’ education interests and their tuition investments are protected. A prior audit report, issued in January 2021, found that SED did not perform due diligence in assessing proprietary schools’ financial viability and issued licenses to schools despite evidence of insufficient resources, potentially jeopardizing students’ future employment prospects and their ability to repay loans. The follow-up found that SED made significant progress in addressing the problems identified. Of the initial report’s six audit recommendations, five were implemented and one was partially implemented.
State Education Department – Privacy and Security of Student Data (2021-S-29)
The increased reliance on technology for virtual learning during the COVID-19 pandemic gave rise to an escalation of cybersecurity threats for schools. According to a U.S. Government Accountability Office report, the number of students impacted by cyberattacks rose from 39,000 in 2018 to nearly 1.2 million in 2020. The audit found that the State Education Department, which oversees more than 700 school districts with 2.4 million students, did not take appropriate, proactive steps to ensure schools were complying with regulations intended to safeguard the safety and privacy of student data, nor did it fully comply with its own data security protection policies.