Oregon Health Authority Audit Release: Constraints on Oregon’s Prescription Drug Monitoring Program Limit the State’s Ability to Help Address Opioid Drug Misuse and Abuse


Report Highlights

The Prescription Drug Monitoring Program provides an important tool to address prescription drug abuse, including opioid abuse, and help improve health outcomes. Oregon’s laws have put constraints on the program that limit its effectiveness and impact. Restrictions are placed on what data are collected, analyses that can be done with the data, and with whom information can be shared. Correcting weaknesses in Oregon’s program will maximize its potential and help address opioid and other substance abuse issues the state faces.

Background

Oregon has the highest rate in the nation of seniors hospitalized for opioid-related issues such as overdose, abuse, and dependence. The state also has the sixth highest percentage of teenage drug users. The Oregon Health Authority (OHA) manages the state’s Prescription Drug Monitoring Program (PDMP), which collects information on controlled substance prescriptions within the state. The program was designed to promote public health and safety and to help improve patient care. It was also developed to support the appropriate use of prescription drugs.

Purpose

The purpose of this audit was to determine if Oregon can better leverage its PDMP to help with the opioid epidemic.

Key Findings

  1. OHA could better use PDMP data to analyze trends in prescribed drugs, including identifying patterns of possible opioid misuse and abuse. State laws prevent OHA from sharing information with key stakeholders, such as health licensing boards and law enforcement, on questionable activity. Our analysis found people who have received opioid prescriptions from excessive numbers of prescribers, as well as instances of dangerous drug combinations and prescriptions for excessive dosages of drugs. One person who received an excessive amount of opioid prescriptions had some of those prescriptions paid for by Medicaid.
  2. Oregon is one of only nine states that does not require prescribers or pharmacies to use the PDMP database before an opioid prescription is written or dispensed. Mandating use can be effective in reducing opioid misuse and other health related outcomes.
  3. Due to statutory restrictions, Oregon’s PDMP does not collect some prescription information that could be critical in preventing prescription drug abuse. This includes prescriptions filled by pharmacies other than only retail, veterinarian prescribed prescriptions, prescriptions for Schedule V drugs and drugs known to be abused or misused such as gabapentin, and prescription details such as method of payment, lock-in status, and diagnosis information.

Recommendations

Our report includes 12 recommendations to OHA for optimizing the state’s PDMP. OHA can implement some of
these within existing statutes and rules, and for others it needs to work with the Legislature. OHA agreed with
all of the recommendations, but stated that because seven fall outside the scope of its statutory authority, its
ability to implement them is limited. The agency’s response can be found at the end of the report.

Read full report here.

Featured New Audit Release Performance Audit

Audit Release: Opportunities Exist to Increase the Impact of State Agency Internal Audit Functions


Report Highlights

When internal audit functions are properly structured and resourced, they are a valuable asset for mitigating risks and improving agency performance and accountability. However, internal auditing has not been a priority in Oregon. Although the Department of Administrative Services (DAS) has the authority to create policy and a legal requirement to support audit functions, the agency has not strategically promoted the role of internal audit functions due to a number of factors. DAS has not effectively monitored, coordinated, or reported on internal audit function impacts, challenges, and resource needs to state legislators and other stakeholders.

Background

Internal audit functions help organizations achieve their objectives and improve performance. The Oregon Legislature determined internal audit activities within state government should be coordinated to promote effectiveness, and directed DAS to adopt rules and set standards to ensure the integrity of internal auditing.

Purpose

The purpose of this audit was to determine the steps DAS should take to more effectively coordinate state internal audit functions, and what actions can be taken to increase the impact of these critical functions.

Key Findings

  1. The effectiveness of an agency’s internal audit function is defined by the tone at the top. In general, the internal audit function at state agencies in Oregon is not prioritized or well understood by agency management and the Legislature. Many current challenges and deficiencies have persisted for more than two decades.
  2. Internal audit independence and impact is directly influenced by the effectiveness of the audit committee and the committee’s relationship with agency leadership. Internal audit functions in some state agencies do not follow important elements of professional audit standards that ensure independence from management. These deficiencies reduce the effectiveness of the functions and leave agencies more vulnerable to fraud, wasted taxpayer dollars, and other substantial risks.
  3. Poor guidance and a lack of strategic management and effective coordination from DAS has contributed to internal audit challenges at state agencies. DAS reporting on statewide internal audit activities and impact could be a valuable tool for both internal auditors and policymakers, but DAS reports are often inaccurate, confusing, and uninformative.
  4. Many internal audit functions are staffed by well-trained, qualified professionals who make contributions to the agencies they serve despite governance and resource challenges. With additional emphasis and resources they could increase their value and return on investment potential.

Recommendations

We include 16 recommendations to DAS intended to enhance the value and impact of state agency internal audit functions. DAS agreed with 13 of 16 recommendations. The agency declined to say whether it agreed or disagreed with three recommendations.

 

Read full report here.

Featured New Audit Release Performance Audit

Oregon State Police: Forensic Division Has Taken Appropriate Steps to Address Oregon’s Sexual Assault Kit Testing Backlog

Report Highlights


Oregon State Police (OSP) has taken appropriate steps to manage an influx of Sexual Assault Forensic Evidence (SAFE) kits sent by local law enforcement agencies after Melissa’s Law passed in 2016, including adding staff and equipment, changing how they prioritize the testing of DNA evidence, and using more efficient technologies for DNA processing. Many of these changes occurred too recently to definitively determine whether they will successfully eliminate the remaining backlog. However, the actions taken are aligned with best practices and OSP officials estimate they will largely eliminate the backlog by the end of 2018.

Background

The Forensic Services Division of OSP provides Oregon’s only full-service forensic lab system. The intent of Melissa’s Law is to prevent a future SAFE kit testing backlog at local law enforcement agencies by mandating all non-anonymous kits be sent to OSP for testing.

Purpose

The purpose of this audit was to report on whether OSP has taken actions consistent with statute and best practices to address the SAFE kit backlog.

Key Findings

  1. OSP has complied with Melissa’s Law by increasing lab capacity and reporting results to legislators on efforts to reduce the SAFE kit backlog.
  2. OSP is following best practices outlined by the National Institute of Justice for forensic labs that process SAFE kits. For example, OSP’s “high-throughput” approach to obtaining DNA profiles from SAFE kits is recommended for decreasing kit backlogs.
  3. The agency’s decision to suspend DNA processing of property crime evidence to focus on SAFE kits could lead to a backlog of DNA evidence of this type at local law enforcement agencies. Local law enforcement agencies are eager for OSP to resume accepting DNA evidence for property crimes.
  4. As of January 2018, many of OSP’s capacity-building and process improvement efforts have been implemented. Since then, OSP has shown substantial improvement in the number of kits processed each month. Also, there has been a significant reduction in the statewide backlog. A 2017 survey of local law enforcement agencies found approximately 1,100 kits needing testing, down from approximately 4,900 in 2015. For these reasons, OSP believes it can eliminate the backlog by the end of 2018.

Recommendations

We recommend that OSP publicly post backlog status reports, examine options for a statewide SAFE kit tracking system, and plan for reintroducing DNA testing in property crimes.

OSP generally agrees with our recommendation. The agency’s response can be found at the end of the report.

Read full report here.

Featured New Audit Release Performance Audit

Audit Release: The State Must Do More to Prepare Oregon for a Catastrophic Disaster

Report Highlights


Oregon is at risk of a major Cascadia earthquake and tsunami that will threaten infrastructure, cost potentially billions of dollars, and result in numerous deaths. The state must do more to prepare for such a disaster, including completing and implementing critical plans, fulfilling minimum standards for an effective emergency management program, and adequately staffing the agency charged with coordinating emergency management efforts.

Background

The emergency management system encompasses local governments and almost all of state government. The Office of Emergency Management (OEM) is charged with coordinating Oregon’s emergency management efforts, including mitigation, preparedness, response, and recovery.

Audit Purpose

The purpose of this audit was to determine the status of state agency and local emergency management efforts to prepare for a catastrophic event, such as a Cascadia earthquake and tsunami.

Key Findings

  1. Oregon does not meet key emergency management program standards. These national baseline standards are a tool to strengthen preparedness and response, demonstrate accountability, and identify resource needs.
  2. Planning efforts across all levels of Oregon’s emergency management system are lacking. Critical continuity plans that ensure functional government services in the wake of a disaster are either missing or incomplete. Additionally, insufficient staff resources put the state at risk of losing potentially millions of dollars in federal grant funding for future disasters.
  3. Current statewide staffing is inadequate to reduce Oregon’s vulnerability to disasters. OEM in particular is understaffed, despite repeated budget requests to the Legislature, which inhibits the agency’s capacity to coordinate emergency management efforts in the state.
  4. More accountability, such as public reporting and tracking, is needed to ensure progress on long-term resilience goals and projects and to enhance public awareness.

To reach our findings, we conducted a survey of state agencies and local emergency management programs. We also interviewed staff at OEM, other executive branch agencies, and the legislative and judicial branches of state government. We researched programs in other states and assessed emergency management program standards.

Recommendations

This audit includes 11 recommendations, five to OEM and six to the Governor’s Office. These recommendations include such actions as completing, implementing, and exercising emergency and continuity plans; meeting minimum emergency management program standards; reporting on efforts to improve state resilience; defining roles and responsibilities and assessing and filling resource gaps.

OEM agreed with all the recommendations we made to them. The Governor’s Office agreed with all but one of our recommendations. That recommendation, they believe they have already implemented. Both OEM and the Governor’s Office’s responses can be found at the end of the report.

Read the full report here.

Emergency Management Framework

Featured New Audit Release Performance Audit

Methods (to our madness): Complex analysis in the public eye

The Secretary of State recently released a performance audit on the Oregon Health Authority: Oregon Health Authority Should Improve Efforts to Detect and
Prevent Improper Medicaid Payments. This audit received a lot of media exposure, in part due to an Audit Alert released in May, some months before the scheduled audit release date. Unsurprisingly, this led to more than a little pressure. How did our 4 person audit team (Ian Green, Wendy Kam, Kathy Davis, and Eli Ritchie) approach this audit, stay cool under fire and make sure their conclusions were sound? I sat down with the lead auditor, Ian Green, to find out more.

You led the OHA, Improper Medicaid Payments audit. What are your strategies when you’re faced with a complex agency and a complex topic?

When we started this audit, we knew we’d be looking at improper payments. Even that’s such a big topic, we knew we’d need to scope it down where we could. So we got as much information as we could from all levels – hundreds of interviews with officials and analysis, looking at agency documentation, research on best practices, all of that.

What methods did you use to identify improper payments?

Our primary focus was to look at process issues, but we did attempt to find some improper payments. We used audit software to analyze large data sets. We did a lot of data matching and looked for results that were outliers. For instance, we checked to see if providers were getting duplicate reimbursements. It’s a complex system, so providers and billers might make errors that should be caught before payments are set out. Another example was checking to see if there were people enrolled in the Oregon Health Plan who shouldn’t be – like if someone had moved out of state.

 What challenges did you face doing this audit, and what strategies did you use to address them?

One challenge was the sheer amount of data. We looked at over two hundred million records.  There was so much data that running tests could take a very long time. My team would run a script and leave it overnight to finish. We had to be very careful about how we set up our tests. Since we kept everything scripted out, each time we got new information, we could just update that script. That kept the testing sustainable, which is very important given all the last minute information we received.

To address the complexity of the topic, we separated our approach into three subtopics: prevention, detection, and recovery. Each person on the team focused on one area, and we’d meet to discuss weekly. That helped make sure we covered all the information while still working together closely.

Another challenge was trying to get complete data. We’d request data and be told we had it all. And then we’d find out it was incomplete. That meant we had to continue reworking our analysis constantly. Without scripting, it would have been extremely time-consuming to perform this work manually.

What was the hardest thing about completing this audit in the public eye?

It’s a very sensitive topic. We knew that we’d get a lot of scrutiny. But we did what we always do, which is to work really hard to make sure all our conclusions are accurate and well-supported, and put all our work through a thorough quality assurance process.

 Is there anything you wish non-audit folks knew about the audit process?

Generally, there’s a public perception that an audit should find everything that might be going wrong. Auditors look at a higher level to see if there are controls in place to prevent something from going wrong. If we’re concerned, we may do deeper testing to see what’s actually happening. For instance, we looked at processes to manage improper payments. Our goal wasn’t to find all of the improper payments being made. Our testing helped measure the effect of the processes that are currently in place.

Anything else?

It was a big audit. We’ve been excited to see important changes happening, even while we were still working on the audit. The Oregon Health Authority is working to address weaknesses in their processes and being more transparent. That’s a really good outcome, from our perspective.

 

Check out the audit here: http://sos.oregon.gov/audits/Documents/2017-25.pdf

Auditing and Methodology Auditors at Work Featured Performance Audit

Audit Release: DEQ Should Improve the Air Quality Permitting Process to Reduce Its Permit Backlog and Better Safeguard Oregon’s Air

Report Highlights


The Secretary of State’s Audits Division found that the Oregon Department of Environmental Quality (DEQ) should evaluate staffing and workloads among air quality permit writers and provide better guidance to both staff and businesses to help reduce the agency’s air quality permit backlog.

Background

This audit reviewed air quality permitting at the Oregon Department of Environmental Quality. Air quality permits regulate the types and amounts of air pollution businesses are allowed to emit, based on federal pollution limits set by the Clean Air Act and state limits established in state laws and DEQ rules.

Audit Purpose

The purpose of this audit was to determine how DEQ could improve its air quality permitting process to better safeguard Oregon’s air quality.

Key Findings

The Oregon Department of Environmental Quality has a significant backlog in air quality permit renewals. We found that:

  1. 43% (106 out of 246) of DEQ’s largest and most complex federal and state air quality permit renewals are overdue for renewal. Additionally, more than 40% of the most complex permits issued from 2007 to 2017 exceeded timeframes established by DEQ or the Clean Air Act, some by several years.
  2. DEQ struggles to issue timely permits and renewals due to a variety of factors, including competing priorities, vacancies, and position cuts that have created unmanageable workloads. Other factors include inconsistent support and guidance for staff; a lack of clear, accessible guidance for applicants; and increased time for the public engagement process.
  3. Untimely permits, combined with a current backlog of inspections, endanger the state’s air quality and the health of Oregonians. For example, when DEQ does not issue permit renewals on time, businesses may not provide DEQ with data showing they are complying with new or updated rules.

To reach our findings, we conducted interviews, analyzed air permit data, reviewed documents and reported practices, and researched leading practices.

Key Recommendations

Based on our review of leading practices and air quality agencies in other states, the report includes ten recommendations to the Department of Environmental Quality. Recommendations include evaluating permit writer workloads and staffing, clarifying the public engagement process, providing better guidance to permit writers and businesses, and conducting a process improvement effort.

The agency agreed with our findings and recommendations. Its response can be found at the end of the report.

Read the full report here.

Featured New Audit Release Performance Audit

Audit Release: Oregon Health Authority Should Improve Efforts to Detect and Prevent Improper Medicaid Payments

Report Highlights


Our audit found that Oregon Health Authority (OHA) recovery efforts are appropriate and reasonable, but the agency should strengthen efforts to detect and prevent improper payments in Oregon’s $9.3 billion per year Medicaid program. Prevention of improper payments is more cost-effective than attempting to recover improper payments. We also found that delays in processing eligibility for thousands of Oregon’s Medicaid recipients resulted in millions of dollars of avoidable Medicaid expenditures, a critical issue the agency failed to disclose until raised in a May 2017 Auditor Alert. Furthermore, OHA did not timely disclose relevant information, which impeded our audit work. OHA’s new management has been more proactive and transparent in addressing these issues.

Background

An improper payment is defined by the federal government as “any payment that should not have been made or was made in an incorrect amount (including overpayments and underpayments) under statutory, contractual, administrative, or other legally applicable requirements or where documentation is missing or not available.”

Purpose of Audit

The primary purpose of the audit was to determine if the Oregon Health Authority could improve processes to prevent, detect, and recover improper Medicaid payments. The secondary purpose was to follow-up on OHA’s progress to resolve issues we raised in our May 2017 Auditor Alert.

Key Findings

Within the context that Medicaid is a very complex and challenging program to administer, we found:

  1. OHA has gaps in procedures for preventing certain improper payments. Insufficient management of the agency’s processes for identifying and resolving payment and eligibility issues, prioritization of staffing resources, and efforts to address technology issues put taxpayer dollars at risk.
  2. OHA lacks well-defined, consistent, and agency-wide processes to detect certain improper payments, especially related to coordinated care. We identified approximately 31,300 questionable payments based on our review of 15 months of data. OHA needs to continue researching these claims to determine how many were improper; OHA reported that only a small percentage were improper based on preliminary research of 2,700 claims.
  3. OHA recovery efforts appear appropriate and reasonable, but may be underutilized due to OHA’s limited procedures for detecting improper payments.
  4. OHA reported completing the action plan to determine eligibility for the remaining backlog of 115,200 Medicaid recipients. Approximately 47,600 (41%) were deemed ineligible as a result, although this figure may decrease slightly through the end of November. Failure to address this issue in a timely fashion resulted in approximately $88 million in avoidable expenditures.

Recommendations

Drawing from national leading practices, our report includes eight recommendations to OHA focused on strengthening efforts to detect and prevent improper payments. Oregon Health Authority agrees with our recommendations. The agency’s response can be found at the end of the report.

Read full report here

 

Featured New Audit Release Performance Audit