Department of Health and Human Services OFFICE OF INSPECTOR GENERAL PENNSYLVANIA IMPLEMENTED OUR PRIOR AUDIT RECOMMENDATIONS FOR CRITICAL INCIDENTS INVOLVING MEDICAID ENROLLEES WITH DEVELOPMENTAL DISABILITIES BUT SHOULD CONTINUE TO TAKE ACTION TO REDUCE UNREPORTED INCIDENTS Inquiries about this report may be addressed to the Office of Public Affairs at Public.Affairs@oig.hhs.gov. Amy J. Frontz Deputy Inspector General for Audit Services November 2023 A-03-22-00202 Office of Inspector General https://oig.hhs.gov The mission of the Office of Inspector General (OIG) is to provide objective oversight to promote the economy, efficiency, effectiveness, and integrity of the Department of Health and Human Services (HHS) programs, as well as the health and welfare of the people they serve. Established by Public Law No. 95-452, as amended, OIG carries out its mission through audits, investigations, and evaluations conducted by the following operating components: Office of Audit Services. OAS provides auditing services for HHS, either by conducting audits with its own audit resources or by overseeing audit work done by others. The audits examine the performance of HHS programs, funding recipients, and contractors in carrying out their respective responsibilities and provide independent assessments of HHS programs and operations to reduce waste, abuse, and mismanagement. Office of Evaluation and Inspections. OEI's national evaluations provide HHS, Congress, and the public with timely, useful, and reliable information on significant issues. To promote impact, OEI reports also provide practical recommendations for improving program operations. Office of Investigations. OI's criminal, civil, and administrative investigations of fraud and misconduct related to HHS programs and operations often lead to criminal convictions, administrative sanctions, and civil monetary penalties. OI's nationwide network of investigators collaborates with the Department of Justice and other Federal, State, and local law enforcement authorities. OI works with public health entities to minimize adverse patient impacts following enforcement operations. OI also provides security and protection for the Secretary and other senior HHS officials. Office of Counsel to the Inspector General. OCIG provides legal advice to OIG on HHS programs and OIG's internal operations. The law office also imposes exclusions and civil monetary penalties, monitors Corporate Integrity Agreements, and represents HHS's interests in False Claims Act cases. In addition, OCIG publishes advisory opinions, compliance program guidance documents, fraud alerts, and other resources regarding compliance considerations, the anti-kickback statute, and other OIG enforcement authorities. Notices THIS REPORT IS AVAILABLE TO THE PUBLIC at https://oig.hhs.gov Section 8M of the Inspector General Act, 5 U.S.C. App., requires that OIG post its publicly available reports on the OIG website. OFFICE OF AUDIT SERVICES FINDINGS AND OPINIONS The designation of financial or management practices as questionable, a recommendation for the disallowance of costs incurred or claimed, and any other conclusions and recommendations in this report represent the findings and opinions of OAS. Authorized officials of the HHS operating divisions will make final determination on these matters. Report in Brief Date: November 2023 Report No. A-03-22-00202 Why OIG Did This Audit Pennsylvania Implemented Our Prior Audit We previously issued an audit of Pennsylvania as part of a series of Recommendations for Critical Incidents Involving audits conducted in response to a Medicaid Enrollees With Developmental Disabilities congressional request concerning deaths and abuse of residents with but Should Continue To Take Action To Reduce developmental disabilities in group Unreported Incidents homes. What OIG Found In our previous audit, we found that Pennsylvania implemented or is in the process of implementing the seven Pennsylvania did not comply with recommendations from our previous audit but should continue to take action Federal Medicaid waiver and State to further reduce unreported incidents. Since the previous audit report, requirements for reporting and Pennsylvania experienced a significant overall 74-percent reduction in the monitoring such incidents. Our percent of hospital stay incidents not reported. However, although the previous audit report contained percentage of incidents reported improved, Pennsylvania's changes to seven recommendations. implement the recommendations did not ensure that community-based providers properly reported all 24-hour reportable incidents in the electronic Our objective was to determine incident management system or that supports coordinators notified providers whether Pennsylvania implemented that a 24-hour reportable incident had occurred. the recommendations from our prior audit, Pennsylvania Did Not Fully Because Pennsylvania did not detect that some providers did not report all 24- Comply With Federal and State hour reportable incidents, it was not always able to take prompt action to Requirements for Reporting and protect waiver participants' health, safety, and rights. However, Monitoring Critical Incidents Involving Pennsylvania's actions involve a multi-year training plan for its current Medicaid Beneficiaries With Incident Management Policy and a dashboard to identify unreported incidents Developmental Disabilities (A-03-17- and providers that may have incident management processes in need of 00202). systemic improvement. How OIG Did This Audit What OIG Recommends and Pennsylvania Comments We reviewed Pennsylvania's system We make several recommendations for Pennsylvania to continue to improve for the reporting and monitoring of its controls regarding the reporting and monitoring of 24-hour reportable critical incidents involving Medicaid incidents involving Medicaid waiver participants with developmental waiver participants with disabilities residing in community-based settings. The full recommendations developmental disabilities who were are in the report. covered by the waiver and resided in community-based settings during the Pennsylvania concurred with all of our recommendations and described audit period. We also reviewed corrective actions that it has taken or plans to take to address our correspondence and documentation recommendations. to determine whether Pennsylvania had implemented our previous recommendations and had taken actions that satisfied the intent of our recommendations. The full report can be found at https://oig.hhs.gov/oas/reports/region3/32200202.asp. TABLE OF CONTENTS INTRODUCTION ............................................................................................................................... 1 Why We Did This Audit ....................................................................................................... 1 Objective ............................................................................................................................. 1 Background ......................................................................................................................... 1 Developmental Disabilities Assistance and Bill of Rights Act of 2000 .................... 1 Medicaid Home and Community-Based Services Waiver ...................................... 2 Pennsylvania's Medicaid Waiver Program ............................................................. 2 Reporting Requirements for 24-Hour Reportable Incidents .................................. 3 Findings From Our Previous Audit .......................................................................... 6 How We Conducted This Audit ........................................................................................... 6 FINDINGS ......................................................................................................................................... 7 The State Agency Fully Implemented Corrective Actions That Effectively Addressed Four Recommendations From Our Previous Audit .......................................................... 7 Prior Recommendation: Record the Unreported 24-Hour Reportable Incidents Noted in the Previous Report ............................................................... 8 Prior Recommendation: Work With Community-Based Providers To Ensure That Administrative Reviews and Investigations Are Conducted and Reported Appropriately and Consider All Previous 24-Hour Reportable Incidents Related to the Enrollee ......................................................................... 8 Prior Recommendation: Ensure That Community-Based Providers Analyze, Investigate, and Report to the State Agency All Enrollee Deaths........................ 8 Prior Recommendation: Send a Written Report of Death to Law Enforcement or the District Attorney's Office When a Death Is Determined To Be Suspicious or When Abuse or Neglect Is Suspected ............................................ 9 The State Agency Has Begun To Take Action To Implement the Remaining Recommendations From Our Previous Audit but Still Had Unreported Incidents .......... 9 Prior Recommendation: Work With Community-Based Providers on How To Identify and Report All 24-Hour Reportable Incidents ................................. 10 Prior Recommendation: Work with Community-Based Providers To Ensure That All Community-Based Providers' Staff Understand the Requirements for Reporting 24-Hour Reportable Incidents Within Required Timeframes ..... 10 Prior Recommendation: Develop a Policy for Periodically Matching Medicaid Emergency Room Visit and Acute-Care Hospital Stay Claims to 24-Hour Reportable Incidents Recorded in the Incident Reporting System ..... 10 Not All Acute-Care Hospital Stays Were Reported ............................................... 11 Not All Emergency Room Visits Were Reported................................................... 12 RECOMMENDATIONS ................................................................................................................... 13 Pennsylvania Implemented Our Prior Audit Recommendations for Critical Incidents (A-03-22-00202) STATE AGENCY COMMENTS ......................................................................................................... 14 APPENDICES A: Audit Scope and Methodology ..................................................................................... 15 B: Related Office of Inspector General Reports................................................................ 17 C: Federal Waiver and State Requirements...................................................................... 19 D: State Agency Comments .............................................................................................. 25 Pennsylvania Implemented Our Prior Audit Recommendations for Critical Incidents (A-03-22-00202) INTRODUCTION WHY WE DID THIS AUDIT The Office of Inspector General (OIG) previously issued an audit of the Pennsylvania Department of Human Services' (State agency's) compliance with requirements related to critical incidents involving Medicaid waiver participants with developmental disabilities in Pennsylvania. 1 This audit was part of a series of audits that we are performing in several States in response to a congressional request concerning deaths and abuse of residents with developmental disabilities in group homes. 2 This request was made after nationwide media coverage of the deaths of individuals with developmental disabilities involving abuse, neglect, or medical errors. In our previous audit in Pennsylvania, we found that the State agency did not comply with Federal Medicaid waiver and State requirements for reporting and monitoring such incidents. Our previous audit report contained seven recommendations, and we performed this followup audit to determine whether the State agency implemented those recommendations. OBJECTIVE Our objective was to determine whether the State agency implemented the recommendations from our prior audit, Pennsylvania Did Not Fully Comply With Federal and State Requirements for Reporting and Monitoring Critical Incidents Involving Medicaid Beneficiaries With Developmental Disabilities (A-03-17-00202). BACKGROUND Developmental Disabilities Assistance and Bill of Rights Act of 2000 As defined by the Developmental Disabilities Assistance and Bill of Rights Act of 2000 (the Disabilities Act), "developmental disability" means a severe, chronic disability that is attributable to a mental impairment, a physical impairment, or a combination of both; is evident before the age of 22 and likely to continue indefinitely; and results in substantial limitations in three or more of these major life areas: self-care, receptive and expressive language, learning, mobility, self-determination, capacity for independent living, and economic self-sufficiency. 3 1 Pennsylvania Did Not Fully Comply With Federal and State Requirements For Reporting and Monitoring Critical Incidents Involving Medicaid Beneficiaries With Developmental Disabilities (A-03-17-00202), issued January 2020. Available at https://oig.hhs.gov/oas/reports/region3/31700202.pdf. 2 See Appendix B for related work. 3 P.L. No. 106-402 (October 30, 2000). Pennsylvania Implemented Our Prior Audit Recommendations for Critical Incidents (A-03-22-00202) 1 Federal and State Governments have an obligation to ensure that public funds are provided to residential, institutional, and community-based providers that serve individuals with developmental disabilities. Further, these providers must meet minimum standards to ensure that the care they provide does not involve abuse, neglect, sexual exploitation, or violations of legal and human rights (the Disabilities Act § 109(a)(3)(B)(i)). Medicaid Home and Community-Based Services Waiver The Social Security Act (the Act) authorizes the Medicaid Home and Community-Based Services Waiver (HCBS waiver) program (the Act § 1915(c)). The HCBS waiver program permits a State to furnish an array of home and community-based services that assist Medicaid waiver participants to live in the community and avoid institutionalization. Waiver services complement or supplement the services that are available to participants through the Medicaid State plan and other Federal, State, and local public programs and the support that families and communities provide. Each State has broad discretion to design its HCBS waiver program to address the needs of the waiver's target population. States must give certain assurances to the Centers for Medicare & Medicaid Services (CMS) to receive approval for an HCBS waiver, including that necessary safeguards have been taken to protect the health and welfare of the individuals receiving services (42 CFR § 441.302). This waiver assurance requires the State to give specific information regarding its plan or process related to participant safeguards, including whether the State operates a critical event or incident reporting system (HCBS waiver, Appendix G-1). In its HCBS waiver and its own regulations (55 Pennsylvania Code § 6100.401 and chapter 6000 subchapter Q), the State agency stated that it has a critical event or incident reporting and management system. Pennsylvania's Medicaid Waiver Program The State agency administers Pennsylvania's HCBS waivers. Pennsylvania currently has several HCBS waiver programs for people with developmental disabilities. This audit covers only those enrollees covered by the consolidated waiver program. 4 The HCBS waiver program supports individuals who require comprehensive support services based on the severity of their functional, behavioral, or medical impairments. These individuals reside either in an out-of- home setting, such as a group home with 24-hour support, or in their family home with additional in-home support and supervision. The State agency retains authority over the administration and implementation of the HCBS waiver program. Within the State agency, the Office of Developmental Programs (ODP) is 4 During our initial audit period, the HCBS consolidated waiver population consisted of Medicaid-eligible individuals with intellectual disabilities, which is a subset of developmental disabilities. During this followup audit period, the waiver's eligibility criteria were expanded to include certain individuals with other developmental disabilities. For the purposes of this report, we refer to Medicaid-eligible individuals who have an intellectual disability, or both an intellectual disability and a physical disability, as having developmental disabilities. Pennsylvania Implemented Our Prior Audit Recommendations for Critical Incidents (A-03-22-00202) 2 responsible for developing and distributing policies, procedures, and rules related to HCBS waiver operations and for coordinating with other State and local agencies. From July 1, 2020, through June 30, 2021, (audit period) Pennsylvania claimed $3.0 billion ($1.7 billion Federal share) to provide 18,812 individuals with needed comprehensive support services under the HCBS waiver. Reporting Requirements for 24-Hour Reportable Incidents The HCBS consolidated waiver states that the State agency must specify the types of critical events or incidents, including alleged abuse, neglect, and exploitation, that must be reported for review and followup action by an appropriate authority (HCBS waiver, Appendix G-1(b)). Pennsylvania's HCBS waiver application contains certain "incidents" that must be reported to the State agency within 24 hours of discovery or occurrence.5 Examples of these incidents include abuse, neglect, inpatient admission to a hospital, and death regardless of cause. In addition, the HCBS waiver in place during our prior audit included emergency room visits in the list of incidents. In July 2017, the HCBS consolidated waiver language was updated, and "emergency room visits" were removed from the waiver. Incidents must be reported in the State agency's incident reporting system, but there are different investigation requirements for incidents, and certain categories of incidents are required to be investigated by an ODP-certified investigator. The State agency planned to modify its incident reporting system to meet these updated requirements. However, as a result of the impacts of COVID-19, the State agency delayed the effective date of modifications until after our audit period. During our audit period, the State agency instructed providers to continue to report and investigate incidents as outlined in the State agency's former Incident Management Statement of Policy, 55 Pennsylvania Code chapter 6000 subchapter Q, which included 55 Pennsylvania Code section 6000.922.6 Section 6000.922 generally listed many of the 24-hour reportable incident categories that are found under current requirements but also included other 24-hour reportable incident categories, such as emergency room visits, that are no longer reportable 5 The HCBS consolidated waiver and State regulations also include a category of incidents that must be reported within 72 hours of occurrence or discovery. However, we limited our review to only those incidents that must be reported within 24 hours of occurrence or discovery. When we use the term "incident" in this report, we are referring only to those incidents that must be reported within 24 hours of occurrence or discovery. 6 ODP Announcement 20-107 stated that, due to the impacts of COVID-19, modifications to the incident reporting system would be delayed until July 1, 2021, and that, as the system transitioned to comply with the new incident reporting requirements, providers would continue to report and investigate incidents as outlined in the Incident Management Statement of Policy (55 Pennsylvania Code chapter 6000 subchapter Q), which included emergency room visits as a 24-hour reportable incident category. Pennsylvania Implemented Our Prior Audit Recommendations for Critical Incidents (A-03-22-00202) 3 incidents under the waiver and 55 Pennsylvania Code Chapter 6100. Our audit methodology accounted for these operational instructions, which included reporting emergency room visits.7 The HCBS waiver specifies that community-based providers and supports coordination organizations 8 must report incidents to the State agency and administrative entities 9 within 24 hours of occurrence or discovery. 10 Community-based providers must complete incident reports for all 24-hour reportable incidents. These finalized incident reports must correctly categorize the 24-hour reportable incident; indicate if proper safeguards were in place; indicate if any necessary corrective action either has taken or will take place; and indicate if incidents of abuse, neglect, or exploitation were reported to the proper authority as required by Pennsylvania law (HCBS waiver, Appendix G-1(b) and (d)). 11 All incidents are investigated by the administrative entity to rule out or identify instances of abuse, neglect, or exploitation. In addition, certain categories of incidents are required to be investigated by an ODP-certified investigator. These include incidents of abuse, neglect, misuse of funds, death, and rights violations. Table 1 on the following page shows the types and number of incidents recorded in the incident reporting system from July 1, 2020, through June 30, 2021. 7 Under 55 Pennsylvania Code § 6000.922(5), the use of an emergency room visit in place of a primary care physician's office visit is not reportable. Therefore, we removed emergency room visits for minor ailments if it appeared that the individual used the emergency room in place of a primary care physician visit. 8 A supports coordination organization consists of providers (supports coordinators) responsible for locating, coordinating, and monitoring needed services and supports for waiver participants. Among other things, supports coordinators monitor individual health, safety, and service delivery and help people with developmental and intellectual disabilities access the services and resources that allow them to live as independently as possible. They also deliver and discuss information concerning protections from abuse, neglect, and exploitation, including how to notify appropriate authorities. 9 An administrative entity is a county mental health or intellectual disability program or a nongovernmental entity that has a signed agreement with ODP to perform operations and administrative functions related to the HCBS consolidated waiver. 10 State regulations at 55 Pennsylvania Code §§ 6000.922 and 6100.401(a) also specify categories that must be reported in the State agency's incident reporting system within 24 hours after occurrence or discovery. 11 Incident reports include a conclusion section in which investigators document whether the 24-hour reportable incident resulted from abuse or neglect or whether there were additional referrals to adult or child protective services. Investigators must also provide details that describe exactly what happened during the incident, including the period prior to, during, and after the incident. Pennsylvania Implemented Our Prior Audit Recommendations for Critical Incidents (A-03-22-00202) 4 Table 1: Type and Number of Incidents Reported in the Incident Reporting System From July 1, 2020, Through June 30, 2021 12 Primary Incident Type Number of Incidents Emergency Room Visit 14,480 Hospitalization 4,801 Neglect 4,404 Individual To Individual Abuse 3,366 Abuse 3,111 Injury Requiring Treatment Beyond First Aid 1,777 Law Enforcement Activity 1,627 Rights Violation 977 Psychiatric Hospitalization 928 Misuse of Funds 623 Death 475 Missing Person 377 Emergency Closure 78 Fire 39 Behavioral Health Crisis Event 34 Exploitation 22 Suicide Attempt 20 Serious Injury 17 Illness 12 Serious Illness 11 Physical Restraint 5 Sexual Abuse 5 Missing Individual 3 Total 37,192 Note: Incidents also have secondary incident types; however, they are categorized in this table according to primary incident type. The provider determines the primary incident type for reporting purposes; for each primary incident type, the incident reporting system automatically generates a list of options from which the provider selects the secondary incident type. 12 This table contains incident categories that were reported in the State agency's incident reporting system. Pennsylvania Implemented Our Prior Audit Recommendations for Critical Incidents (A-03-22-00202) 5 Findings From Our Previous Audit Our previous audit found that the State agency did not fully comply with Federal waiver and State requirements for reporting and monitoring critical incidents involving Medicaid beneficiaries with developmental disabilities. Specifically, the State agency did not ensure that: • community-based providers reported all 24-hour reportable incidents to the State agency within required timeframes, • community-based providers and county and regional investigators analyzed and investigated all beneficiary deaths, and • community-based providers referred all suspicious deaths to law enforcement. HOW WE CONDUCTED THIS AUDIT We reviewed the State agency's system for reporting and monitoring of critical incidents involving Medicaid waiver participants with developmental disabilities who were covered by the HCBS consolidated waiver and resided in community-based settings during the audit period. We reviewed correspondence from CMS and supporting documentation provided by the State agency to determine whether the seven recommendations from our previous report were implemented and whether the actions the State agency has taken satisfied the intent of the recommendations. We limited our review to emergency room visits and acute-care hospital stays to compare the percentage of each that community-based providers reported during our initial audit and the followup audit period.13 We extracted from the Pennsylvania Medicaid Management Information System (MMIS) claim records for 17,924 emergency room visits and 3,033 acute- care hospital stays that the State agency paid on behalf of Medicaid beneficiaries with developmental disabilities who were eligible for the consolidated waiver and had a claim during State fiscal year 2021. We also obtained a listing from the State agency's incident reporting database of 14,480 emergency room visits and 4,801 acute-care hospital stays reported to the State agency during the audit period. 14 We compared the emergency room visits and acute- care hospital stays recorded in MMIS to the emergency room visits and acute-care hospital stays recorded in the State agency's incident reporting system database to determine whether 13 Emergency room visits are no longer a 24-hour reportable incident category under the waiver and the applicable current State requirements. However, during our audit period, the operational instructions and data fields for the State agency's incident reporting system included emergency room visits as a category of incidents to be reported within 24 hours. Further, because our initial audit reviewed emergency room and acute-care hospital stays, we reviewed similar data in this audit. 14 While MMIS records are for the Medicaid population only, the State agency's incident reporting database includes data for all Medicaid enrollees, including those who may be eligible for Medicare or have private insurance in addition to Medicaid. The subject of this followup audit was Medicaid records only. Pennsylvania Implemented Our Prior Audit Recommendations for Critical Incidents (A-03-22-00202) 6 these visits (or the underlying events associated with these visits) and stays were reported to the State agency. 15 We conducted this performance audit in accordance with generally accepted government auditing standards. Those standards require that we plan and perform the audit to obtain sufficient, appropriate evidence to provide a reasonable basis for our findings and conclusions based on our audit objectives. We believe that the evidence obtained provides a reasonable basis for our findings and conclusions based on our audit objectives. Appendix A contains details of our audit scope and methodology. Appendix C contains details about the Federal waiver and State requirements. FINDINGS The State agency implemented or is in the process of implementing the seven recommendations from our previous audit but should continue to take action to further reduce unreported incidents. Since the previous audit report, the State agency experienced a significant overall 74-percent reduction in the percent of hospital stay incidents not reported. However, although the percentage of incidents reported improved, the State agency's changes to implement the recommendations did not ensure that community-based providers properly reported all 24-hour reportable incidents in the electronic incident management (EIM) system or that supports coordinators notified providers that a 24-hour reportable incident had occurred. Because the State agency did not detect that some providers did not report all 24-hour reportable incidents, it was not always able to take prompt action to protect waiver participants' health, safety, and rights. However, the State agency's actions involve a multi- year training plan for its current Incident Management Policy and a dashboard to identify unreported incidents and providers that may have incident management processes in need of systemic improvement. THE STATE AGENCY FULLY IMPLEMENTED CORRECTIVE ACTIONS THAT EFFECTIVELY ADDRESSED FOUR RECOMMENDATIONS FROM OUR PREVIOUS AUDIT The State agency addressed our seven previous audit recommendations through a number of corrective actions. For four of our recommendations, the corrective actions are complete and fully implemented. These corrective actions significantly improved the State agency's compliance with Federal Medicaid waiver and State requirements for reporting hospital stays. A description of our recommendations and the implemented corrective actions follows. 15 All acute-care hospital stays or inpatient admissions to a hospital must be reported in the State agency's incident reporting system within 24 hours of their occurrence or discovery. For emergency room visits, we eliminated routine and followup visits and diagnosis codes that were not associated with a reportable condition such as abuse, neglect, suicide, or injuries requiring treatment beyond first aid. Pennsylvania Implemented Our Prior Audit Recommendations for Critical Incidents (A-03-22-00202) 7 Prior Recommendation: Record the Unreported 24-Hour Reportable Incidents Noted in the Previous Report The State agency conducted record reviews for the 307 emergency room visits and 167 hospital encounters noted in the previous report. Providers recorded the unreported emergency room visits and hospital encounters in the incident reporting system when possible. Prior Recommendation: Work With Community-Based Providers To Ensure That Administrative Reviews and Investigations Are Conducted and Reported Appropriately and Consider All Previous 24-Hour Reportable Incidents Related to the Enrollee The State agency's ODP implemented this recommendation by publishing new regulations (55 Pennsylvania Code §§ 6100.142 and 6100.143) that included annual training requirements and operational requirements for providers of home and community-based services. These State agency training plans emphasize incident recognition and timely reports. The training should help ensure that administrative reviews and investigations are conducted and reported appropriately. Further, ODP's Quality Management Certification course gives providers formal training to assist with trending and analyzing data. The State agency has also made changes within the EIM system. Specifically, the State agency added the full Certified Investigator Reports and Administrative Review documents within the EIM system. Thus, investigators can use the EIM system to match current and prior incidents to the investigation reports to show what prior investigations found. In addition, the EIM system contains a report that lists provider timeliness benchmarks. The State agency also has begun to trend and analyze emergency room and hospital claims data in connection with a variety of other data sources (such as licensing violation and incident report data) to identify opportunities for systemic improvement. Prior Recommendation: Ensure That Community-Based Providers Analyze, Investigate, and Report to the State Agency All Enrollee Deaths In part, the State agency implemented this recommendation by: (1) enhancing its administrative review process to clarify community-based providers' responsibilities for analyzing, investigating, and reporting beneficiary deaths and (2) updating and releasing an administrative review manual. As a result of these changes, the State agency updated and released the Certified Investigator Curriculum in July 2021. In addition to these enhancements, ODP added the full Certified Investigator Report documents within the EIM system. Further, the State agency modified procedures in the incident reporting system to require investigations for all HCBS waiver participant deaths. Prior to this change, investigations were only required for deaths that occurred in a provider-operated setting. In addition, the State agency incorporated the mortality review process into the EIM system so that records can be maintained with the incident report and data elements can be more easily extracted and analyzed. This enables medical staff to more easily analyze the factors that surround each Pennsylvania Implemented Our Prior Audit Recommendations for Critical Incidents (A-03-22-00202) 8 death. This also enables medical staff to more easily trend beneficiary deaths to identify patterns and develop preventative measures, targeted training, and technical assistance initiatives. Prior Recommendation: Send a Written Report of Death to Law Enforcement or the District Attorney's Office When a Death Is Determined To Be Suspicious or When Abuse or Neglect Is Suspected The State agency implemented this recommendation by updating its reporting protocols and training. The current Incident Management Policy contains requirements to notify law enforcement and protective service entities, effective July 1, 2021. The State agency enhanced the incident reporting system to include prompts for incident management reviewers to better collect and track followup actions planned or being conducted (e.g., notifying law enforcement, licensing entities, and the Pennsylvania Department of State) when abuse or neglect is confirmed or when a death is determined to be suspicious. Written reports are sent to local law enforcement or the Pennsylvania Attorney General's Office when suspicious deaths are discovered, or the death is the result of abuse or neglect. In addition, the State agency developed protocols to ensure that State agency staff notify the Pennsylvania Attorney General's Office immediately if there is reasonable suspicion of abuse or neglect or of a bodily injury that resulted in death or created a substantial risk of death. THE STATE AGENCY HAS BEGUN TO TAKE ACTION TO IMPLEMENT THE REMAINING RECOMMENDATIONS FROM OUR PREVIOUS AUDIT BUT STILL HAD UNREPORTED INCIDENTS For the remaining three recommendations from our previous audit, the State agency has begun to take action to address the recommendations. Some of these actions are still ongoing. Although these corrective actions have resulted in a significant improvement in the percent of acute-care hospital stays reported to the State agency, we found that 7 percent of acute-care hospital stays were not reported in the EIM system. Reporting of hospital stays is critical so that the State agency can use the data for incident response activities, trending, and analysis in an effort to ensure that risk mitigation and response strategies are in place to protect Pennsylvania's most vulnerable citizens. Emergency room visits are no longer a discrete reportable incident type listed in the waiver. However, during our audit period, Pennsylvania's interim operational instructions for reporting incidents had not changed to exclude emergency room visits from reporting. Further, the State agency still captures certain emergency room encounters related to reportable incidents such as abuse, neglect, suicide, and injuries requiring treatment beyond first aid as part of its incident response activities. Incident response activities include checking on the safety and well-being of the alleged victims, interviewing witnesses and obtaining written statements, collecting evidence, reporting incidents, finalizing incident reports, and following up on investigations and management reviews. Our review showed that 23 percent of emergency room visits were not reported as any type of incident to the State agency and, therefore its response activities could be improved. Since these emergency room visits were not reported, Pennsylvania Implemented Our Prior Audit Recommendations for Critical Incidents (A-03-22-00202) 9 they were not captured under the State's response activities, which would have allowed investigators to see if abuse or neglect may have occurred. A description of our recommendations and the implemented corrective actions follows. Prior Recommendation: Work With Community-Based Providers on How To Identify and Report All 24-Hour Reportable Incidents ODP developed a multi-year training plan for its current Incident Management Policy and released several trainings for community-based providers. These trainings are designed to give providers an understanding of the Incident Management requirements and a basic overview of the Certified Investigator process, the Certified Investigator's Report, and the Administrative Review process. ODP developed additional trainings specific to incident prevention as well as a manual for supports coordinators related to monitoring of incidents. Prior Recommendation: Work With Community-Based Providers To Ensure That All Community- Based Providers' Staff Understand the Requirements for Reporting 24-Hour Reportable Incidents Within Required Timeframes In addition to the multi-year training plan, ODP has incorporated many enhancements to the EIM system and modifications to policies related to incident reporting to make the requirements more understandable for staff at community-based providers. Specifically, ODP has made changes to the EIM system's custom report incident deletion screen, individual history access, death incident reports, and restraint incident reports, and has added pages with steps designed to prevent the occurrence of similar future incidents. Prior Recommendation: Develop a Policy for Periodically Matching Medicaid Emergency Room Visit and Acute-Care Hospital Stay Claims to 24-Hour Reportable Incidents Recorded in the Incident Reporting System ODP developed a dashboard with a technology vendor to assist with matching emergency room and hospital claims to incident reports and has completed a pilot program using this dashboard in one region. Specifically, the goal of this pilot program was to match Medicaid claims data against EIM incident data to identify situations in which events were unreported, underreported, or reported but in need of additional followup actions. As a result of this pilot, in May 2022, ODP provided the results of the record review for 73 claims that needed followup by the regional office. The incidents identified showed that abuse may have occurred. The regional office addressed 58 of the claims by generating 43 incident reports and 3 mortality reviews. It concluded that 12 claims did not require reporting, and 15 claims are still under review. As part of the pilot program, ODP developed a listing of ICD-10 diagnosis codes that may indicate a reportable condition and used it to determine whether medical emergencies may have been the result of abuse or neglect.16 Additionally, the data generated by the pilot 16 The appendix to the State agency's pilot program results contains a complete list of the ICD-10 codes indicative of abuse or neglect. Pennsylvania Implemented Our Prior Audit Recommendations for Critical Incidents (A-03-22-00202) 10 program will be used to identify providers and service locations that may have quality, risk, and incident management processes in need of systemic improvement. ODP has also introduced system-generated alerts within the EIM system to identify unreported critical incidents related to medication errors or restraint incident reports that contain criteria that indicate abuse, neglect, or a rights violation. In addition, ODP established a partnership with the Pennsylvania Department of Health to gain access to the State's Pennsylvania Patient and Provider Network (P3N). P3N is a web-based portal interface for hospital electronic medical record systems. Gaining access to P3N will allow ODP to access and review medical records in near-real-time to identify incidents and potentially highlight the results of abuse and neglect. Not All Acute-Care Hospital Stays Were Reported The HCBS consolidated waiver, Appendix G-1(b) requires providers and supports coordination organizations to report to the State agency and administrative entities incidents involving Medicaid waiver participants with developmental disabilities. Examples of incidents that must be reported to the State agency within 24 hours of discovery or occurrence include abuse, neglect, inpatient admission to a hospital, and death regardless of cause. During our audit period, the State agency instructed providers to report incidents as outlined in 55 Pennsylvania Code section 6000.922, which also listed hospitalizations as a reportable incident. In addition, 55 Pennsylvania Code section 6000.922 stated that hospital stays must be reported within 24 hours after incident occurrence. See Appendix C for types of incidents and timelines for reporting. Unreported Acute-Care Hospital Stays We determined that 359 of the 5,160 acute-care hospital stays (7 percent) were not reported. This is a significant improvement from our previous report, which found that 2,078 of 7,787 (27 percent) of acute-care hospital stays were not reported in the incident reporting system. This is a 74-percent reduction in unreported acute-care hospital stays. However, because the community-based providers did not report to the State agency 7 percent of acute-care hospital stays, the State agency needs to continue to take action to further reduce unreported incidents. See Table 2 on the following page. Pennsylvania Implemented Our Prior Audit Recommendations for Critical Incidents (A-03-22-00202) 11 Table 2: Unreported Acute-Care Hospital Stays Unreported Reported Total Percent Incidents* Incidents† Incidents Unreported Acute-Care Hospital Stays Previous Audit 2,078 5,709 7,787 27% 2015 and 2016 Followup Audit July 1, 2020 – June 30, 359 4,801 5,160 7% 2021 Percent reduction in unreported claims‡ 74% *Incidents recorded in MMIS and meeting 24-hour reportable incident requirements but not reported in the State agency's incident reporting system †Incidents in the State agency's incident reporting system ‡We calculated the percent reduction in unreported claims using the following formula: (followup audit percent – previous audit percent) ÷ previous audit percent = percent unreported Not All Emergency Room Visits Were Reported Appendix G-1 of the HCBS consolidated waiver was updated in July 2017. Before the update, the waiver included emergency room visits as a reportable incident. The updated waiver no longer lists "emergency room visits" as a discrete reportable incident category but does list reportable incidents that may be associated with emergency room visits, including abuse, neglect, suicide, and injuries requiring treatment beyond first aid. During our audit period, Pennsylvania's interim operational instructions for reporting incidents had not changed to exclude emergency room visits from reporting. Specifically, ODP issued ODP Announcement 20-107, which stated that due to the impacts of COVID-19, modifications to the incident reporting system were delayed until July 1, 2021, and that, as the system transitioned to comply with the new incident reporting requirements, providers would continue to report and investigate incidents as outlined in the Incident Management Statement of Policy (55 Pennsylvania Code chapter 6000 subchapter Q), which included emergency room visits as a 24-hour reportable incident category. Thus, community-based providers were still instructed to report emergency room visits during our audit period. (See Appendix C.) Unreported Emergency Room Visits Although not required by the consolidated waiver, the reporting of emergency room visits was not consistent with ODP's interim operational instructions. Specifically, we found that 10,852 emergency room visits that may be associated with abuse, neglect, suicide, or injuries requiring Pennsylvania Implemented Our Prior Audit Recommendations for Critical Incidents (A-03-22-00202) 12 treatment beyond first aid (of the 48,044 total incidents) were not reported (23 percent). 17 Our previous audit found that 18,880 of all 43,029 emergency room visits (44 percent) were not reported in the incident reporting system. 18 We were unable to make a direct comparison to the previous report because the HCBS consolidated waiver criteria changed. These numbers are intended to highlight that action may still be needed to improve reporting. Actions to Improve Detection of Unreported Incidents Are Still Being Implemented State agency officials stated that the State agency relies on community-based providers and supports coordinators to report 24-hour reportable incidents. In addition, current controls to detect unreported 24-hour reportable incidents included State agency visits and annual provider monitoring by administrative entities. Even so, the State agency's providers are still not always reporting acute-care hospital stays, and the supports coordinators are not identifying the unreported incidents and informing the providers. Similarly, the State agency's pilot program identified that, in some cases, either supports coordinators did not notify providers that a 24-hour reportable incident had occurred, or providers, even when prompted, did not report the incident. Without timely incident reporting, the State agency is not always able to take prompt action to protect waiver participants' health, safety, and rights. Since our previous audit, the State agency updated policies and procedures, created several new trainings for providers and supports coordinators, and introduced system-generated alerts. These actions will be significantly enhanced by the pilot program roll-out that will identify incidents that were unreported, underreported, or reported but in need of additional followup actions as well as identify providers that may have incident management processes in need of systemic improvement. RECOMMENDATIONS We recommend that the Pennsylvania Department of Human Services continue to improve its controls regarding the reporting and monitoring of 24-hour reportable incidents involving 17 In calculating the 10,852 unreported emergency room visits, we eliminated routine and followup visits and diagnosis codes that were not associated with a reportable condition such as abuse, neglect, suicide, or injury requiring treatment beyond first aid. 18 Our previous report contained findings regarding emergency room visits, which was a reportable incident category under the waiver in effect during our previous audit. Pennsylvania Implemented Our Prior Audit Recommendations for Critical Incidents (A-03-22-00202) 13 Medicaid waiver participants with developmental disabilities residing in community-based settings. Specifically, we recommend that the Pennsylvania Department of Human Services: 19 • continue working with community-based providers to ensure that all community-based providers' staff identify and understand the requirements for reporting 24-hour reportable incidents within required timeframes, • provide targeted training to community-based providers that repeatedly do not report 24-hour reportable incidents, • expand the pilot program to other regions to periodically match Medicaid claims with diagnosis codes indicating potential abuse or neglect to 24-hour reportable incidents recorded in the incident reporting system, and • continue working with supports coordinators to ensure they verify with the community- based provider that incidents that they are aware of are reported in the EIM system. STATE AGENCY COMMENTS In written comments on our draft report, the State agency concurred with all of our recommendations and outlined corrective actions that it has taken and plans to take to address our recommendations. These corrective actions include: (1) developing and supplementing existing trainings to improve providers' understanding of the rules and requirements with regards to critical incident recognition, reporting, investigating, and corrective action development to prevent critical incidents; (2) developing a visual analytic dashboard tool to identify providers that repeatedly do not report 24-hour incidents within the required timeframes; (3) expanding its pilot program to all regions and matching claims against reportable incidents; (4) developing training for supports coordinators to raise awareness of reporting requirements and availability of controls to help verify that all recognized incidents are reported. We agree with the corrective actions that the State agency has taken and plans to take to address our recommendations. The State agency's comments are included in their entirety as Appendix D. 19 Three recommendations are updated versions of the recommendations from our prior audit; the State agency is still implementing these recommendations, and we have updated our recommendations to reflect actions that the State agency should continue to take and additional actions that are still needed. We also added a fourth recommendation. Pennsylvania Implemented Our Prior Audit Recommendations for Critical Incidents (A-03-22-00202) 14 APPENDIX A: AUDIT SCOPE AND METHODOLOGY SCOPE Our audit covered 17,924 emergency room visit claims and 3,033 hospitalization visit claims that the State agency paid on behalf of Medicaid waiver participants with developmental disabilities residing in community-based settings from July 2020 through June 2021. Our audit objective did not require an understanding or assessment of the State agency's or ODP's complete internal control structure. We limited our review of internal controls to obtaining an understanding of ODP's policies and procedures related to the reporting and monitoring of critical incidents. We conducted our audit from December 2021 through February 2023. METHODOLOGY To accomplish our audit objective, we: • reviewed applicable Federal waiver and State requirements; • held discussions with CMS officials to gain an understanding of the HCBS consolidated waiver for waiver participants with developmental disabilities residing in community- based settings; • obtained from the State agency a computer-generated file of eligibility information for all 18,812 Medicaid waiver participants with developmental disabilities covered by the HCBS consolidated waiver and residing in community-based settings during 2020 and 2021; • obtained from Pennsylvania's MMIS a computer-generated file containing claims for emergency room visits and acute-care hospital stays during State fiscal year 2021 for Medicaid waiver participants with developmental disabilities covered by the HCBS consolidated waiver; • obtained from the incident reporting system database 37,192 incident reports from July 1, 2020, through June 30, 2021, submitted on behalf of waiver participants covered by the HCBS consolidated waiver; • matched the MMIS medical claims data for the 17,924 emergency room visits for waiver participants covered by the HCBS consolidated waiver to the incident reporting system databases to determine which claims for emergency room visits did not have corresponding 24-hour reportable incidents reported in the incident reporting system; Pennsylvania Implemented Our Prior Audit Recommendations for Critical Incidents (A-03-22-00202) 15 • for emergency room visits, we eliminated routine and followup visits and diagnosis codes that were not associated with a reportable condition such as abuse, neglect, suicide, or injuries requiring treatment beyond first aid. • matched the MMIS medical claims data for the 3,033 acute-care hospital stays for waiver participants covered by the HCBS consolidated waiver to the incident reporting system databases to determine which claims for acute-care hospital stays did not have corresponding 24-hour reportable incidents reported in the incident reporting system; and • discussed the results of our audit with State agency officials. We conducted this performance audit in accordance with generally accepted government auditing standards. Those standards require that we plan and perform the audit to obtain sufficient, appropriate evidence to provide a reasonable basis for our findings and conclusions based on our audit objectives. We believe that the evidence obtained provides a reasonable basis for our findings and conclusions based on our audit objectives. Pennsylvania Implemented Our Prior Audit Recommendations for Critical Incidents (A-03-22-00202) 16 APPENDIX B: RELATED OFFICE OF INSPECTOR GENERAL REPORTS Report Title Report Number Date Issued Iowa Implemented Most Of Our Prior Audit Recommendations and Generally Complied With Federal and State Requirements A-07-21-06105 11/9/2022 for Reporting and Monitoring Major Incidents Maine Implemented Our Prior Audit Recommendations and Generally Complied With Federal and State Requirements for A-01-20-00007 06/6/2022 Reporting and Monitoring Critical Incidents Massachusetts Implemented Our Prior Audit Recommendations and Generally Complied With Federal and State Requirements A-01-20-00003 04/25/2022 for Reporting and Monitoring Critical Incidents South Carolina Did Not Fully Comply With Requirements for Reporting and Monitoring Critical Events Involving Medicaid A-04-18-07078 04/01/2022 Beneficiaries With Developmental Disabilities Arkansas Did Not Fully Comply With Federal and State Requirements for Reporting and Monitoring Critical Incidents A-06-17-01003 12/22/2021 Involving Medicaid Beneficiaries With Developmental Disabilities California Did Not Fully Comply With Federal and State Requirements for Reporting and Monitoring Critical Incidents A-09-19-02004 9/22/2021 Involving Medicaid Beneficiaries With Developmental Disabilities Louisiana Did Not Fully Comply With Federal and State Requirements for Reporting and Monitoring Critical Incidents A-06-17-02005 5/5/2021 Involving Medicaid Beneficiaries With Developmental Disabilities New York Did Not Fully Comply With Federal and State Requirements for Reporting and Monitoring Critical Incidents A-02-17-01026 2/16/2021 Involving Medicaid Beneficiaries With Developmental Disabilities Texas Did Not Fully Comply With Federal and State Requirements for Reporting and Monitoring Critical Incidents A-06-17-04003 7/9/2020 Involving Medicaid Beneficiaries With Developmental Disabilities Iowa Did Not Comply With Federal and State Requirements for Major Incidents Involving Medicaid Members With A-07-18-06081 3/27/2020 Developmental Disabilities Pennsylvania Did Not Fully Comply With Federal and State Requirements for Reporting and Monitoring Critical Incidents A-03-17-00202 1/17/2020 Involving Medicaid Beneficiaries With Developmental Disabilities Pennsylvania Implemented Our Prior Audit Recommendations for Critical Incidents (A-03-22-00202) 17 A Resource Guide for Using Diagnosis Codes in Health Insurance A-01-19-00502 7/23/2019 Claims To Help Identify Unreported Abuse or Neglect Alaska Did Not Fully Comply With Federal and State Requirements for Reporting and Monitoring Critical Incidents A-09-17-02006 6/11/2019 Involving Medicaid Beneficiaries With Developmental Disabilities Ensuring Beneficiary Health and Safety in Group Homes Through Joint Report* 1/17/2018 State Implementation of Comprehensive Compliance Oversight Maine Did Not Comply With Federal and State Requirements for Critical Incidents Involving Medicaid Beneficiaries With A-01-16-00001 8/9/2017 Developmental Disabilities Massachusetts Did Not Comply With Federal and State Requirements for Critical Incidents Involving Developmentally A-01-14-00008 7/31/2016 Disabled Medicaid Beneficiaries Connecticut Did Not Comply With Federal and State Requirements for Critical Incidents Involving Developmentally A-01-14-00002 5/25/2016 Disabled Medicaid Beneficiaries Review of Intermediate Care Facilities in New York With High Rates of Emergency Room Visits by Intellectually Disabled A-02-14-01011 9/28/2015 Medicaid Beneficiaries Pennsylvania Implemented Our Prior Audit Recommendations for Critical Incidents (A-03-22-00202) 18 APPENDIX C: FEDERAL WAIVER AND STATE REQUIREMENTS MEDICAID HOME AND COMMUNITY-BASED SERVICES WAIVER States must provide certain assurances to CMS to receive approval for an HCBS waiver, including that necessary safeguards have been taken to protect the health and welfare of the waiver participants of the service (42 CFR § 441.302). The State agency must provide CMS with information regarding these participant safeguards in its HCBS waiver, Appendix G, Participant Safeguards. Each State agency must provide assurances regarding three main categories of safeguards: • response to critical events or incidents (including alleged abuse, neglect, and exploitation); • safeguards concerning restraints and restrictive interventions; and • medication management and administration. HCBS Waiver, Appendix G-1, Participant Safeguards: Response to Critical Events or Incidents, G-1(b), "State Critical Event or Incident Reporting Requirements" This section of the waiver states that when an event occurs, or is alleged to have occurred, that is considered an incident according to policy, the initial notification is made by the reporting entity (provider or supports coordination organization) by submitting the first section of the incident report to ODP and the administrative entity within 24 hours of discovery or recognition. This first section of the incident report includes a description of the event, the incident category, and the action taken to ensure the health and safety of the individual. Once the initial notification is submitted, the administrative entity will review this first section to ensure that prompt action was taken to protect the waiver participant's health, safety, and rights. If the actions taken are insufficient, the administrative entity will contact the reporting provider and direct additional actions. All incidents are investigated to rule out or identify instances of abuse, neglect, or exploitation. In addition, certain categories of incidents must be investigated by an ODP-certified investigator. These categories include incidents of abuse, neglect, misuse of funds, death, and rights violation. Misuse of funds and rights violations are considered exploitation. The types of incidents that require reporting within 24 hours of occurrence or discovery are: • death, • a physical act by an individual to commit suicide, • inpatient admission to a hospital, • abuse, Pennsylvania Implemented Our Prior Audit Recommendations for Critical Incidents (A-03-22-00202) 19 • neglect, • exploitation, • an individual who is missing for more than 24 hours or who could be in jeopardy if missing at all, • law enforcement activity that occurred during the provision of an HCBS waiver service or for which an individual is the subject of a law enforcement investigation that may lead to criminal charges against the individual, • injury requiring treatment beyond first aid, • fire requiring the services of the fire department not including responses to false alarms, • emergency closure, • a violation of individual rights, and • theft or misuse of individual funds. HCBS Waiver, Appendix G-1, Participant Safeguards: Response to Critical Events or Incidents, G-1(d) "Responsibility for Review of and Response to Critical Events or Incidents" ODP and administrative entities both receive initial notifications within the EIM system when the incident report is submitted by a provider. It is ODP policy that an administrative entity evaluates the report within 24 hours of the initial notification. ODP also requires separation of the victim from the alleged perpetrator when the victim's health and safety are jeopardized. Separation may include suspending or terminating the alleged target. This section of the waiver also provides details about ODP's policy on incident management and investigations. Incidents of abuse, neglect, misuse of funds, rights violations, and death are investigated by persons that have completed the Department's approved certification course. Certified Investigators follow protocols established by ODP as part of the investigatory process. The provider then completes and finalizes the report, including the investigation summary, within 30 days of the incident. The administrative entity and ODP evaluate all finalized reports within 30 days of their notification and approve reports if they meet certain requirements related to the protection of the participant's health, safety, and rights through proper resolution of the incident. HCBS Waiver, Appendix G-1, Participant Safeguards: Response to Critical Events or Incidents, G-1(e) "Responsibility for Oversight of Critical Incidents and Events" This section of the waiver states that ODP is responsible for the oversight of and response to incidents that affect waiver participants. ODP evaluates all finalized reports and completes a Pennsylvania Implemented Our Prior Audit Recommendations for Critical Incidents (A-03-22-00202) 20 management review within 30 days after the AE approves the incident report. This oversight occurs on an ongoing basis. ODP identifies factors that put participants at risk and facilitates the development of interventions and improvement activities to mitigate future risk or reoccurrence. HCBS Waiver, Appendix G, Participant Safeguards, Quality Improvement: Health and Welfare, (a)(i), "Methods for Discovery: Health and Welfare," (a) "Sub-Assurances" This section of the waiver states that the State agency must demonstrate on an ongoing basis that it identifies, addresses, and seeks to prevent instances of abuse, neglect, exploitation, and unexplained death. The State agency must review deaths to determine the number and percentage of deaths by cause of death and determine the number and percent of deaths examined according to State protocols. PENNSYLVANIA STATUTES Older Adults Protective Services Act (Act 79 of 1987, P.L. 381) Chapter 7, "Reporting Suspected Abuse by Employees," codified at 35 P.S. §§ 10225.101-10225.5102 For participating waiver participants aged 60 and older, Pennsylvania's Older Adults Protective Services Act specifies that a provider's employee or administrator who has reasonable cause to suspect that a beneficiary is the victim of sexual abuse, serious physical injury, or serious bodily injury, or that a death is suspicious, must immediately contact appropriate law enforcement officials to make an oral report. Within 48 hours of making the oral report, the provider's employee and administrator must submit a written report to appropriate law enforcement officials. Adult Protective Services Act (Act 70 of 2010, P.L. 484) Chapter 5, "Reporting Suspected Abuse by Employees," codified at 35 P.S. §§ 10210.101-10210.704 For participating waiver participants between the ages of 18 and 59, this act mandates that a provider's employee or administrator who has reasonable cause to suspect that a beneficiary is the victim of sexual abuse, serious injury, or serious bodily injury, or has reasonable cause to suspect that a death is suspicious, must immediately contact the appropriate law enforcement officials to make an oral report. Within 48 hours of making the oral report, the provider's employee and administrator must submit a joint written report to appropriate law enforcement officials. Pennsylvania Consolidated Statutes, Title 18, sections 2713 and 2713.1 (ACT 28/26) This statute requires the State agency to immediately report the abuse or neglect of a care- dependent person to the Office of Attorney General or to local law enforcement. Pennsylvania Implemented Our Prior Audit Recommendations for Critical Incidents (A-03-22-00202) 21 PENNSYLVANIA REQUIREMENTS REGARDING REPORTABLE INCIDENTS 55 Pennsylvania Code § 6000.921, Categories of incidents This section of the Pennsylvania Code states that there are different categories of incidents that must be reported in the incident reporting system. There are categories of incidents that must be reported within 24 hours of discovery or recognition and those that are to be reported within 72 hours. For the incidents that require reporting within 24 hours, the first section of the incident report must be completed in the incident reporting system within 24 hours. This first section includes a minimum data set (individual and provider demographics, actions taken to protect the individual and description of the incident, and the category of incident). The final section of the incident report includes additional information about the incident, any required investigation, and corrective actions. The final section must be completed within 30 days of recognition or discovery of the incident. This section also states that providers, supports coordination entities, counties, and ODP must be vigilant in reporting to law enforcement any incident in which there is a suspected crime. 55 Pennsylvania Code § 6000.922, Incidents to be reported within 24 hours This section lists the categories of incidents to be reported within 24 hours and defines each category. The following are categories of incidents to be reported within 24 hours after the occurrence of the incident: • abuse, • death, • disease reportable to the Department of Health, • emergency closure, • emergency room visits, • fire, • hospitalization, • individual-to-individual abuse, • injury requiring treatment beyond first aid, • law enforcement activity, • missing persons, Pennsylvania Implemented Our Prior Audit Recommendations for Critical Incidents (A-03-22-00202) 22 • misuse of funds, • neglect, • psychiatric hospitalization, • rights violation, and • suicide attempts. 55 Pennsylvania Code § 6100.401, Types of Incidents and timelines for reporting This section lists the categories of incidents, alleged incidents, and suspected incidents that the provider must report through the State agency's information management system within 24 hours of discovery by a staff person. The categories are: • death; • a physical act by an individual in an attempt to complete suicide; • inpatient admission to a hospital; • abuse, including abuse to an individual by another individual; • neglect; • exploitation; • an individual who is missing for more than 24 hours or who could be in jeopardy if missing for any period of time; • law enforcement activity that occurs during the provision of a service for which an individual is the subject of a law enforcement investigation that may lead to criminal charges against the individual; • injury requiring treatment beyond first aid; • fire requiring the services of the fire department, with the exception of false alarms; • emergency closure; • theft or misuse of individual funds; and • a violation of individual rights. Pennsylvania Implemented Our Prior Audit Recommendations for Critical Incidents (A-03-22-00202) 23 55 Pennsylvania Code § 6100.402, Incident investigation This section lists the types of incidents which need investigations conducted. The providers duties are also listed in this section. See below: a) The provider shall take immediate action to protect the health, safety and well-being of the individual following the initial knowledge or notice of an incident, alleged incident, or suspected incident. b) The provider shall initiate an investigation of an incident, alleged incident, or suspected incident within 24 hours of discovery by a staff person. c) A Department-certified incident investigator shall conduct the investigation of the following incidents: (1) death that occurs during the provision of a service; (2) inpatient admission to a hospital as a result of an accidental or unexplained injury or an injury caused by a staff person, another individual or during the use of a restraint; (3) abuse; (4) neglect; (5) exploitation; (6) injury requiring treatment beyond first aid as a result of an accidental or unexplained injury or an injury caused by a staff person, another individual or during the use of a restraint; (7) Theft or misuse of individual funds; and (8) A violation of individual rights. Pennsylvania Implemented Our Prior Audit Recommendations for Critical Incidents (A-03-22-00202) 24 APPENDIX D: STATE AGENCY COMMENTS COlalONWEALlM OF PENNSYLVANA. DEPMTMENT OF I-IJMJIN SERVICES lllV 11 2023 Ms. Nicole Freda Rllglonal lnspedlll' General br Audit s«vlces Department t:I Heath and Himan Sen.Ices Office d lnspeclllr General Office t:I Audi Sen.Ices, Region 111 801 Marl<et Slree~ Sule 8500 Phllade.,hla, Pemsylvanla 19107 Dear Ms. Freda: The Department of Human Services (OHS) has recellled the drlllt report nl.fflber A-03-22--00202 tilled · ~nnsytvanla Implemented Our Prior Audit Recommendations for Cri1ical Incidents Involving Medcakl Enrolees With Oevelopmertal Dlsabillies b<JI Shoukl Continue To Take Adbn To Reduc,e l.klreported lnci::lerts•. The objecllveof ttis audl was to determne whether Pems}lvarla Implemented the nia,mmendations from the prior audit titled "Pennsylvania Oki Not Fuly Comply With Federal and State Requliemenls br Reportfrg and Monltorlrg Crtlcal Incidents lmolvi'lg Medcald Beneficiaries Wlh Oevebpmental Dlsabllties (A-03-17-00202r. Our responses to the specific nicommendatbns a,e bebw. Office of Inspector Gen•al (OIG) Recomm.,datlon 1: We nia,mmend that the Pennsylvania Oepa:tment rl Himan Sen.Ices continue W011dng with commurlty-based providers to en9Jr& that au communly-besed providers' staff klertify and understand the reqlimmerts for mportlrll 24-hour mpol1able Incidents ..ithln requi'ed trnef,ames. Department ol Humen Services (OHS) Response: OHS concurs with this mccmmendallon. OHS contirues to develop and supplemert exlstirg trainlrgs 10 mprove prololde,s' staff <nlerstandlng of existing rlies and requremerts with regards to critical fneldert iecognltlon, reporting, nvestigatbn, and oorrectlve action development to pmvert crtical ncldent mcun-ence. OIG Recommendation 2: We nicommend that the ~nnsytvanla Oepa:tment of Human s«vlces provkle targeted t,alrlng to communly.based provklers that repeatedly do not report 24-hour mpol1able fncklerts. Oept.tf SCll!llliyb~b P.O. Bea: 26751 ~ - M 171051717.78'..,.22 I Foex 717.7722C9J 1- ..d'ls.f&OCJII' Pennsylvania Implemented Our Prior Audit Recommendations for Critical Incidents (A-03-22-00202) 25 Ms. Nioole Freda 2 OHS Response: DHS concurs with this reoommendation. Since the innial audit. OHS developed visual analytic dashboard tool s that identify pro'Jide rs !flat rcpoatodly do not report 24-ho ur reportable Incidents whhln required limeframes. This tool assists state and Admi nistrative Entity staff by identifying providers mc,st in need of targeted technieal assistanoe and additional trai ni ng to ur.derstand reporting requirements. lnS\ructions tc Administrative Eni ities on the,ir responsibil.f y to utilize the dashboard fincfings were sh ared 11) NCIYit::fflb er 2 022. T1ai 1U111;::t w c:, :s t.:u1 1Lluc.;l ~ C1111nJ ltst.:lu1iit;..tl c:1~si:slc:11rM.:11:, n,; 1-110\l'iLh:::,i,J both on e routine basis and as needed. OHS" Office of Developmental Programs (ODP) is actively updating the A dministrative Enfhy Opera1ing Agreement. which in its d raft form details the ongoing responsibil ity to carry out the actions outfoed in the incident reporting fidelity process. OIG Reeommendatlon 3: We recommend \hat lhe Pennsylvania Department of Human Services expand the pilot program to other regions to perlodlcally match Medicaid ctaims with diagnosis oodes indicali ng potential abuse or neglect to 24-hour reporlHble incidenb reourded fn the incident reporting sy&Rm. OHS Response: OHS concurs with th.'s reeommenciation. OHS expanded the pfot prog ram to al l reg ions witl1in the state in calendar year 2022. OHS also continues lo lmbed the matching of Medicaid claims against re-portable inciaents into existing oversight and monitoring acti ~ities . OIG R•commendallon 4 : We recommend that Ille Pennsylllanla Department of Human Services continue 1-'.<i rking with supports cooru inators to ensure they verify with the oommuni{y-O"sed provider that i ncidents t hat they are aware of are reported in the [Enterpnse fncldent Management) EIM system. OHS Response : DHS concurs with t his recommendation_ In add ttion to provider training development. OHS conl inues to develop training 1or supports ooord:nators to raise awareness of reporting requirements and avai!abitily of controls to help verify that all incidents recognized ar& reported within the EIM system. Th,:mk you for the opportunity to respond to thi:s:; draft report. If you hav~ any questions or concerns regarding this response . please contact Mr. David R. Bryan, manager. AUd~ Resolution Sect ion. Bureau of Financial Oper,)fions. at 717-783-72 17, or via email a1 davb ryan@pa.gov. Sincerely, ~ _.,d',..A:.. Stephani e Shelf Deputy Secretary for Ad ministration c: Mr. Charles Hubbs, Assistant Regional Inspector General l,'lr. Davi<! R. Bryan Pennsylvania Implemented Our Prior Audit Recommendations for Critical Incidents (A-03-22-00202) 26