◆ The Office of Management and Budget (OMB) is planning to revise the Uniform Administrative Requirements, Cost Principles, and Audit Requirements for Federal Awards, also known as the Uniform Guidance (UG), by the end of this year. According to a request for information (RFI) in the Feb. 9 Federal Register, revisions would incorporate statutory requirements and administration priorities, reduce agency and recipient burden and clarify “sections that recipients or agencies have interpreted in different ways.” OMB also aims to “clarify guidance by rewriting applicable sections in plain English, improving flow, and addressing inconsistent use of terms.” In addition to the UG, OMB said revisions may also address the universal identifier, systems for award management, subaward reporting and executive compensation. OMB asked four questions to help guide responses to the RFI.
In the same edition of the Federal Register, OMB published a proposed rule to “improve uniformity and consistency” of implementation of requirements in the Infrastructure Investment and Jobs Act, specifically requirements that federal infrastructure projects use only “iron, steel, manufactured products, and construction materials … produced in the United States.” The provisions are part of the Build America, Buy America Act that were rolled into the infrastructure law. The deadline for comments on both the RFI and proposed rule is March 13. (2/16/23)
◆ NIH will host a workshop on Feb. 27 to “share key points and themes from community conversations NIH has held across the country on the uses of personal health data in research,” the Office of Science Policy (OSP) announced. To be held at the University of California, San Diego, the workshop will be webcast and will feature four panels of speakers, including “ethicists, biomedical researchers, technology engineers and developers, public health experts, and clinician researchers who might utilize novel technologies to generate data.” Time is allotted for public participation during the workshop, scheduled to run from noon to 8 p.m. Eastern Standard Time.
Discussions will address “how public feedback can help inform the use of new types of data (e.g., wearable devices, smart sensors, social media), new types of analysis (e.g., Artificial Intelligence and Machine Learning), and data linkage and aggregation in research.” OSP said the workshop “will be used to help inform deliberations related to the latest charge to the Novel and Exceptional Technology and Research Advisory Committee” and will “inform OSP’s ongoing efforts to ensure public engagement is at the foundation of policy development.” (2/16/23)
◆ A hacking that occurred seven years ago involving medical records for 2.8 million individuals has cost Banner-University Medicine $1.25 million, the HHS Office for Civil Rights (OCR) announced Feb. 2. In addition to the payment, Banner officials agreed to implement a corrective action plan (CAP). The settlement resolves allegations that Banner violated HIPAA regulations through the “lack of an analysis to determine risks and vulnerabilities to electronic protected health information across the organization, insufficient monitoring of its health information systems’ activity to protect against a cyber-attack, failure to implement an authentication process to safeguard its electronic protected health information, and failure to have security measures in place to protect electronic protected health information from unauthorized access when it was being transmitted electronically,” according to OCR. Banner did not admit fault as part of the settlement.
In July 2016, a hacker “accessed protected health information that included patient names, physician names, dates of birth, addresses, Social Security numbers, clinical details, dates of service, claims information, lab results, medications, diagnoses and conditions, and health insurance information,” the agency said. “OCR’s investigation found evidence of long term, pervasive noncompliance with the HIPAA Security Rule across Banner Health’s organization, a serious concern given the size of this covered entity. Organizations must be proactive in their efforts to regularly monitor system activity for hacking incidents and have measures in place to sufficiently safeguard patient information from risk across their entire network.” Among the actions Banner must take during a two-year CAP include conducting an “accurate, thorough, enterprise-wide analysis of security risks and vulnerabilities that incorporates all electronic equipment, data systems, programs and applications controlled, administered, owned, or shared by Banner or its affiliates … that contain, store, transmit or receive Banner” electronic health information; developing an associated risk management plan; and revising policies and procedures related to information system activity review, person or entity authentication and transmission security. (2/9/23)
◆ The University of North Carolina, Charlotte (UNCC) will repay the National Science Foundation (NSF) $6,048 of more than $31.6 million of costs claimed to NSF from Nov. 1, 2018, to Oct. 31, 2021. After testing approximately $939,000, OIG found $3,322 in inappropriately allocated expenses and $2,726 in unallowable expenses, according to the audit. The $3,322 was for publication costs for one “research article that acknowledged nine funding sources as having contributed to the published research,” however, “six of the nine awards referenced as support were still active at the time of publication,” auditors said. UNCC “acknowledged that the research also benefitted other projects,” auditors said, adding, “UNCC does not appear to have appropriately allocated the expense based on the relative benefit to NSF.” In addition to repayment, “UNCC agreed to work with Principal Investigators and department staff to strengthen its processes to ensure that personnel properly identify, justify, and allocate publication costs benefitting multiple awards.”
The $2,726 in unallowable expenses consisted of gift card “incentive expenses” of $227 in November 2019 and $2,174 in March 2020, as well as $325 in “alcohol expense” incurred in July 2019. UNCC told auditors it will “strengthen its processes to ensure personnel only charge gift card purchases to awards as needed and when used to benefit the award” and “work with Principal Investigators and department staff to strengthen its review process to ensure invoices for hosted events do not include alcohol expenses.” (2/9/23)
◆ Two recent federal reports found fault with HHS’ framework for reviewing research “reasonably anticipated to create, transfer, or use enhanced potential pandemic pathogens” and, more specifically, with NIH’s oversight of awards to EcoHealth Alliance, which drew scrutiny over its subaward to Wuhan Institute of Virology (WIV). In a report issued Jan. 18, the Government Accountability Office (GAO) concluded there are gaps in HHS’ framework and that it needs to work with “funding agencies to develop and document a standard for ‘reasonably anticipated.’” Without changes, the framework “allows for subjective and potentially inconsistent interpretations of the criteria” for enhanced review. GAO also expressed concerns about the transparency of HHS’ “review group and selection criteria for the review group membership” and its lack of oversight of privately funded research. Although not the focus of the report, GAO made note of an NIH award to EcoHealth Alliance, saying the agency applied its standard grant review process rather than the framework because “novel bat coronaviruses—novel coronaviruses that were found to have been naturally occurring and circulating among bats—had not been shown to infect humans; therefore, the viruses being studied did not meet the definition of a potential pandemic pathogen.”
Meanwhile, an audit by the HHS OIG identified deficiencies in NIH’s oversight of three EcoHealth Alliance awards totaling $8 million—expended from 2014 through 2021—including eight subawards of $1.8 million. Auditors took issue with improper termination of a grant to EcoHealth, said the organization failed to report subawards for five years, and was nearly two years late in submitting a progress report—which was due no later than 120 days after a budget period’s end date. WIV is no longer communicating with EcoHealth, and it cannot report required information, OIG said. The audit also found $89,171 in unallowable costs for items such as bonuses, travel, tuition, and excess salaries. EcoHealth, which repaid that amount, posted statements responding to both reports on its website. (2/2/23)
[View source.]