This is the accessible text file for GAO report number GAO-11-530 entitled 'VA Health Care: Actions Needed to Prevent Sexual Assaults and Other Safety Incidents' which was released on June 7, 2011. This text file was formatted by the U.S. Government Accountability Office (GAO) to be accessible to users with visual impairments, as part of a longer term project to improve GAO products' accessibility. Every attempt has been made to maintain the structural and data integrity of the original printed product. Accessibility features, such as text descriptions of tables, consecutively numbered footnotes placed at the end of the file, and the text of agency comment letters, are provided but may not exactly duplicate the presentation or format of the printed version. The portable document format (PDF) file is an exact electronic replica of the printed version. We welcome your feedback. Please E-mail your comments regarding the contents or accessibility features of this document to Webmaster@gao.gov. This is a work of the U.S. government and is not subject to copyright protection in the United States. It may be reproduced and distributed in its entirety without further permission from GAO. Because this work may contain copyrighted images or other material, permission from the copyright holder may be necessary if you wish to reproduce this material separately. United States Government Accountability Office: GAO: Report to the Committee on Veterans' Affairs, House of Representatives: June 2011: VA Health Care: Actions Needed to Prevent Sexual Assaults and Other Safety Incidents: GAO-11-530: GAO Highlights: Highlights of GAO-11-530, a report to the Committee on Veterans’ Affairs, House of Representatives. Why GAO Did This Study: Changes in patient demographics present unique challenges for VA in providing safe environments for all veterans treated in Department of Veterans Affairs (VA) facilities. GAO was asked to examine whether or not sexual assault incidents are fully reported and what factors may contribute to any observed underreporting, how facility staff determine sexual assault-related risks veterans may pose in residential and inpatient mental health settings, and precautions facilities take to prevent sexual assaults and other safety incidents. GAO reviewed relevant laws, VA policies, and sexual assault incident documentation from January 2007 through July 2010 provided by VA officials and the VA Office of the Inspector General (OIG). In addition, GAO visited and reviewed portions of selected veterans’ medical records at five judgmentally selected VA medical facilities chosen to ensure the residential and inpatient mental health units at the facilities varied in size and complexity. Finally, GAO spoke with the four Veterans Integrated Service Networks (VISN) that oversee these VA medical facilities. What GAO Found: GAO found that many of the nearly 300 sexual assault incidents reported to the VA police were not reported to VA leadership officials and the VA OIG. Specifically, for the four VISNs GAO spoke with, VISN and VA Central Office officials did not receive reports of most sexual assault incidents reported to the VA police. Also, nearly two-thirds of sexual assault incidents involving rape allegations originating in VA facilities were not reported to the VA OIG, as required by VA regulation. In addition, GAO identified several factors that may contribute to the underreporting of sexual assault incidents including unclear guidance and deficiencies in VA’s oversight. VA does not have risk assessment tools designed to examine sexual assault-related risks veterans may pose. Instead, VA staff at the residential programs and inpatient mental health units GAO visited said they examine information about veterans’ legal histories along with other personal information as part of a multidisciplinary assessment process. VA clinicians reported that they obtain legal history information directly from veterans, but these self-reported data are not always complete or accurate. In reviewing selected veterans’ medical records, GAO found that complete legal history information was not always documented. In addition, VA has not provided clear guidance on how such legal history information should be collected or documented. VA facilities GAO visited used a variety of precautions intended to prevent sexual assaults and other safety incidents; however, GAO found some of these measures were deficient, compromising facilities’ efforts to prevent sexual assaults and other safety incidents. For example, facilities often used patient-oriented precautions, such as placing electronic flags on high-risk veterans’ medical records or increasing staff observation of veterans who posed risks to others. These VA facilities also used physical security precautions—such as closed-circuit surveillance cameras to actively monitor units, locks and alarms to secure key areas, and police assistance when incidents occurred. These physical precautions were intended to prevent a broad range of safety incidents, including sexual assaults, through monitoring patients and activities, securing residential programs and inpatient mental health units, and educating staff about security issues and ways to deal with them. However, GAO found significant weaknesses in the implementation of these physical security precautions at these VA facilities, including poor monitoring of surveillance cameras, alarm system malfunctions, and the failure of alarms to alert both VA police and clinical staff when triggered. Inadequate system installation and testing procedures contributed to these weaknesses. Further, facility officials at most of the locations GAO visited said the VA police were understaffed. Such weaknesses could lead to delayed response times to incidents and seriously erode efforts to prevent or mitigate sexual assaults and other safety incidents. What GAO Recommends: GAO recommends that VA improve both the reporting and monitoring of sexual assault incidents and the tools used to identify risks and address vulnerabilities at VA facilities. VA concurred with GAO’s recommendations and provided an action plan to address them. View [hyperlink, http://www.gao.gov/products/GAO-11-530] or key components. For more information, contact Randall B. Williamson at (202) 512-7114 or williamsonr@gao.gov. [End of section] Contents: Letter: Background: Nearly 300 Sexual Assault Incidents Were Reported Since 2007 through One of Two VA Reporting Streams: Not All Sexual Assault Incidents Are Reported Due to Unclear Guidance and Insufficient Oversight: Self-Reported Legal Histories Are Commonly Used to Inform Clinicians of Sexual Assault-Related Risks, but Guidance on Information Collection Is Limited: VA Residential and Inpatient Mental Health Settings Use a Variety of Precautions to Prevent Sexual Assaults and Other Safety Incidents, but Serious Weaknesses Were Observed at Selected Facilities: Conclusions: Recommendations for Executive Action: Agency Comments and Our Evaluation: Appendix I: Scope and Methodology: Appendix II: Analysis of VA Police Reports of Sexual Assault Incidents from January 2007 through July 2010: Appendix III: Comments from the Department of Veterans Affairs: Appendix IV: GAO Contact and Staff Acknowledgments: Tables: Table 1: Number of Sexual Assault Incidents by Category Reported to VA Police by Year, January 2007 through July 2010: Table 2: Sexual Assault Incidents Reported to Four Selected VISNs and VHA Central Office Leadership, January 2007 through July 2010: Table 3: Selected VA Medical Facility Definitions of Sexual Assault for the Assessment and Management of Victims of Recent Sexual Assault: Table 4: Physical Security Precautions in Residential Programs and Inpatient Mental Health Units at Selected VA Medical Facilities: Table 5: Weaknesses in Physical Security Precautions in Residential Programs and Inpatient Mental Health Units at Selected VA Medical Facilities: Table 6: Total Sexual Assault Incidents Alleging Rape by Perpetrator and Victim Gender, January 2007 through July 2010: Table 7: Total Sexual Assault Incidents Alleging Rape by Perpetrator and Victim Relationship to VA, January 2007 through July 2010: Table 8: Patient-on-Patient Assault Incidents and Patient-on-Employee Assault Incidents by Type of Sexual Assault Incident, January 2007 through July 2010: Figures: Figure 1: VA Reporting Process for Sexual Assaults and Other Safety Incidents: Figure 2: VHA Central Office Reporting Process for Sexual Assaults and Other Safety Incidents: Figure 3: Number of Sexual Assault Incidents Reported to VA Medical Facility Police by VISN, January 2007 through July 2010: Abbreviations: CWT/TR: compensated work therapy/transitional residence: DOD: Department of Defense: MMPI: Minnesota Multiphasic Personality Inventory: IOC: Integrated Operations Center: NARA: National Archives and Records Administration: NCPS: National Center for Patient Safety: OIG: Office of the Inspector General: OSLE: Office of Security and Law Enforcement: PTSD: post-traumatic stress disorder: RRT: Presidential rehabilitation treatment programs: VA: Department of Veterans Affairs: VHA: Veterans Health Administration: VISN: Veterans Integrated Service Network: [End of section] United States Government Accountability Office: Washington, DC 20548: June 7, 2011: [End of section] The Honorable Jeff Miller: Chairman: The Honorable Bob Filner: Ranking Member: Committee on Veterans' Affairs: House of Representatives: The Department of Veterans Affairs (VA) has developed a number of initiatives in recent years designed to increase veterans' use of VA medical facilities throughout the nation. These initiatives have targeted several specific veteran populations--including women veterans, young veterans from the military operations in Iraq and Afghanistan, and veterans facing legal issues or those currently incarcerated. Such outreach initiatives have increased the number of veterans from these specific populations participating in residential and inpatient mental health care programs at VA medical facilities and have changed the demographics of patients cared for by VA. Such changes in patient demographics along with the department's commitment to providing health care services to all eligible veterans present unique challenges for VA both in providing and maintaining accessible care and keeping veterans and staff safe in VA medical facilities, including those that treat veterans suffering from mental health conditions. During our recent work on services available for women veterans in VA medical facilities, several clinicians raised concerns about the safety of women veterans in mental health programs at one VA medical facility.[Footnote 1] For example, these clinicians raised concerns about the safety of women veterans in a VA residential mental health facility that housed both women veterans and veterans who had committed sexual crimes in the past. Clinicians also expressed concerns about women veterans receiving treatment in the inpatient mental health units of this VA medical facility because they did not feel adequate safety precautions were in place to protect women admitted to these units. These concerns highlight the importance of VA having both effective security precautions in place at its medical facilities, especially those with residential and inpatient mental health programs, and a consistent way to exchange information and facilitate discussions about safety incidents, including sexual assault incidents.[Footnote 2],[Footnote 3] VA has policies in place regarding security precautions in residential and inpatient mental health settings and procedures for reporting and analyzing patient safety incidents through its National Center for Patient Safety (NCPS).[Footnote 4] For example, VA requires that residential and inpatient mental health facilities conduct periodic reviews of the security precautions in use in these settings. Also, VA's NCPS has established procedures for medical facilities to report patient safety incidents that occur in these facilities to leadership officials. You asked us to examine: (1) VA's processes for reporting sexual assault incidents and the volume of these incidents reported in recent years; (2) the extent to which sexual assault incidents are fully reported and what factors may contribute to any observed underreporting; (3) how medical facility staff determine sexual assault-related risks veterans may pose in residential and inpatient mental health settings; and (4) the precautions in place in residential and inpatient mental health settings to prevent sexual assaults and other safety incidents and any weaknesses in these precautions. To examine VA's processes for reporting sexual assault incidents, the volume of these incidents reported in recent years, the extent to which these incidents were fully reported, and factors that may contribute to any observed underreporting, we reviewed relevant VA and Veterans Health Administration (VHA) policies, handbooks, directives, and other guidance documents on the reporting of safety incidents. [Footnote 5] We also interviewed VA and VHA Central Office officials involved with the reporting of safety incidents--including officials with VA's Office of Security and Law Enforcement (OSLE), VHA's Office of the Deputy Under Secretary for Health for Operations and Management, and VHA's Office of the Principal Deputy Under Secretary for Health.[Footnote 6] In addition, we conducted site visits to five VA medical facilities. These judgmentally selected medical facilities were chosen to ensure that our sample: (1) had both residential and inpatient mental health settings; (2) reflected a variety of residential mental health specialties, including military sexual trauma; (3) had medical facilities with various levels of experience reporting sexual assault incidents; and (4) varied in terms of size and complexity.[Footnote 7] During the site visits, we interviewed medical facility leadership officials and residential and inpatient mental health unit managers and staff to discuss their experiences with reporting sexual assault incidents. We also spoke with officials from the four Veterans Integrated Service Networks (VISN) responsible for managing the five selected medical facilities to discuss their expectations, policies, and procedures for reporting sexual assault incidents.[Footnote 8] Information obtained from these VISNs and VA medical facilities cannot be generalized to all VISNs and VA medical facilities. In addition, we interviewed officials from the VA Office of the Inspector General's (OIG) Office of Investigations--Criminal Investigations Division--to discuss information they receive from VA medical facilities about sexual assault incidents that occur in these facilities. Finally, we reviewed documentation of reported sexual assault incidents at VA medical facilities provided by VA's OSLE, the VA OIG, and VISNs from January 2007 through July 2010, to determine the number and types of incidents reported, as well as which VA and VHA offices were notified of those incidents. For this analysis, we used a definition of sexual assault that was developed for the purpose of this report.[Footnote 9] Our analysis of VA police and VA OIG reports was limited to only those incidents that were reported and cannot be used to project the volume of sexual assault incident reports that may occur in future years. Following verification that VA police and VA OIG incidents met our definition of sexual assault and comparisons of sexual assault incidents reported by the two groups within VA, we found data derived from these reports to be sufficiently reliable for our purposes. To examine how medical facility staff determine sexual assault-related risks veterans may pose, we reviewed: (1) relevant VA and VHA policies and procedures and (2) risk assessment policies and procedures from our judgmentally selected sample of VISNs and VA medical facilities' residential and inpatient mental health units. We also interviewed VA, VHA, VISN, and VA medical facility leadership officials and residential and inpatient mental health unit managers and staff regarding the assessment of risks. Finally, to inform our understanding of information collected during this process, we reviewed selected portions of medical records for all veterans at our selected medical facilities who were registered in the state's publicly available sex offender registry and had addresses matching the selected medical facilities' residential or inpatient mental health units. Our review of these records was limited to only those veterans meeting these criteria and should not be generalized to broader VA patient populations. Finally, to examine the precautions in place to prevent sexual assaults and other safety incidents, we reviewed relevant VA, VHA, VISN, and selected medical facility policies related to the security of residential and inpatient mental health programs. We also interviewed VA, VHA, VISN, and selected medical facility officials about the precautions in place to prevent sexual assault incidents and other violent activities in the residential and inpatient mental health units. Finally, to assess any weaknesses in physical security precautions at the VA medical facilities selected for this review, we conducted an independent assessment of the precautions in place at each of our selected medical facilities--including the testing of alarm systems. These assessments were conducted by physical security experts within our Forensic Audits and Investigative Services team using criteria based on generally recognized security standards and selected VA security requirements. Our review of physical security precautions was limited to only those medical facilities we reviewed and does not represent results from all VA medical facilities. For additional details about the scope and methodology used in this report, see appendix I. We conducted our performance audit from May 2010 through June 2011 in accordance with generally accepted government auditing standards. Those standards require that we plan and perform the audit to obtain sufficient, appropriate evidence to provide a reasonable basis for our findings and conclusions based on our audit objectives. We believe that the evidence obtained provides a reasonable basis for our findings and conclusions based on our audit objectives. We conducted our related investigative work in accordance with standards prescribed by the Council of the Inspectors General on Integrity and Efficiency. Background: VHA oversees VA's health care system, which includes 153 medical facilities organized into 21 VISNs. VISNs are charged with the day-to- day management of the medical facilities within their network; however, VHA Central Office maintains responsibility for monitoring and overseeing both VISN and medical facility operations. These oversight functions are housed within several offices within VHA, including the Office of the Deputy Under Secretary for Health for Operations and Management and the Office of the Principal Deputy Under Secretary for Health. Residential Programs: The 237 residential programs in place in 104 VA medical facilities provide residential rehabilitative and clinical care to veterans with a range of mental health conditions. VA operates three types of residential programs in selected medical facilities throughout its health care system: * Residential rehabilitation treatment programs (RRTP). These programs provide intensive rehabilitation and treatment services for a range of mental health conditions in a 24 hours per day, 7 days a week structured residential environment at a VA medical facility. There are several types of RRTPs throughout VA's health care system that specialize in offering programs for the treatment and management of certain mental health conditions--such as post-traumatic stress disorder (PTSD) and substance abuse. * Domiciliary programs. In its domiciliaries, VA provides 24 hours per day, 7 days a week structured and supportive residential environments, housing, and clinical treatment to veterans. Domiciliary programs may also contain specialized treatment programs for certain mental health conditions. * Compensated work therapy/transitional residence (CWT/TR) programs. These programs are the least intensive residential programs and provide veterans with community based housing and therapeutic work- based rehabilitation services designed to facilitate successful community reintegration.[Footnote 10] Security measures that must be in place at all three types of residential programs are governed by VHA's Mental Health RRTP Handbook.[Footnote 11] Among the security precautions that must be in place for residential programs are secure accommodations for women veterans and periodic assessments of facility safety and security features.[Footnote 12] Inpatient Mental Health Units: Most (111) of VA's 153 medical facilities have at least one inpatient mental health unit that provides intensive treatment for patients with acute mental health needs. These units are generally a locked unit or floor within each medical facility, though the size of these units varies throughout VA. Care on these units is provided 24 hours per day, 7 days a week, and is intensive psychiatric treatment designed to stabilize veterans and transition them to less intensive levels of care, such as RRTPs and domiciliary programs. Inpatient mental health units are required to comply with VHA's Mental Health Environment of Care Checklist that specifies several safety requirements for these units, including several security precautions, such as the use of panic alarm systems and the security of nursing stations within these units. Mental Health Admission Screening and Assessment: The admissions processes for both VA residential programs and inpatient mental health units require several assessments that are conducted by an interdisciplinary team--including nursing staff, social workers, and psychologists. One of the commonly used assessments is a comprehensive biopsychosocial assessment. In residential programs, these assessments are required to be completed within 5 days of admission and include the collection of veterans' medical, psychiatric, social, developmental, legal, and abuse histories along with other key information.[Footnote 13] These biopsychosocial assessments aid in the development of individualized treatment plans based on each veteran's individual needs. For inpatient mental health units, initial screening of veterans, including the initial biopsychosocial assessment, often takes place outside the unit in another area of the medical facility where the veteran first presents for treatment, such as the emergency room or a mental health outpatient clinic. Veterans admitted to inpatient mental health units are typically reassessed more frequently than veterans admitted to residential programs due to their instability at the time of admission. VA Law Enforcement Resources: VA's OSLE is the department-level office within VA Central Office responsible for developing policies and procedures for VA's law enforcement programs at local VA medical facilities. Most VA medical facilities have a cadre of VA police officers who are federal law enforcement officers who report to the medical facility's director. These officers are charged with protecting the medical facility by responding to and investigating potentially criminal activities reported by staff, patients, and others within the medical facility and completing police reports about these investigations. VA medical facility police often notify and coordinate with other law enforcement entities, including local area police departments and the VA OIG, when criminal activities or potential security threats occur. The VA OIG has investigators throughout the nation who also conduct investigations of criminal activities affecting VA operations, including reported cases of sexual assault. By regulation, all potential felonies, including rape allegations, must be reported to VA OIG investigators.[Footnote 14] Once a case is reported, VA OIG investigators can either serve as the lead agency on the case or offer to serve as advisors to local VA police or other law enforcement agencies conducting an investigation of the issue. In April 2010, VA established an Integrated Operations Center (IOC) that serves as the department's centralized location for integrated planning and data analysis on serious incidents.[Footnote 15] The VA IOC requires incidents--including sexual assaults--that are likely to result in media or congressional attention be reported to the IOC within 2 hours of the incident. The IOC then presents information on serious incidents to VA senior leadership officials, including the Secretary in some cases. Nearly 300 Sexual Assault Incidents Were Reported Since 2007 through One of Two VA Reporting Streams: VA has two concurrent reporting streams--a management stream and a law enforcement stream--for communicating sexual assaults and other safety incidents to senior leadership officials. The management stream identifies and documents incidents for leadership's attention. The law enforcement stream documents incidents that may involve criminal acts for investigation and prosecution, when appropriate. We found that there were nearly 300 sexual assault incidents reported through the law enforcement stream to the VA police from January 2007 through July 2010--including alleged incidents that involved rape, inappropriate touching, forceful medical examinations, forced or inappropriate oral sex, and other types of sexual assault incidents. Finally, we could not systematically analyze sexual assault incident reports received through VA's management stream due to the lack of a centralized VA management reporting system. VA Uses Two Reporting Streams for Communicating Incidents to Management and Law Enforcement: Policies and processes are in place for documenting and communicating sexual assaults and other safety incidents to VHA management and VA law enforcement officials. VHA policies outline what information staff must report and define some mechanisms for this reporting, but medical facilities have the flexibility to customize and design their own site- specific reporting systems and policies that fit within the broad context of these requirements. VA's structure for reporting sexual assaults and other safety incidents involves two concurrent reporting streams--the management stream and the law enforcement stream. This dual reporting process is intended to ensure that both relevant medical facility leadership and law enforcement officials are informed of incidents and can perform their own separate investigations. (See figure 1 for an illustration of the reporting structure for sexual assaults and other safety incidents.) The reporting processes described below may vary slightly throughout VA medical facilities due to local medical facility policies and procedures. Figure 1: VA Reporting Process for Sexual Assaults and Other Safety Incidents: [Refer to PDF for image: process chart] At the facility level:[A] 1) Staff reports incident: Management stream of reporting: 2) Quality/unit management review. 3) Facility leadership review and determine next reporting steps; Go to step 4; or: Go to step 7. At the VISN level: 4) VISN management review and determine next reporting steps. At the VHA level: 5) VHA management and program offices determine next reporting steps; Go to step 6; or: Go to step 7. At the VA department level: 6) Office of the Secretary reviews reports. At the facility level:[A] Law enforcement stream of reporting: 2a) Facility police generate report and conduct investigation; Go to step 3; or: Go to step 7. At the VA department level: 7) VA IOC receives reports of serious incidents; VA OIG receives reports of and investigates potential felonies[B]; VA OSLE receives electronic reports of all incidents. Go to step 6. [End of figure] [A] Facility reporting processes described in this graphic are based on our review of five selected VA medical facilities. [B] VA OIG receives reports of potential felonies through additional reporting streams, including the VA OIG hotline and congressional contacts. Source: GAO. Management reporting stream. This stream--which includes reporting responsibilities at the local medical facility, VISN, and VHA Central Office levels--is intended to help ensure that incidents are identified and documented for leadership's attention. * Local VA medical facilities. Local incident reporting is the first step in communicating safety issues, including sexual assault incidents, to VISN and VHA Central Office officials and was handled through a variety of electronic facility based systems at the medical facilities we visited. The processes were similar in all five medical facilities we visited and were initiated by the first staff member who observed or was notified of an incident completing an incident report in the medical facility's electronic reporting system. The medical facility's quality manager then reviewed the electronic report, while the staff member was responsible for communicating the incident through his or her immediate supervisor or unit manager. VA medical facility leadership at the locations we visited reported that they are informed of incidents at morning meetings or through immediate communications, depending on the severity of the incident. Medical facility leadership officials are responsible for reporting serious incidents to the VISN. * VISNs. Officials in network offices we reviewed told us that their medical facilities primarily report serious incidents to their offices through two mechanisms--issue briefs and "heads up" messages.[Footnote 16] Issue briefs document specific factual information and are forwarded from the medical facility to the VISN. Heads up messages are early notifications designed to allow medical facility and VISN leadership to provide a brief synopsis of the issue while facts are being gathered for documentation in an issue brief. VISN offices are typically responsible for direct reporting to the VHA Central Office. * VHA Central Office. An official in the VHA Office of the Deputy Under Secretary for Health for Operations and Management said that VISNs typically report all serious incidents to this office. This office then communicates relevant incidents to other VHA offices, including the Office of the Principal Deputy Under Secretary for Health, through an e-mail distribution list. * Law enforcement reporting stream. The purpose of this stream is to document incidents that may involve criminal acts so they can be investigated and prosecuted, if appropriate. The law enforcement reporting stream involves local VA police, VA's OSLE, VA's IOC, and the VA OIG. * Local VA police. At the medical facilities we visited, local policies require medical facility staff to notify the medical facility's VA police of incidents that may involve criminal acts, such as sexual assaults. According to VA officials, when VA police officers observe or are notified of an incident they are required to document the allegation in VA's centralized police reporting system. * VA's OSLE. This office receives reports of incidents at VA medical facilities through its centralized police reporting system. Additionally, local VA police are required to immediately notify VA OSLE of serious incidents, including reports of rape and aggravated assaults. * VA's IOC. Serious incidents on VA property--those that result in serious bodily injury, including sexual assaults--are reported to the IOC either by local VA police or the VHA Office of the Deputy Under Secretary for Health for Operations and Management. Incidents reported to the IOC are communicated to the Secretary of VA through serious incident reports and to other senior staff through daily reports. * VA OIG. Federal regulation requires that all potential felonies, including rape allegations, be reported to VA OIG investigators. [Footnote 17] In addition, VHA policy reiterates this requirement by specifying that the OIG must be notified of sexual assault incidents when the crime occurs on VA premises or is committed by VA employees. [Footnote 18] At the VA medical facilities we visited, officials told us that either the medical facility's leadership team or VA police are responsible for reporting all incidents that are potential felonies to the VA OIG. The VA OIG may also learn of incidents from staff, patients, congressional communications, or the VA OIG hotline for reporting fraud, waste, and abuse. When the VA OIG is notified of a potential felony, their investigators document both their contact with medical facility officials or other sources and the initial case information they receive. Nearly 300 Sexual Assault Incidents Reported to VA Police through the Law Enforcement Stream Since 2007: We analyzed VA's national police files from January 2007 through July 2010 and identified 284 sexual assault incidents reported to VA police during that period.[Footnote 19] These cases included incidents alleging rape, inappropriate touching, forceful medical examinations, oral sex, and other types of sexual assaults (see table 1).[Footnote 20] However, it is important to note that not all sexual assault incidents reported to VA police are substantiated. A case may remain unsubstantiated because an assault did not actually take place, the victim chose not to pursue the case, or there was insufficient evidence to substantiate the case. Due to our review of both open and closed VA police sexual assault incident investigations, we could not determine the final disposition of these incidents.[Footnote 21] Table 1: Number of Sexual Assault Incidents by Category Reported to VA Police by Year, January 2007 through July 2010: Year: 2010[D]; Rape[A]: 14; Inappropriate touch[B]: 44; Forceful medical examination: 3; Forced or inappropriate oral sex: 5; Other[C]: 0; Total: 66. Year: 2009; Rape[A]: 23; Inappropriate touch[B]: 66; Forceful medical examination: 3; Forced or inappropriate oral sex: 3; Other[C]: 9; Total: 104. Year: 2008[E]; Rape[A]: 13; Inappropriate touch[B]: 42; Forceful medical examination: 1; Forced or inappropriate oral sex: 3; Other[C]: 1; Total: 60. Year: 2007[E,F]; Rape[A]: 17; Inappropriate touch[B]: 33; Forceful medical examination: 1; Forced or inappropriate oral sex: 2; Other[C]: 1; Total: 54. Year: Total[G]; Rape[A]: 67; Inappropriate touch[B]: 185; Forceful medical examination: 8; Forced or inappropriate oral sex: 13; Other[C]: 11; Total: 284. Source: GAO (analysis); VA (data). Note: In this report, we use the term sexual assault incident to refer to suspected, alleged, attempted, or confirmed cases of sexual assault. All reports of sexual assault incidents do not necessarily lead to prosecution and conviction. This may be, for example, because an assault did not actually take place or there was insufficient evidence to determine whether an assault occurred. [A] The rape category includes any case involving allegations of rape, defined as vaginal or anal penetration through force, threat, or inability to consent. For cases that included allegations of multiple categories including rape (i.e., inappropriate touch, forced oral sex, and rape) the category of rape was applied. Cases where staff deemed that one or more of the veterans involved were mentally incapable of consenting to sexual activities described in the case were considered rape. [B] The inappropriate touch category includes any case involving only allegations of touching, fondling, grabbing, brushing, kissing, rubbing, or other like-terms. [C] The other category included any allegations that did not fit into the other categories or if the incident described in the case file did not contain sufficient information to place the case in one of the other designated categories. [D] Analysis of 2010 records was limited to only those received by VA police through July 2010. [E] Due to the lack of a centralized VA police reporting system prior to January 2009, VA medical facility police sent reports to VA's OSLE for the purpose of this data request, which may have resulted in not all reports being included in this analysis. [F] Our ability to review files for the entire year was limited because VA police are required to destroy files after 3 years under a records schedule approved by the National Archives and Records Administration (NARA). [G] Cases not reported to VA police were not included in our analysis of sexual assault incidents. [End of table] In analyzing these 284 cases, we observed the following (see appendix II for additional analysis of VA police reports): * Overall, the sexual assault incidents described above included several types of alleged perpetrators, including employees, patients, visitors, outsiders not affiliated with VA, and persons of unknown affiliation. In the reports we analyzed, there were allegations of 89 patient-on-patient sexual assaults, 85 patient-on-employee sexual assaults, 46 employee-on-patient sexual assaults, 28 unknown affiliation-on-patient sexual assaults, and 15 employee-on-employee sexual assaults.[Footnote 22] * Regarding gender of alleged perpetrators, we also observed that of the 89 patient-on-patient sexual assault incidents, 46 involved allegations of male perpetrators assaulting female patients, 42 involved allegations of male perpetrators assaulting male patients, and 1 involved an allegation of a female perpetrator assaulting a male patient. Of the 85 patient-on-employee sexual assault incidents, 83 involved allegations of male perpetrators assaulting female employees and 2 involved allegations of male perpetrators assaulting male employees. We could not systematically analyze sexual assault incidents reported through VA's management stream due to the lack of a centralized VA management reporting system for tracking sexual assaults and other safety incidents. Not All Sexual Assault Incidents Are Reported Due to Unclear Guidance and Insufficient Oversight: Despite the VA police receiving reports of nearly 300 sexual assault incidents since 2007, sexual assault incidents are underreported to officials within the management reporting stream and the VA OIG. Factors that may contribute to the underreporting of sexual assault incidents include the lack of both a clear definition of sexual assault and expectations on what incidents should be reported, as well as deficient VHA Central Office oversight of sexual assault incidents. Sexual Assault Incidents Are Underreported to VISNs, VHA Central Office, and the VA OIG: Sexual assault incidents are underreported to both VHA officials at the VISN and VHA Central Office levels and the VA OIG. Specifically, VISN and VHA Central Office officials did not receive reports of all sexual assault incidents reported to VA police in VA medical facilities within the four VISNs we reviewed. In addition, the VA OIG did not receive reports of all sexual assault incidents that were potential felonies as required by VA regulation, specifically those involving rape allegations. VISNs and VHA Central Office Receive Limited Information on Sexual Assault Incidents: VISNs and VHA Central Office leadership officials are not fully aware of many sexual assaults reported at VA medical facilities. For the four VISNs we spoke with, we reviewed all documented incidents reported to VA police from medical facilities within each network and compared these reports with the issue briefs received through the management reporting stream by VISN officials. Based on this analysis, we determined that VISN officials in these four networks were not informed of most sexual assault incidents that occurred within their network medical facilities.[Footnote 23] Moreover, we also found that one VISN did not report all of the cases they received to VHA Central Office (see table 2). Table 2: Sexual Assault Incidents Reported to Four Selected VISNs and VHA Central Office Leadership, January 2007 through July 2010: VISN: VISN A; Total number of sexual assault incidents reported to VA police from VISN medical facilities[A,B]: 13; Total number of sexual assault incidents reported to VISN leadership by VISN medical facilities: 0; Total number of sexual assault incidents reported by VISNs to VHA Central Office leadership: 0. VISN: VISN B; Total number of sexual assault incidents reported to VA police from VISN medical facilities[A,B]: 21; Total number of sexual assault incidents reported to VISN leadership by VISN medical facilities: 10; Total number of sexual assault incidents reported by VISNs to VHA Central Office leadership: 5. VISN: VISN C; Total number of sexual assault incidents reported to VA police from VISN medical facilities[A,B]: 34; Total number of sexual assault incidents reported to VISN leadership by VISN medical facilities: 4; Total number of sexual assault incidents reported by VISNs to VHA Central Office leadership: 4. VISN: VISN D; Total number of sexual assault incidents reported to VA police from VISN medical facilities[A,B]: 34; Total number of sexual assault incidents reported to VISN leadership by VISN medical facilities: 2; Total number of sexual assault incidents reported by VISNs to VHA Central Office leadership: 2. Source: GAO (data and analysis); VA (data). Note: In this report, we use the term sexual assault incident to refer to suspected, alleged, attempted, or confirmed cases of sexual assault. All reports of sexual assault incidents do not necessarily lead to prosecution and conviction. This may be, for example, because an assault did not actually take place or there was insufficient evidence to determine whether an assault occurred. [A] Cases not reported to VA police were not included in our count of sexual assault incidents. [B] Due to the absence of system wide requirements on what medical facilities must report to these VISNs, we could not determine the accuracy of VISN reporting. [End of table] The VA OIG Did Not Receive Reports of about Two-Thirds of Sexual Assault Incidents Involving Rape Allegations: To examine whether VA medical facilities were accurately reporting sexual assault incidents involving rape allegations to the VA OIG, we reviewed both the 67 rape allegations reported to the VA police from January 2007 through July 2010 and all investigation documentation provided by the VA OIG for the same period. We found no evidence that about two-thirds (42) of these rape allegations had been reported to the VA OIG.[Footnote 24] The remaining 25 had matching VA OIG investigation documentation, indicating that they were correctly reported to both the VA police and the VA OIG. By regulation, VA requires that: (1) all criminal matters involving felonies that occur in VA medical facilities be immediately referred to the VA OIG and (2) responsibility for the prompt referral of any possible criminal matters involving felonies lies with VA management officials when they are informed of such matters.[Footnote 25] This regulation includes rape in the list of felonies provided as examples and also requires VA medical facilities to report other sexual assault incidents that meet the criteria for felonies to the VA OIG.[Footnote 26],[Footnote 27] However, the regulation does not include criteria for how VA medical facilities and management officials should determine whether or not a criminal matter meets the felony reporting threshold. We found that all 67 of these rape allegations were potential felonies because if substantiated, sexual assault incidents involving rape fall within federal sexual offenses that are punishable by imprisonment of more than 1 year. In addition, we provided the VA OIG the opportunity to review summaries of the 42 rape allegations we could not confirm were reported to them by the VA police. To conduct this review, several VA OIG senior-level investigators determined whether or not each of these rape allegations should have been reported to them based on what a reasonable law enforcement officer would consider a felony. According to these investigators, a reasonable law enforcement officer would look for several elements to make this determination, including (1) an identifiable and reasonable suspect, (2) observations by a witness, (3) physical evidence, or (4) an allegation that appeared credible. These investigators based their determinations on their experience as federal law enforcement agents. Following their review, these investigators also found that several of these rape allegations were not appropriately reported to the VA OIG as required by federal regulation. Specifically, the VA OIG investigators reported that they would have expected approximately 33 percent of the 42 rape allegations to have been reported to them based on the incident summary containing information on these four elements. The investigators noted that they would not have expected approximately 55 percent of the 42 rape allegations to have been reported to them due to either the incident summary failing to contain these same four elements or the presence of inconsistent statements made by the alleged victims.[Footnote 28] For the approximately 12 percent remaining, the investigators noted that the need for notification was unclear because there was not enough information in the incident summary to make a determination about whether or not the rape allegation should have been reported to the VA OIG. Several Factors May Contribute to the Underreporting of Sexual Assault Incidents: There are several factors that may contribute to the underreporting of sexual assault incidents to VISNs, VHA Central Office, and the VA OIG-- including VHA's lack of a consistent sexual assault definition for reporting purposes; limited and unclear expectations for sexual assault incident reporting at the VHA Central Office, VISN, and VA medical facility levels; and deficiencies in VHA Central Office oversight of sexual assault incidents. VHA Does Not Have a Consistent Sexual Assault Definition for Reporting Purposes: VHA leadership officials may not receive reports of all sexual assault incidents that occur at VA medical facilities because VHA does not have a VHA-wide definition of sexual assault used for incident reporting. We found that VHA lacks a consistent definition for the reporting of sexual assaults through the management reporting stream at the medical facility, VISN, and VHA Central Office levels. At the medical facility level, we found that the medical facilities we visited had a variety of definitions of sexual assault targeted primarily to the assessment and management of victims of recent sexual assaults. Specifically, facilities varied in the level of detail provided by their policies, ranging from one facility that did not include a definition of sexual assault in its policy at all to another facility with a policy that included a detailed definition. (See table 3.) Table 3: Selected VA Medical Facility Definitions of Sexual Assault for the Assessment and Management of Victims of Recent Sexual Assault: Selected VA medical facility: Facility A; Definitions of sexual assault: Sexual violation of a person (male or female) by the use of force, threat, or intimidation [that] is committed without the consent of the person assaulted. The violent act may or may not include penetration and may be [an] oral, anal, or vaginal violation. Selected VA medical facility: Facility B; Definitions of sexual assault: No definition. Selected VA medical facility: Facility C; Definitions of sexual assault: Conduct of a sexual or indecent nature toward another person that is accompanied by actual or threatened physical force or that induces fear, shame, or mental suffering. Sexual assault may be penetrating (i.e., rape) to include vaginal, anal, and oral penetration, or nonpenetrat[ing] and includes both males and females as victims of this crime. Selected VA medical facility: Facility D; Definitions of sexual assault: Includes incest, oral copulation, penetration, rape, sexual assault, sexual battery, and sodomy which occurs without the consent of a person, or when a person is not capable of giving consent. Sexual abuse also means acts of a sexual nature committed in the presence of a vulnerable adult without that person's informed consent. It includes, but is not limited to, the acts defined in a state statute, fondling, exposure of a vulnerable adult's sexual organs, or the use of a vulnerable adult to solicit for or engage in prostitution or sexual performance. Selected VA medical facility: Facility E; Definitions of sexual assault: Sexual assault is sexual contact of ANY kind against a person's will, brought about by force, threats, or coercion. Source: Selected VA medical facilities. [End of table] Table 19: At the VISN level, VISN officials within the four networks we spoke with reported that they did not have definitions of sexual assault in VISN policies. However, some VISN officials stated they used other common definitions, including those from the National Center for Victims of Crime and The Joint Commission.[Footnote 29],[Footnote 30] Finally, while the VHA Central Office does have a policy for the clinical management of sexual assaults, this policy is targeted to the treatment of victims assaulted within 72 hours and does not include sexual assault incidents that occur outside of this time frame. In addition, neither this definition of sexual assault nor any other is included in VHA Central Office reporting guidance, which specifies the types of incidents that should be reported to VHA management officials. VHA Central Office, VISNs, and VA Medical Facilities' Expectations for Reporting Are Limited and Unclear: In addition to failing to provide a consistent definition of sexual assault for incident reporting, VHA also does not have clearly documented expectations about the types of sexual assault incidents that should be reported to officials at each level of the organization, which may also contribute to the underreporting of sexual assault incidents. Without clear expectations for incident reporting there is no assurance that all sexual assault incidents are appropriately reported to officials at the VHA Central Office, VISN, and local medical facility levels. We found that expectations were not always clearly documented, resulting in either the underreporting of some sexual assault incidents or communication breakdowns at all levels. * VHA Central Office. An official from VHA's Office of the Deputy Under Secretary for Health for Operations and Management told us that this office's expectations for reporting sexual assault incidents were documented in its guidance for the submission of issue briefs. However, we found that this guidance does not specifically reference reporting requirements for any type of sexual assault incidents. As a result, VISNs we reviewed did not consistently report sexual assault incidents to VHA Central Office. For example, officials from one VISN reported sending VHA Central Office only 5 of the 10 issue briefs they received from medical facilities in their network, while officials from two other VISNs reported forwarding all issue briefs on sexual assault incidents they received.[Footnote 31] * VISNs. The four VISNs we spoke with did not include detailed expectations regarding whether or not sexual assault incidents should be reported to them in their reporting guidance, potentially resulting in medical facilities failing to report some incidents.[Footnote 32] For example, officials from one VISN told us they expect to be informed of all sexual assault incidents occurring in medical facilities within their network, but this expectation was not explicitly documented in their policy. We found several reported allegations of sexual assault incidents in medical facilities in this VISN--including three allegations of rape and one allegation of inappropriate oral sex--that were not forwarded to VISN officials. When asked about these four allegations, VISN officials told us that they would only have expected to be notified of two of them--one allegation of rape and one allegation of inappropriate oral sex-- because the medical facilities where they occurred contacted outside entities, including the VA OIG. VISN officials explained that the remaining two rape allegations were unsubstantiated and were not reported to their office; the VISN also noted that unsubstantiated incidents are not often reported to them. * VA medical facilities. At the medical facility level, we also found that reporting expectations may be unclear. In particular, we identified cases in which the VA police had not been informed of incidents that were reported to medical facility staff. For example, we identified VA police files from one facility we visited where officers noted that the alleged perpetrator had been previously involved in other sexual assault incidents that were not reported to the VA police by medical facility staff. In these police files, officers noted that staff working in the alleged perpetrators' units had not reported the previous incidents because they believed these behaviors were a manifestation of the veterans' clinical conditions. We also observed cases of communication breakdowns during our discussions with medical facility officials and clinicians. For example, at one medical facility VA police reported that prior to our arrival they were not immediately informed of an alleged sexual assault incident involving two male patients in the dementia ward that occurred the previous evening. As a result, VA police were unable to immediately begin their investigation because staff from the unit had completed their shifts and left the ward. At another medical facility we visited, quality management staff identified five sexual assault incidents that had not been reported to VA police at the medical facility, despite these incidents being reported to their office. Deficiencies Exist in VHA Central Office Oversight of Sexual Assault Incidents: The VHA Central Office also had deficiencies in several necessary oversight elements that could contribute to the underreporting of sexual assault incidents to VHA management--including information- sharing practices and systems to monitor sexual assault incidents reported through the management reporting stream. Specifically, the VHA Central Office has limited information-sharing practices for distributing information about reported sexual assault incidents among VHA Central Office officials and has not instituted a centralized tracking mechanism for these incidents. Currently, the VHA Central Office relies primarily on e-mail messages to transfer information about sexual assault incidents among its offices and staff (see figure 2). Under this system, the VHA Central Office is notified of sexual assault incidents through issue briefs submitted by VISNs via e-mail to one of three VISN support teams within the VHA Office of the Deputy Under Secretary for Health for Operations and Management.[Footnote 33] These issue briefs are then forwarded to the Director for Network Support within this office for review and follow-up with VA medical facilities if needed.[Footnote 34] Following review, the Director for Network Support forwards issue briefs to the Office of the Principal Deputy Under Secretary for Health for distribution to other VHA offices on a case-by-case basis, including the program offices responsible for residential programs and inpatient mental health units. Program offices are sometimes asked to follow up on incidents in their area of responsibility. Figure 2: VHA Central Office Reporting Process for Sexual Assaults and Other Safety Incidents: [Refer to PDF for image: illustration] At the VHA level: VHA Office of the Deputy Under Secretary for Health for Operations and Management: VISN support staff receive issue briefs from VISNs via e-mail; Director of Network Support reviews and forwards issue briefs[B]. VHA Office of the Principal Deputy Under Secretary for Health: Receives and distributes issue briefs to other VHA offices via e-mail. VHA Program Offices:[A] Program officials receive issue briefs and follow-up with facilities as necessary. Source: GAO. [A] Program offices include those responsible for residential programs and inpatient mental health units. [B] Office of the Deputy Under Secretary for Health for Operations and Management officials reported that they may distribute issue briefs directly to program officials depending on the severity of the incident. [End of figure] We found that this system did not effectively communicate information about sexual assault incidents to the VHA Central Office officials who have programmatic responsibility for the locations in which these incidents occurred. For example, VHA program officials responsible for both residential programs and inpatient mental health units reported that they do not receive regular reports of sexual assault incidents that occur within their programs or units at VA medical facilities and were not aware of any incidents that had occurred in these programs or units. However, during our review of VA police files we identified at least 18 sexual assault incidents that occurred from January 2007 through July 2010 in the residential programs or inpatient mental health units of the five VA medical facilities we reviewed. If the management reporting stream were functioning properly, these program officials should have been notified of these incidents and any others that occurred in other VA medical facilities' residential programs and inpatient mental health units.[Footnote 35] Without the regular exchange of information on sexual assault incidents that occur within their areas of programmatic responsibility, VHA program officials cannot effectively address the risks of such incidents in their programs and units and do not have the opportunity to identify ways to prevent incidents from occurring in the future. In early 2011, VHA leadership officials told us that initial efforts, including sharing information about sexual assault incidents with the Women Veterans Health Strategic Health Care Group and VHA program offices, were under way to improve how information on sexual assault incidents is communicated to program officials. However, these improvements have not been formalized within VHA or published in guidance or policies and are currently being performed on an informal ad hoc basis only, according to VHA officials. In addition to deficiencies in information sharing, we also identified deficiencies in the monitoring of sexual assault incidents within the VHA Central Office. VHA's Office of the Deputy Under Secretary for Health for Operations and Management, the first VHA office to receive all issue briefs related to sexual assault incidents, does not currently have a system that allows VHA Central Office staff to systematically review or analyze reports of sexual assault incidents received from VA medical facilities through the management reporting stream. Specifically, we found that this office does not have a central database to store the issue briefs that it receives and instead relies on individual staff to save issue briefs submitted to them by e-mail to electronic folders for each VISN. In addition, officials within this office said they do not know the total number of issue briefs submitted for sexual assault incidents because they do not have access to all former staff members' files. As a result of these issues, staff from the Office of the Deputy Under Secretary for Health for Operations and Management could not provide us with a complete set of issue briefs on sexual assault incidents that occurred in all VA medical facilities without first contacting VISN officials to resubmit these issue briefs.[Footnote 36] Such a limited archive system for reports of sexual assault incidents received through the management reporting stream results in VHA's inability to track and trend sexual assault incidents over time. While VHA has, through its National Center for Patient Safety (NCPS), developed systems for routinely monitoring and tracking patient safety incidents that occur in VA medical facilities, these systems do not monitor sexual assaults and other safety incidents. Without a system to track and trend over time sexual assaults and other safety incidents, the VHA Central Office cannot identify and make changes to serious problems that jeopardize the safety of veterans in their medical facilities. Self-Reported Legal Histories Are Commonly Used to Inform Clinicians of Sexual Assault-Related Risks, but Guidance on Information Collection Is Limited: VA does not have risk assessment tools specifically designed to examine sexual assault-related risks that some veterans may pose while they are being treated at VA medical facilities.[Footnote 37] Instead, VA clinicians working in the residential programs and inpatient mental health units at medical facilities we visited said they rely mainly on information about veterans' legal histories, including a veteran's history of violence, which are examined as part of a multidisciplinary admission assessment process to assess these and other risks veterans pose to themselves and others. Clinicians also reported that they generally rely on veterans' self-reported information, though this information is not always complete or accurate. Finally, we found that VHA's guidance on the collection of legal history information in residential programs and inpatient mental health units does not specify the type of legal history information that should be collected and documented. VHA Does Not Have Specific Sexual Assault Risk Assessment Tools: VHA officials and clinicians working in the residential programs and inpatient mental health units at medical facilities we visited told us that VHA does not have risk assessment tools specifically designed to examine sexual assault-related risks that some veterans may pose while being treated at VA medical facilities. However, these officials and clinicians noted that such risks are assessed and managed by clinical staff. VHA officials told us that since no evidence-based risk assessment tool for sexual assault and other types of violence exists, VHA relies on the professional judgment of clinicians to identify and manage risks through appropriate interventions. To do this, VA clinicians generally assess the overall risks veterans pose to themselves or others in the VA population by reviewing veterans' medical records and conducting various interdisciplinary assessments. Specifically, clinicians said that they review medical records for information about veterans' potential for violence and medical conditions. In addition, the interdisciplinary assessments clinicians are required to conduct include biopsychosocial assessments, nursing assessments, suicide risk assessments, and other program-specific assessments.[Footnote 38] In residential programs and inpatient mental health units, biopsychosocial assessments are a standard part of the admissions process and capture several types of information clinicians can use to assess risks veterans may pose.[Footnote 39] This information includes inquiries about veterans' legal histories; any violence they may have experienced as either a victim or perpetrator, including physical or sexual abuse; childhood abuse and neglect; and military history and trauma. Clinicians Reported Using Veterans' Self-Reported Legal Histories to Assess Sexual Assault-Related Risks, but This Information May Not Always Be Complete: The examination of legal history information is an important part of clinicians' assessments of sexual assault risks veterans may pose. Clinicians from all five medical facilities we visited explained that such legal history information is primarily obtained through veterans voluntarily self-reporting these issues during the biopsychosocial assessment process. Clinicians also cited other sources of information that could be used to learn about veterans' legal issues, including family members, the court system, probation and parole officers, VHA justice outreach staff, and Internet searches of public registries containing criminal justice information. However, clinicians reported limitations in the use of several of these sources. In some cases, veterans must authorize the disclosure of their criminal or medical information before it can be released to a VA medical facility-- although clinicians noted that veterans who have a legal restriction on where they may reside or need to meet probation or parole requirements while in treatment are often willing to release information. In addition, clinicians reported challenges in contacting veterans' families to obtain information as many have no family support system, particularly those who are homeless prior to entering treatment. Further, VA's Office of General Counsel and VHA Central Office officials told us that VHA staff cannot conduct background checks on veterans applying for VA health care services, including Internet searches of public sources of criminal justice information because VHA lacks legal authority to collect or maintain this information.[Footnote 40] VA clinicians from residential programs and inpatient mental health units at the five medical facilities we visited said that although they inquire about veterans' past legal issues, they do not always obtain timely, complete, or reliable information on these issues from veterans. These clinicians noted that although many veterans are eventually forthcoming about their legal history, some may not disclose this information during the admission assessment or ongoing reassessment processes. For example, clinicians told us that sometimes they learned about particular legal issues, such as an arrest warrant or parole requirements, after veterans have been admitted to the program or when they were being discharged. They explained that sometimes veterans are uncomfortable discussing legal or sexual abuse issues during their admission interviews, but may share this information over time when they become comfortable with their treatment team. However, these clinicians noted that sometimes these issues do not come to light until veterans are beginning their transitions into community housing during the discharge process. Nevertheless, clinicians reported that they try to encourage veterans to disclose their full legal histories because it helps them to identify and address mental health problems that may have contributed to veterans' encounters with the legal system and to aid the transition to independent community living. To determine whether legal history information in veterans' medical records was complete, we reviewed the biopsychosocial assessments for seven veterans at our selected medical facilities who were registered sex offenders and found that while nearly all of these assessments documented that medical facility clinicians inquired about these veterans' legal issues, these issues were not consistently included in the assessments.[Footnote 41] The extent to which information about legal history was documented for these seven veterans varied--from assessments containing detailed information about current and past criminal convictions, including the veterans' sex offense violations and conviction dates, to assessments that did not contain any information about their past or current legal history. Specifically, four of these seven assessments contained detailed descriptions of the veterans' legal histories including information on sex offense violations; two of these seven assessments contained limited descriptions of the veterans' legal histories; and one of these seven assessments contained no information on the veteran's legal history. In addition, we could not review one additional biopsychosocial assessment for an eighth veteran who was a patient in one of our selected medical facilities and was also listed in the publicly available state sex offender registry for the selected medical facility because the medical facility did not conduct a biopsychosocial assessment, as required by policy. Incomplete or missing information about veterans' legal histories and histories of violence can hinder clinicians' abilities to effectively assess risks, provide appropriate treatment options, and ensure the safety of all veterans. In particular, some clinicians noted that insufficient information about veterans' legal backgrounds can affect their ability to make appropriate program residency placement decisions and assist veterans in developing appropriate housing and employment plans for their reintegration into the community. For example, clinicians reported they face challenges in assisting some homeless veterans in finding jobs or housing partly because outside entities often conduct background checks prior to accepting veterans into their programs and VA staff cannot always effectively help veterans navigate those issues if they lack relevant or timely information about veterans' legal histories. Clinicians also said that knowledge about legal issues--such as pending court appearances, criminal charges, or sentencing requirements--is useful because such issues can interrupt or delay rehabilitation treatment services at VA or prevent veterans from using certain community resources when they are discharged if not adequately addressed. Finally, clinicians said that insufficient information about these issues affects their ability to identify actions to manage risks and make informed resource allocation decisions, such as increasing patient supervision, altering clinical staff assignments, or requesting VA police assistance. VHA Does Not Have Specific Guidance on the Collection of Legal History Information: VHA's assessment of veterans in their mental health programs for sexual assault-related risks is limited by a lack of specific guidance.[Footnote 42] Although VA clinicians are required to conduct comprehensive assessments that include the collection of veterans' legal histories, VHA has limited guidance on how such information should be collected and documented in residential programs and inpatient mental health units. * Residential programs. Current VHA policy for residential programs requires that information about veterans' legal histories and current pending legal matters be included in biopsychosocial assessments, but does not specify the extent to which such information should be documented in veterans' medical records or delineate sources that may be used to address this requirement.[Footnote 43] Specifically, this VHA policy does not include descriptions of the type of legal history information clinicians should document in the biopsychosocial assessment portion of veterans' medical records. For example, there are no specific requirements for clinicians to document past incarcerations or convictions and dates when these events occurred. Currently, VHA delegates the responsibility for developing specific admission policies and procedures to the VA medical facility residential program managers, who may in turn delegate this responsibility to appropriate staff members. We found that medical facility level policies and procedures for the medical facilities we visited generally mirrored VHA's broad guidance in this area, although some medical facilities had procedures that outlined the specific information that clinicians should collect related to veterans' legal backgrounds--such as the type and date of convictions, description of pending legal charges or warrants, and time spent in jail or prison. * Inpatient mental health units. VHA officials responsible for inpatient mental health units reported that broad VHA guidance requires inpatient mental health clinicians to conduct biopsychosocial assessments for patients admitted to these units. However, unlike residential programs, there is currently no VHA policy that specifically defines how inpatient mental health units should collect this legal history information. The broad guidance VHA officials cited, such as the VA/DOD Clinical Practice Guidelines for Post- Traumatic Stress and The Joint Commission standards, requires the collection of legal history information as part of the initial assessment, but does not fully specify the type of legal history information that must be included in veterans' medical records.[Footnote 44] A VHA official responsible for inpatient mental health units throughout VA confirmed that guidance has not been issued regarding the legal history information that may or may not be collected by clinicians in inpatient mental health units or how information obtained from veterans should be documented. Without clear guidance on what legal history information should be collected and how this information should be documented in veterans' medical records, there is no assurance that clinicians are comprehensively identifying and analyzing sexual assault-related risks or that legal history information is collected and documented consistently during biopsychosocial assessments. VA Residential and Inpatient Mental Health Settings Use a Variety of Precautions to Prevent Sexual Assaults and Other Safety Incidents, but Serious Weaknesses Were Observed at Selected Facilities: The residential programs and inpatient mental health units at the five VA medical facilities we visited reported using several types of patient-oriented and physical precautions to prevent safety incidents, such as sexual assaults, from occurring in their programs. Patient- oriented precautions included the use of flags on veterans' electronic medical records to notify staff of individuals who may pose threats to the safety of others, and increased levels of observation for those veterans whom the clinicians believe may pose risks to others. Physical precautions in medical facilities we visited included monitoring precautions used to observe patients, security precautions used to physically secure facilities and alert staff of problems, and staff awareness and preparedness precautions used to educate staff about security issues and provide police assistance. However, at the facilities we visited, we found serious deficiencies in the use and implementation of certain physical security precautions, such as alarm system malfunctions and monitoring of security cameras. Several Types of Patient-Oriented Precautions Are Used by Residential Programs and Inpatient Mental Health Units to Prevent Sexual Assaults and Other Safety Incidents: Staff from the residential programs and inpatient mental health units at the five VA medical facilities we visited reported using several types of patient-oriented precautions--techniques that focus on the patients themselves as opposed to the physical features of clinical areas--to prevent safety incidents from occurring in their programs. Generally, these precautions were not specifically geared toward preventing sexual assaults, but were used to prevent a broad range of safety incidents, including sexual assaults. We found that some precautions were used by staff in both residential programs and inpatient mental health units, while other precautions were specific to only one of these settings. Some of the patient-oriented precautions we noted during our site visits included the following: * Using patient medical record flags. Staff in residential programs and inpatient mental health units reported that they can request that an electronic flag be placed on a veteran's medical record when they have concerns about the individual's behavior and reported that they use these flags to help inform their interactions with veterans. [Footnote 45] * Relocating or separating veterans. Staff in residential programs and inpatient mental health units noted that they may move or separate patients who have the potential for conflict with other veterans to help prevent incidents from occurring. For example, at one medical facility we visited such relocations involved moving veterans that the clinical staff determine are safety risks to rooms closer to the nurses' station where they can be monitored more closely. Staff from some of the medical facilities we visited reported that veterans who pose a threat to others may also be moved to areas where they have restricted contact with others in the unit. * Setting expectations and using patient contracts. Residential program staff reported using several contract or patient education mechanisms to reinforce both what is expected of veterans in these programs and what behaviors are prohibited during their stay. For example, at one medical facility we visited veterans signed treatment agreements noting that actual violence, threats of violence, sexual harassment, and other actions were not permitted and could result in discharge from the program. At another medical facility we visited, patients signed a form agreeing to the program's policy that any form of physical contact, such as grabbing, hugging, or kissing another person, was grounds for discharge from the program. * Increasing direct patient observation. Staff in inpatient mental health units we visited reported using increased levels of direct patient observation to help prevent safety incidents. For example, two medical facilities we visited used graduated levels of observation for veterans who they felt posed safety risks or who were particularly vulnerable. These medical facilities included all women veterans on the unit in these more frequent staff check-ins to help ensure their safety and prevent incidents from occurring. In addition, staff from one inpatient mental health unit we visited placed a long-term mental health patient with a tendency of inappropriately touching staff and patients on permanent one-to-one observation status after several sexual assault incidents occurred. The Types of Physical Precautions in Use to Prevent Sexual Assaults and Other Safety Incidents Vary among VA Medical Facilities: VA medical facilities we visited employed a variety of physical security precautions to prevent safety incidents in their residential programs and inpatient mental health units. Typically, medical facilities had discretion to implement these precautions based on the needs of their local medical facility within broad VA guidelines. As a result, the types of physical security precautions used in the five medical facilities we visited varied. Several Types of Physical Security Precautions Are in Place in Selected Medical Facilities: In general, physical security precautions were used to prevent a broad range of safety incidents, including sexual assaults, but were not targeted toward the prevention of sexual assaults only. We classified these precautions into three broad categories: monitoring precautions, security precautions, and staff awareness and preparedness precautions (see table 4). Table 4: Physical Security Precautions in Residential Programs and Inpatient Mental Health Units at Selected VA Medical Facilities: Monitoring precautions: * Closed-circuit surveillance camera use and monitoring; * Unit rounds by VA staff. Security precautions: * Locks and alarms at entrance and exit access points; * Locks and alarms for patient bedrooms and bathrooms; * Stationary, computer-based, and portable personal panic alarms; * Separate or specially designated areas for women veterans. Staff awareness and preparedness precautions: * Staff training; * VA police presence on units; * VA police staffing and command and control operations. Source: GAO. Note: Physical security precautions varied by VA medical facility and program and were not necessarily in place at all VA medical facilities and programs we visited. [End of table] * Monitoring precautions--were those designed to observe and track patients and activities in residential and inpatient settings. For example, at some VA medical facilities we visited closed-circuit surveillance cameras were installed to allow VA staff to monitor areas and to help detect potentially threatening behavior or safety incidents as they occur. Cameras were also used to passively document any incidents that occurred. Staff in all the units we visited also conducted periodic rounds of the unit, which involved staff walking through the program areas to monitor patients and activities, either at regular intervals or on an as-needed basis. * Security precautions--were those designed to maintain a secure environment for patients and staff within residential programs and inpatient mental health units and allow staff to call for help in case of any problems. For example, the units we visited regularly used locks and alarms at entrance and exit access points, as well as locks and alarms for some patient bedrooms. Another security precaution we observed was the use of stationary, computer-based, and portable personal panic alarms for staff.[Footnote 46] Finally, we observed that some of the programs we visited had established separate bedrooms, bathrooms, or other areas for women veterans, or had placed women veterans in designated locations within the units for security purposes. * Staff awareness and preparedness precautions--were those designed to both educate residential program and inpatient mental health unit staff about, and prepare them to deal with, security issues and to provide police support and assistance when needed. For example, the medical facilities we visited regularly required training for staff on the prevention and management of disruptive behavior. Another preparedness precaution in use in some units was the establishment of a regular VA police presence through activities such as police conducting rounds or holding educational meetings with patients. Finally, all medical facilities we visited had a functioning police command and control center, which program staff could contact for police support when needed. Selected VA Medical Facilities Varied in Their Implementation of Physical Security Precautions: We found that the VA medical facilities we visited implemented physical security precautions in a variety of ways. These precautions varied not only by medical facility, but also among residential and inpatient settings. Using broad VA guidelines, the medical facilities we visited generally determined which type of physical precautions would best meet the needs of their units and populations.[Footnote 47],[Footnote 48] As a result, we found that some precautions were used by all five medical facilities we visited, while others were in place in only some of these medical facilities. Inpatient mental health units. Physical security precautions in place at all five medical facilities we visited included the use of regular staff rounds to observe patients and clinical areas, locked unit entrances to prevent entry by unauthorized individuals, and stationary or computer-based panic alarm systems. Further, all units we visited used some combination of stationary or computer-based panic alarms, safety whistles staff could carry with them while on duty, and mandatory training on preventing and managing disruptive behavior. Some of these precautions used at all five medical facilities' inpatient mental health units were implemented in different ways across those units. For example, while all inpatient mental health units used some type of panic alarm system, the specific system in use within each unit varied; some units used stationary panic alarm buttons fixed to walls or desks, while others used a computer-based system in which staff would press two keys simultaneously on their computers to trigger the alarm. The inpatient mental health units also varied with respect to where their stationary panic alarms sounded. At three medical facilities, the inpatient units' stationary or computer- based panic alarms sounded at the medical facility's police command and control center. At another medical facility, two types of panic alarms were used. The stationary panic alarms used by this facility's inpatient mental health units sounded at both the police command and control center and on the inpatient unit itself to instantly alert unit staff members if a panic alarm was depressed, while the computer- based panic alarms used at the nursing stations sounded only at the police command and control center. Alarms in use at the fifth medical facility we visited sounded at the units' nursing stations. Finally, while all five units had locked entrances, four of the units used physical keys to open the locks on the entrance doors, while the unit at the fifth medical facility used a keyless entry approach in which staff used their badges to electronically enter the units and relied on physical keys only if the keyless system was not functioning. Other precautions were present in only some of the inpatient mental health units we visited. For example, three medical facilities used closed-circuit surveillance cameras on their inpatient units to varying degrees. Cameras in place at one of these medical facilities could be monitored at the unit's nursing station and were used to monitor the entrance doors, common areas, and seclusion rooms used for veterans who needed to be isolated from others. At another medical facility, cameras were used in a similar fashion, except that this unit did not use cameras to monitor veterans in seclusion rooms. Cameras in place at the remaining medical facility were part of a passive system that was not actively monitored by staff at the unit's nursing station and was used only to record incidents at the entrance doors and common areas. One of these medical facilities also used alarms on bedroom doors that enunciated when the door was opened. These door alarms were installed on all bedrooms used by women and for other veterans on an as-needed basis. The ability to instantly alert staff of either unexpected entries or exits from these rooms could potentially minimize response time if an incident occurred. This latter medical facility also used a community policing approach, with one VA police officer dedicated to meeting regularly with inpatient mental health unit staff and patients to build relationships and help address any issues or concerns that arose.[Footnote 49] Residential programs. Physical security precautions in place at all five medical facilities' non-CWT/TR residential programs included the use of regular staff rounds to observe patients, staff training on the prevention and management of disruptive behavior, the use of surveillance cameras to monitor program areas, and the placement of women veterans in designated areas of the residential facility. Some of these commonly used precautions were implemented in different ways across the five medical facilities. For example, some medical facilities placed women veterans in separate bedrooms located closest to the nursing stations, while others placed only women veterans in a separate wing of the facility. Medical facilities' residential programs also varied with respect to where their closed-circuit camera feeds could be viewed. At four of the five medical facilities we visited, the camera feeds could be viewed by staff at the programs' nursing stations or security desks, but at two medical facilities, cameras at the domiciliary could also be viewed by staff at VA police command and control centers. At all medical facilities, the camera systems were passive and not actively monitored by staff. Other precautions were used only in some of the five medical facilities' non-CWT/TR residential programs. For example, residential programs in four of five medical facilities used stationary or computer-based panic alarms to alert others in case of emergency; the remaining medical facility did not use any form of stationary or computer-based panic alarm system. The four medical facilities' stationary alarms varied with respect to where they sounded. In addition, only one medical facility we visited provided portable personal panic alarms with GPS capability to its residential program staff. In addition, VA police presence was widely used in two of the five medical facilities we visited. One of these medical facilities permanently staffed VA police officers at a residential program located off the medical facility's main campus, while the other medical facility's community policing officer met regularly with residential program staff and patients to facilitate more direct communications between the programs and VA police at the medical facility. CWT/TR residential programs. The three CWT/TR residential programs we visited used several types of physical security precautions.[Footnote 50] For example, two of the three CWT/TR programs we visited used closed-circuit surveillance cameras; one medical facility used surveillance cameras to record activity at entrances and exits, while another medical facility used surveillance cameras to record the parking lot areas. Neither of these locations actively monitored the camera feeds. In addition, one medical facility reported using regular rounds and conducting bed checks. Another medical facility had individual locks on bedroom doors; other sites did not.[Footnote 51] Only one of the three CWT/TR programs we visited accepted women; its apartment-style structure allowed women veterans to be placed in separate apartments. The other two CWT/TRs did not provide services for women veterans due to safety and privacy concerns stemming from their single-family home structures. Significant Weaknesses Existed in the Use and Implementation of Certain Physical Security Precautions at Selected VA Medical Facilities: During our review of the physical security precautions in use at the five VA medical facilities we visited, we observed seven weaknesses in three areas.[Footnote 52] These weaknesses included malfunctions in stationary and portable personal panic alarm systems, inadequate monitoring of security cameras, and insufficient staffing of police and security personnel (see table 5). Table 5: Weaknesses in Physical Security Precautions in Residential Programs and Inpatient Mental Health Units at Selected VA Medical Facilities: Monitoring precautions: * Inadequate monitoring of closed-circuit surveillance cameras. Security precautions: * Alarm malfunctions of stationary, computer-based, and personal panic alarms; * Inadequate documentation or review of alarm testing; * Failure of alarms to alert both unit staff and VA police; * Limited use of personal panic alarms. Staff awareness and preparedness precautions: * VA police staffing and workload challenges; * Lack of stakeholder involvement in unit redesign efforts. Source: GAO. [End of table] Inadequate monitoring of closed-circuit surveillance cameras. We observed that VA staff in the police command and control center were not continuously monitoring closed-circuit surveillance cameras at all five VA medical facilities we visited. For example, at one medical facility, the system used by the residential programs at that medical facility cannot be monitored by the police command and control center staff because it is incompatible with systems installed in other parts of the medical facility. According to this medical facility's VA police, the residential program staff did not consult with VA police before installing their own system. At another medical facility where staff in the police office monitor cameras covering the residential programs' grounds and parking area, we found that the police office was unattended part of the time. In addition, at the remaining three medical facilities we visited, staff in the police command and control centers assigned to monitor medical facility surveillance cameras had other duties that prevented them from continuously monitoring the camera feeds. Specifically, they were also responsible for serving as telephone operators and police/emergency dispatchers for the entire VA medical facility. During our direct observations of their activities, we noted that they were not monitoring the camera feeds continuously.[Footnote 53] Although effective use of surveillance camera systems cannot necessarily prevent safety incidents from occurring, lapses in monitoring by security staff compromise the effectiveness of these systems in place to help prevent or lessen the severity of safety incidents. Alarm malfunctions. At least one form of alarm failed to work properly when tested at four of the five medical facilities we visited. For example, at one medical facility, we tested the portable personal panic alarms used by residential program staff and found that the police command and control center could not always properly pinpoint the location of the tester when an alarm was activated. When we tested this alarm inside a building at this campus it functioned properly; however, when we tested it outside, the location identified as the site of the alarm was at least 100 feet away from the location where we set off the alarm. Further, when we tested an emergency call box located outside the entrance to the residential program buildings at this same medical facility, the call went to a central telephone operator at the VA medical facility switchboard--not the VA police command and control center--and the system improperly identified our tester as calling from an elevator rather than from our location outside the residential program building. At another medical facility that used stationary panic alarms in inpatient mental health units, residential programs, and other clinical settings (i.e., staff offices, nursing stations, and common rooms), almost 20 percent of these alarms throughout the medical facility were inoperable. Many of the inoperable alarms were due to ongoing construction of new units at the medical facility, but some of the remaining inoperable alarms were located in other parts of the medical facility still in use. It is unclear if staff in these other areas were aware that these alarms were inoperable and could not be used to call for help if they needed it. At an inpatient mental health unit in a third medical facility, our tests of the computer-based panic alarm system detected multiple alarm failures. Specifically, three of the alarms we tested failed to properly pinpoint the location of our tester because the medical facility's computers had been moved to different locations and were not properly reconfigured. Finally, at a fourth medical facility, alarms we tested in the inpatient mental health unit sounded properly, but staff in the unit and VA police responsible for testing these alarms did not know how to turn them off after they were activated. In each of the cases where alarms malfunctioned, VA staff were not aware the alarms were not functioning properly until we informed them. Deficiencies like these at VA medical facilities could lead to delayed response times and seriously erode efforts to prevent or mitigate sexual assaults and other safety incidents. Inadequate documentation or review of alarm system testing. We found that one of the five sites we visited failed to properly document tests conducted of their alarm systems for their residential programs, although testing of alarms is a required element in VA's Environment of Care Checklist. Testing of alarm systems is important to ensure that systems function properly, and not having complete documentation of alarm system testing is an indication that periodic testing may not be occurring. In addition, three medical facilities reported using computer-based panic alarms that are designed to be self-monitoring to identify cases where computers equipped with the system fail to connect with the servers monitoring the alarms. All three of these medical facilities stated that due to the self-monitoring nature of these alarms, they did not maintain alarm test logs of these systems. However, we found that at two of these three medical facilities these alarms failed to properly alert VA police when tested. Such alarm system failures indicate that the self-monitoring systems may not be effectively alerting medical facility staff of alarm malfunctions when they occur, indicating the need for these systems to be periodically tested by VA police. Alarms failed to alert both police and unit staff. In inpatient mental health units at all five medical facilities we visited, stationary and computer-based panic alarm systems we tested did not alert staff in both the VA police command and control center and the inpatient mental health unit where the alarm was triggered. Alerting both locations is important to better ensure that timely and proper assistance is provided. At four of these medical facilities, the inpatient mental health units' stationary or computer-based panic alarms notified the police command and control centers but not staff at the nursing stations of the units where the alarms originated. Had these alarms been used in real emergencies, response times may have been delayed because staff in the police command and control center would have had to inform the inpatient mental health unit that an alarm had been activated by someone within their unit. At the fifth medical facility, the stationary panic alarms only notified staff in the unit nursing station, making it necessary to separately notify the VA police. Finally, none of the stationary or computer-based panic alarms used by residential programs notified both the police command and control centers and staff within the residential program buildings when tested.[Footnote 54] Limited use of portable personal panic alarms. Electronic portable personal panic alarms were not available for the staff at any of the inpatient mental health units we visited and were available to staff at only one residential program we reviewed. In two of the inpatient mental health units we visited, staff were given safety whistles they could use to signal others in cases of emergency, personal distress, or concern about veteran or staff safety. However, relying on whistles to signal such incidents may not be effective, especially when staff members are the victims of assault. For example, a nurse at one medical facility we visited was involved in an incident in which a patient grabbed her by the throat and she was unable to use her whistle to summon assistance. Some inpatient mental health unit staff we spoke with indicated an interest in having portable personal panic alarms to better protect them in situations like these. VA police staffing and workload challenges. At most medical facilities we visited, VA police forces and police command and control centers were understaffed, according to medical facility officials. For example, during our visit to one medical facility, VA police officials reported being able to staff just two officers per 12-hour shift to patrol and respond to incidents at both the medical facility and at a nearby 675-acre veteran's cemetery. While this staffing ratio met the minimum standards for VA police staffing, having only two police officers to cover such a large area could potentially increase the response times should a panic alarm activate or other security incident occur on medical facility grounds. Also, we found that there was an inadequate number of officers and staff at this medical facility to effectively police the medical facility and maintain a productive police force. The medical facility had a total of nine police officers at the time of our visit; according to VA staffing guidance, the minimum staffing level for this medical center should have been 19 officers. Similarly, at another medical facility, the police force was short 14 active police officers because some officers either were on military leave or awaiting the completion of pending background checks.[Footnote 55] During our visit to this medical facility, we also noted a shortage of officers at one of the medical facility's police offices responsible for the inpatient mental health units. Because of this, there were periods of time when this police office was unattended. Not all medical facilities we visited had staffing problems. At one medical facility, the VA police appeared to be well staffed and were even able to designate staff to monitor off- site residential programs and community based outpatient clinics. Lack of stakeholder involvement in unit redesign. As medical facilities undergo remodeling, it is important that stakeholders are consulted in the design process to better ensure that new or remodeled areas are both functional and safe. Involving the VA police, security specialists, computer experts, and staff in the affected units would better ensure that proper security precautions are built into redesign projects. We found that such stakeholder involvement on remodeling projects had not occurred at one of the medical facilities we visited. At this medical facility, some clinicians said that a lack of stakeholder involvement in the redesign of the inpatient mental health units had created several safety concerns and that postconstruction changes had to be made to the unit to ensure the safety of veterans and unit staff. Specifically, clinical and VA police personnel were not consulted about a redesign project for the inpatient mental health unit. The new unit initially included one nursing station that did not prevent patient access if necessary. After the unit was reopened following the renovation, there were a number of assaults, including an incident where a veteran reached over the counter of the unit's nursing station and physically assaulted a nurse by stabbing her in the neck, shoulder, and leg with a pen. Had staff been consulted on the redesign of this unit, their experience managing veterans in an inpatient mental health unit environment would have been helpful in developing several safety aspects of this new unit, including the design of the nursing station. Less than a year after opening this unit, medical facility leadership called for a review of the units' design following several reported incidents. As a result of this review, the unit was split into two separate units with different veteran populations, an additional nursing station was installed, and changes were planned for the structure of both the original and newly created nursing stations--including the installation of a new shoulder- height plexiglass barricade on both nursing station counters. Conclusions: VA management has not remedied problems relating to the reporting of sexual assault incidents, the assessment of sexual assault-related risks, and the precautions used to prevent sexual assaults and other safety incidents in VA medical facilities. This has led to a disorganized incident reporting structure and has left VA vulnerable to the continued occurrence of such incidents and unable to take systematic action on needed improvements to prevent future incidents in all VA medical facilities. To mitigate the occurrence of sexual assaults and other safety incidents in its medical facilities and better ensure the safety of both veterans and staff, VA needs to address several areas--including the processes for reporting sexual assault incidents, the underreporting of sexual assault incidents, the assessment of risks certain veterans may pose to the safety of others, and the implementation of physical security precautions. Failure to act decisively in all of these areas would likely continue to place veterans and medical facility staff in some locations in harm's way. To begin addressing these concerns, VA must ensure that both management and law enforcement officials are aware of the volume and specific types of sexual assault incidents that are reported through the law enforcement stream. Such awareness would help both management and law enforcement officials address safety concerns that emerge for both patients and staff throughout VA's health care system. Medical facility staff remain uncertain about what types of incidents should be reported to VHA leadership and VA law enforcement officials, and prevention and remediation efforts are eroded by failing to tap the expertise of these officials. These officials can offer valuable suggestions for preventing and mitigating future sexual assault incidents and help address broader safety concerns through systemwide improvements throughout the VA healthcare system. Leaving reporting decisions to local VA medical facilities--rather than allowing VHA management and VA OIG officials to determine what types of incidents should be reported based on the consistent application of known criteria--increases the risk that some sexual assault incidents may go unreported. Moreover, uncertainty about sexual assault incident reporting is compounded by VA not having: (1) established a consistent definition of sexual assault, (2) set clear expectations for the types of sexual assault incidents that should be reported to VISN and VHA Central Office leadership officials, and (3) maintained proper oversight of sexual assault incidents that occurred in VA medical facilities. Unless these three key features are in place, VHA will not be able to ensure that all sexual assault incidents will be consistently reported throughout the VA health care system. Specifically, the absence of a centralized tracking system to monitor sexual assault incidents across VA medical facilities may seriously limit efforts to both prevent such incidents in the short and long term and maintain a working knowledge of past incidents and efforts to address them when staff transitions occur. Maintaining veterans' access to care is a priority in VA, but in those cases where veterans have a history of sexual assault or other violent acts, VA must be vigilant in identifying the risks that such veterans may pose to the safety of others at its medical facilities. Risk assessment tools can be valuable mechanisms for identifying those veterans that pose risks to others while being treated at VA medical facilities. However, VA does not currently have a risk assessment tool specific to sexual assault and instead relies on clinicians' professional judgments. These judgments are largely informed by the assessment of veterans' legal histories, which depend heavily on self- reported data that must be accurately documented by clinicians in veterans' medical records. Moreover, current VA guidance is not specific about the extent to which current and past legal issues--such as the type or date of convictions--should be documented in veterans' medical records--a factor that further complicates the ability of VA clinicians both to compile complete legal histories on veterans and to make informed decisions about risks certain veterans may pose to other veterans and VA staff. Ensuring that medical facilities maintain a safe and secure environment for veterans and staff in residential programs and inpatient mental health units is critical and requires commitment from all levels of VA. Currently, the five VA medical facilities we visited are not adequately monitoring surveillance camera systems, maintaining the integrity of alarm systems, and ensuring an adequate police presence. Closer oversight by both VISNs and VA and VHA Central Office staff is needed to provide a safe and secure environment throughout all VA medical facilities. Recommendations for Executive Action: To improve VA's reporting and monitoring of allegations of sexual assault, we recommend that the Secretary of Veterans Affairs direct the Under Secretary for Health to take the following four actions: * Ensure that a consistent definition of sexual assault is used for reporting purposes by all medical facilities throughout the system to ensure that consistent information on these incidents is reported from medical facilities through VISNs to VHA Central Office leadership. * Clarify expectations about what information related to sexual assault incidents should be reported to and communicated within VISN and VHA Central Office leadership teams, such as officials responsible for residential programs and inpatient mental health units. * Implement a centralized tracking mechanism that would allow sexual assault incidents to be consistently monitored by VHA Central Office staff. * Develop an automated mechanism within the centralized VA police reporting system that signals VA police officers to refer cases involving potential felonies, such as rape allegations, to the VA OIG to facilitate increased communication and partnership between these two entities. To help identify risks and address vulnerabilities in physical security precautions at VA medical facilities, we recommend that the Secretary of Veterans Affairs direct the Under Secretary for Health to take the following four actions: * Establish guidance specifying what should be included in legal history discussions with veterans and how this information should be documented in veterans' biopsychosocial assessments. * Ensure medical centers determine whether existing stationary, computer-based, and portable personal panic alarm systems operate effectively through mandatory regular testing. * Ensure that alarm systems effectively notify relevant staff in both medical facilities' VA police command and control centers and unit nursing stations. * Require relevant medical center stakeholders to coordinate and consult on (1) plans for new and renovated units, and (2) any changes to physical security features, such as closed-circuit television cameras. Agency Comments and Our Evaluation: VA provided written comments on a draft of this report, which we have reprinted in appendix III. In its comments, VA generally agreed with our conclusions, concurred with our recommendations, and described the agency's plans to implement each of our recommendations. VA also provided technical comments which we have incorporated as appropriate. Specifically, VA outlined its plan to create a multidisciplinary workgroup that will undertake efforts to respond to seven of our eight recommendations--including developing definitions of sexual assault and other safety incidents, reviewing existing data sources and communication mechanisms, developing a centralized mechanism for monitoring sexual assaults and other safety incidents, and developing risk assessment and management guidance. The workgroup will be co- chaired by the Acting Assistant Deputy Under Secretary for Health for Clinical Operations and the Chief Consultant for the Women Veterans Health Strategic Health Care Group. Participants will include representatives from VA field operations and the following offices: (1) the VHA Deputy Under Secretary for Health for Operations and Management; (2) the VHA Deputy Under Secretary for Health for Policy and Services; (3) the VHA Principal Deputy Under Secretary for Health; (4) the VA Office of Security and Law Enforcement; and (5) other offices as needed, including the VA Office of General Counsel. As outlined by VA, the workgroup will review current data sources, the organization and structure of VHA's methods for reporting sexual assaults and other safety incidents, and the agency's current response to sexual assault incidents. In addition, the workgroup will review and evaluate risks and efforts to prevent sexual assaults. Finally, the workgroup will assess the status of current policies within VHA and address which organizational initiatives and policies should be updated. According to VA's comments, the workgroup will provide the Under Secretary for Health and his Deputies with monthly verbal updates on its progress, as well as an initial action plan by July 15, 2011 and a final report by September 30, 2011. In addition, VA stated in its comments that the Office of the Deputy Under Secretary for Health for Operations and Management will work in conjunction with this multidisciplinary workgroup on a number of initiatives to address panic alarm system testing and coordination on renovation and construction at VA medical facilities. Initiatives described in VA's comments specifically included efforts to: (1) re- emphasize the need for routine testing of panic alarm systems; (2) examine existing VHA policy to determine if revisions are needed to ensure that regular testing of alarm systems is required and preventative maintenance is performed on these systems; (3) re- emphasize the importance of coordination at the local level to ensure that safety and security are considered during construction and renovation processes at local levels; and (4) determine how such coordination can be formalized as part of the planning and design processes for all construction processes in conjunction with the VA Office of Construction. Finally, to address our remaining recommendation, the VA OSLE will develop a mechanism that will directly prompt VA police officers to report potential felonies, including rape, to the VA OIG when these offenses are recorded in the centralized police reporting system. In its comments, VA stated that this system will also send a message to a specialized mailbox alerting VA OIG investigators that a potential felony has been recorded in the centralized police reporting system. We are sending copies of this report to the Secretary of Veterans Affairs, appropriate congressional committees, and other interested parties. In addition, the report is available at no charge on the GAO Web site at [hyperlink, http://www.gao.gov]. If you or your staffs have any questions about this report, please contact me at (202) 512-7114 or at williamsonr@gao.gov. Contact points for our Offices of Congressional Relations and Public Affairs may be found on the last page of this report. GAO staff who made major contributions to this report are listed in appendix IV. Signed by: Randall B. Williamson: Director, Health Care: [End of section] Appendix I: Scope and Methodology: This appendix describes the information and methods we used to examine: (1) VA's processes for reporting sexual assault incidents and the volume of these incidents reported in recent years; (2) the extent to which sexual assault incidents are fully reported and what factors may contribute to any observed underreporting; (3) how medical facility staff determine sexual assault-related risks veterans may pose in residential and inpatient mental health settings; and (4) the precautions in place in residential and inpatient mental health settings to prevent sexual assaults and other safety incidents and any weaknesses in these precautions. Specifically, we discuss our methods for selecting VA medical facilities for site visits; identifying appropriate Department of Veterans Affairs (VA) and Veterans Health Administration (VHA) Central Office officials to interview; assessing the extent to which sexual assault incidents are fully reported; determining what legal history information is captured in veterans' medical records; and examining the physical security precautions in use in selected residential programs and inpatient mental health units. In addition to the methods described below, we also reviewed relevant VA and VHA policies, handbooks, directives, and other guidance documents to inform our overall review of these issues whenever possible. Site Selection Methodology and Interviews with Medical Facility Officials: We conducted five site visits to VA medical facilities to obtain the perspectives of medical facility level officials and clinicians working in residential programs and inpatient mental health units and to observe the types of physical security precautions used within these medical facilities. To identify VA medical facilities for our site visits, we examined available VA and medical facility level information to ensure our sample included medical facilities with the following characteristics: * Presence of both residential programs and inpatient mental health units. We identified medical facilities that had both types of programs by consulting VA documentation of residential program and inpatient mental health units. * Presence of a variety of residential program specialties. We identified medical facilities that had: (1) at least one residential program--including domiciliaries and residential rehabilitation treatment programs (RRTP)--and (2) had a compensated work therapy/ transitional residence (CWT/TR) program wherever possible.[Footnote 56] In addition, we selected medical facilities that had a variety of RRTP program specialties designed to treat particular mental health issues, such as post-traumatic stress disorder (PTSD) and substance abuse. * Various levels of experience reporting sexual assault incidents. Using sexual assault case files provided by the VA Office of Inspector General (OIG) Office of Investigations--Criminal Investigations Division--we identified VA medical facilities with a wide variety of experiences reporting sexual assault incidents, including one medical facility with no reported sexual assault incidents and several others that had reported a number of sexual assault incidents that occurred within their residential programs or inpatient mental health programs. This ensured that the VA medical facilities we visited captured a range of perspectives on the reporting of sexual assault incidents. * Various medical facility sizes. We identified medical facilities with different campus sizes and types of on-site programs by determining whether each medical facility was a single or multisite medical facility and considering several other aspects of medical facility design, such as the presence of on-site day care centers. Using these criteria, we judgmentally selected five VA medical facilities to visit during our field work. During our site visits to these locations, we interviewed each medical facility's leadership team; residential program and inpatient mental health unit managers and staff; VA police; quality and patient safety managers; disruptive behavior committee members; woman veterans program manager; military sexual trauma program coordinator; and veterans justice outreach program coordinator. We spoke with these officials about a variety of topics, including incident reporting, risk assessment practices, and precautions used to prevent safety incidents, including sexual assaults. In addition, we spoke with officials from the four Veterans Integrated Service Networks (VISN) responsible for managing these medical facilities to discuss their expectations, policies, and procedures for reporting sexual assault incidents. We also spoke with each VISN's Health Care for Re-entry Veterans program managers to gain additional insight on these programs. Information obtained from our visits to selected VA medical facilities and interviews with selected VISNs cannot be generalized to all VISNs and VA medical facilities throughout the nation. Interviews with VA and VHA Central Office Officials: We also interviewed VA and VHA Central Office officials responsible for incident reporting; law enforcement oversight; mental health programs; women veterans; risk assessment; patient privacy; and legal issues. We spoke with the following offices at the department level within VA: (1) Office of Security and Law Enforcement (OSLE); (2) the Integrated Operations Center (IOC); (3) the Office of General Counsel; and (4) the OIG's Office of Investigations--Criminal Investigations Division. We also interviewed officials from the following offices within VHA Central Office: (1) the Office of the Deputy Under Secretary for Health for Operations and Management; (2) the Office of the Principal Deputy Under Secretary for Health; (3) the Office of Mental Health Services; (4) the Women Veterans Health Strategic Health Care Group; and (5) the Information Access and Privacy Office. Analyses of Sexual Assault Incident Reporting: To assess the effectiveness of the reporting of sexual assault incidents, we reviewed documentation of sexual assault incidents from VHA management officials and VA law enforcement entities. Document Request and Response: To analyze the reporting process for sexual assault incidents, we requested documentation of these incidents from our selected VISNs; VHA's Office of the Deputy Under Secretary for Health for Operations and Management; VA OSLE; and VA OIG. For all information we requested, we asked VHA or VA officials to send us either issue briefs or investigation documentation that fell within the definition of sexual assault used for the purposes of this report.[Footnote 57] To review reports submitted through VHA's management reporting stream, we requested copies of issue briefs on sexual assault incidents sent to our selected VISNs and the VHA Office of the Deputy Under Secretary for Health for Operations and Management.[Footnote 58] We also asked our selected VISNs to identify which of these issue briefs were sent to the VHA Central Office for further review. The four VISNs responded that in total they received 16 issue briefs and forwarded 11 of these documents to the VHA Central Office. Due to limitations in how information is archived within VHA's Office of the Deputy Under Secretary for Health for Operations and Management, we could not determine how many issue briefs this office received through the management reporting stream across all VA medical facilities.[Footnote 59] To review reports submitted through VA's law enforcement reporting stream, we requested documentation of sexual assault incidents reported to the VA police through the VA OSLE and documentation of incidents referred to the VA OIG for investigation. From the VA OSLE, we requested and received police files submitted by any VA medical facility related to sexual assault incidents that occurred since January 2005. We then limited the police files we reviewed to only those incidents that occurred between January 2007 and July 2010 due to a records schedule that requires the VA police to destroy files greater than 3 years old.[Footnote 60] As a result of this requirement, our review of sexual assaults reported to the VA police during 2007 was limited to only those cases retained by VA police. Additionally, due to the lack of a centralized VA police reporting system prior to fiscal year 2009, VA medical facility police manually transmitted all reports to the VA OSLE for inclusion in our review, which resulted in only those reports received by VA OSLE being included in our analysis. We received a total of 520 VA police case files for the period January 2007 through July 2010, including both open and closed investigations, from the VA OSLE. In addition, we requested copies of VA OIG investigation documentation of sexual assault incidents that occurred in all VA medical facilities from January 2005 through July 2010. However, we limited our review of VA OIG investigation documentation to only those incidents that occurred between January 2007 and July 2010 to ensure our review of VA police cases and VA OIG investigations were concurrent. We received investigation documentation on 106 closed sexual assault incidents that occurred during this time frame from the VA OIG. Additionally, the VA OIG reported that there were 9 incidents that were currently under investigation at the time of our review and we did not require them to provide documentation on these cases due to the sensitive nature of these ongoing investigations. Scoping of VA Police Case Files and VA OIG Investigation Documentation: To determine whether each of the incidents provided by the VA police and the VA OIG should be included in our analysis of sexual assault incidents that occurred in VA medical facilities between January 2007 and July 2010, we reviewed whether each incident received from the VA police and the VA OIG met the definition of sexual assault used for this engagement. To complete this assessment, two analysts worked independently to make an initial determination on whether each incident met this definition and a third analyst reviewed these initial judgments to arbitrate a final decision using predetermined decision rules. Of the 520 documents received from the VA police during the specified time frame, 284 incidents were included in our analysis, 222 were determined to be out of the scope of our review, and the remaining 14 did not have enough information in the police files to determine whether or not these cases fell within the scope of our review. This process was repeated for the 106 VA OIG investigation documents for closed investigations we received and 96 were included in our analysis, 7 were determined to be outside the scope of our review, and the remaining 3 did not contain enough information to determine whether or not they fell within the scope of our review. Our analyses of sexual assault incidents reported to the VA police and the VA OIG was limited to only those incidents that were reported and cannot be used to project the volume of sexual assault incident reports that may occur in future years. Following verification that police and VA OIG incidents met our definition of sexual assault and comparisons of the two entities' reported sexual assault incidents, we found data derived from these reports to be sufficiently reliable for our purposes. Analysis of VA Police Case Files: For our analysis of the 284 incidents reported to the VA police determined to be within the scope of our review, we identified several key data points in each case file, including the gender of the perpetrator and victim, the relationship the perpetrator and victim had to VA, and the medical facility location and VISN where the incident originated. In addition, we also placed these incidents into one of five categories to analyze the volume of several types of sexual assault incidents that occurred throughout VA medical facilities. * Inappropriate touch--included any case involving only allegations of touching, fondling, grabbing, brushing, kissing, rubbing, or other like-terms. * Forced or inappropriate oral sex--included any case involving only allegations of forced or inappropriate oral sex.[Footnote 61] * Forceful examination--included any case alleging only a medical examination that was painful, uncomfortable, or seemingly inappropriate to the patient. * Rape--included any case involving rape allegations, which we defined as vaginal or anal penetration by any body part or object without consent. We deemed a file as containing a rape allegation if any of the following were noted within the file: (1) either the victim or VA staff used the term rape in their descriptions of the incident; (2) a rape kit was requested or administered; (3) allegations that sex occurred without consent, whether or not penetration was described; or (4) allegations of attempted vaginal or anal penetration without consent.[Footnote 62] In addition, cases where VA staff deemed that one or more of the victims involved were mentally incapable of giving consent for sexual activities or that a victim's ability to consent was otherwise impaired, were included in this category. * Other--included any case that did not fit into the categories described above or if the incident described in the police file was unclear. In addition, cases involving consensual sexual activities between two individuals who were in a mental health or geriatric unit where both parties were found to be capable of giving consent were included in this category. VA OIG Reporting Analysis: To examine the discrepancies between the number of sexual assault incidents reported to VA police and the number referred to the VA OIG, we reviewed the 67 rape allegations that were reported to VA police to determine which of these reports were referred to the VA OIG. We selected rape allegations for this additional review due to the severity of these allegations and the likelihood they would be considered potential felonies that must be reported to the VA OIG. To complete this analysis, we matched the VA police files containing rape allegations to a VA OIG investigation document wherever possible. A police file and VA OIG investigation document were considered a match when both documents discussed the same incident details--including information such as discussion of the same perpetrator and victim, medical facility, and incident date. Of the 67 rape allegations reported to the VA police, 25 had a matching VA OIG investigation document, while the remaining 42 did not.[Footnote 63] In addition, we reviewed federal statutes related to sexual offenses and sentencing classification for felonies to verify that all rape allegations included in our review met the statutory criteria for felonies under federal law. Finally, investigators from the VA OIG reviewed summaries of the 42 rape allegations that did not match VA OIG investigation documentation previously provided to determine whether or not they would have expected such cases to be reported to their office. These case summaries did not contain identifying information about the suspects, victims, or VA medical facilities involved in these incidents.[Footnote 64] Four VA OIG investigators reviewed these summaries and based their determinations on several key factors developed from their experience as law enforcement officers. Legal History Analysis of Biopsychosocial Assessments: We reviewed the biopsychosocial assessment sections of selected veterans' medical records to better understand how legal history information contained in these documents could be used to inform clinicians' assessments of sexual assault-related risks veterans may pose while they are being treated at VA medical facilities. We reviewed these assessments for all veterans who were registered sex offenders residing in the residential programs or inpatient mental health units of our selected medical facilities. To determine if registered sex offenders were residing at the medical facilities we visited, we searched the Web sites of each medical facility's corresponding publicly available state sex offender registry and included any individual registered under the address of the selected medical facility's residential programs or inpatient mental health units in our sample.[Footnote 65] The addresses used for these searches were provided by each medical facility. Our corresponding sample included eight veterans from three of the five medical facilities we visited. VA medical facility staff provided biopsychosocial assessments for seven of these veterans and noted that the eighth assessment was never completed by the medical facility. We analyzed the contents of these seven veterans' biopsychosocial assessments to determine the extent to which these records contained information about these veterans' current and past legal issues, including documentation of convictions and parole or probation status. We also reviewed information contained in these assessments regarding these veterans' histories of sexual abuse. Our review of veterans' biopsychosocial assessments was limited to only those veterans meeting these criteria and cannot be generalized to broader VA patient populations. Review of Selected VA Medical Facilities' Physical Security Precautions: To examine the physical security precautions in place in residential programs and inpatient mental health units, physical security experts from our Forensic Audits and Investigative Services team conducted an independent assessment of physical security measures in place at the medical facilities we visited. To conduct this assessment, these experts assessed the physical security precautions in place at each of the five medical facilities we visited and identified any weaknesses they observed in these systems using criteria based on generally recognized security standards and selected VA security requirements. These reviews included the testing of some physical security precautions, such as panic alarm systems, and interviews with staff working in the residential programs and inpatient mental health units that were reviewed. Our review of these precautions was limited to only those medical facilities we reviewed and does not represent results from all VA medical facilities nationwide. We conducted our performance audit from May 2010 through June 2011 in accordance with generally accepted government auditing standards. Those standards require that we plan and perform the audit to obtain sufficient, appropriate evidence to provide a reasonable basis for our findings and conclusions based on our audit objectives. We believe that the evidence obtained provides a reasonable basis for our findings and conclusions based on our audit objectives. We conducted our related investigative work in accordance with standards prescribed by the Council of Inspectors General on Integrity and Efficiency. [End of section] Appendix II: Analysis of VA Police Reports of Sexual Assault Incidents from January 2007 through July 2010: This appendix provides additional results from our analysis of VA police reports of sexual assault incidents from January 2007 through July 2010. Cases not reported to the VA police are not included in our analysis of sexual assault incidents. * Figure 3 shows the number of sexual assault incidents reported at VA medical facilities to VA police by Veterans Integrated Service Network (VISN) from January 2007 through July 2010. This count ranged from 34 incidents reported in VISNs C and D to no incidents reported in VISN E. * Table 6 shows the total number of sexual assault incidents alleging rape by gender of the perpetrator and victim from January 2007 through July 2010. * Table 7 shows the total number of sexual assault incidents alleging rape by the perpetrator and victim relationship to VA from January 2007 through July 2010. * Table 8 shows the total number of patient-on-patient assault incidents and patient-on-employee assault incidents by the type of sexual assault incident from January 2007 through July 2010. Figure 3: Number of Sexual Assault Incidents Reported to VA Medical Facility Police by VISN, January 2007 through July 2010: [Refer to PDF for image: vertical bar graph] VISN: A; Number of Incidents Reported: 13. VISN: B; Number of Incidents Reported: 21. VISN: C; Number of Incidents Reported: 34. VISN: D; Number of Incidents Reported: 34. VISN: E; Number of Incidents Reported: 0. VISN: F; Number of Incidents Reported: 4. VISN: G; Number of Incidents Reported: 7. VISN: H; Number of Incidents Reported: 21. VISN: I; Number of Incidents Reported: 11. VISN: J; Number of Incidents Reported: 14. VISN: K; Number of Incidents Reported: 7. VISN: L; Number of Incidents Reported: 19. VISN: M; Number of Incidents Reported: 6. VISN: N; Number of Incidents Reported: 22. VISN: O; Number of Incidents Reported: 7. VISN: P; Number of Incidents Reported: 8. VISN: Q; Number of Incidents Reported: 6. VISN: R; Number of Incidents Reported: 13. VISN: S; Number of Incidents Reported: 7. VISN: T; Number of Incidents Reported: 15. VISN: U; Number of Incidents Reported: 15. Sources: GAO (analysis); VA (data). Notes: In this report, we use the term sexual assault incident to refer to suspected, alleged, attempted, or confirmed cases of sexual assault. All reports of sexual assault incidents do not necessarily lead to prosecution and conviction. This may be, for example, because an assault did not actually take place or there was insufficient evidence to determine whether an assault occurred. Complete analysis of 2007, 2008, and 2010 data was limited by three factors: (1) our analysis of 2007 VA police files was limited due to the requirement that VA police destroy investigative files after 3 years under a records schedule approved by the National Archives and Records Administration, (2) our analysis of 2007 and 2008 VA police files was limited due to VA police manually submitting these files to VA's Office of Security and Law Enforcement (OSLE) for the purpose of this data request because a centralized VA police reporting system did not exist prior to January 2009, and (3) our analysis of 2010 records was limited to only those received by VA police through July 2010. There are 21 VISNs in the VA health care system. VISNs 1-12 and VISNs 15-23. For reporting purposes, VISN numbers were blinded to protect the anonymity of each individual VISN. Cases not reported to VA police were not included in our analysis of sexual assault incidents. [End of figure] Table 6: Total Sexual Assault Incidents Alleging Rape by Perpetrator and Victim Gender, January 2007 through July 2010: Perpetrator/victim gender: Female/male; Total sexual assault incidents involving rape[A]: 5. Perpetrator/victim gender: Male/female; Total sexual assault incidents involving rape[A]: 31. Perpetrator/victim gender: Male/male; Total sexual assault incidents involving rape[A]: 20. Perpetrator/victim gender: Unknown/female; Total sexual assault incidents involving rape[A]: 8. Perpetrator/victim gender: Unknown/male; Total sexual assault incidents involving rape[A]: 3. Perpetrator/victim gender: Total; Total sexual assault incidents involving rape[A]: 67. Source: GAO (analysis); VA (data). Notes: In this report, we use the term sexual assault incident to refer to suspected, alleged, attempted, or confirmed cases of sexual assault. All reports of sexual assault incidents do not necessarily lead to prosecution and conviction. This may be, for example, because an assault did not actually take place or there was insufficient evidence to determine whether an assault occurred. Complete analysis of 2007, 2008, and 2010 data was limited by three factors: (1) our analysis of 2007 VA police files was limited due to the requirement that VA police destroy investigative files after three years under a records schedule approved by the National Archives and Records Administration, (2) our analysis of 2007 and 2008 VA police files was limited due to VA police manually submitting these files to VA's OSLE for the purpose of this data request because a centralized VA police reporting system did not exist prior to January 2009, and (3) our analysis of 2010 records was limited to only those received by VA police through July 2010. The rape category includes any case involving allegations of rape, defined as vaginal or anal penetration through force, threat, or inability to consent. For cases that included allegations of multiple categories including rape (i.e. inappropriate touch, forced oral sex, and rape) the category of rape was applied. Cases where staff deemed that one or more of the veterans involved were mentally incapable of consenting to sexual activities described in the case were considered rape. [A] Cases not reported to VA police are not included in our analysis of sexual assault incidents. [End of table] Table 7: Total Sexual Assault Incidents Alleging Rape by Perpetrator and Victim Relationship to VA, January 2007 through July 2010: Perpetrator/victim relationship to VA: Employee/employee; Total sexual assault incidents involving rape[A]: 2. Perpetrator/victim relationship to VA: Employee/outsider; Total sexual assault incidents involving rape[A]: 1. Perpetrator/victim relationship to VA: Employee/patient; Total sexual assault incidents involving rape[A]: 13. Perpetrator/victim relationship to VA: Employee/visitor; Total sexual assault incidents involving rape[A]: 1. Perpetrator/victim relationship to VA: Outsider/employee; Total sexual assault incidents involving rape[A]: 1. Perpetrator/victim relationship to VA: Outsider/outsider; Total sexual assault incidents involving rape[A]: 2. Perpetrator/victim relationship to VA: Patient/employee; Total sexual assault incidents involving rape[A]: 1. Perpetrator/victim relationship to VA: Patient/patient; Total sexual assault incidents involving rape[A]: 25. Perpetrator/victim relationship to VA: Unknown/patient; Total sexual assault incidents involving rape[A]: 19. Perpetrator/victim relationship to VA: Visitor/patient; Total sexual assault incidents involving rape[A]: 2. Perpetrator/victim relationship to VA: Total; Total sexual assault incidents involving rape[A]: 67. Source: GAO (analysis); VA (data). In this report, we use the term sexual assault incident to refer to suspected, alleged, attempted, or confirmed cases of sexual assault. All reports of sexual assault incidents do not necessarily lead to prosecution and conviction. This may be, for example, because an assault did not actually take place or there was insufficient evidence to determine whether an assault occurred. Complete analysis of 2007, 2008, and 2010 data was limited by three factors: (1) our analysis of 2007 VA police files was limited due to the requirement that VA police destroy investigative files after three years under a records schedule approved by the National Archives and Records Administration, (2) our analysis of 2007 and 2008 VA police files was limited due to VA police manually submitting these files to VA's OSLE for the purpose of this data request because a centralized VA police reporting system did not exist prior to January 2009, and (3) our analysis of 2010 records was limited to only those received by VA police through July 2010. The rape category includes any case involving allegations of rape, defined as vaginal or anal penetration through force, threat, or inability to consent. For cases that included allegations of multiple categories including rape (i.e. inappropriate touch, forced oral sex, and rape) the category of rape was applied. Cases where staff deemed that one or more of the veterans involved were mentally incapable of consenting to sexual activities described in the case were considered rape. [A] Cases not reported to VA police are not included in our analysis of sexual assault incidents. [End of table] Table 8: Patient-on-Patient Assault Incidents and Patient-on-Employee Assault Incidents by Type of Sexual Assault Incident, January 2007 through July 2010: Patient-on-patient: Rape[A]: 25; Inappropriate touch[B]: 54; Forceful medical examination: 0; Forced or inappropriate oral sex: 8; Other[C]: 2; Total[D]: 89. Patient-on-employee: Rape[A]: 1; Inappropriate touch[B]: 83; Forceful medical examination: 0; Forced or inappropriate oral sex: 1; Other[C]: 0; Total[D]: 85. Total: Rape[A]: 26; Inappropriate touch[B]: 137; Forceful medical examination: 0; Forced or inappropriate oral sex: 9; Other[C]: 2; Total[D]: 174. Source: GAO (analysis); VA (data). Notes: In this report, we use the term sexual assault incident to refer to suspected, alleged, attempted, or confirmed cases of sexual assault. All reports of sexual assault incidents do not necessarily lead to prosecution and conviction. This may be, for example, because an assault did not actually take place or there was insufficient evidence to determine whether an assault occurred. Complete analysis of 2007, 2008, and 2010 data was limited by three factors: (1) our analysis of 2007 VA police files was limited due to the requirement that VA police destroy investigative files after three years under a records schedule approved by the National Archives and Records Administration, (2) our analysis of 2007 and 2008 VA police files was limited due to VA police manually submitting these files to VA's OSLE for the purpose of this data request because a centralized VA police reporting system did not exist prior to January 2009, and (3) our analysis of 2010 records was limited to only those received by VA police through July 2010. [A] The rape category includes any case involving allegations of rape, defined as vaginal or anal penetration through force, threat, or inability to consent. For cases that included allegations of multiple categories including rape (i.e. inappropriate touch, forced oral sex, and rape) the category of rape was applied. Cases where staff deemed that one or more of the veterans involved were mentally incapable of consenting to sexual activities described in the case were considered rape. [B] The inappropriate touch category includes any case involving only allegations of touching, fondling, grabbing, brushing, kissing, rubbing, or other like-terms. [C] The other category included any allegations that did not fit into the other categories or if the incident described in the case file did not contain sufficient information to place the case in one of the other designated categories. [D] Cases not reported to VA police are not included in our analysis of sexual assault incidents. [End of table] [End of section] Appendix III: Comments from the Department of Veterans Affairs: Department Of Veterans Affairs: Washington DC 20420: June 3, 2011: Mr. Randall B. Williamson: Director, Health Care: U.S. Government Accountability Office: 441 G Street, NW: Washington, DC 20548: Dear Mr. Williamson: The Department of Veterans Affairs (VA) has reviewed the Government Accountability Office's (GAO) draft report, "VA Health Care: Actions Needed to Prevent Sexual Assaults and Other Safety Incidents" (GA0-11- 530) and generally agrees with GAO's conclusions and concurs with GAO's recommendations to the Department. The Department values the safety and well being of all Veterans, staff and visitors who come to VA health care facilities. To address concerns raised in GAO's draft report, a multi-disciplinary workgroup has already begun work to define what the Veterans Health Administration must do to prevent sexual assault incidents as well as respond to reports and allegations of sexual victimization of Veterans and employees. Furthermore, in June 2009, the Secretary of Veterans Affairs mandated the establishment of a VA Integrated Operations Center (IOC). The IOC is the focal point within VA for the receipt, analysis, and dissemination of information from VA facilities and forms a nexus that allows for situational awareness, coordinated recommendations, and feedback to VA senior leaders in real time so that they can make timely and proactive decisions. The combination of these actions will provide increased security and safety for our Veterans, their families, and our employees. The enclosure provides responses to each of GAO's recommendations and provides technical comments to the report. VA appreciates the opportunity to comment on your draft report. Sincerely, Signed by: John R. Gingrich: Chief of Staff: Enclosure: [End of letter] Enclosure: Department of Veterans Affairs Comments to Government Accountability Office (GAO) Draft Report: VA Health Care: Actions Needed to Prevent Sexual Assaults and Other Safety Incidents (GA0-11-530): GAO recommendation: To improve VA's reporting and monitoring of allegations of sexual assault, we recommend that the Secretary of the Department of Veterans Affairs direct the Under Secretary for Health to take the following four actions: Recommendation 1: Ensure that a consistent definition of sexual assault is used for reporting purposes by all medical facilities throughout the system to ensure that consistent information on these incidents is reported from medical facilities through VISNs to VHA Central Office Leadership; VA Response: Concur. The Veterans Health Administration (VHA) agrees with the need for establishing consistent definitions of sexual assault and other safety incidents to be used for reporting information from medical facilities through the Veterans Integrated Service Networks (VISN) to VHA Central Office (CO) and other offices including the VA Office of Security and Law Enforcement (OSLE). To develop a set of definitions of sexual assault and other safety incidents as well as address other report recommendations and additional needs, a multi-disciplinary workgroup[Footnote 1] has been charged with multiple objectives and tasks to complete with assignments for interim deliverables including completion of an initial action plan with specific timeframes due no later than (NLT) July 15, 2011, with the final report due NLT September 30, 2011. A specific charge to the workgroup is to identify the scope and definitions for sexual victimization, types of incidents, and locations within VHA. The entire charge to the work group is provided in Attachment A. Recommendation 2: Clarify expectations about what information related to sexual assault incidents should be reported to and communicated within VISN and VHA Central Office leadership teams, such as officials responsible for residential programs and inpatient mental health units; VA Response: Concur. VHA recognizes the need to improve structures for reporting incidents involving sexual victimization and other safety incidents. The multidisciplinary workgroup mentioned in the response to Recommendation 1 will review existing data sources and information- dissemination mechanisms to obtain and determine what data and reporting processes are needed for an effective reporting structure. Based on this inventory, if it is determined that existing additional reporting processes or data collection are required, changes will be developed, communicated with the field, and implemented. In addition to reporting and communicating information to VISN and VHACO leadership teams, as well as the VA OSLE, the workgroup will identify how best to enhance tracking which can be used to identify trends and root causes if safety is not achieved. In regard to improving structures for reporting and communicating sexual assault and other safety incidents, the initial action plan will be completed NLT July 15, 2011, with a final report due NLT September 30, 2011. Recommendation 3: Implement a centralized tracking mechanism that would allow sexual assault incidents to be consistently monitored by VHA Central Office staff; VA Response: Concur. Defining program responsibilities for policy development and implementation and ensuring that sexual assault and other safety incidents are consistently reported, monitored by the appropriate staff, and addressed appropriately and promptly by field and VHACO officials are crucial elements in protecting the safety of Veterans in residential and other programs, as well as employees who work in our facilities and others who visit. To accomplish this more effectively, VHA has already begun to determine potential vulnerabilities in organization strategies, structures, or policies to identify how best to change or strengthen program leadership roles, parameters of reporting, and program ownership for tracking and reporting processes. Also, a multidisciplinary workgroup has been specifically charged with developing and implementing a centralized mechanism to monitor sexual assault and other safety incidents starting with the completion of an action plan with specific timeframes by July 15, 2011, with a final report due NLT September 30, 2011. Recommendation 4: Develop an automated mechanism within the centralized VA police reporting system that signals VA police officers to refer cases involving potential felonies, such as rape allegations, to the VA OIG to facilitate increased communication and partnership between these two entities. VA Response: Concur. The Office of Operations, Security, and Preparedness (OSP)/OSLE partners and collaborates with VA OIG on a daily basis. OSP/OSLE will develop a mechanism that will directly prompt VA police officers to report potential felonies such as rape to the VA OIG when the offense is entered into the database. Also, the system will send a message alert to a specialized VA OIG mailbox that a felony has been recorded in the VA police database. VA employees have a duty to report all crimes in accordance with 38 CFR 1.203 and 1.205 to VA Police and in accordance with 38 CFR 1.204 and 1.201 to VA 01G. Completion date: August 2011. GAO recommendation: To help identify risks and address vulnerabilities in physical security precautions at VA medical facilities, we recommend that the Secretary of the Department of Veterans Affairs direct the Under Secretary for Health to take the following four actions: Recommendation 5: Establish guidance specifying what should be included in legal history discussions with veterans and how this information should be documented in veterans' psychosocial assessments; VA Response: Concur. VHA cannot predict potential sexual victimization with any certainty; however, VHA can and will focus on strategies that provide universal precautions. In addition, VHA will further explore what information should be obtained when assessing a Veteran's risk to commit an offense and how this information would be used within the required limits for maintaining confidentiality and rights of privacy. VHA will conduct a comprehensive literature review to identify best practices and evidence-based approaches to risk assessment and risk management. This may include information about legal history as well as information about other risk factors. The multidisciplinary workgroup has been charged with consulting with additional expertise if needed to analyze the information developed during the literature review to determine what specific guidance may need to be developed. An action plan for the development, implementation, and communication of the guidance will be established and followed. This process will also address what appropriate action needs to be taken to standardize documentation in Veterans' psychosocial assessments. Throughout this process, the multidisciplinary workgroup will collaborate with the VA Office of General Counsel, as well as with the VHA Office of Ethics in Health Care and Patient Care Services, to ensure that rights of privacy are maintained in developing and implementing risk assessment and management guidance and processes while ensuring a safe environment for Veterans. In regard to establishing guidance specifying what should be included in legal history discussions with Veterans and how this information should be documented in Veterans' psychosocial assessments, completion of an initial action plan with specific timeframes is due NLT July 15, 2011, with a final report due NLT September 30, 2011. Recommendation 6: Ensure medical centers determine whether existing stationary, computer-based, and portable personal panic-alarm systems operate effectively through mandatory regular testing; VA Response: Concur. Regular testing of alarm systems is one step to ensuring the safety and security of Veterans who participate in residential treatment as well as other programs. While VA Medical Centers (VAMC) currently are expected to have policies appropriate for individual circumstances in a medical center and in compliance with The Joint Commission standards regarding the use and testing of panic alarm systems, the Office of the Deputy Under Secretary for Health for Operations and Management (DUSHOM) will re-emphasize the need for routine testing of these panic alarms to ensure the alarms are functioning correctly. The DUSHOM will also review whether existing policy needs to be revised so that regular testing is required and so that alarm systems have regular preventative maintenance performed in accordance with manufacturer requirements. The DUSHOM will work with the multi-disciplinary workgroup to complete an action plan with specific timeframes NLT July 15, 2011, with a final report due NLT September 30, 2011. Recommendation 7: Ensure that alarm systems effectively notify relevant staff in both medical facilities' VA police command and control centers and unit nursing stations; VA Response: Concur. Due to the variability in types of alarm systems based on location and services offered, it is necessary for each facility to develop its own processes to ensure alarm systems are appropriately communicating with medical facilities' VA police command and control centers as well as unit nursing services. In order to ensure that each facility is addressing these issues, the DUSHOM will reemphasize existing policy and procedures about the use of alarm systems. Also, VISN Directors will be tasked to ensure that local facilities have established systems that meet the specific location and function needs. A process will be developed to include regular testing of these systems based on industry and manufacturers' standards. The DUSHOM will work with the multi-disciplinary workgroup to complete an action plan with specific timeframes by July 15, 2011, as well as implement policy changes or complete timelines related to policy changes NLT September 30, 2011. Recommendation 8: Require relevant medical center stakeholders to coordinate and consult on (1) plans for new and renovated units and (2) any changes to physical security features, such as closed-circuit television cameras. VA Response: Concur. The report points out the importance of coordination and collaboration in construction and renovation processes among medical center stakeholders. The DUSHOM will re- emphasize the importance of coordinating at the local level to ensure that safety and security are considered during construction and renovation projects at local levels. In addition at the national level, the DUSHOM will work with the multi- disciplinary workgroup to consult with the VA Office of Construction and VA OSLE about how to formalize such consultation as part of the planning and design processes for all construction projects. The goal is to ensure vulnerability assessments and physical security considerations are addressed for all new and renovated units in medical facilities. The DUSHOM will work with the multi-disciplinary workgroup to complete an action plan with specific timeframes NLT July 15, 2011, as well as implement policy changes or complete timelines related to policy changes NLT September 30, 2011. Appendix III Footnotes: [1] The workgroup includes officials from the Offices of the Deputy Under Secretary for Policy and Services (e.g., Patient Care Services, Public Health, Informatics and Analytics); Deputy Under Secretary for Health for Operations and Management (e.g., Assistant Deputy Under Secretary for Health for Clinical Operations and Assistant Deputy Under Secretary for Administrative Operations); Principal Deputy Under Secretary for Health (e.g., Office of Nursing Services and Assistant Deputy Under Secretary for Health for Quality, Safety, and Value); VA Office of Security and Law Enforcement as well as other offices such as the VA Office of General Counsel, as needed. Attachment A: Department of Veterans Affairs: Veterans Health Administration: Charter of the Under Secretary for Health Safety and Assault Prevention Workgroup: 1. Purpose. The Veterans Health Administration (VHA) values the safety and well being of Veterans, staff, and visitors in every Department of Veterans Affairs (VA) health care setting. This includes establishing appropriate risk assessments, precautions, and risk management procedures related to incidents of alleged sexual assaults and of alleged sexual harassment perpetrated against Veterans, staff, or visitors to VA medical care facilities. In addition, VHA recognizes that several mechanisms and reporting structures have been identified that could be better organized to ensure the effective coordination of both prevention and response activities. This workgroup is charged to define steps necessary to ensure that VHA is taking every action necessary to respond effectively to reports of sexual victimization of Veterans and employees, develop appropriate proactive interventions to reduce the risk of these events, provide a recommendation for ongoing data tracking and trending, and establish guidance for training of staff and providers. The workgroup will review the current data sources, organization and structure of VHA's tracking reports and the current response to sexual victimization and assault incidents. The workgroup will further review and evaluate risks and efforts to prevent sexual assaults. Finally, the workgroup will assess the current status within VHA and propose recommendations on the most appropriate organizational initiatives or policy updates. 2. Workgroup Objectives. The Safety and Assault Prevention Workgroup will be expected to accomplish the following objectives: * Identify scope and definitions for sexual victimization of Veterans and employees, types of incidents and locations within VHA responsibility; * Identify current organizational roles and responsibilities in relation to assuring safety from sexual victimization in VHA settings; * Identify data sources within the VHA organizational structure, variations in data elements, and data tracking methods that are most likely to support identification of trends and root causes when safety was not achieved: - Review of existing data sources, and information-dissemination mechanisms; - Determine what other data will be needed, and request from data sources. * Establish a tracking system for all defined incidents which will coordinate both law enforcement and leadership systems of response; * Evaluate where current models of care delivery work well; * Identify where non-compliance exists with current policy; * Determine potential vulnerabilities in organizational strategies, structures or policies, and recommend opportunities for change or strengthening in program leadership roles, parameters of reporting, and program ownership for tracking and reporting routinely, and program responsibilities for policy development and implementation; * Begin background work on education needs for VHA Central Office and field staff and providers; * Identify and establish data trending mechanisms to support intervention, prevention and education; * Identify prevention strategies that are reviewed by Program Office Officials for compliance with current literature and/or best practice and that can be executed at all VA medical centers (VAMC); * Assess current alarm/panic systems, and physical security features with an analysis of gaps and recommendations for improvement. 3. Membership. Co-Chair: George Arana, MD, Acting Assistant Deputy Under Secretary for Health for Clinical Operations. Co-Chair: Patricia M. Hayes, PhD, Chief Consultant, Women's Health Strategic Health Group. Project Manager: Douglas Walker, Presidential Management Fellow. Workgroup Participants: Representatives from following offices: * VHA Deputy Under Secretary for Health for Operations and Management (10N); - Assistant Deputy Under Secretary for Clinical Operations (10NC) including operations officials related to mental health, geriatrics, specialty care; - Assistant Deputy Under Secretary for Administrative Operations including officials involved with safety and facility issues. * VHA Deputy Under Secretary for Health for Policy and Services (10P); - Office of Patient Care Services (10P4) including policy staff related to mental health, geriatrics, specialty care; - Office of Public Health (10P3); - Information and Analytics (10P2). * VHA Principal Deputy Under Secretary for Health (10A); - Office of Quality and Safety; - Office of Nursing Service. * VA Office of Security and Law Enforcement. * VA Office of General Counsel, as needed. * Field representation. * Others, as needed. 4. Deliverables and Operations. The workgroup is chartered to prepare reports and recommendations to be presented to the co-chairs of the workgroup. The co-chairs will then provide the results of the workgroup efforts to the Deputy Under Secretary for Health for Operations and Management and the Deputy Under Secretary for Health for Policy and Services for review and approval. The workgroup has the authority and expectation to set up sub-groups as necessary to complete a full analysis in a timely manner. The workgroup and its sub-groups are to use program office leaders, subject matter experts, and front line staff from the field as members of the sub-groups. The specific tasks for the workgroup are to: * Develop and present an initial action plan to outline scope of work with strict timelines. * Produce a workgroup report to include a highly defined and detailed list of recommendations and a project plan including: - identification of risks (including if there is a need for legal history discussions with Veterans during psychosocial assessment processes), - risk mitigation strategies, - definitions of oversight responsibilities and roles of leadership and program offices, - timeframes for execution of recommendations, - timeframes for execution of implementation in field facilities, - performance metrics and outcome measures for plan work streams, - comprehensive policy to track and report sexual victimization incidents at VA facilities, This report is to be presented to the Principal Deputy Under Secretary for Health and Under Secretary for Health for approval. 5. Timelines. * Initial Action Plan: NLT July 15, 2011. * Monthly verbal updates to Deputy Under Secretary for Health for Operations and Management, Deputy Under Secretary for Health for Policy and Services, and Principal Deputy Under Secretary for Health, and Under Secretary for Health. * Final Written Report: NLT September 30, 2011. Signed by: Robert A. Petzel, M.D. Under Secretary for Health: Date: June 3, 2011: [End of section] Appendix IV: GAO Contact and Staff Acknowledgments: GAO Contact: Randall B. Williamson, (202) 512-7114 or williamsonr@gao.gov: Staff Acknowledgments: In addition to the contact named above, Marcia A. Mann, Assistant Director; Gary A. Bianchi; Robin Burke; Emily Goodman; Katherine Nicole Laubacher; Lisa Motley; Andy O'Connell; George Ogilvie; Carmen Rivera-Lowitt; and Cassandra Yarbrough made key contributions to this report. [End of section] Footnotes: [1] See GAO, VA Health Care: VA Has Taken Steps to Make Services Available to Women Veterans, but Needs to Revise Key Policies and Improve Oversight Processes, [hyperlink, http://www.gao.gov/products/GAO-10-287] (Washington D.C.: Mar. 31, 2010). [2] In this report, we use the term safety incident to refer to intentionally unsafe acts--including criminal and purposefully unsafe acts, clinician and staff alcohol or substance abuse-related acts, and events involving alleged or suspected patient abuse of any kind. These safety incidents are excluded from the reporting requirements outlined by the VA National Center for Patient Safety (NCPS). [3] In this report, we use the term sexual assault incident to refer to suspected, alleged, attempted, or confirmed cases of sexual assault. All reports of sexual assault incidents do not necessarily lead to prosecution and conviction. This may be, for example, because an assault did not actually take place or there was insufficient evidence to determine whether an assault occurred. [4] NCPS manages VA's overall patient safety reporting system and focuses its data collection and oversight on adverse events that represent primarily unintentional medical mistakes, such as errors in medication administration, patient falls, and wrong-site surgeries. The collection of information on intentionally unsafe acts, including criminal acts such as sexual assault, is specifically exempted from NCPS responsibility by VA policy. [5] Within VA, VHA is the organization responsible for providing health care to veterans at medical facilities across the country. [6] We also spoke with officials from VHA's Office of Mental Health Services and the Women Veterans Health Strategic Health Care Group. [7] VA medical facilities were selected to ensure that at least one facility with no experience reporting sexual assault incidents was included in our judgmental sample of facilities. Other selected medical facilities all had some experience reporting sexual assault incidents. To determine facilities' histories of reporting sexual assault incidents, we reviewed closed investigations conducted by the VA Office of the Inspector General (OIG) Office of Investigations-- Criminal Investigations Division. This selection allowed us to ensure that a greater variety of perspectives on sexual assault incidents were captured during our field work. [8] Two of the facilities we visited were located within the same VISN. VISNs are responsible for the day-to-day management of facilities within their network. [9] For the purposes of this report, we define sexual assault as any type of sexual contact or attempted sexual contact that occurs without the explicit consent of the recipient of the unwanted sexual activity. Assaults may involve psychological coercion, physical force, or victims who cannot consent due to mental illness or other factors. Falling under this definition of sexual assault are sexual activities such as forced sexual intercourse, sodomy, oral penetration or penetration using an object, molestation, fondling, and attempted rape or sexual assault. Victims of sexual assault can be male or female. This does not include cases involving only indecent exposure, exhibitionism, or sexual harassment. [10] Compensated work therapy is a VA vocational rehabilitation program that matches work-ready veterans with competitive jobs, provides support to veterans in these positions, and consults with business and industry on their specific employment needs. [11] Veterans Health Administration Handbook 1162.02, Mental Health Residential Rehabilitation Treatment Program (Dec. 22, 2010). [12] CWT/TR programs are exempt from some of these requirements. [13] Information about veterans' living situations, emotional and behavioral functioning, histories of substance use, family psychiatric histories, experiences with military history and trauma, current social support and stressors, and current financial status may also be included in these assessments. [14] 38 C.F.R. § 1.204 (2010). Criminal matters involving felonies must be immediately referred to the OIG, Office of Investigations. VA management officials with information about possible criminal matters involving felonies are responsible for prompt referrals to the OIG. Examples of felonies include but are not limited to, theft of government property over $1,000, false claims, false statements, drug offenses, crimes involving information technology systems, and serious crimes against the person, i.e., homicides, armed robbery, rape, aggravated assault, and serious physical abuse of a VA patient. Additionally, another VA regulation requires that all VA employees with knowledge or information about actual or possible violations of criminal law related to VA programs, operations, facilities, contracts, or information technology systems immediately report such knowledge or information to their supervisor, any management official, or directly to the VA OIG. 38 C.F.R. § 1.201 (2010). [15] VA defines serious incidents as those that involve: (1) public information regarding the arrest of a VA employee; (2) major disruption to the normal operations of a VA facility; (3) deaths on VA property due to suspected homicide, suicides, accidents, and/or suspicious deaths; (4) VA police-involved shootings; (5) the activation of occupant emergency plans, facility disaster plans, and/or continuity of operations plans; (6) loss or compromise of VA sensitive data, including classified information; (7) theft or loss of VA-controlled firearms or hazardous material, or other major theft or loss; (8) terrorist event or credible threat that impacts VA facilities or operations; and (9) incidents on VA property that result in serious illness or bodily injury, including sexual assault, aggravated assault, and child abuse. See VA Directive 0321, Serious Incident Reports (Jan. 21, 2010). [16] Several VISN officials in network offices we reviewed also noted that they can sometimes learn of incidents through other mechanisms, such as press reports and veterans' families. [17] See 38 C.F.R. § 1.204 (2010). [18] VHA Directive 2010-014, Assessment and Management of Veterans Who Have Been Victims of Alleged Acute Sexual Assault (May 25, 2010). [19] Our analysis was limited to only those reports that were provided by the VA OSLE and does not include reports that may never have been created or were lost by local VA police or VA OSLE. [20] To conduct this analysis, we placed VA police case files into these categories to describe the allegations contained within them. [21] We could not consistently determine whether or not these sexual assault incidents were substantiated due to limitations in the information VA provided, including inconsistent documentation of the disposition of some incidents in the police files. [22] Other allegations by relationship included: 1 employee-on- outsider assault, 2 employee-on-visitor assaults, 2 outsider-on- employee assaults, 2 outsider-on-outsider assaults, 1 outsider-on- patient assault, 1 outsider-on-visitor assault, 3 patient-on-visitor assaults, 3 unknown-on-employee assaults, 3 unknown-on-visitor assaults, 1 visitor-on-employee assault, and 2 visitor-on-patient assaults. [23] Our review of the reports received by both VISN and VA Central Office officials was limited to only those documented in issue briefs and did not include the less formal heads-up messages. This is because heads-up messages are not formally documented and often are a preliminary step to a more formal issue brief. [24] We did not require VA OIG to provide documentation for 9 incidents currently under investigation due to the sensitive nature of these ongoing investigations. Since we did not require this documentation, it is possible that some of these 9 ongoing investigations were included in the 42 rape allegations we could not confirm were reported to the VA OIG. [25] See 38 C.F.R. § 1.204 (2010). Examples of felonies listed in this regulation include theft of government property over $1,000, false claims, false statements, drug offenses, crimes involving information technology systems, and serious crimes against the person, i.e., homicides, armed robbery, rape, aggravated assault, and serious physical abuse of a VA patient. [26] The VA Security and Law Enforcement Handbook defines a felony as any offense punishable by either imprisonment of more than 1 year or death as classified under 18 U.S.C. § 3559. See VA Handbook 0730, Security and Law Enforcement (Aug. 11, 2000). Federal statutes define certain sexual acts and contacts as federal crimes. See 18 U.S.C. §§ 2241-2248. All federal sexual offenses are punishable by imprisonment of more than 1 year; therefore all federal sexual offenses are felonies and must be immediately referred to the VA OIG for investigation in accordance with VA regulation. [27] For the purposes of our analysis, we focused only on sexual assault incidents involving rape allegations. Neither federal statutes nor VA regulations define rape; however, the definition of rape we developed for our analysis falls within the federal sexual offenses of either aggravated sexual abuse or sexual abuse. See 18 U.S.C. §§ 2241 and 2242. These two offenses are felonies under federal statute; therefore, all rapes that meet our definition are felonies. [28] The VA OIG senior-level investigators who conducted this review noted that they identified at least one incident summary that was readily identifiable as a case currently under investigation by the VA OIG. Due to the general nature of the incident summaries we provided for their review and the sensitive nature of specific details of ongoing investigations, we did not require the VA OIG to provide specific details on exactly how many of the 42 rape allegations we asked them to review were currently under investigation by their office; however, the total number of ongoing sexual assault incident investigations for the time period of our analysis was only nine. [29] The National Center for Victims of Crime's definition of sexual assault states that: "Sexual assault takes many forms including attacks such as rape or attempted rape, as well as any unwanted sexual contact or threats. Usually a sexual assault occurs when someone touches any part of another person's body in a sexual way, even through clothes, without that person's consent. Some types of sexual acts which fall under the category of sexual assault include forced sexual intercourse (rape), sodomy (oral or anal sexual acts), child molestation, incest, fondling and attempted rape." [30] The Joint Commission is an independent organization that accredits and certifies health care organizations and programs in the United States. Rape is included among The Joint Commission's list of reportable sentinel events and defines rape as: "unconsented sexual contact involving a patient and another patient, staff member, or other perpetrator while being cared for, treated, or provided services, or on the premises of the behavioral health care organization, including oral, vaginal, or anal penetration or fondling of the patient's sex organ(s) by another individual's hand, sex organ, or object." [31] The remaining VISN did not report receiving any issue briefs on sexual assault incidents. [32] While two of the four VISN policies reference The Joint Commission's definition of sentinel events, which includes rape, this definition does not include the broader category of sexual assault incidents as defined in this report. [33] VISNs may also send a heads-up message to this office either by e- mail or phone to inform the Office of the Deputy Under Secretary for Health for Operations and Management of emerging incidents. These heads-up messages are typically the precursor to issue briefs received by the office. [34] The Director for Network Support is a senior executive who advises the Assistant Deputy Under Secretary for Health Care Management. [35] See GAO, Internal Control: Standards for Internal Control in the Federal Government, [hyperlink, http://www.gao.gov/products/GAO/AIMD-00-21.3.1] (Washington, D.C.: November 1999). Standards for internal control in the federal government state that information should be recorded and communicated to management and others within the agency that need it in a format and time frame that enables them to carry out their responsibilities. [36] See [hyperlink, http://www.gao.gov/products/GAO/AIMD-00-21.3.1]. Standards for internal control in the federal government state that agencies should design internal controls that assure ongoing monitoring occurs in the course of normal operations, is continually performed, and is ingrained in agency operations. [37] We did not review the sexual assault-related risks that VA staff and clinicians may pose in VA medical facilities. [38] One example of a program-specific assessment used at one site we visited is the Minnesota Multiphasic Personality Inventory (MMPI) for veterans entering the PTSD Residential Program. Clinicians at this site said that the MMPI is the most widely used personality inventory in the country. These clinicians explained that this instrument helps them ensure they have essential information to make appropriate placements of veterans in this program. [39] VHA officials told us that assessment requirements for veterans admitted to residential programs are contained in VHA's Mental Health RRTP Handbook and policy guidance on assessment for inpatient mental health units is found in various documents, including the VA/Department of Defense (DOD) PTSD Clinical Practice Guidelines (2010) and The Joint Commission standards. See Veterans Health Administration Handbook 1162.02, Mental Health Residential Rehabilitation Treatment Program (Dec. 22, 2010); VA/DOD Clinical Practice Guideline for the Management of Post-Traumatic Stress (October 2010); and The Joint Commission, 2010 Standards for Behavioral Health Care (Oakbrook Terrace, Ill.: 2010). [40] Federal agencies may only run background checks for noncriminal justice purposes if they have specific statutory authority. See 42 U.S.C. § 14616 art. IV(b). VA police may only conduct a background check on a veteran if the veteran is the subject of a criminal investigation. [41] Veterans counted as registered sex offenders in our sample were those that had been registered in the state sex offender registry for each of our selected medical facilities under the address of either the medical facility's residential programs or inpatient mental health units when we checked these registries prior to our site visits. [42] See GAO/AIMD-00-21.3.1. Standards for internal control in the federal government state that agencies should assess risks the agency faces from both internal and external sources and require clear, consistent agency objectives and detailed policies on the information that medical facilities should include in risk identification. While internal control standards allow for variation in the specific approach agencies or programs may use based on differences in their missions or difficulty in identifying risks, having clear agency policies is critical to the risk assessment process. [43] VHA officials reported that these requirements are based on accreditation organization requirements, specifically The Joint Commission and the Commission on Accreditation of Rehabilitation Facilities. [44] VA/DOD Clinical Practice Guideline for the Management of Post- Traumatic Stress (October 2010) and 2010 Standards for Behavioral Health Care (2010). [45] VHA facilities may place an alert on a veteran's electronic medical record to notify employees that the veteran may pose a threat to the safety of other patients or employees. According to VHA, these flags are to be used very judiciously and must be approved by either appropriate local or VHA authorities. See VHA Directive 2010-053, Patient Record Flags (Dec. 3, 2010). At each of the medical facilities we reviewed, requests for the placement of medical record flags were formally reviewed by a multidisciplinary facility committee responsible for activities related to the management of disruptive behavior at the facility. [46] Stationary panic alarms are fixed to furniture, walls, or other stationary items and can be used to alert VA staff of a problem or call for help if staff feel threatened. Computer-based panic alarms are activated by depressing a specified combination of keys on a medical center keyboard. Portable personal panic alarms are small devices that staff can carry with them while on duty that can also alert VA staff of a problem if activated. [47] VA guidelines regarding physical security precautions for residential programs are outlined in the VHA Mental Health RRTP Handbook. Monitoring precautions required by this handbook include the use of closed-circuit surveillance cameras to monitor residential program entrances, exits, and common areas, as well as requiring staff to conduct regular rounds of program facilities. Security precautions required by this handbook include the implementation of keyless entry for all residential programs, except CWT/TRs, and the availability of locks on all bedrooms used by women veterans. [48] VA guidelines for physical security precautions for inpatient mental health units are communicated as part of the Mental Health Environment of Care process. During environment of care rounds, a multidisciplinary team of facility staff check to ensure that inpatient mental health units are in compliance with a variety of VA policies, including policies to regularly test panic alarm systems on these units and ensure that nursing stations are safe for staff working in inpatient mental health unit settings. [49] This officer also worked with VA staff at other locations in the facility, not just with staff of the inpatient mental health unit. [50] Two of the medical facilities we visited did not have a CWT/TR program. [51] At one site, VA staff reported that this was because local fire officials had informed them that interior locks were a safety issue. [52] Our review of physical security precautions at the five VA medical facilities we visited was limited to the residential programs, inpatient mental health units, and medical facility command and control centers. [53] At some facilities, just one person was assigned to serve both functions, while at another location two people were expected to share those functions but only one person was present at the time of our visit due to staffing vacancies, illness, or shortages. [54] One of the residential programs we reviewed did not use stationary panic alarm systems. This facility relied on portable personal panic alarms for its residential program staff. [55] The VA police chief for this facility reported having adequate staff coverage despite these staffing limitations. [56] As CWT/TR programs are located in fewer locations than the other programs, not all medical facilities we selected had these programs. [57] For the purposes of this report, we define sexual assault as any type of sexual contact and attempted sexual contact that occurs without the explicit consent of the recipient of the unwanted sexual activity. Assaults may have involved psychological coercion, physical force, or victims who could not consent due to mental illness or other factors. Falling under this definition of sexual assault are sexual activities such as forced sexual intercourse, sodomy, oral penetration or penetration using an object, molestation, fondling, and attempted rape or sexual assault. This also included any threats of any of the above. Victims of assault could be male or female. This did not include cases involving only indecent exposure, exhibitionism, or sexual harassment. [58] Issue briefs are reports that briefly document specific factual information about incidents and are used to notify officials of ongoing incidents occurring at VA facilities, including sexual assault incidents. These documents are forwarded from the facility to the VISN and can be sent forward to the VHA Central Office as needed. [59] VHA's Office of the Deputy Under Secretary for Health for Operations and Management did provide a response to our request for issue briefs but, due to the lack of a VHA centralized archive of this information, officials from this office had to contact VISNs to construct a sample of issue briefs they may have received during the time period of our analysis. Therefore, this response did not provide an accurate sample of all issue briefs this office had received and reviewed at the time these incidents were initially reported and was not used in our analysis of the management reporting stream. [60] VA police are required to destroy files after 3 years under a records schedule approved by the National Archives and Records Administration (NARA). [61] Inappropriate oral sex includes oral sex that may have been a consensual act between the parties in question, but was deemed sexual assault by VA staff. [62] VA police coding of a case as rape was not sufficient to categorize a case as an rape allegation for our purposes without also including at least one of the above criteria. [63] We did not require the VA OIG to provide documentation for 9 incidents currently under investigation that occurred within the time period of our analysis. It is possible that some of these ongoing investigations may be included in the 42 rape allegations we could not match to VA OIG investigation documentation. [64] We did not provide these complete VA police case files to the VA OIG to protect the privacy of those involved in the incident and the anonymity of the VA facilities and investigating officers who did not refer these cases to the VA OIG. [65] We conducted these searches prior to our arrival at each selected facility except for our first site visit. Due to the pilot nature of this site visit, our initial search was insufficient for this sample and was rerun at the completion of our field work. Veterans registered as sex offenders as of the date of our second check of the state publicly available state sex offender registry are included in our review of biopsychosocial assessments. [End of section] GAO's Mission: The Government Accountability Office, the audit, evaluation and investigative arm of Congress, exists to support Congress in meeting its constitutional responsibilities and to help improve the performance and accountability of the federal government for the American people. GAO examines the use of public funds; evaluates federal programs and policies; and provides analyses, recommendations, and other assistance to help Congress make informed oversight, policy, and funding decisions. GAO's commitment to good government is reflected in its core values of accountability, integrity, and reliability. Obtaining Copies of GAO Reports and Testimony: The fastest and easiest way to obtain copies of GAO documents at no cost is through GAO's Web site [hyperlink, http://www.gao.gov]. Each weekday, GAO posts newly released reports, testimony, and correspondence on its Web site. To have GAO e-mail you a list of newly posted products every afternoon, go to [hyperlink, http://www.gao.gov] and select "E-mail Updates." Order by Phone: The price of each GAO publication reflects GAO’s actual cost of production and distribution and depends on the number of pages in the publication and whether the publication is printed in color or black and white. Pricing and ordering information is posted on GAO’s Web site, [hyperlink, http://www.gao.gov/ordering.htm]. Place orders by calling (202) 512-6000, toll free (866) 801-7077, or TDD (202) 512-2537. Orders may be paid for using American Express, Discover Card, MasterCard, Visa, check, or money order. Call for additional information. To Report Fraud, Waste, and Abuse in Federal Programs: Contact: Web site: [hyperlink, http://www.gao.gov/fraudnet/fraudnet.htm]: E-mail: fraudnet@gao.gov: Automated answering system: (800) 424-5454 or (202) 512-7470: Congressional Relations: Ralph Dawn, Managing Director, dawnr@gao.gov: (202) 512-4400: U.S. Government Accountability Office: 441 G Street NW, Room 7125: Washington, D.C. 20548: Public Affairs: Chuck Young, Managing Director, youngc1@gao.gov: (202) 512-4800: U.S. Government Accountability Office: 441 G Street NW, Room 7149: Washington, D.C. 20548: