During the pandemic, federal COVID relief packages distributed more than $4 trillion across the United States to counter the then-novel COVID-19 virus.
But over the course of several years, the Maryland legislature raised questions about how the state Department of Health documented and utilized some of the millions of dollars of federal COVID funding it received, but the state agency had few answers.
An audit released Tuesday found a “pervasive lack of documentation” regarding COVID funds and that the agency did not properly monitor how the state used millions of dollars during the public health emergency. The audit also identified questionable management of contractors engaged to help the department during COVID-19.
“I’ve never seen an audit like this. This is the worst audit I’ve ever seen. And it’s every worse nightmare pulled together,” said Sen. Clarence Lam (D-Howard), Senate chair of the Joint Audit and Evaluation Committee.
The review from the Office of Legislative Audits evaluated the finances of the Maryland Department of Health beginning February 12, 2019 through June 30, 2022, during the tenure of former Gov. Larry Hogan (R).
The audit found that during this time, the Maryland Department of Health “lacked assurance that the balances of the revenue and expenditure accounts related to federal fund activity were accurate.”
Auditors concluded that $1.4 billion in potential federal revenue is currently unaccounted for and requires a more comprehensive analysis to determine whether the state can be reimbursed for the expenses. The shortfall could exacerbate concerns about a tight budget in the upcoming fiscal year.
Lam explained that federal COVID funds typically work through reimbursements. States are told they have a certain amount of funding to use in order to perform a variety of responsibilities that helped keep people safe during the COVID-19 pandemic.
Typically, states would then ask to be reimbursed for those funds after spending them. But the audit shows that MDH “did not ensure that all provider payments were properly recorded in its automated system to enable recovery of federal funds to offset State-funded expenditures.”
The reimbursement issue was first raised in January in a report on the Statewide Review of Budget Closeout Transactions for Fiscal Year 2022. At that time, there was an estimated $3.5 billion shortfall.
“MDH subsequently advised that approximately $2.1 billion of this amount had been recovered as of April 2023, but that a comprehensive analysis of its accounts was needed to determine the ultimate collectability of the accrued revenue transactions,” auditors wrote.
Lam said the legislature asked the department for more information about pandemic spending, but received little documentation during the Hogan administration.
Moreover, MDH was not conducting adequate quarterly reconciliation to ensure that federal funds had been recovered, “resulting in failure to recover approximately $973.3 million in federal funds.” The Office of Legislative Audits raised this concern with MDH and the agency recovered most of the funds, but the “the untimely recovery resulted in lost interest to the State of $6.4 million.”
In December 2021, the Maryland Department of Health experienced a ransomware attack that affected the agency’s entire computer network and disrupted informational technology operations. The incident prolonged the auditing process and affected auditors’ ability to receive records. It also had an outsize effect on some state contracts.
The audit also notes that the state agency sometimes disregarded state procurement laws.
The audit says that an evaluation of one of the emergency contractors providing consulting services related to Maryland’s supply of COVID-19 vaccines revealed that the contract was modified to include “unrelated services without justification and did not sufficiently document if the services were received.”
The contract modifications were used to “circumvent state procurement regulation by increasing the scope and cost of the emergency contract without justification.”
The contract ballooned from just under $3.8 million in January 2021 to more than $87 million after a fourth contract modification nearly a year later.
Among the modifications were an expansion of the scope of the contract to include $40 million to support the ransomware response.
However, “MDH could not provide adequate justification for either modification, nor could it explain why separate procurements were not issued for these services given the nature of the new work, which appeared unrelated to the original COVID vaccination scope,” the audit said.
“Given the disparate nature of this activity compared with the scope of the original contract, we believe a separate contract should have been procured in conjunction with the Department of Information Technology and included consideration of information technology-specific vendors and consultants,” the audit said.
Lam said the audit amounted to lawmakers’ “worst nightmare.”
“It shows complete dysfunction and disarray when it came to properly accounting for funds,” during the pandemic spending boom, he said.
Ex-employees still receiving pay
The audit also identified that the health department did not have a system in place that would ensure former state employees were removed from payroll, resulting in 45 employees continuing to receive payment even after leaving the job, totaling $151,000 of improper payment.
“MDH was unaware of this condition until we brought the matter to its attention in January 2023, and consequently, MDH had not yet taken action to recover the improper payments,” wrote auditors, who recommended additional evaluations to determine if there are more improper payments.
The concerns raised by the audit occurred during the Hogan Administration, but the Moore Administration is left with fixing the issues.
“The audit… raises significant concerns about fiscal processes and controls, cybersecurity findings, and procurement processes,” according to a written statement from the current Department of Health. “In short, the report raises grave concerns about the stewardship of taxpayer dollars during a critical period for public health. The Department is moving swiftly to correct these issues using all tools available.”
The department has also hired an external accounting firm to help fix and improve the agency’s fiscal practices, and implemented an information security program to protect against future cybersecurity threats.
Lam said the health department and Maryland’s Secretary of Health Dr. Laura Herrera Scott have a lot of work to do to improve fiscal accountability and transparency.
“There’s a lot of work to be done here, and the new secretary needs to roll up her sleeves,” he said. “Really dig into this and make sure that the department has all the resources and personnel needed to make sure proper accounting takes place in the future.”