Table of Contents
The HHS Office of Inspector General (OIG) is investigating allegations that a dozen principal investigators (PIs) with NIH awards “failed to disclose foreign affiliations on their grant applications,” IG Daniel Levinson revealed in a recent letter to Sen. Chuck Grassley, R-Iowa, chair of the Senate Finance Committee. But Levinson also made clear that PIs aren’t his only target.
OIG also is looking into NIH’s operations, with a number of audits and reviews already underway or recently released, Levinson told Grassley. These include “evaluations to assess NIH’s vetting and oversight of its peer reviewers, including its efforts to prevent or detect inappropriate sharing of information by peer reviewers.” OIG is also probing “how NIH monitors the financial conflicts of interest (including foreign financial interests) reported by grantee institutions,” among other inquiries.
The correspondence between Grassley and Levinson illustrates the high level of ongoing concerns about foreign influences in U.S. research, which have intensified since last summer when NIH Director Francis Collins first testified about the topic before the Senate Health, Education, Labor and Pensions (HELP) Committee. Grassley wrote to Levinson after receiving responses to questions he posed to Collins (“Grassley: NIH Response on Foreign Influences ‘Leaves Many Questions Unanswered,’” RRC E-Alert, Jan. 17, 2019).
The 12 PIs are double the number Collins said at the time that NIH itself was investigating “based on suspicions that researchers with federal grants failed to disclose significant financial contributions from foreign governments” (“NIH Warns Institutions to be Vigilant Against Threats to U.S. Research From ‘Foreign Entities,’” RRC 15, no. 9).
Late last year, a high-ranking NIH committee submitted a series of recommendations both the agency and institutions should take to safeguard their research (“NIH Embraces Efforts to Thwart Foreign Entities, Recommends Similar Strategies for Universities,” RRC 16, no. 1).
OIG said the referrals from NIH about possible non-disclosure of foreign support were “recently received,” and that officials were “currently conducting a review…to determine whether the allegations warrant the opening of investigations.” Levinson said the referrals “appear to primarily involve principal investigators on NIH grants conducting medical research at U.S. universities who allegedly have failed to disclose foreign affiliations on their grant applications.”
Levinson added that, “When evaluating referrals, OIG is sensitive to the fact that academic and professional reputations could easily be damaged by erroneous allegations.”
In the previous five-year period, Levinson said OIG conducted only one such investigation and that the Department of Justice (DOJ) has not moved forward with the case.
In terms of other investigations, OIG “examined a total of 51 complaints in the past 5 years from NIH. Four of these complaints were related to potential research fraud, and none involved foreign contributions,” Levinson wrote to Grassley. “The other 47 complaints were not germane to the issues raised by your inquiry.”
Levinson also said there had been just one case in the past five years of a researcher who “allegedly stole intellectual property created by taxpayer-funded research,” and that, as with the failure-to-disclose case, “DOJ declined to pursue action.”
In response to another question from Grassley, Levinson said OIG has conducted no investigations of “researchers who were allegedly agents of a foreign government.” But he added that because OIG “does not possess statutory authority under the laws covering foreign agents, we have not traditionally investigated matters solely related to such violations. In cooperation with the FBI, OIG continues to expand its efforts in this area and will continue to do so as authority, resources, and funding allow.”
The IG provided some details about specific oversight tasks regarding NIH itself—but he noted OIG has extra funds on hand for the effort.
In fiscal year 2019, OIG got an additional funding boost to turn its attention to NIH—at NIH’s expense. Appropriations legislation required NIH to transfer $5 million of its funds to OIG for “oversight of grant programs and operations of the NIH, including agency efforts to ensure the integrity of its grant application evaluation and selection processes.” Levinson told Grassley that OIG “submitted a comprehensive NIH oversight plan” to the House Energy and Commerce and the HELP Committees, as well as the Appropriations Committees in both the House and Senate.
FCOI Oversight to be Reviewed
As previously stated, Levinson wrote that OIG was looking into NIH’s oversight of peer reviewers, data sharing and disclosure issues among grantees.
Additionally, he said that OIG is “initiating audits” of NIH institutes and centers to review the following areas within NIH, which also were mentioned in a newly updated OIG work plan:
“pre-award process for assessing risk of potential recipients of federal funds” and “post-award process for overseeing and monitoring of grantees on the basis of risks identified during the pre-award process”;
“policies, procedures, and controls in place for ensuring that both foreign and domestic grantees disclose all relevant affiliations, sources of support, and financial interests, including intellectual property interests”;
“oversight of its grantees’ compliance with NIH policies, including NIH efforts to ensure the integrity of its grant application and selection processes and to protect intellectual property derived from NIH-supported research”;
“oversight and monitoring of the financial conflicts of interest reported by grantee institutions”;
“internal controls for identifying and addressing potentially duplicative grant funding and overlap”;
“testing of select cybersecurity controls within the NIH electronic health records system”; and
“controls to ensure that NIH has an accurate inventory of hardware, software, and Internet Protocol resources.”
OIG: NIH Data Security Lacking
When Grassley released Levinson’s letter on Feb. 6, he summarized the contents without indicating whether he intended to follow up with OIG for more details, or with the FBI, or what his next steps might be. In a public statement, Grassley said he “intend[s] to continue scrutinizing this area so taxpayers get their money’s worth when funding this research and foreign actors can’t pilfer the good work done by legitimate researchers.”
RRC asked Grassley’s office whether he expects to propose new legislation or impose new requirements on NIH related to possible foreign influences. While Grassley spokesman Michael Zona said on Feb. 14 that no new information was available, he added that “This isn’t an issue that’s going to fall by the wayside for Sen. Grassley.”
One OIG audit of NIH was released shortly after Levinson wrote to Grassley. On Feb. 13, OIG issued a one-page version of a restricted report reviewing NIH’s controls over sensitive data, which concluded that the agency “should improve its controls when permitting access to sensitive NIH data.” OIG made a series of recommendations to better safeguard data, which were only partially accepted by NIH.
OIG said it has “identified risks related to the sharing of sensitive data,” and that its audit “objective was to assess whether NIH had adequate controls in place when permitting and monitoring access to NIH sensitive data.”
To conduct the audit, OIG “reviewed NIH’s internal controls for monitoring and permitting access to sensitive data. To accomplish our objective, we used appropriate procedures from applicable federal regulations and guidance. We reviewed NIH policies, procedures, and supporting documentation, and we interviewed NIH staff,” the report states.
Recommendations Include More Training
OIG considered the concerns it uncovered urgent enough that it “shared with NIH information about our preliminary findings before issuing our draft report to ensure that NIH could take prompt corrective actions.” It also “provided a detailed restricted report” to NIH.
Levinson’s letter to Grassley mentions the audit as a future task; the report had not been issued at the time.
Specifically, OIG recommended that NIH:
“work with an organization with expertise and knowledge in scientific data misuse”;
“strengthen its controls by developing a security framework”;
conduct a “risk assessment”;
implement “additional appropriate security controls designed to safeguard sensitive data”;
“develop and implement mechanisms to ensure data security policies keep current with emerging threats”; and
“make security awareness training and security plans a requirement.”
NIH disagreed with all of the recommendations except the final two in the list above. But it told OIG that it “recently established a working group to address and mitigate risk to intellectual property as well as to protect the integrity of the peer-review process.”
Still, OIG “maintain[s] that our findings and recommendations are valid. We recognize that NIH reported that it is already taking certain actions, such as the working group that was recently established, that may address our recommendations,” the report states. “We also provided NIH with other potential actions to address our findings and recommendations. If NIH determines that it does not need to strengthen its controls, it should document that determination consistent with applicable federal regulations and guidance.”
Link to Levinson-Grassley correspondence: http://bit.ly/2TN6frH
Link to updated OIG work plan: http://bit.ly/2X9qqSz ✧