Audit of the Dukes County Sheriff’s Office—A Review of Inmates’ Healthcare Services Objectives, Scope, and Methodology

In accordance with Section 12 of Chapter 11 of the Massachusetts General Laws, the Office of the State Auditor has conducted a performance audit of certain activities of the Dukes County Sheriff’s Office (DCSO) for the period July 1, 2020 through June 30, 2022.

We conducted this performance audit in accordance with generally accepted government auditing standards. Those standards require that we plan and perform the audit to obtain sufficient, appropriate evidence to provide a reasonable basis for our findings and conclusions based on our audit objectives. We believe that the evidence obtained provides a reasonable basis for our findings and conclusions based on our audit objectives.

Below is a list of our audit objectives, indicating each question we intended our audit to answer; the conclusion we reached regarding each objective; and, if applicable, where each objective is discussed in the audit findings.

To accomplish our objectives, we gained an understanding of DCSO’s internal control environment related to the objectives by reviewing DCSO’s internal control plan and applicable agency policies and procedures, as well as by interviewing DCSO management. We evaluated the design and implementation of the internal controls related to our audit objectives. To obtain sufficient, appropriate audit evidence to address our audit objectives, we conducted the following audit procedures.

To determine whether DCSO provided its inmates with admission medical screenings in accordance with 103 CMR 932.06, we examined the total population of 87 inmates who received an admission medical screening during the audit period. We examined the medical questionnaire in the Offender Management System (OMS) for each inmate in our population to verify the date and time the booking officer completed it. We examined the nurse’s notes and assessments in the Correctional Electronic Medical Records (CorEMR) system to determine whether the in-house healthcare employee saw each inmate upon admission. We compared the date of the inmate’s admission to the date the inmate’s medical questionnaire was completed in OMS and the date the inmate’s nursing assessment was completed in the CorEMR system to determine whether each inmate received the admission medical screening upon admission.

We noted no exceptions in our testing; therefore, we determined that DCSO provided admission medical screenings to its inmates upon admission during the audit period.

To determine whether DCSO provided its inmates with health appraisals in accordance with 103 CMR 932.07(1), we examined the total population of 14 sentenced inmates admitted for a duration of 30 days or more who received a health assessment during the audit period. We examined the health appraisal form for each inmate to verify the date the health assessment was completed and signed by the contracted DCSO medical director. We then compared the date of the inmate’s admission to the Dukes County Jail and House of Corrections (DCJHOC) to identify the date the inmate received a health appraisal to determine whether the inmate received the health appraisal within 14 days.

Based on the results of the testing performed, we determined that DCSO did not complete health assessments for all inmates on time during the audit period. See Finding 1.

To determine whether DCSO provided its inmates with mental health assessments in accordance with 103 CMR 932.13, we examined the total population of 25 inmates in custody for 30 days or more during the audit period. We examined the mental health assessment for each inmate to verify the date the DCSO contracted mental health provider completed and signed the mental health assessment. We then compared the date of the inmate’s admission to DCJHOC to the date the inmate received a mental health assessment to determine whether each inmate received a mental health assessment within 30 days.

We noted no exceptions in our testing; therefore, we determined that DCSO provided mental health assessments to its inmates in custody for 30 days or more during the audit period.

Section 9.12 of the United States Government Accountability Office’s Government Auditing Standards states, “Auditors should . . . report any significant constraints imposed on the audit approach by information limitations or scope impairments.”

During our audit of DCSO, we experienced a scope limitation / constraint regarding our ability to obtain the information necessary to achieve Objective 4. Specifically, we asked DCSO management to provide us with sick call data for inmates who submitted sick call request forms during the audit period. DCSO was unable to extract data that would have allowed us to perform testing for Objective 4. Through our interviews and from all our prior audits of county sheriffs’ offices, we learned that DCSO used the CorEMR system to maintain inmates’ medical records. In the CorEMR system, there is a section labeled “sick calls” in which in-house healthcare employees can keep track of all sick calls requests made by inmates. However, DCSO did not use this function, as the in-house healthcare employee was unaware of the section labeled “sick calls.” Instead, the in-house healthcare employee would log aspects of the sick call request into a general notes tab and shred the original sick call request form without creating an electronic copy. This resulted in DCSO not retaining copies of the sick call request forms that included the inmates’ and the in-house healthcare employee’s signatures, and the dates the sick calls were triaged. Without this information, we were not able to confirm how many sick call request forms were submitted, whether sick calls were triaged, and whether the in-house healthcare employee saw the inmates in a timely manner during the audit period. Additionally, without retaining sick call request forms, DCSO could not be sure that infectious diseases and medical conditions were addressed that could have caused a financial liability to DCSO and adversely impacted inmate health. By not using the section labeled “sick calls,” DCSO lost functionality of its software, such as the ability to search sick call request forms and perform trend analysis. As a result, we had to limit the scope of our review for Objective 4, and we could not perform reliable substantive testing to determine whether inmates received medical care after submitting sick call request forms.

To determine whether DCSO held quarterly meetings with the contracted healthcare provider and reviewed quarterly reports in accordance with 103 CMR 932.01(3)(a) and (b), we examined the minutes of 100% (eight) of the quarterly meetings that took place during the audit period between DCSO and its contracted healthcare provider. We also examined 100% (three) of the annual statistical summary reports that DCSO provided to the contracted healthcare provider during the audit period.

We noted no exceptions in our testing; therefore, we determined that DCSO held quarterly meetings with the contracted healthcare provider and reviewed quarterly reports during the audit period, in accordance with 103 CMR 932.01(3)(a) and (b).

To assess the reliability of the inmate data obtained from OMS, we interviewed information technology employees who were responsible for oversight of the system. We tested the general information technology controls, including access and account management controls. We selected a random sample of 10 inmates from the list of inmates in OMS and compared the information from this list (each inmate’s full name, date of birth, booking date, sex, age, race, and facility) to the information in the original source document (the mittimus) for agreement. We also selected 10 random samples from hard copies of the mittimuses and compared the inmates’ information from the mittimus (each inmate’s full name, date of birth, and commitment date) to the information in the list of inmates in OMS for agreement.

Based on the results of the data reliability assessment procedures described above, we determined that the OMS data was sufficiently reliable for the purposes of our audit.