Seal of the Commonwealth of Massachusetts
Massachusetts Audit Explorer - what the State Auditor found

← all audits

Audit of the Suffolk County Sheriff’s Department - A Review of Healthcare and Inmate Deaths

December 7, 2022 · Suffolk County Sheriff's Department · Read the full official report on mass.gov ↗

Published December 7, 2022 Audit covers July 1, 2019 – June 30, 2021 Under Suzanne M. Bump · 2011–2023

In plain English
The audit found that Suffolk County’s jail system generally had healthcare processes in place, but it did not always get required annual healthcare reports from its vendor and did not always make sure sick-call requests were handled and documented on time.
source
“SCSD did not ensure that its healthcare vendor complied with all the service delivery and documentation requirements of SCSD’s Policy S604 (Inmate Care and Treatment) regarding sick calls.”
Read the plain-English breakdown
What is this?

This is a Massachusetts State Auditor performance audit of the Suffolk County Sheriff’s Department, focused on inmate healthcare and inmate deaths from July 1, 2019 through June 30, 2021.

“The objectives of this audit were to determine the following:”
Why was it audited?

Auditors checked whether the department followed rules for inmate deaths, healthcare vendor oversight, health screenings, and sick-call medical care.

“In accordance with Section 12 of Chapter 11 of the Massachusetts General Laws, the Office of the State Auditor has conducted a performance audit of the Suffolk County Sheriff’s Department (SCSD) for the period July 1, 2019 through June 30, 2021.”
What's in it for me?

For an ordinary citizen, this report is about whether a public agency responsible for people in custody is properly overseeing healthcare paid for and governed by public systems.

“The Contractor shall provide services to all inmates/detainees in the custody of SCSD.”
The bottom line

The department missed required oversight steps: it did not always receive annual healthcare summaries, and its vendor did not always follow sick-call timing and documentation rules.

“The Suffolk County Sheriff’s Department (SCSD) did not always ensure that it received an annual statistical summary from its healthcare vendor.”
What happens next

The auditor recommended that the department create formal policies and monitoring controls so it gets required reports and makes sure sick-call rules are followed.

“SCSD should establish monitoring controls (i.e., policies and procedures) over its sick call process to ensure that its healthcare vendor complies with all the requirements of SCSD’s healthcare policies.”
Why it's significant

The report is significant because it shows gaps in oversight of inmate medical care, death-review records, and IT controls at a county sheriff’s department.

“In the opinion of the Office of the State Auditor, SCSD should take immediate measures to improve the internal controls over its IT systems.”
Jargon, unpacked

A receiving screening means the first health check when someone arrives at the jail or house of correction; a sick call is how an inmate asks for non-emergency medical help.

“A receiving screening is an assessment of an inmate’s health needs and/or medical conditions.”

What the Auditor checked

What the Auditor found

SCSD did not always obtain an annual statistical summary from its healthcare vendor.
vendor oversightrecordkeeping/documentationinternal controls

Why it matters: SCSD might not identify, assess, and treat healthcare concerns, and it may not develop improvement plans.

Standard: Section 932.01(3) of Title 103 of the Code of Massachusetts Regulations ( Section 932.01(3) of Title 103 of the Code of Massachusetts Regulations )

1 recommendation
  • SCSD should establish policies and procedures to ensure that it obtains the annual statistical summaries.agency: partially agreed
Agency response & Auditor reply
Agency: "The Department accepts the finding of non-compliance because it couldn’t produce the statistical reports requested, but it disputes that this was a result of not having sufficient policies and procedures in place to ensure we received them."
Auditor: "Although SCSD contractually required its healthcare vendor to submit these summaries, it did not establish proper internal controls (i.e., policies and procedures) to ensure that its healthcare vendor complied with this contractual requirement."
SCSD did not ensure that its healthcare vendor followed sick call service and documentation requirements.
vendor oversightrecordkeeping/documentationinternal controlspublic safety

Why it matters: There is a higher-than-acceptable risk that some inmates may not have their healthcare issues properly resolved.

Standard: Section 7 of SCSD’s Policy S604 and 103 CMR 932.18(2) ( Section 7 of SCSD’s Policy S604 (Inmate Care and Treatment); 103 CMR 932.18(2) )

1 recommendation
  • SCSD should establish monitoring controls (i.e., policies and procedures) over its sick call process to ensure that its healthcare vendor complies with all the requirements of SCSD’s healthcare policies.agency: partially agreed
Agency response & Auditor reply
Agency: "The Department acknowledges that Wellpath did not comply with all of the requirements of its sick call policy, and this was a major reason that the Department terminated its contract with Wellpath."
Auditor: "OSA acknowledges that SCSD staff members were aware of and attempted to address various issues with its healthcare provider’s administration of its sick call process, which we believe was prudent."
SCSD did not retain copies of the Clinical Review Committee’s Summary Report for an inmate suicide review.
recordkeeping/documentationinternal controlspublic safetyvendor oversight

Why it matters: Without copies of these reports, SCSD cannot effectively track implementation of recommendations made by the Clinical Review Committee.

Standard: SCSD’s Policy S623 (Serious Illness, Injury or Death of Any Person on Site or on the Job) ( SCSD Policy S623; Section 204 of Chapter 111 of the Massachusetts General Laws )

1 recommendation
  • SCSD needs to develop a policy requiring that copies of the Clinical Review Committee’s Summary Report, and related reports, be retained.agency: partially agreed
Agency response & Auditor reply
Agency: "Going forward, the Department’s General Counsel will generate an internal document summarizing their impression of the mortality review to better document the discussion in accordance with the standards."
SCSD lacked adequate written IT controls and continuity planning for the Offender Management System.
cybersecurityinternal controlsdata privacy

Why it matters: SCSD’s IT systems are more vulnerable to unauthorized access, use, and cyberattacks that could result in financial or reputational losses.

Standard: National Institute of Standards and Technology Special Publication 800-53r5 ( National Institute of Standards and Technology Special Publication 800-53r5 )

1 recommendation
  • SCSD should take immediate measures to improve the internal controls over its IT systems.agency: agreed
Agency response & Auditor reply
Agency: "The Department will forward the findings of this audit relative to OMS to those agencies and will develop an internal policy and training program consistent with the recommendations of EOPSS, EOTTS and this report."
Auditor: "Based on its response, SCSD is taking measures to address this issue."

More audits of this entity

Other Office of the State Auditor reports on Suffolk County Sheriff's Department .

See this entity's page with all 3 audits →