A Performance Audit
An Audit Report on Licensing and Enforcement at the Board of Chiropractic Examiners
August 2020
Summary Analysis
The Board of Chiropractic Examiners (Agency) had adequate processes to help ensure that it conducted most licensing and enforcement functions in accordance with applicable requirements. However, to ensure consistent compliance with requirements, the Agency should obtain required documents and necessary approvals, and retain required documentation. The Agency also should regularly update its internal policies and Texas Administrative Code rules to align with its processes and Texas Occupations Code requirements.
The Agency also had weaknesses in its controls to protect confidential data and other general controls related to data availability. To minimize security risks, auditors communicated details about the identified weaknesses separately to the Agency’s management in writing.
The Agency has developed sufficient processes for issuing chiropractic licenses to qualified applicants as required by statute. However, the Agency should strengthen its processes to ensure that it follows its rules for processing applications for applicants with prior criminal convictions established in Title 22, Texas Administrative Code, Section 72.18(i).
Additionally, the Agency staff did not retain documentation of their reviews and the rationales for their decisions.
The Agency has established an adequate process for renewing chiropractors’ licenses in accordance with statute and rules. Specifically, the Agency sent renewal notifications in a timely manner, verified submission of required renewal application forms, and assessed applicable renewal fees.
However, the Agency did not ensure that all license holders had completed the fingerprinting requirement prior to renewal. Without fingerprints, the Agency cannot obtain the required criminal history checks. Also, the Agency did not retain documentation for 9 (15 percent) of 60 license renewals showing that it searched a national practitioner database to determine whether another state has taken any disciplinary action against a license holder. Texas Occupations Code, Section 201.314, requires this search to occur prior to processing the renewals. In addition, the Agency did not require applicants to verify compliance with requirements for continuing education. Of 60 license renewals tested, 56 were renewals of active licenses for which continuing education is required. For 4 (7 percent) of those 56 renewals of active licenses, the applicants did not verify on the application whether they met the continuing education requirement.
The Agency has established a process to verify license holders’ completion of continuing education hours as required by Texas Occupations Code, Section 201.356. Specifically, for all 33 renewals tested, the Agency appropriately notified the license holders of the continuing education audit, requested written continuing education verification, and took appropriate action if the license holders did not meet requirements.
The Agency had adequate processes and controls for conducting its enforcement functions in accordance with most of the applicable requirements. Specifically, the Agency ensured that it (1) accurately entered all required information about complaints into its Licensing and Enforcement management system, FileMaker Pro; (2) included all required documentation in each complaint file; (3) sent notifications of complaints in a timely manner; and (4) assessed applicable penalties.
However, the Agency should strengthen its controls by establishing schedules for the disposition of each complaint not closed within 30 days to ensure compliance with applicable statutes and requirements.
The Agency’s documented policies and procedures did not align with its enforcement processes. In addition, some sections of the Texas Administrative Code (TAC) related to the Agency did not align with the Agency’s processes. Other sections of TAC related to the Agency either did not address requirements in or were in conflict with the Texas Occupations Code.
The Agency had adequate access controls over its network and information systems. The Agency ensured that access was appropriately granted and the policies and procedures were properly implemented. Specifically:
- The Agency appropriately assigned and restricted network access to its current employees.
- The Agency assigned an appropriate level of access to its Licensing and Enforcement management system, FileMaker Pro, and ensured that Agency employees were assigned edit access and permissions appropriate to their job duties.
- The Agency assigned appropriate access to the Uniform Statewide Accounting System (USAS).
- The Agency has adopted policies and procedures provided by the Health Professions Council regarding passwords and data classification as required by Texas Administrative Code Title 1, Chapter 202.
Auditors identified weaknesses in the Agency’s controls to protect confidential data and other general controls related to data availability. To minimize security risks, auditors communicated details about the identified weaknesses separately to the Agency’s management in writing.
Graphics, Media, Supporting documents