Healthcare compliance is the continuous process of abiding by legal, ethical, and professional standards applicable to healthcare organizations. Regardless of the size or function, all healthcare organizations and providers face compliance concerns as it requires the effective development of processes, policies, and procedures to define appropriate conduct, educate staff, and monitor adherence to necessary guidelines.
An effective compliance program should articulate and demonstrate the organization’s commitment to following the law and ethical standards. At the same time, the HHS Office of Inspector General (OIG) Work Plan provides a framework for the audits, inspections, evaluations, and investigative activities planned in support of OIG’s vision, mission, strategic goals, and objectives. This is why every healthcare provider and organization should carefully evaluate OIG Work Plan items included every month and identify key risk areas to make timely and necessary changes.
OIG Investigative, Enforcement, and Compliance Activities
The OIG Work Plan has historically been the planning document and roadmap for OIG investigative, enforcement, and compliance activities as well as projects, audits, and evaluations that are currently underway or planned to be addressed. As this is an ongoing and dynamic process, OIG Work Plan items are added to meet priorities and to anticipate and respond to emerging issues with the resources available. In evaluating work plan proposals, a number of factors are considered, including:
- Requirements for OIG reviews, as set forth in laws, regulations, or other directives;
- Requests made or concerns raised by Congress, HHS’s management, or the Office of Management and Budget (OMB);
- Management and performance challenges facing HHS;
- Work performed by partner organizations;
- Actions regarding the implementation of recommendations from previous reviews; and
Newly Added OIG Work Plan Items
Effective June 2017, the OIG updates its Work Plan items monthly, adding new and removing completed ones. Such an approach is designed to both anticipate and respond to emerging issues in the healthcare industry with the personnel and resources at OIG’s disposal.
April HHS OIG Work Plan Items
Eleven items were added to the OIG Work Plan in April:
- Medicaid-Audit of Health and Safety Standards at Individual Supported Living Facilities
State agencies operate home and community-based services programs under a 1915(c) waiver to their respective Medicaid State plans that allow for providing services to individuals with developmental disabilities. OIG’s objective is to determine whether State agencies and providers complied with Federal and State health and safety requirements involving Medicaid beneficiaries with developmental disabilities residing in individualized supported living settings. This includes infection control for conditions such as COVID-19 and other infectious diseases.
- Audit of Child Care Development Fund Childcare Services during Coronavirus Disease 2019 Pandemic
The Child Care and Development Fund (CCDF) program provides subsidized childcare services to low-income families, families receiving temporary public assistance, and families transitioning from public assistance, so family members can work or attend training or education. As childcare services are critical in emergency situations, it is necessary to identify the approaches in response to the COVID-19 pandemic to ensure the health and safety of the children and the providers in their CCDF childcare program.
- CMS’s Internal Controls Over Hospital Preparedness for Emerging Infectious Disease Epidemics Such as Coronavirus Disease 2019
CMS recently began requiring hospitals participating in Medicare to include planning for emerging infectious diseases in their emergency preparedness guidance. Having to adapt quickly to respond to the COVID-19 pandemic, such planning is essential. One of the OIG Work Plan items in April is to audit CMS’s internal controls over hospital preparedness for an emerging infectious disease epidemic and review hospital compliance with CMS’s emergency preparedness requirements.
- States’ Oversight of Medicaid Managed Care Medical Loss Ratios
Medical loss ratio (MLR) requirements in Medicaid managed care are a method to address State and Federal concerns about the growth in Medicaid spending. States are obliged to include requirements in managed care plan contracts for plans to collect MLR data, calculate an MLR percentage, and report that percentage and related, underlying data to the State. This oversight aims to provide timely, nationwide data on MLR performance in Medicaid managed care and ensure the completeness and accuracy of managed care plans’ MLR data.
- Case Study of the Missouri Foster Care System: Identifying System Vulnerabilities Related to Children Who Ran Away
In August 2019, the OIG Office of Investigations (OI), the Department of Justice (DOJ), and local law enforcement targeted Missouri metropolitan areas to locate children who ran away from foster care. Since running away from foster care is associated with serious negative consequences, this case study will evaluate whether the Missouri foster care system followed applicable Federal and State laws, policies, and procedures to find and protect these children.
- Opioid Use in Medicare Part D in 2019
As the opioid crisis remains a public health emergency, identifying patients who are at risk of overdose or abuse is key to addressing it. Therefore, OIG will be conducting a Medicare Part D data brief for opioid use in 2019 and include data on spending for opioids, the number of beneficiaries who received large amounts of opioids, and prescribers who ordered large quantities of opioids to Medicare beneficiaries.
- A Review of HHS’s Suspension and Debarment in Protecting the Integrity of Federal Awards
As the largest grant-making agency and third-largest contracting agency in the Federal Government, HHS needs to have an effective suspension and debarment program. One of the April OIG Work Plan Items is to determine the effective and potentially ineffective elements of the Department’s suspension and debarment program.
- Health and Safety Monitoring in Head Start
Head Start serves roughly 1 million vulnerable children and their families annually. However, significant health and safety violations were discovered at some Head Start facilities and it is necessary to review enforcement of Federal health and safety standards within these facilities.
- Audit of HHS’s Production and Distribution of COVID-19 Lab Test Kits
The Centers for Disease Control (CDC) is responsible for responding to new viral diseases by developing and distributing testing kits to state public health laboratories, which is of crucial importance in situations such as a global pandemic. One of the most important OIG Work Plan items in the April release is reviewing the CDC’s process of producing and distributing the COVID-19 test kits.
- Audit of ASPR’s Operation of the Strategic National Stockpile in Response to the COVID-19 Disease Pandemic
U.S. Strategic National Stockpile is the United States’ national repository of antibiotics, vaccines, chemical antidotes, antitoxins, and other critical medical supplies. The Assistant Secretary for Preparedness and Response (ASPR) at the Department of Health and Human Services has been responsible for the operation of the Stockpile since 2018 and OIG plans to determine whether ASPR’s operation of the Stockpile was effective in response to the coronavirus pandemic.
- The Food and Drug Administration’s Role in Facilitating Testing for COVID-19
In case of a public health emergency when circumstances justify an Emergency Use Authorization (EUA), the Food and Drug Administration (FDA) can issue a EUA under section 564 of the Federal Food, Drug, and Cosmetic Act. OIG will examine processes and any challenges regarding EUAs for COVID-19 diagnostic tests and serological tests for antibodies developed in response to the viral infection.Find out about recent fraud and abuse laws aimed at removing regulatory barriers to effective care coordination and management and promoting value-based arrangements, and simplify the process of adhering to the new regulations.
May HHS OIG Work Plan Items
There are twenty-eight OIG Work Plan items added in May. Some of them are:
- Audit of Nursing Home Infection Prevention and Control Program Deficiencies
The Centers for Disease Control and Prevention has indicated that individuals at high risk for severe illness from coronavirus disease are people aged 65 years and older and those who live in a nursing home. To reduce the likelihood of contracting and spreading COVID-19 at these nursing homes, effective internal controls must be in place and OIG’s objective is to determine if selected nursing homes have programs for infection prevention and control and emergency preparedness.
- Audit of CARES Act Provider Relief Funds-Distribution of $50 Billion to Health Care Providers
The Provider Relief Fund supports American families, workers, and healthcare providers in the battle against the COVID-19 outbreak. Therefore, OIG will determine whether HHS controls over PRF payments were calculated and disbursed to eligible providers in accordance with Coronavirus Aid, Relief, and Economic Security (CARES) Act requirements.
- Nursing Home Oversight During the COVID-19 Pandemic
In response to the coronavirus disease 2019 (COVID-19) pandemic, CMS directed State Survey Agencies (SSAs) to suspend standard onsite surveys and most onsite surveys for complaints. CMS has ordered that onsite surveys are only appropriate for complaints related to infection control and immediate jeopardy or target infection control surveys. Based on the recent complaint and survey data for all nursing homes, OIG will examine the extent to which SSAs and CMS are conducting onsite surveys in nursing homes.
- Assessing HHS Agencies’ Adherence to Health, Safety, and Operational Protocols During Repatriation and Quarantine Efforts for the COVID-19 Outbreak
The current novel coronavirus (COVID-19) pandemic highlights the need for HHS to efficiently and effectively respond to protect the nation. OIG will evaluate how HHS staff were deployed, trained, and protected when assigned tasks that could entail potential exposure to COVID-19, and review mechanisms established to identify and correct any vulnerabilities in deployment protocols.
- Highlights of OIG’s Emergency Preparedness Work: Insights for COVID-19 Response
OIG has produced numerous evaluations and audits examining HHS’s emergency preparedness and response efforts. These highlights will encompass key findings and recommendations from this body of work to inform and assist HHS in its ongoing response efforts.
- Audit of National Institutes of Health’s Cybersecurity Provisions and Related Efforts to the Grant Program
The National Institutes of Health (NIH) is the primary Federal agency responsible for conducting and supporting biomedical research for the purpose of enhancing health, lengthening life, and reducing illness and disability. One of May OIG Work Plan items is to determine if NIH has controls in place to ensure grants have appropriate cybersecurity provisions.
- Nursing Facility Staffing: Reported Levels and CMS Oversight
Nursing facilities that receive Medicaid and Medicare payments must provide sufficient licensed nursing services 24 hours a day, including a registered nurse for at least 8 consecutive hours every day. As staffing levels in nursing facilities can impact residents’ quality of care, OIG will examine CMS’s efforts to ensure data accuracy and improve conditions.
- CMS Oversight of Hospital Management of Networked Medical Device Security Through the Medicare Conditions of Participation
Networked medical devices are common, but can be compromised if hospitals do not have proper cybersecurity controls in place. The Centers for Medicare & Medicaid Services (CMS) protocol for assessing hospitals’ compliance with the Conditions of Participation (CoP) does not explicitly address cybersecurity practices for networked medical devices. Also, it is unclear whether the survey protocols of accreditation organizations (AOs) evaluate cybersecurity when they review hospitals’ compliance with the CoP. Therefore, one of OIG Work Plan items is to determine if any of the AOs address cybersecurity of networked medical devices when they assess compliance with accreditation requirements.
June HHS OIG Work Plan Items
There are seventeen OIG Work Plan items added in May. Some of them are:
- Penetration Tests of State Medicaid Management Information Systems and Eligibility & Enrollment Systems
State Medicaid agencies use the Medicaid Management Information System (MMIS) for administrating the Medicaid program; among other activities. To identify cybersecurity vulnerabilities on high-risk information systems and networks, HHS OIG will perform a series of penetration tests in select State MMIS or Medicaid E&E environments.
- Results of UPICs’ Benefit Integrity Activities
The Unified Program Integrity Contractors (UPICs) are the only benefit integrity contractors that safeguard both the Medicare and Medicaid programs from fraud, waste, and abuse. Therefore, one of the OIG Work Plan items is to examine the results from benefit integrity contractors’ identification and investigation of fraud, waste, and abuse and identify any barriers and challenges UPICs have experienced.
- Utilization of Medication-Assisted Treatment in Medicare
The current coronavirus disease 2019 (COVID-19) pandemic draws attention to the opioid crisis that remains a public health emergency. One of OIG’s studies showed that the utilization of drugs for medication-assisted treatment (MAT) is low and that concerns exist related to access. The OIG will assess the extent to which Medicare beneficiaries with opioid use disorder are receiving MAT drugs through Medicare. It will also determine whether Medicare beneficiaries with opioid use disorder who are not receiving MAT drugs have certain characteristics in common.
- Audit of the Department of Health and Human Services’ Progress toward Compliance with the Geospatial Data Act of 2018
The Geospatial Data Act fosters efficient management of geospatial data, technologies, and infrastructure through enhanced coordination among Federal, State, local, and Tribal Governments, the private sector, and academia. GDA requires the inspector general of each executive department to submit to Congress not less than once every 2 years an audit of the collection, production, acquisition, maintenance, distribution, use, and preservation of geospatial data by Federal agencies.
- Advanced Care Planning Services: Compliance with Medicare Requirements
In 2016, Medicare began paying for Advanced Care Planning (ACP), which is a face-to-face service through which a Medicare physician and a patient discuss the patient’s wishes for healthcare if he or she becomes unable to make decisions about care. Due to improper payments, one of OIG Work Plan items is to perform a nationwide audit to determine whether Medicare providers for ACP services complied with Federal regulations.
- Medicare Payments for Clinical Diagnostic Laboratory Tests in 2019: Year 2 of the New Fee Schedule Rates
Medicare is the largest payer of clinical laboratory services in the Nation and Medicare Part B covers most lab tests and pays 100 percent of allowable charges. In January 2018, CMS began paying for lab tests under the new system mandated by PAMA. Therefore, in accordance with PAMA, OIG will publicly release an analysis of the top 25 laboratory tests by expenditures for 2019 and analyze the payments made under the new payment system in 2019.
- Opioid Treatment Program Challenges during the COVID-19 Pandemic
As the United States faces two simultaneous nationwide public health emergencies – the opioid epidemic and the COVID-19 pandemic, OIG plans to identify the challenges that opioid treatment programs (OTPs) are encountering during the COVID-19 pandemic. This also includes the actions that OTPs are taking to address those challenges while ensuring the continuity of needed services and protecting the health and safety of their clients and staff.
- Meeting the Challenges Presented by COVID-19: Nursing Homes
The coronavirus disease has created unprecedented challenges for nursing homes. This is why one of OIG Work Plan items is to examine how the COVID-19 pandemic has affected nursing homes, including the nursing homes that were hardest hit by the pandemic and strategies nursing homes have used to mitigate the effects of COVID-19 on their residents and staff.
- Medicaid—Telehealth Expansion during COVID-19 Emergency
As a result of the COVID-19 pandemic, State Medicaid programs have expanded options for telehealth services. OIG aims to determine whether State agencies and providers complied with Federal and State requirements for telehealth services and whether the States gave providers adequate guidance on telehealth requirements.
- A Review of Medicare Data to Understand Hospital Utilization during COVID-19
As coronavirus disease can significantly tax hospitals and disproportionately affect Medicare beneficiaries, OIG will analyze the effects of COVID-19 on hospitalized Medicare beneficiaries and the hospital resources needed to care for them. Specifically, this will include the utilization of the treatments provided and paid for by Medicare for patients with COVID-19 in selected localities that have known outbreaks.
Monitoring Healthcare Compliance Resources
Effective compliance can help healthcare organizations on different levels, but it primarily protects them against fraud, abuse, waste, and other potential liability areas. As many healthcare organizations are looking for ways to improve quality and reduce risk, the best way to achieve this is to closely follow OIG Work Plan Items.
Issues that pose the greatest risk are added to the OIG’s Work Plan. Therefore, OIG Work Plan items can help healthcare organizations detect and prevent any wrongdoings, ensure compliance with governing laws and regulations, and reduce financial and reputational risks presented in the form of fines and penalties. Furthermore, in order to ensure constant healthcare compliance and reduce the risks of mistakes, healthcare organizations should consider utilizing an automated web-based exclusion screening platform. Consequently, healthcare organizations can simplify exclusion screening, identify providers and suppliers who are abusing the federal healthcare system while meeting federal and state regulations without having to disrupt their regular operations.