Due to numerous regulations related to the healthcare industry, it is vital for healthcare organizations to conduct constant assessment and enhancement of healthcare compliance. As the HHS Office of Inspector General (OIG) Work Plan describes audits, reviews, and other activities statutorily required or undertaken by the OIG, every healthcare provider and organization should carefully evaluate each item that is included.
Elements of the OIG Work Plan
When creating Work Plan items, the OIG considers different factors, such as legal mandates, congressional requests, budgetary concerns, the potential for positive impact, and others. As opposed to previous biannual updates, the OIG Work Plan updates are released on an ongoing basis. Items are added and removed as new risk priorities are identified and reviews completed. Such a schedule ensures that the OIG Work Plan updates closely align with the OIG’s work planning process.
The Work Plan encompasses various projects, including HHS OIG audits and evaluations that are underway or planned to be addressed during the fiscal year and beyond. Adjustments to the OIG Work Plan updates are made throughout the year to meet priorities and to anticipate and respond to emerging issues with the resources available.
Recent OIG Work Plan Updates
The OIG is constantly assessing, evaluating, and prioritizing issues that pose the greatest risk to HHS programs. Given that the Work Plan lists focus areas where the OIG assigns resources to conduct audits, reviews, or investigations, healthcare organizations and providers need to pay close attention to its updates and act accordingly.
OIG Work Plan Updates in December 2019
There are 5 new items in the November release of the Work Plan:
- Emergency Preparedness and Response at Care Provider Facilities in the Office of Refugee Resettlement’s Unaccompanied Alien Children Program
As part of HHS’s Office of Refugee Resettlement (ORR) oversight, the OIG plans to review UAC Program emergency preparedness and response plans and procedures. The aim of this action is to determine whether selected care provider facilities followed Federal and State requirements in preparing for and responding to emergency events.
- Audit of Centers for Disease Control and Prevention’s Cybersecurity Controls Over the Vaccine Adverse Event Reporting System
As a national vaccine safety surveillance program, the Vaccine Adverse Event Reporting System (VAERS) serves as an early warning system to detect possible safety issues with U.S. vaccines by collecting information about possible side effects or health problems that occur after vaccination.
The OIG will evaluate whether select VAERS cybersecurity controls are in place, in accordance with federal requirements.
- National Background Check Program for Long-Term-Care Providers: Assessment of State Programs Concluded in 2019
Under the Patient Protection and Affordable Care Act (ACA), the Centers for Medicare and Medicaid Services (CMS) provide grants to States to implement background check programs for prospective employees and providers of long-term-care services. One of December OIG Work Plan updates is reviewing the implementation of select Program requirements, the outcomes of the States’ programs, and whether the checks led to any unintended consequences.
- Post-Award State or Tribal Audits of Substance Abuse and Mental Health Services Administration’s Opioid Response Grants
The Substance Abuse and Mental Health Services Administration (SAMHSA) has awarded a series of grants for states to combat the opioid crisis, including State Targeted Response (STR), State Opioid Response (SOR), and Tribal Opioid Response (TOR) grants.
The post-award audit will determine how select States or Tribal agencies implemented programs under the Opioid STR, SOR, or TOR grants. Also, the aim of this action is to determine whether the activities of these agencies and sub-recipients complied with Federal regulations and met grant program goals.
- Technology Use in Emergency Response: Experiences from Recent California Wildfires
Technology offers the potential for efficient and accurate medical response in the event of an emergency or disaster, which was demonstrated during the California wildfires. However, it is necessary to examine two uses of technology to aid in emergency response.Use this comprehensive guide to help you create a proactive approach to healthcare compliance and take any necessary steps to ensure the successful management of key risk areas identified by the OIG.
OIG Work Plan Updates in January 2020
The January agenda includes 4 new items:
- Early Discharges From Inpatient Rehabilitation Facilities to Home Health Services
Under the Inpatient Rehabilitation Facility (IRF) prospective payment system (PPS), the Centers for Medicare & Medicaid Services (CMS) established an IRF transfer payment policy. The OIG’s objective is to determine how an IRF transfer payment policy for early discharges to home health services would financially affect Medicare Part A and IRFs.
- Audit of Office of Refugee Resettlement’s Placement and Transfer of Children in the Unaccompanied Alien Children Program
The Unaccompanied Alien Children Program, managed by the Office of Refugee Resettlement (ORR), Administration for Children and Families (ACF), provides temporary shelter, care, and other related services to unaccompanied children. The OIG will evaluate whether ORR followed its policies, procedures, and guidance both when making initial placements in care provider facilities and when transferring children between those facilities.
- Medicaid-Audit of Medicaid Eligibility Determinations for States in Cycle 1 of CMS’s PERM Review
The Improper Payments Information Act of 2002 requires the heads of Federal agencies to annually review programs they administer to identify programs that may be susceptible to significant improper payments and estimate the amount of improper payments. Since the Medicaid program has been identified as a program at risk for significant improper payments, CMS developed the Payment Error Rate Measurement (PERM) program to measure improper payments. Therefore, it is necessary to assess the adequacy of the PERM program by determining whether the Federal contractor conducted eligibility reviews in accordance with Federal PERM requirements.
- Audit of National Institutes of Health’s Compliance with Information Technology Controls Within the Electronic Health Records System
The National Institutes of Health (NIH) comprises 27 separate Institutes and Centers and is the primary Federal agency for conducting and supporting biomedical research to enhance health, lengthen life, and reduce illness and disability. NIH uses an electronic health records (EHR) system to help facilitate effective care. One of January OIG Work Plan updates is to determine whether select EHR system controls are in place in accordance with Federal requirements and assess EHR interoperability challenges.Find out how the CCPA influences the healthcare industry and what measures to take in order to ensure necessary consumer protection on time.
OIG Work Plan Updates in February 2020
There are 13 new items in the February release of the OIG Work Plan updates:
- HHS Compliance with the Improper Payment Elimination and Recovery Act
The federal government requires the head of each agency with programs or activities that may be susceptible to significant improper payments to report certain information to Congress.
OIG will review HHS compliance with the Improper Payments Information Act of 2002 (IPIA) and determine how well HHS is assessing federal programs with accuracy and completeness in regards to releasing the HHS Agency Financial Report.
- Ensuring Dual-Eligible Beneficiaries’ Access to Drugs Under Part D: Mandatory Review
Dual-eligible beneficiaries are enrolled in Medicaid but qualify for prescription drug coverage under Medicare Part D. According to the Affordable Care Act, the OIG has to conduct an annual review and evaluate the extent to which drug formularies developed by Part D sponsors include drugs commonly used by dual-eligible beneficiaries as required.
- The Impact of Health Risk Assessments on Risk-Adjusted Payments in Medicare Advantage
Under Medicare Part C, the CMS makes advanced monthly payments to Medicare Advantage (MA) organizations for each beneficiary enrolled. These payments are adjusted based on beneficiaries’ demographic information and clinical diagnoses. The OIG will determine the extent to which diagnoses solely generated by health risk assessments were associated with higher risk scores and higher MA payments.
- Medicare Capital Payments to New Hospitals
Hospitals are reimbursed through Medicare Part A for Medicare-related capital costs and new hospitals are paid on a cost basis for their first 2 years of operation. The aim of this update is to check the potential impact for Medicare if capital payments to new hospitals were paid through the prospective payments system for the first 2 years.
- Nationwide Audit of Medicare Part D Eligibility Verification Transactions
Pharmacies submit E1 transactions to Medicare Part D facilitators to bill for a prescription or determine drug coverage billing order. Part D facilitators then return information to pharmacies to submit the prescription drug event. The OIG will review CMS’s oversight of E1 transactions and determine whether they were created and used for intended purposes.
- Medicaid-Audit of Health and Safety Standards at Individual Supported Living Facilities
State agencies operate home and community-based services waiver programs under a 1915(c) waiver to their respective Medicaid State plans. Some of these waivers include individual supported living facilities services. The OIG’s objective is to determine whether State agencies and providers complied with Federal and State health and safety requirements involving Medicaid beneficiaries with developmental disabilities residing in individualized supported living settings.
- Medicaid MCO PBM Pricing
Managed Care Organizations (MCOs) contract with state Medicaid agencies to ensure beneficiaries receive covered services including prescription drugs. Some MCOs choose to contract with Pharmacy Benefit Managers (PBMs) to manage or administer drug benefits on their behalf.
One of February OIG Work Plan updates includes adequate oversight of Medicaid MCOs to ensure accountability over amounts paid for prescription drug benefits to its PBMs.
- Data Brief: Characteristics of Hospitals With Wage Indexes in the Bottom Quartile for the Fiscal Year 2020 Inpatient Prospective Payment System
In 2020, the Centers for Medicare and Medicaid Services (CMS) will be raising inpatient prospective payment system (IPPS) wage indexes for hospitals in the bottom quartile. As a result, the OIG will analyze certain characteristics of the hospitals in FY 2020 bottom quartile to provide information to CMS and other stakeholders.Learn about common mistakes in the exclusion screening process and how to build an effective healthcare compliance program by avoiding them.
- Audit of CMS’s Assessment of National Security Risks to Genomic Testing Data
In 1988, Congress enacted the Clinical Laboratory Improvement Amendments (CLIA) to establish quality standards for all laboratory testing. The aim of CLIA is to ensure the accuracy, reliability, and timeliness of patient test results regardless of where the test was performed, while CMS is responsible for its implementation. Accordingly, the OIG will determine whether CMS has established an effective enterprise risk management process and conducted risk assessments that consider emerging national security threats in accordance with Federal requirements.
- Data Brief: How Often Are High-Expenditure Orphan Drugs Being Used for Their Orphan Indications in Medicare?
In recent years, an increasing number of orphan designations have been granted for existing drugs that already have high sales and utilization for non-orphan indications. Therefore, OIG will determine how many high-expenditure Medicare drugs have orphan designations and the extent to which these drugs are utilized for their orphan designated indications in Medicare.
- Superfund Financial Activities at the National Institute of Environmental Health Sciences
According to Federal law and regulations, the OIG has to conduct an annual audit of the National Institutes of Health’s National Institute of Environmental Health Sciences (NIEHS) which provides Superfund Research Program funds. The audit includes payments, obligations, reimbursements, and other uses of Superfund money by NIEHS.
- FDA’s Tobacco Retailer Compliance Check Inspection Program
FDA’s Retailer Compliance Check Inspection program plays a key role in its Youth Tobacco Prevention Plan. FDA generally issues a warning letter in case of violations during a tobacco retailer inspection. If further inspections reveal subsequent violations, the FDA may seek to impose civil monetary penalties and no-tobacco-sale orders. One of February OIG Work Plan updates is to determine the extent and nature of inspections, violations, and enforcement actions, as well as to assess FDA’s direction and oversight of the program.
- Audit of FY 2020 HHS Consolidated Financial Statements
A number of ancillary financial-related reviews pertaining to the audits of the FYs 2020 and 2021 financial statements are part of the HHS financial statement auditing aimed to determine whether financial statement audits of HHS and its components were conducted in accordance with Federal requirements.
- Audit of HHS Information Technology Recovery Readiness
HHS leads the nation’s medical and public health preparedness for, response to, and recovery from disasters and public health emergencies. Part of February OIG Work Plan updates is to determine whether HHS has effective contingency planning for its information technology systems.
OIG Work Plan Updates in March 2020
There are 10 new items in the February release of the OIG Work Plan updates:
- 2019 Performance Data for the Senior Medicare Patrol Projects
In 1997, Senior Medicare Patrol (SMP) projects were established to recruit and train retired professionals and other senior citizens to prevent, recognize, and report health care fraud, errors, and abuse. The OIG reviews performance data and documentation relating to recoveries, savings, and cost avoidance for SMP projects.
- Medicare Hospital Payments for Claims Involving the Acute- and Post-Acute-Care Transfer Policies
One of OIG work plan updates in March is to review Medicare hospital discharges that were paid a full diagnosis-related group (DRG) payment when the patient was transferred to a facility covered by the acute and post-acute transfer policies where Medicaid paid for the service.
- CMS Oversight of Hospital Management of Networked Medical Device Security through the Medicare Conditions of Participation
If hospitals do not have proper cybersecurity controls in place, the networked medical devices could be compromised. The OIG will determine if any of the accreditation organizations (AOs) address cybersecurity of these devices when they assess compliance with accreditation requirements and identify any changes considered when addressing cybersecurity of networked medical devices.
- Grantee Institutions’ Actions to Strengthen Policies in Response to Concerns Regarding Potential Foreign Influence on NIH-Funded Research
The National Institutes of Health (NIH) requires grantee institutions to report their researchers’ financial interests and affiliations with foreign entities. The OIG will focus on grantee institutions’ policies and procedures related to ensuring that researchers report all foreign affiliations and reviewing the foreign affiliations that researchers report.Find out about changes to fraud and abuse laws and how to adhere to rules aimed to promote efficiency and innovation in the healthcare industry.
- Medicare Part B Payments to Physicians for Co-Surgery Procedures
The aim of this OIG work plan update is to determine whether Medicare Part B payments to physicians for co-surgery procedures were properly made.
- Emergency Preparedness and Response at Care Provider Facilities in the Office of Refugee Resettlement’s Unaccompanied Alien Children Program
The OIG plans to review UAC Program emergency preparedness and response plans and procedures, especially addressing emergency situations such as evacuations, medical and mental health emergencies, and disease outbreaks, such as COVID-19.
- Medicaid Nursing Home Life Safety and Emergency Preparedness Reviews
Residents of long-term-care (LTC) facilities are particularly vulnerable to risks such as fires, natural disasters, or disease outbreak, such as COVID-19 and other coronaviruses. Accordingly, the OIG aims to determine whether LTC facilities comply with Federal requirements for life safety and emergency and infectious disease control preparedness.
- Assessing HHS Agencies’ Adherence to Health, Safety, and Operational Protocols during Repatriation and Quarantine Efforts for the COVID-19 Outbreak
The novel coronavirus pandemic emphasizes the need for HHS to efficiently and effectively respond to protect the nation. Thus, the OIG will:
- evaluate how HHS staff were deployed, trained, and protected when assigned tasks that could entail potential exposure to COVID-19;
- analyze steps taken to protect HHS staff and, in turn, the public, during pre-deployment, deployment, and post-deployment;
- review the extent to which HHS has established mechanisms to identify and correct any vulnerabilities in deployment protocols.
- COVID-19 Hospital Response
One of OIG March work plan updates is to provide insights from hospital administrators about hospital needs and concerns in diagnosing and treating patients with the COVID-19. The aim of this study is to provide HHS operating and staff divisions with timely feedback on how they can support hospitals in responding to COVID-19.
- Highlights of OIG’s Emergency Preparedness Work: Insights for COVID-19 Response
In order to inform and assist HHS in its ongoing response efforts, the OIG will arrange key findings and recommendations regarding emergency preparedness and response efforts.
OIG Warning about Fraud Schemes Related to Covid-19 Pandemic
In managing the quickly evolving healthcare situation during this current crisis, the OIG released a COVID-19 fraud alert, warning the public about healthcare fraud scams in which fraudsters use technology to impersonate official government personnel from HHS or OIG. Medicare beneficiaries are being targeted through social media, telemarketing calls, and door-to-door visits as part of these schemes.
This can be the beginning of a bigger problem, as stolen information can be used in future scams committed in the victim’s name. Therefore, the OIG lists different ways in which beneficiaries can protect themselves:
- Beneficiaries should be cautious of unsolicited requests for Medicare or Medicaid numbers,
- Ignore offers or advertisements for COVID-19 testing or treatments on social media sites,
- Beneficiaries should be suspicious of any unexpected calls or visitors offering COVID-19 tests or supplies,
- A physician or other trusted healthcare provider should assess beneficiaries’ condition and approve any requests for COVID-19 testing.
- If beneficiaries suspect COVID-19 fraud, they should contact the National Center for Disaster Fraud Hotline (866) 720-5721 or firstname.lastname@example.org.
The OIG states that it will be vigilant in investigating anyone who exploits the COVID-19 emergency, and remain committed to protecting beneficiaries across the country and supporting healthcare professionals in serving the public during crisis.
Implementing OIG Work Plan Updates
The OIG Work Plan is a continuously updated document that covers a wide range of issues from compliance with regulations and payments by government programs to the performance of State and local government agencies in carrying out programs mandated by Congress. These audits and evaluations allow the OIG to monitor HHS programs through an independent and objective oversight that promotes economy, efficiency, and effectiveness. Therefore, routine monitoring of the OIG Work Plan updates and incorporating some issues can help healthcare organizations manage key risk areas identified by the OIG and maintain effective healthcare compliance programs.
Following the OIG Work Plan updates and keeping track of different guidelines and laws necessary for the prevention of fraud, waste, and abuse can be overwhelming and time-consuming. However, expensive audits and sanctions resulting from intentional or intentional non-compliance can be avoided with the right exclusion screening software. Outsourcing exclusion screening helps healthcare organizations stay ahead of the stringent compliance standards unique to the industry and be audit-ready at all times. In addition to on-demand screening for the latest data updates, healthcare organizations are immediately notified of any positive returns on excluded individuals and entities.Integrate a simple-to-use electronic solution to simplify monthly searches of federal and state databases and prevent fines and exclusions from federally-funded healthcare programs.