HHS OIG Work Plan
The HHS OIG Work Plan is a schedule of audits and evaluations conducted by the HHS Office of Inspector General that are intended to protect the integrity of HHS programs and the welfare of program beneficiaries. Unlike OIG Work Plans maintained by OIGs in other US Federal Government Departments, the HHS OIG Work Plan is “dynamic” and changes frequently to respond to emerging issues.
The Role of the HHS OIG
The role of the HHS OIG is to fight waste, fraud, and abuse in more than 100 HHS programs run by agencies such as the Centers for Medicare and Medicaid Services (CMS), the Centers for Disease Control and Prevention (CDC), and the Food and Drug Administration (FDA). It attempts to fulfil its role by conducting audits, evaluations, and – when necessary – investigations, and by providing outreach, compliance, and educational activities.
Because OIG staff cannot be in all places at all times, HHS OIG schedules audits and evaluations based on mandatory review requirements, requests made by Congress, and reported management or performance issues. The HHS OIG Work Plan can be – and often is – interrupted by an audit or evaluation progressing into an investigation, by the requirements of other oversight agencies, or by an emerging issue requiring prioritization.
HHS OIG Audits, Evaluations, and Investigations
HHS OIG audits, evaluations, and investigations are conducted by three Offices within the OIG – the Office of Audit Services, the Office of Evaluations and Inspections, and the Office of Investigations. Audits and evaluations most often assess the performance of HHS programs and service providers; and, if anomalies are identified, criminal, civil, and administrative investigations are initiated to detect cases of fraud and misconduct.
HHS OIG Exclusions List
What You Need To Know
Get The 6 Essentials Checklist For Compliance Officers
A link to your download will be sent to your email address
Your Privacy Respected
HIPAA Journal Privacy Policy
The majority of audits and evaluations do not progress into an investigation. Most often they provide insights into potential risks, suggest policies and procedures that could mitigate the risks, or make recommendations about improvements to existing programs. When an investigation is considered necessary, the most common outcomes are repayments of overcharged amounts, exclusion from HHS programs, civil settlements, or criminal charges.
Source: HHS OIG Semi Annual Report to Congress September 2023
Outreach, Compliance, and Educational Activities
As well as scheduling audits, evaluations, and investigations, the HHS OIG Work Plan includes outreach, compliance, and educational activities to (for example) warn program beneficiaries of healthcare-related scams, help service providers comply with HHS Regulations, and provide tools for service providers to comply with HHS Regulations. HHS OIG also encourages service providers to self-disclose potential fraud or misconduct in HHS programs.
In the context of helping service providers comply with HHS Regulations, one of the most recent activities on the HHS OIG Work Plan has been an update to the “General Compliance Program”. Not only has the guidance documentation been completely refreshed, but HHS OIG is planning to publish further industry segment-specific compliance program guidance throughout 2024 for different types of service providers participating in HHS programs.
HHS OIG Work Plan 2024
At present, Offices of the HHS OIG have more than 200 items scheduled for the HHS OIG Work Plan 2024. Almost half are from previous years and have been put on hold due to a lack of resources, because they are low priority, or because they are waiting for further information. Others are in progress and partially complete or waiting for a decision from an HHS program as to whether the recommendations in an audit or evaluation will be accepted or revised.
Active items in the HHS OIG Work Plan 2024 most likely to have an impact on service providers include a study of adverse events in hospitals affecting Medicare patients, an audit of workplace violence in NIH-funded institutions, and an investigation of OCR’s governance of HIPAA with regards to protecting ePHI from cyberattacks. This investigation will also determine whether minimum security measures should be a condition of participation in the Medicare program.
Why It Is Important to Keep Up To Date with the HHS OIG Work Plan
The reason it is important to keep up to date with the HHS OIG Work Plan is that HHS OIG audits and evaluations make recommendations that could be adopted in future HHS policies. While most service providers to HHS programs will be aware of the proposed changes to HIPAA and other HHS programs that have already been announced, making changes to accommodate the proposed changes without looking further ahead may create future compliance challenges.
