The HIPAA Journal is the leading provider of news, updates, and independent advice for HIPAA compliance

What is OIG in Healthcare?

Posted By on Jan 11, 2024

OIG in healthcare stands for the Department of Health and Human Services (HHS) Office of Inspector General (OIG) – the Office within the HHS responsible for reducing waste, fraud, and abuse in HHS programs and improving efficiency. The Office is the largest OIG in any Federal Department, and employs more than 1,650 auditors, evaluators, and investigators, who are supported by teams of staff with legal, technological, and analytical experience.

The Background to the Office of Inspector General

The Office of Inspector General for the Department of Health, Education, and Welfare (as the HHS OIG was known as at the time) was created in 1976 to “supervise, coordinate, and provide policy direction for auditing and investigative activities relating to programs and operations of the Department”. The Office was also tasked by Congress to detect and prevent fraud and abuse in programs financed by the Department, and to promote efficiency within the Department.

One of the first tasks undertaken by the newly created OIG in healthcare was to establish the OIG HHS Exclusions List as required by the Medicare-Medicaid Anti-Fraud and Abuse Amendments 1977. However, the task of managing the database of individuals and organizations prohibited from participating in federal health care programs grew substantially following the False Claims Act Amendments of 1986 – overwhelming the Office until the passage of HIPAA in 1996.

Subtitle A of HIPAA Title II created and funded the Health Care Fraud and Abuse Control (HCFAC) program, which gave the OIG in healthcare the resources to enforce §1128 of the Social Security Act – “The Exclusion of Certain Individuals and Entities from Participation in Medicare and State Health Care Programs”. Due to the HCFAC program, the OIG in healthcare now excludes more than 2,000 individuals and organizations per year compared to just thirty-five in 1977/1978.

Get The FREE
HIPAA Compliance Checklist

Immediate Delivery of Checklist Link To Your Email Address

Please Enter Correct Email Address

Your Privacy Respected

HIPAA Journal Privacy Policy

The Expanding Role of HHS OIG in Healthcare

Since its establishment (and the change of name to HHS OIG in 1980), the role of HHS OIG in healthcare has grown significantly. The Office now oversees activities in more than 100 HHS programs, conducts thousands of audits, evaluations, and inspections each year, and provides compliance guidance to tens of thousands of individuals and organizations to encourage compliance with regulations published by HHS agencies such as CMS, CDC, SAMHSA, and OCR. To cope with its expanding role and increasing workloads, HHS OIG divides its work between six sub Offices:

  • The Immediate Office of Inspector General, which is directly responsible for the fulfillment of the OIG’s mission.
  • The Office of Audit Services, which audits the performance of HHS programs, service providers, and contractors.
  • The Office of Counsel to the Inspector General, which acts as an in-house legal counsel to the Inspector General and OIG’s other components.
  • The Office of Evaluations and Inspections, which evaluates HHS programs to detect fraud, waste, and abuse and identify opportunities for improvement.
  • The Office of Investigations, which conducts criminal, civil, and administrative investigations of fraud and misconduct relating to HHS programs.
  • The Office of Management and Policy, which is focused on improving customer satisfaction with, and the reliability of, HHS programs.

What is OIG in Healthcare? HIPAAJournal.com

 

Probably the most rapidly expanding role for the HHS OIG in healthcare is cybersecurity. HHS OIG has identified cybersecurity as the top challenge for the healthcare system, and has recently added a Cybersecurity and Information Technology Division to the Office of Audit Services and a Computer Crimes Unit to the Office of Investigations to combat cybersecurity threats within HHS and the healthcare system by fostering enhancements in IT controls, risk management, and resiliency.

Why It Is Important to Understand What the OIG in Healthcare Is

Although the primary role of the OIG in healthcare is to combat fraud, waste, and abuse, and improve the efficiency of HHS programs, the Office also recommends policy changes to agencies within the HHS. When a recommendation is adopted by an HHS agency, it can have a significant impact on the regulations that healthcare providers and their business associates have to comply with. An example of this is the investigation into OCR’s governance of cybersecurity threats.

The OIG investigation is looking into whether the existing Security Rule standards and OCR’s HIPAA audit program are sufficient to prevent and detect cyberattacks, ensure the continuity of patient care, and protect PHI. Although ongoing, the investigation has prompted HHS to publish a Healthcare Sector Cybersecurity Strategy, which not only suggests new HIPAA security standards will be introduced in 2024, but also that compliance with the standards will be a requirement for participation in Medicare.

Author: Steve Alder is the editor-in-chief of HIPAA Journal. Steve is responsible for editorial policy regarding the topics covered in The HIPAA Journal. He is a specialist on healthcare industry legal and regulatory affairs, and has 10 years of experience writing about HIPAA and other related legal topics. Steve has developed a deep understanding of regulatory issues surrounding the use of information technology in the healthcare industry and has written hundreds of articles on HIPAA-related topics. Steve shapes the editorial policy of The HIPAA Journal, ensuring its comprehensive coverage of critical topics. Steve Alder is considered an authority in the healthcare industry on HIPAA. The HIPAA Journal has evolved into the leading independent authority on HIPAA under Steve’s editorial leadership. Steve manages a team of writers and is responsible for the factual and legal accuracy of all content published on The HIPAA Journal. Steve holds a Bachelor’s of Science degree from the University of Liverpool. You can connect with Steve via LinkedIn or email via stevealder(at)hipaajournal.com

x

Is Your Organization HIPAA Compliant?

Find Out With Our Free HIPAA Compliance Checklist

Get Free Checklist