oig medicare compliance audits

The U.S. Office of Inspector General (OIG) in the Department of Health and Human Services (DHHS) oversees efforts in the healthcare sector to identify, reduce, and prevent incidents of fraud, waste, and abuse of funds from programs like Medicare. OIG Medicare compliance audits help ensure that hospitals, clinics, and other medical facilities use program funds efficiently and in accordance with federal and state laws.

Findings from OIG audits can identify compliance areas needing improvement. They also help the DHHS improve its operations and program administration.

OIG audits tend to emphasize specific areas each year, depending on the agency’s priorities at a given time. For example, the OIG has focused on billing and coding, quality of care, data security and privacy, and Medicare compliance. Compliance officers and other healthcare leaders should stay updated on these focus areas and be able to anticipate annual changes in audit policy.

Focus Areas for 2024

The OIG’s General Compliance Program Guidance (GCPG) establishes industry-specific compliance program guidance (ICPG) for 2024 that focuses on forms of fraud, waste, and abuse specific to certain types of suppliers, providers, and entities like nursing homes, clinical laboratories, and hospitals. In addition to standard compliance issues, the 2024 focus areas cover the following:

  • Guidance on Healthcare Compliance Laws: In addition to summaries of such laws as the Anti-Kickback Statue and Stark Law, the updated GCPG also includes guidance on the Information Blocking Rule, which allows the OIG to investigate noncompliance related to information technology (I.T.) and cybersecurity threats.
  • HIPAA: The OIG underscores the importance of data security and privacy compliance, given increased cyberattacks on healthcare organizations.
  • Medicare Advantage (M.A.): Organizations using M.A. are subject to OIG risk adjustment audits, which can result in payment adjustments based on beneficiary health status and risk adjustment data that entities submit to the Centers for Medicare and Medicaid Services.
  • Quality of Care: For the first time, the GCPG recommends that compliance programs implement patient care and safety evaluations. Additional procedures address who should carry out the quality assurance and the performance of audits and reviews.

The following focus areas expand on previous guidance areas and provide updated recommendations:

  • Clinical review of claims: Medicare claims should undergo internal audits that include clinical review to verify medical necessity.
  • Compliance officer responsibilities: The GCPG outlines changes to compliance officers’ roles regarding organizational operations’ legal and financial aspects. More specifically, compliance officers need to report directly to their director boards or chief executive officers.
  • Financial arrangement tracking: The CGPC recommends that organizations implement internal tracking systems that monitor financial arrangements to ensure efficiency and avoid conflicts of interest.
  • Greater access to information: Each healthcare organization should have policies, procedures, and codes that are easily accessible and understandable by all relevant personnel.
  • Vendor training: Although vendors working with healthcare organizations are responsible for regulatory compliance, they may receive training waivers if they demonstrate sufficient knowledge of compliance laws.

Preparing for OIG Medicare Compliance Audits

If your hospital or healthcare facility is facing an OIG audit, your best defense is to already conduct regular internal auditing of its compliance policies. Such an ongoing auditing system is crucial to a healthcare organization’s compliance program. Generally, compliance officers ensure that OIG internal monitoring and auditing.

  • Is ongoing
  • Involves regular reporting to organizational leaders and board members
  • Has qualified personnel knowledgeable of government enforcement conducting the period audits
  • Ensures compliance at the federal, state, and internal levels

In addition to maintaining a robust compliance program, compliance officers and other key personnel can do several things to prepare for OIG Medicare compliance audits:

  • Understand the steps of the audit process before it occurs.
  • Review the OIG annual work plan for risk areas that can be improved in advance.
  • Enlist a response team with individuals who can supply necessary documents and provide timely responses to questions and directives from the OIG.
  • Develop an audit plan that identifies the central contact person, specifies internal reporting procedures, and outlines the responsibilities of each audit team member.
  • Identify external resources, such as outside counsel or consultants with billing expertise, who can provide crucial advice during audits.

Seamlessly Follow OIG’s 7 Elements

Keep up to date with compliance & mitigate risks with software.

Global CTAs Image