Each month, we are pleased to share the most recent additions to the HHS Office of Inspector General (OIG) Work Plan items. Starting in June 2017 OIG has been updating its Work Plan monthly with any new changes to the active list. Let’s take a look at the new updates from this month.  

What is the OIG Work Plan?

The HHS OIG Work Plan sets forth various projects that OIG plans to undertake during the fiscal year (FY) and beyond.

Projects listed in the Work Plan span HHS’s operating divisions, including the following: 

  • Centers for Medicare & Medicaid Services (CMS)
  • Public health agencies such as the Centers for Disease Control and Prevention (CDC)
  • National Institutes of Health (NIH)
  • Administration for Children and Families (ACF)
  • Administration for Community Living (ACL)
  • Various state and local governments – evaluating the use of federal funds as well as the administration of HHS

*Some of the projects described in the Work Plan are statutorily required.

The March agenda includes 6 new items from HHS Office of Inspector General (OIG). Let’s walk through this latest release so you can address it within your compliance program, if applicable. 

  1. CMS Oversight of Hospital Management of Networked Medical Device Security Through the Medicare Conditions of Participation
  2. Medicare Hospital Payments for Claims Involving the Acute- and Post-Acute-Care Transfer Policies
  3. 2019 Performance Data for the Senior Medicare Patrol Projects

CMS Oversight of Hospital Management of Networked Medical Device Security Through the Medicare Conditions of Participation

Networked medical devices can be used to deliver care, transfer patient data, and/or remotely monitor patients. Infusion pumps, pacemakers, and diagnostic imaging equipment can be compromised if hospitals do not have proper cybersecurity policies in place. CMS protocol for assessing hospitals’ compliance with the Conditions of Participation (CoP) does not explicitly address cybersecurity practices for networked medical devices. 

When it comes to compliance standards, CMS and accreditation organizations (AOs) like the Joint Commission, URAC, CARF, NCQA, and more address cybersecurity practices differently for networked medical devices. HHS OIG will be determining if any of the AOs address cybersecurity of networked medical devices when they assess compliance with accreditation requirements.


Medicare Hospital Payments for Claims Involving the Acute- and Post-Acute-Care Transfer Policies

Diagnosis-related group (DRG) payment provides payment in full to hospitals for all inpatient services associated with a particular diagnosis. According to Medicare transfer payment policies, Medicare pays hospitals a per diem rate for early discharges when beneficiaries are transferred to another prospective payment system hospital

Previous Office of Inspector General reviews identified Medicare overpayments to hospitals that did not comply with Medicare’s post-acute care transfer policy. HHS OIG will review Medicare hospital discharges that were paid a full DRG payment when the patient was transferred to a facility covered by the acute and post-acute transfer policies where Medicaid paid for the service.


2019 Performance Data for the Senior Medicare Patrol Projects

In 1997, Senior Medicare Patrol (SMP) projects were established to recruit and train retired professionals and other senior citizens to prevent, recognize, and report healthcare fraud, errors, and abuse. OIG will review SMP project performance data and documentation relating to Medicare and Medicaid recoveries, savings, and cost avoidance.


Find the full list of Recently Added Items on OIG’s site. Take a look at our recaps of all the archived releases by visiting the ProviderTrust Work Plan page.


Looking for more? Check out the latest compliance resources.

More Resources This Way