Webinar Recap: OIG’s 2023 Guidance for Navigating Compliance Changes

In our recent webinar, ProviderTrust’s Chief Compliance Officer, Donna Thiel, shared her expertise and valuable feedback from the 2023 HCCA Compliance Institute. In this post, we recap the key takeaways from the webinar.

During the Keynote Speech at the HCCA Compliance Institute this year, Office of Inspector General (OIG) Christi A. Grimm discussed the future state of healthcare compliance. Their guidance aims to improve a number of potential risks within the healthcare space by improving care at nursing homes and strengthening the program integrity in managed care. OIG pointed to the increased instances of patient neglect abuse as well as the need for oversight within nursing homes. Medicare and Medicaid’s growing presence in managed care was also heavily discussed, with OIG urging healthcare organizations to become increasingly aware of risk adjustment payment scams. At the HCCA Compliance Institute, Laura Ellis, with the OIG, announced new guidance impacting Corporate Integrity Agreements that will spell change for healthcare organizations and how they monitor state exclusion lists.

Improving Nursing Homes with the PRO Framework

OIG stated that improving nursing homes was a top priority for their team, pinpointing the regular pitfalls of this particular healthcare sector. While many nursing homes provide safe and exceptional care, there are a number of nursing home residents who are subjected to care that is unsafe and poor quality every year. This is sometimes due to staffing shortages, infection control, and emergency preparedness, though COVID-19 certainly exacerbated longstanding issues and created new ones. This has created trouble for compliance and overall safety within nursing home facilities. To combat this fraud, waste, and abuse, the OIG introduced a three-part plan called the PRO framework to guide the oversight of nursing homes.

The PRO Framework


Organizations should work to understand the incentives and causes of poor quality nursing home care, focusing on facilities’ operations. This can help organizations better understand areas like the reporting of related party costs and how nursing homes use Medicaid funding to provide care. Turning your attention to these concerns can provide insight into the relationship between ownership structure, private equity, and spending on care.

Residents First:

Nursing homes should always strive to provide the highest quality of care possible for residents and their loved ones. One way to do that is by monitoring and identifying risks. Common risks involve falsifying schizophrenia diagnoses to justify the use of antipsychotics and abuse and neglect of residents. OIG has declared they will increase up their enforcement of the False Claims Act for facilities that provide substandard or worthless services, working to exclude any facilities that grievously fail their residents.


Once instances of noncompliance and substandard care have been identified, nursing homes should work quickly and effectively to remedy their problems. Residents depend on nursing homes to deliver safe and high-quality care. By putting their residents’ well-being first, nursing home facilities can ensure they can detect and correct risks immediately, safeguarding their patients and remaining compliant with state and federal regulations.

Strengthening Program Integrity in Managed Care

Corporate Integrity Agreements (CIAs) act as a roadmap of compliance for healthcare organizations to remain in line with federal regulations. But without close monitoring of individual state exclusions, it can be easy for providers and entities to commit fraud or otherwise be the cause for waste and abuse within their healthcare facilities and organizations at large. Laura Ellis, Senior Counsel in the Office of Counsel to the Inspector General, announced that a new iteration of the CIA will require organizations to monitor for all OIG exclusions and include state Medicaid exclusions as well, including any state in which the healthcare organization conducts business.

With this update, organizations must ask themselves which state exclusion lists they should monitor. Are your patients coming from within that facility’s state, or does the patient have an insurance plan from across state borders? Organizations are responsible for knowing which state exclusion lists they are responsible for and will be held accountable by OIG for any failure to navigate this change. One way to ensure constant compliance with all state and federal regulations is to partner with an exclusion monitoring and credential verification service. Manual exclusion monitoring has numerous difficulties and room for error, so efficiently and continually capturing exclusion data as it becomes available has become increasingly important.

Another best practice organizations should employ is to look across all state exclusion lists, regardless of the states in which they conduct business. Even if a provider is not excluded in the same state where your facility operates, it could still pose a potential risk to have an excluded individual working in your organization. Unfortunately, providers with repeat fraud, waste, and abuse allegations commonly move across state borders to continue their nefarious practices. However, by monitoring every state exclusion list, organizations can stay vigilant of potential fraudsters and abusers within the healthcare space.

Updates to Corporate Integrity Agreements

During the HCCA Compliance Institute, OIG also highlighted the importance of improved financial integrity within managed care. New, booming growth has introduced financial pressures, as well as increased market competition and new players. With the growth of Medicare and Medicaid in managed care, risk is no longer limited to insurers and private plans. Over the last decade, OIG’s investigation of managed care has found that the risk of fraud, waste, and abuse in managed care is very real and in dire need of fixing.

One risk that compliance officers should be keenly aware of relates to risk adjustment payments. Financial incentives resulting from risk adjustment can lead to upcoding, in which the severity of a diagnosis is exaggerated to obtain higher payments. OIG looked at 20 insurance companies that received $5 billion in risk adjustment payments in 2017 and found that these companies all received more than half a billion dollars in payments for patients that were diagnosed with serious mental illnesses. However, no service records showed these patients were treated for their mental health condition. This also applies to other serious illnesses and diseases.

OIG routinely receives referrals and complaints from whistleblowers and other entities regarding risk adjustment payments. Because the dollar amount involved with risk adjustment payments is often quite significant, many referrals have led to momentous settlements with plans and providers to resolve allegations of noncompliance. Still, managed care continues to grow, and the associated dollars increase along with it. Organizations that do business with managed care plans should therefore adopt compliance programs that reflect this change and the growing presence of Medicare and Medicaid in managed care.


The OIG’s recent guidance for navigating compliance changes in the healthcare industry highlights the ongoing challenges and risks faced by healthcare organizations, and successfully navigating compliance changes will require a proactive approach. With updates to CIAs impending, organizations should be particularly careful about effectively monitoring their providers to ensure complete compliance with all state and federal regulations.

Risk assessment tactics, utilizing expert compliance methods, and practicing sound financial management will become increasingly vital to maintain compliance. But healthcare providers can thrive by prioritizing high-quality care in nursing facilities, strengthening the program integrity of managed care, and effectively addressing organizational risks. These tactics will also ensure the best possible care for patients across every facility they operate. OIG’s guidance and the announced CIA updates should serve as a reminder that healthcare organizations must remain vigilant and proactive to meet the demands of an ever-evolving healthcare landscape.

How ProviderTrust Can Help

At ProviderTrust, we’re committed to upholding the highest standards of data accuracy, security, and patient safety. That’s why we stand by our proprietary Compliance Intelligence™ technology that ensures our data is smarter than the primary sources. Our monitoring platform enables healthcare organizations across the continuum to use our hybrid approach to efficiently and accurately manage, monitor, and verify all types of healthcare credentials, from physical therapy licenses to BLS certificates and everything in between, helping you meet regulatory requirements with ease.

Stay Up-to-Date

Subscribe and get the latest news and advice from industry experts delivered straight to your inbox.

Related Resources

Never miss an update

Get the latest healthcare news, advice from industry experts, and all things related to monitoring solutions delivered straight to your inbox.