Search the News Archive

HHS Office of Inspector General Publishes 2009 Work Plan

The OIG conducts audits relating to the Medicare program and prepares reports to Congress about administration of Medicare. Areas listed in the work plan are those that OIG considers might be subject to abuse, so providers, hospitals, health plans and others might wish to be aware of those areas when developing compliance work plans for the next year. Information OIG gleans from its evaluations also can indicate areas in which OIC might direct future criminal investigations. Increasing emphasis and scrutiny is being placed on Medicare Advantage and Medicare prescription drug programs.

Text of 2015 Work Plan, HHS Office of Inspector General: ACA Reviews (PDF)

"OIG's ongoing and planned reviews for fiscal year 2015 will assess the Department's implementation and operation of ACA programs and progress toward achieving program goals. To this end, we are prioritizing work in three main areas: the health insurance marketplaces, including financial assistance payments; Medicare and Medicaid reforms; and grant expenditures for public health programs."

Inspector General Describes Status of Health Insurance Exchange Data Services Hub (PDF)

"CMS is addressing and testing security controls of the Hub during the development process. However, several critical tasks remain to be completed in a short period of time, such as the final independent testing of the Hub's security controls, remediating security vulnerabilities identified during testing, and obtaining the security authorization decision for the Hub before opening the exchanges. CMS's current schedule is to complete all of its tasks by October 1, 2013, in time for the expected initial open enrollment period."

Summary Report of HHS Inspector General: Health Insurance Marketplaces Generally Protected Personally Identifiable Information But Could Improve Certain Information Security Controls (PDF)

"Although [CMS] had implemented controls to secure Healthcare.gov and consumer personally identifiable information (PII) on the Federal Marketplace, [we (the Office of Inspector General)] identified areas for improvement in its information security controls.... This summary does not include specific details of the vulnerabilities that we identified because of the sensitive nature of the information. We have provided more detailed information and recommendations to officials of the three Marketplaces so the issues we identified could be appropriately addressed."

HHS Inspector General Report: CMS's Internal Controls Did Not Effectively Ensure the Accuracy of Aggregate Financial Assistance Payments Made to Qualified Health Plan Issuers Under the ACA

"CMS's internal controls did not effectively ensure the accuracy of nearly $2.8 billion in aggregate financial assistance payments made to insurance companies under the Affordable Care Act during the first 4 months that these payments were made.... We recommended that CMS correct these internal control deficiencies by requiring its Office of the Actuary to review and validate QHP issuers' actuarial support for index rates that CMS identifies as outliers, implementing computerized systems to maintain confirmed enrollee and payment information so that CMS does not have to rely on QHP issuers' attestations in calculating payments, implementing a computerized system so State marketplaces can submit enrollee eligibility data, following its guidance for calculating estimated advance CSR payments, and developing interim reconciliation procedures to address potentially inappropriate CSR payments."

Text of HHS Inspector General Report: Not All of the Federally Facilitated Marketplace's Internal Controls Were Effective in Ensuring That Individuals Were Properly Determined Eligible for Qualified Health Plans and Insurance Affordability Programs (PDF)

"On the basis of our review of 45 sample applicants and 45 prior sample applicants, we determined that certain controls were effective, such as the controls for verifying applicants' incarceration status. However, on the basis of our sample reviews and performing other audit procedures, such as interviewing marketplace officials and reviewing supporting documentation, we determined that other controls were not effective."

HHS Inspector General Report: OCR Should Strengthen Its Followup of Breaches of Patient Health Information Reported by Covered Entities

"OCR should [1] enter small-breach information into its case-tracking system or a searchable database linked to it; [2] maintain complete documentation of corrective action; [3] develop an efficient method in its case-tracking system to search for and track covered entities that reported prior breaches; [4] develop a policy requiring OCR staff to check whether covered entities reported prior breaches; and [5] continue to expand outreach and education efforts to covered entities."

HHS Inspector General Report on CMS Management and Oversight of Contractor Performance for the Federal Marketplace

"[OIG] reviewed 20 of 62 contracts that [CMS] identified as awarded for the development, implementation, and operation of the Federal marketplace to determine the contract requirements for monitoring and overseeing contractor performance. Contracting officers and contracting officer's representatives did not always manage and oversee contractor performance as required by Federal requirements and contract terms. CMS did not always comply with Federal regulations regarding designation and certification requirements for contracting officer's representatives. Also, contracting records did not always include all critical contract deliverables and other management and oversight documentation."

HHS Inspector General Finds CMS and Its Contractors Have Adopted Few Program Integrity Practices to Address Vulnerabilities in Electronic Health Records

"CMS and its contractors had not changed their program integrity strategies in light of [electronic health record (EHR)] adoption. Few CMS contractors had adopted few program integrity practices specific to EHRs. Specifically, few contractors were reviewing EHRs differently from paper medical records. In addition, not all contractors reported being able to determine whether a provider had copied language or overdocumented in a medical record. Finally, CMS had provided limited guidance to Medicare contractors on EHR fraud vulnerabilities."

Text of HHS Inspector General Report: Most Critical Access Hospitals Do Not Meet Medicare's Location Requirements (PDF)

"The Critical Access Hospital (CAH) certification was created to ensure that rural beneficiaries are able to access hospital services. Medicare reimburses CAHs at 101 percent of their reasonable costs, rather than at the rates set by prospective payment systems or fee schedules.... Nearly two-thirds of CAHs would not meet the location requirements if required to re-enroll. The vast majority of these CAHs would not meet the distance requirement. CMS does not have the authority to decertify most of these CAHs... However, if CMS were authorized to reassess whether all CAHs should maintain their certifications and concluded that some should be decertified, Medicare and beneficiaries could realize substantial savings. If CMS had decertified CAHs that were 15 or fewer miles from their nearest hospitals in 2011, Medicare and beneficiaries would have saved $449 million."