The OIG added six items to its Work Plan with the December 2017 update, as listed in the chart below. Interestingly, three of the new items relate to Medicaid, and two relate to the opioid abuse problem. Medicare Advantage organizations will want to know that the OIG is looking into data systems that guide CMS's increased payments based on certain risk adjustment information. Meanwhile, providers should be aware that the OIG is scrutinizing Medicaid payments made on paper instead of through electronic funds transfers. Below are brief descriptions of the six new items.
Following a trend from the previous three Work Plan updates and consistent with the government's growing focus on the opioid crisis, OIG intends to identify actions that state agencies have taken using federal funds (including from HHS, the Centers for Disease Control and Prevention, and the Substance Abuse and Mental Health Services Administration) to enhance prescription drug monitoring programs (PDMPs), and generally to achieve program goals of improving safe prescription practices and preventing prescription drug abuse and misuse. OIG will determine whether state agencies have complied with federal requirements in this area through a series of audits that will include states with high rates of overdose deaths, states that saw an increase in overdose deaths, and states that received HHS funding to enhance their PDMPs.
Relatedly, the OIG will examine the information technology (IT) and information security operations, as well as the opioid prescribing practices at Indian Health Service (IHS) hospitals. Observing the decentralized management structure of IHS, the OIG notes that some IHS hospitals with limited cybersecurity resources have struggled to implement IT improvements and update IHS's electronic health record system. The OIG will evaluate whether there is a correlation between IHS's decentralized management structure and its ability to deliver adequate IT and cybersecurity services in accordance with federal law. In addition, considering IHS's struggles to combat the opioid abuse problem, the OIG intends to assess whether IHS hospitals are prescribing and dispensing opioids in accordance with IHS policies and procedures.
Citing a Government Accountability Office (GAO) report noting an increased risk of fraud, waste, and abuse among Medicare providers who collect payments by paper versus by electronic funds transfers, the OIG will examine whether similar issues exist within the Medicaid program. The GAO observed that paper check payments to Medicare providers carry more risk of theft, forgery, or alteration, especially those made to providers using mailbox-rental stores or listing vacant or invalid practice addresses. Specifically, OIG will determine if Medicaid payments issued by paper checks and sent to providers with mailbox-rental locations were for unallowable services.
The OIG is also following CMS's transition to a new data system that captures risk adjustment information affecting payment to Medicare Advantage Organizations (MAOs), and will analyze both the current system and the transition to the new system with attention to the continuity of data. CMS uses this data regarding hierarchical condition categories (HCCs), which contain groups of clinically related diagnoses, to potentially increase payments to MAOs. OIG will determine whether the old and the new systems properly contain the requisite diagnosis codes that map to the HCC in instances of an increased payment to an MAO.
Meanwhile, in prior audits, the OIG has found that some states failed to comply with federal and state requirements for reporting and monitoring critical incidents such as abuse and neglect, as required by CMS, to protect Medicaid beneficiaries who receive services in community-based settings or nursing facilities. The OIG will review additional state Medicaid agencies to determine whether they are in compliance with these reporting requirements, with a focus on community-based settings and nursing facilities.
Finally, the OIG observed that previous audits revealed many states had yet to complete fingerprint-based criminal background checks and site visits, and that the OIG recommended that CMS assist to complete this process, which CMS has begun to do. The OIG observed, however, that CMS continues to extend the deadline for completing this task, indicating that states are still working on provider enrollment. The OIG will determine the extent to which states have completed the background checks and site visits, and inquire of CMS and the states about the roadblocks in successfully completing these tasks.