Kusserow on Compliance: OIG report reviews ACA implementation

As part of its mandated semi-annual report to Congress, the HHS Office of Inspector General (OIG) reviewed the implementation of the Patient Protection and Affordable Care Act (ACA) (P.L. 111-148), which included an audit of the health insurance exchanges, or marketplaces. The review also focused on Medicaid expansion, use of state establishment grants, and financial assistance payments. The report included results of its performance metrics to HHS for various initiatives mandated by the ACA. In scanning the agencies’ database vulnerability, the OIG identified 22 high, 62 medium, and 51 low vulnerabilities.

CMS’ shortcomings

The OIG also noted that CMS had not accomplished the following tasks: disabled unnecessary generic accounts in its test environment; encrypted user sessions; conducted automated vulnerability assessments that simulate known attacks; or used a shared read-only account for access to the database housing protected identity information.

In addition, the report highlighted the following discrepancies in terms of CMS’ implementation of the ACA. Specifically, CMS:

  • Did not effectively ensure the accuracy of nearly $2.8 billion in aggregate financial assistance payments made to insurance companies under the ACA during the first four months that these payments were made;
  • Relied on issuer attestations and did not ensure that advance cost-sharing reduction payment rates identified as outliers were appropriate;
  • Did not have systems in place to ensure that financial assistance payments were made on behalf of confirmed enrollees and in the correct amounts and to ensure that state marketplaces could submit enrollee eligibility data for financial assistance payments;
  • Did not always follow its guidance for calculating advance cost-sharing reduction payments and has not yet planned to perform a timely reconciliation of these payments;
  • Had not established guidance or criteria to assess whether the Consumer Operated and Oriented Plan (CO-OP) program, established by the ACA, was viable or sustainable; and
  • Did not always manage and oversee contractor performance for the federal marketplace as required by federal requirements and contract terms.


Finally, the report made a recommendation to CMS regarding discrepancies related to the marketplace. The OIG stated that CMS should address the federal marketplace deficiencies related to verifying applicants’ eligibility for qualified health plans and related to resolving and expiring inconsistencies.


Richard P. Kusserow served as DHHS Inspector General for 11 years. He currently is CEO of Strategic Management Services, LLC (SM), a firm that has assisted more than 3,000 organizations and entities with compliance related matters. The SM sister company, CRC, provides a wide range of compliance tools including sanction-screening.

Connect with Richard Kusserow on Google+ or LinkedIn.

Subscribe to the Kusserow on Compliance Newsletter

Copyright © 2015 Strategic Management Services, LLC. Published with permission.