Kusserow on Compliance: OIG response plan—four goals for the COVID-19 Crisis

The HHS Office of Inspector General (OIG) has identified four goals to respond to the COVID-19 Pandemic: protecting people, protecting funds, protecting infrastructure, and promoting effectiveness. The OIG set out its framework in the OIG Strategic Plan: Oversight of COVID-19 Response and Recovery.

PROTECT PEOPLE. The OIG plans for this goal include to: (1) issue guidance on its administrative fraud enforcement authorities related to delivering needed patient care; (2) conduct rapid-cycle reviews of conditions affecting HHS beneficiaries or health care providers; (3) inform/support response efforts; (4) help ensure continuity of HHS operations during the public health emergency; (5) identify and investigate fraud and scams that endanger HHS beneficiaries and the public; (6) alert the public to fraud schemes related to COVID-19; and (7) assess the impacts of HHS programs on the health and safety in the acquisition, management, and distribution of COVID-19 tests and vaccine and treatment research and development.

PROTECT FUNDS. HHS was appropriated $251 billion for COVID-19 response and recovery—to prevent, prepare for, and respond to coronavirus, along with funds from other appropriations. The OIG plans for this  goal include: (1) reviewing of oversight, management, and internal controls for awarding, disbursement, and use of funds; (2) assessing whether recipients met requirements; (3) mitigating major risks that cut across program and agency boundaries; (4) ensuring that intended purposes of funds granted are being used properly; (5) identifying and investigating suspected fraud and exercising OIG’s administrative enforcement authorities; (6) identifying program integrity vulnerabilities and recommend safeguards; and (7) providing alerts to potential fraud risks or schemes to steal funds.

PROTECT INFRASTRUCTURE. Objectives for this goal include: (1) protecting the security and integrity of IT systems and health technology; (2) identifying IT vulnerabilities and incidents, mitigating threats, and restoring IT services; and (3) focusing on identifying and investigating cybersecurity vulnerabilities related to COVID-19 response.

PROMOTE EFFECTIVENESS. The OIG’s plans for this goal include: (1) focusing on COVID-19 efforts to identify successful practices and lessons learned from the emergency preparedness and response; (2) reviewing pandemic preparedness planning to identify how preparedness funding was spent; and (3) assessing COVID-19 impact on HHS programs and beneficiaries, including expanded telehealth in Medicare.

 

Richard P. Kusserow served as DHHS Inspector General for 11 years. He currently is CEO of Strategic Management Services, LLC (SM), a firm that has assisted more than 3,000 organizations and entities with compliance related matters. The SM sister company, CRC, provides a wide range of compliance tools including sanction-screening.

Connect with Richard Kusserow on LinkedIn.

Subscribe to the Kusserow on Compliance Newsletter

Copyright © 2020 Strategic Management Services, LLC. Published with permission.

Kusserow on Compliance: OIG Strategic plan outlines top priorities for 2020 – 2025

 The HHS Office of Inspector General (OIG) has identified seven major initiatives as part of its strategic plan for the period between 2020 and 2025. The initiatives include: (1) fraud and abuse protections; (2) safeguarding the Medicare trust funds; (3) protecting beneficiaries from prescription drug abuse; (4) combating health care cybersecurity threats; (5) promoting patient safety and accuracy of payments in home and community settings; (6) leveraging technology; and (7) ensuring HHS managed care and new health care models produce value.

  1. Fraud and Abuse Protections. OIG audits of national Medicaid data found substantial improper payments to providers for Medicaid Services; states were not always correctly determining lack of eligibility of individuals for Medicaid benefits. These two areas will be a focus for OIG oversight.
  2. Safeguarding the Medicare Trust Funds. The OIG plans to use data analytics to identify program areas and geographic areas of high-risk. It should provide strategic oversight of emergency preparedness and response affecting Medicare beneficiaries, Medicare Advantage, prescription drug spending, and the transition to value-based care.
  3. Protecting Beneficiaries from Prescription Drug Abuse, Including Opioids. The OIG’s efforts will focus on identifying opportunities to improve the efficiency and effectiveness of monitoring and identifying and holding accountable those engaged in fraud and abuse related to prescription drugs. Major efforts will include empowering partners through data sharing and education.
  1. Combatting Health Care Cybersecurity Threats. The OIG will increase efforts to combat cybersecurity threats, including hacking attacks, manipulation of medical devices, and inappropriate access to U.S. genomic data. The OIG will perform more cybersecurity audits of HHS agencies and programs, in partnership with other agencies, to conduct investigations that may involve espionage or foreign threats.
  1. Promoting Patient Safety and Accuracy of Payments in Home and Community Settings. The OIG plans increased efforts to reduce improper payments for services in noninstitutional settings, including home health. The OIG’s plans include outreach, education, audits, evaluations, inspections, investigations, and administrative enforcement.
  1. Leveraging Technology as it Intersects with HHS Programs. The OIG highlights that technology can be used to increase the efficiency, quality, and accessibility of the health care system. The OIG will work with other HHS agencies, patients, and providers to educate and oversee the use of health technology to positively impact providers and patients. The OIG will also assess how it can use Artificial Intelligence to foster value and quality in HHS programs.
  1. Ensuring HHS Managed Care and New Healthcare Models Produce Value. As CMS programs shift to value-based care and payment, the OIG has identified three elements that are critical to achieving better value, quality, and outcomes: (1) aligning program incentives with improved health outcomes; (2) strengthening program integrity; and (3) delivering innovative technology. The OIG will oversee the continued transition to value-based programs and will address and combat any issues of fraud, waste, and abuse.

 

Richard P. Kusserow served as DHHS Inspector General for 11 years. He currently is CEO of Strategic Management Services, LLC (SM), a firm that has assisted more than 3,000 organizations and entities with compliance related matters. The SM sister company, CRC, provides a wide range of compliance tools including sanction-screening.

Connect with Richard Kusserow on LinkedIn.

Subscribe to the Kusserow on Compliance Newsletter

Copyright © 2020 Strategic Management Services, LLC. Published with permission.

Kusserow on Compliance: Arrest of the University of Pittsburgh Medical Center hacker

An individual was indicted by a federal grand jury in Pittsburgh and arrested on charges associated with the 2014 “hacking” theft of University of Pittsburgh Medical Center (UPMC) human resources database that included personally identifiable information (PII) of over 65,000 UPMC employees. He was charged with fraud, aggravated identity theft, and selling of the information on the dark web to buyers around the world. The buyers, in turn, engaged in massive campaign of further scams and theft, including the filing of thousands of false IRS tax returns, leading to $1.7 million in false tax return refunds.

Additionally, the indictment alleges that the hacker, from 2014 through 2017, using the acronyms “TDS” or “DS,” regularly sold other PII to buyers on dark web forums, which could be used to commit identity theft and bank fraud. According to the Indictment, the hacker sold the stolen information on dark web forums for use by conspirators, who promptly filed hundreds of false tax return Form-1040 using UPMC employee PII. These false 1040 filings claimed hundreds of thousands of dollars of false tax refunds, which they converted into Amazon.com gift cards, which were then used to purchase Amazon merchandise which was shipped to Venezuela. The case was investigated by the Secret Service, IRS, and Postal Inspection Service. As a side note, six years ago, the case resulted in a major legal battle after employees sued UPMC for negligence and breach of contract. The state high court also ruled that UPMC may be responsible monetary damages if the plaintiffs can prove the health system acted negligently.

Richard P. Kusserow served as DHHS Inspector General for 11 years. He currently is CEO of Strategic Management Services, LLC (SM), a firm that has assisted more than 3,000 organizations and entities with compliance related matters. The SM sister company, CRC, provides a wide range of compliance tools including sanction-screening.

Connect with Richard Kusserow on LinkedIn.

Subscribe to the Kusserow on Compliance Newsletter

Copyright © 2020 Strategic Management Services, LLC. Published with permission.

Kusserow on Compliance: CMS ‘guts’ SNF/LTC compliance program mandates

– CMS “bows” to industry pressure

– Objective standards replaced by subjective ones

– Designated compliance officer not to be required

– No contact person to whom “people may report suspected violations”

 

A new CMS proposed rule—“Medicare & Medicaid Programs; Requirements for Long-Term Care Facilities: Regulatory Provisions to Promote Efficiency and Transparency”—proposes to roll back and remove many compliance program related requirements for long term care facilities (LTC) participating in Medicare/Medicaid. The Proposed modifications include removing many of the compliance program requirements adopted in 2016 on the basis that they are not expressly required by statute. The stated purpose of the proposed changes is to reduce administrative burdens. This flies in the face of increased identification by CMS, OIG, GAO, DOJ, and Congress of legal and regulatory compliance violations by LTC facilities.

Enhanced compliance programs were a way of addressing these ongoing problems. Among the requirements removed were (1) designation of a compliance officer; (2) designation of a compliance liaison for operating organizations with five or more facilities; (3) annual reviews of the compliance program; (4) having an identified person to whom individuals may report suspected violations.

CMS now proposes that a LTC organization develop, implement, and maintain an effective compliance and ethics program most appropriate for size and type of the organization. This should include written compliance standards, policies, and procedures that are reasonably capable of reducing the prospect of criminal, civil, and administrative violations. The new standards are far less objective and rely more on subjective concepts that are vague and difficult to substantiate, using terms like “reasonable” and “sufficient.”  Other CMS expectations for facilities include:

  1. Providing sufficient resources for operation of the compliance program.
  2. Designating a high-level person for overall compliance program responsibility with appropriate authority to assure compliance with the regulations.
  3. Taking reasonable steps to achieve compliance with program’s standards, policies, procedures, including monitoring and auditing that is reasonably designed to detect criminal, civil, and administrative violations.
  4. Having in place and publicizing a reporting system whereby anyone could report violations by others within the organization without fear of retribution.
  5. Ensuring consistent enforcement and discipline of standards, policies, and procedures.
  6. Effectively communicating compliance standards, policies, and procedures in compliance mandatory training.
  7. Taking reasonable steps to respond detected violations and to prevent similar violations in the future.

The new CMS proposed compliance program standards are significantly different from standards issued by the U.S. Department of Justice in April 2019—new DOJ evaluation of corporate compliance program guidelineswhich are designed to be used in making prosecutorial decisions and in determining penalty guidelines. Before CMS proposed to rescind many of its previously published standards for compliance programs, the DOJ and CMS standards were consistent.

 

 

Richard P. Kusserow served as DHHS Inspector General for 11 years. He currently is CEO of Strategic Management Services, LLC (SM), a firm that has assisted more than 3,000 organizations and entities with compliance related matters. The SM sister company, CRC, provides a wide range of compliance tools including sanction-screening.

Connect with Richard Kusserow on LinkedIn.

Subscribe to the Kusserow on Compliance Newsletter

Copyright © 2019 Strategic Management Services, LLC. Published with permission.