HHS OIG Makes Recommendations to Improve HHS Programs

The report offers OIG’s top 25 unimplemented recommendations “that, in OIG’s view, would most positively affect HHS programs in terms of cost savings, program effectiveness and efficiency, and public health and safety if implemented.”

The recommendations are grouped by HHS program and operating division. For the sake of brevity, I won’t list all 25 recommendations, but will highlight those that appear to bear an IT component. Below is a summarized list of the recommendations by program/operating division:

• CMS - Medicare Parts A & B:  8 recommendations
• CMS – Medicare Parts C & D:  3 recommendations
• CMS – Medicaid:  7 recommendations
• ACF: 1 recommendation
• FDA: 1 recommendation
• IHS:  2 recommendations
• NIH:  1 recommendation
• General Departmental:  2 recommendations

Specific recommendations that appear to have an IT component:

• CMS – Medicare Parts C & D: CMS should collect comprehensive data from plan sponsors, including data on potential fraud and abuse, to improve its oversight of their efforts to identify and investigate potential fraud and abuse.
• CMS – Medicare Parts C & D:  CMS should require Medicare Advantage plans to include ordering and referring provider identifiers in their encounter data.
• CMS – Medicaid:  CMS should ensure that national Medicaid data are complete, accurate, and timely.
• CMS – Medicaid:  CMS should facilitate State Medicaid agencies’ efforts to screen new and existing providers by ensuring the accessibility and quality of Medicare’s enrollment data.
• CMS – Medicaid:  CMS should improve managed care organizations’ (MCOs’) identification and referral of cases of suspected fraud or abuse.
• NIH:  NIH should require security training and security plans for principal investigators and entities and verify that they have fulfilled these requirements before granting them access to genomic data.
• General Departmental:  HHS should address issues of non-compliance with the Improper Payments Information Act, as amended, for various programs deemed susceptible to significant improper payments.
• General Departmental:  HHS should ensure that all future web application developments incorporate security requirements from an industry recognized web application security standard.

In an interview with Federal News Network’s Jared Serbu last week, HHS OIG’s Senior Counsel Andrew VanLandingham spoke at length about waste, fraud and abuse vulnerabilities in the Medicaid program and OIG’s recommendations surrounding those.

VanLandingham said that the annual compendium is meant to help the department prioritize the most salient issues and allocate resources to focus on initiatives that can have the most impact on the efficiency and effectiveness of the department.   

The Medicaid program is very vulnerable to waste, fraud and abuse because there are over 50 state programs that operate differently from each other, according to VanLandingham, making federal oversight difficult.  Additionally, Medicaid serves roughly 75 million Americans now, including some of the most vulnerable populations in the nation.  

When asked about the recommendation for CMS to ensure that national Medicaid data are complete, accurate and timely, VanLandingham cited the Transformed Medicaid Statistical Information System (T-MSIS) that was the result of a 1997 Congressional mandate requiring CMS to establish a national Medicaid data system.  T-MSIS includes claims information, eligibility information, encounter data, etc.  VanLandingham stated, “The good news is as of last year all states, DC and two territories are reporting data to the system.  Now the next phase is that the data reported is of high quality and timely. It's now a data governance issue.”  In order to get good insight, the data must be well curated, according to VanLandingham.  Currently, CMS is conducting targeted reviews of data in T-MSIS.

Also related to Medicaid integrity, recommendation #16 states that CMS should improve managed care organizations’ (MCOs’) identification and referral of cases of suspected fraud or abuse.  VanLandingham stated that not only is each Medicaid program run by a different state, but usually the program is handled by an MCO within the state.  The MCOs are then responsible for referring potential cases of fraud and abuse to CMS.  “What we are finding in the managed care organizations is that there are still weaknesses in how they conduct program integrity,” said VanLandingham in the interview. “The managed care organizations really need to have robust program integrity systems in place so that they can catch fraud and abuse.” According to VanLandingham it's vital that these MCOs use proactive data analysis and employ high quality program integrity personnel.  But VanLandingham also reported progress in this area with CMS’ 2016 release of its Medicaid Managed Care rule which included a lot of improvements to requirements that MCOs need to have related to integrity.  “We're hoping that the conditional rules that CMS put out in 2016 and the subsequent additional guidance will operationalize these requirements by the MCOs.”