OIG Work Plan

Every year the Office of the Inspector General (OIG) has a work plan defining the specific areas on which they will concentrate their investigations. The work plan for 2013 was recently released and gives insight into what the future will hold regarding possible payment policy changes and identifies areas of high compliance risk. Key parts of the 2013 plan are reproduced here.

Part B Imaging Services-Payments for Practice Expenses
OIG will review Medicare payments for Part B imaging services to determine whether they reflect the expenses incurred and whether the utilization rates reflect industry practices. For selected imaging services, we will focus on the practice expense components, including the equipment utilization rate. Practice expenses are those such as office rent, wages, and equipment. Physicians are paid for services pursuant to the Medicare physician fee schedule, which covers the major categories of costs, including the physician professional cost component, malpractice costs, and practice expenses. (Social Security Act, § 1848(c)(1)(B).) (OAS; W-00-12-35219; W-00-13-35219; various reviews; expected issue date: FY 2013; work in progress and new start)

Diagnostic Radiology-Medical Necessity of High-Cost Tests
OIG will review Medicare payments for high-cost diagnostic radiology tests to determine whether they were medically necessary and the extent to which the same diagnostic tests are ordered for a beneficiary by primary care physicians and physician specialists for the same treatment. Medicare will not pay for items or services that are not “reasonable and necessary.” (Social Security Act, § 1862 (a)(1)(A).) (OAS; W-00-12-35454; W-00-13-35454; various reviews; expected issue date: FY 2013; work in progress and new start)

Recovery Audit Contractors-Identification and Recoupment of Improper and Potentially Fraudulent Payments and CMS’s Oversight and Response
OIG will review the extent that Recovery Audit Contractors (RAC) identified improper payments, identified vulnerabilities, and made potential fraudulent referrals in 2010 and 2011. We will also review the activities that CMS performed to resolve RAC-identified vulnerabilities, address potential fraud referrals, and evaluate RAC performance in 2010 and 2011. On completion of a 3-year demonstration project, Congress mandated nationwide implementation of a permanent RAC program for Medicare Part A and Part B. (Tax Relief and Health Care Act of 2006 (TRHCA), § 302.) Subsequently, Congress expanded the RAC program, giving it additional responsibilities to address improper payments in Medicare (including Part C and Part D) and Medicaid. (Affordable Care Act, § 6411.) (OEI; 04-11-00680; expected issue date: FY 2013; work in progress; Affordable Care Act)

Local Coverage Determinations-Impact on Physician Fee Schedule, Services, and Expenditures
OIG will determine to what extent Part B services and items paid under the Medicare Physician Fee Schedule are affected by Local Coverage Determinations (LCD) and the variation in coverage of these services and items as a result. We will also assess CMS’s efforts to evaluate and adopt new LCDs for national coverage as required by the Medicare Prescription Drug, Improvement, and Modernization Act of 2003 (MMA). Medicare delegates the establishment of LCDs to third-party contractors. A contractor may establish an LCD to enforce its decision about whether a particular item or service is considered reasonable and necessary and is therefore covered under Medicare. (Medicare, Medicaid, and SCHIP Benefits Improvement and Protection Act of 2000 (BIPA) § 521 and Social Security Act, § 1862(a)(1)(A).) These coverage decisions are not national, meaning Medicare could pay for a service for a beneficiary in one location, but deny payment for that service to a beneficiary elsewhere. (OEI; 01-11-00500; expected issue date: FY 2013; work in progress)

OCR Oversight of the HITECH Breach Notification Rule
OIG will review OCR’s oversight of the Health Information Technology for Economic and Clinical Health Act (HITECH) Breach Notification Rule, which requires that covered entities, as defined by HIPAA, notify affected individuals; the Secretary of HHS, and when required, the media, following the discovery of a breach in unsecured PHI. A breach is the unauthorized acquisition, access, use, or disclosure of PHI that compromises the security or privacy of such information. Unsecured PHI is individually identifiable health information that is unencrypted or not destroyed in a way that renders the PHI unusable or unreadable by unauthorized individuals. HHS provided additional guidance on what is considered to be unsecured PHI in its issuances at 74 Fed. Reg. 19006 and 74 Fed. Reg. 42741. The Secretary of HHS delegated oversight responsibility to OCR. We will review OCR’s policies for investigating breaches reported by covered entities and determine whether Medicare Part B-covered entities have policies or plans in place to mitigate breaches. (OEI; 09-10-00511; expected issue date: FY 2013; work in progress; Recovery Act)

Best regards,
Kirk Reinitz, CPA