On October 31, 2014, the U.S. Department of Health and Human Services (HHS) Office of Inspector General (OIG) released its Work Plan for fiscal year 2015.  Appendix B of the Work Plan outlines OIG’s plans for continued oversight of HHS agencies’ use of American Recovery and Reinvestment Act of 2009 (Recovery Act) funds.

Inspectors General, including the HHS OIG, received funding for oversight of their agency’s programs and operations that received supplemental funding through the Recovery Act.  As explained on the Recovery Act website, the purpose of the oversight is to ensure that:

  1. “Recovery funds were awarded and distributed in a prompt, fair, and reasonable matter”;
  2. “Recovery funds are used for authorized purposes, and that steps are in place to prevent fraud, waste, and abuse”; and
  3. “Recovery projects avoid unnecessary delays and cost-overruns and that they meet goals and targets.”

According to Appendix B, HHS has used oversight funds “primarily to conduct financial oversight activities to ensure that HHS agencies and grantees used the funds they received for the intended purposes and in accordance with established requirements.”

As in past years, many of OIG’s planned “Recovery Act Reviews” focus on Electronic Health Record (EHR) incentive payments.  Specifically:

  • OIG will “review Medicare incentive payments to eligible health care professionals and hospitals for adopting EHRs and the Centers for Medicare & Medicaid Services (CMS) safeguards to prevent erroneous incentive payments.”  As of August 2014, over $16 billion in Medicare EHR incentive payments have been made.
  • OIG will “review Medicaid incentive payments to Medicaid providers and hospitals for adopting [EHRs] and CMS safeguards to prevent erroneous incentive payments.”  Medicaid EHR incentive payments totaled over $8 billion as of August 2014.
  • OIG will “perform audits of various covered entities receiving EHR incentive payments from CMS and their business associates, such as EHR cloud service providers, to determine whether they adequately protect electronic health information created or maintained by certified EHR technology.”  Protecting electronic health information is a core meaningful-use objective for eligible providers and hospitals.

In addition, OIG “will continue to evaluate credible allegations of improper expenditures of Recovery Act funds to identify cases in which criminal investigations should be opened and enforcement actions pursued” and “will continue to evaluate credible allegations of reprisals against whistleblowers by entities or individuals receiving Recovery Act funds to identify cases in which criminal investigations should be opened and antireprisal enforcement actions pursued.”

In order to be prepared for a potential HHS OIG audit, providers that have accepted Recovery Act incentive payments should confirm that they have in place appropriate documentation surrounding their EHR systems (particularly the security aspects of the EHR systems) and payment for those systems.