Last week, the Office of Inspector General (OIG) for the U.S. Department of Health and Human Services (HHS) published its 2016 Work Plan, summarizing new and ongoing reviews for the upcoming year planned by OIG regarding HHS programs and operations.

Each review plan includes OIG’s primary objectives as well as the year in which OIG expects its reports to be issued, the office within OIG that will perform the review, and the planned report number.  Among the more than 40 newly planned inquiries are pharmacy fraud, increased drug prices, use of electronic health records, and cybersecurity of medical devices.

Examples of new areas OIG plans to investigate in 2016 include:

Part D pharmacy enrollment

“[OIG] will review [Centers for Medicare & Medicaid Services’s] ability to oversee Part D pharmacies.  [OIG] will also determine the extent to which pharmacies that bill for Part D drugs—especially those identified as high risk—are enrolled in Medicare.  Since the inception of Part D, numerous OIG reports have raised concerns about the oversight of Part D and pharmacy-related fraud.  In addition, in June 2015, OIG participated in the largest national health care fraud takedown in history, resulting in over 240 subjects being charged with defrauding Medicare and Medicaid.  Much of this alleged fraud involved prescription drugs and pharmacies.”

Office of Evaluation and Inspections; OEI-02-15-00440; expected issue date:  FY 2017.

OIG 2016 Plan at 30.

Increase in prices for brand-name drugs under Part D

“[OIG] will evaluate the extent to which pharmacy reimbursement for brand-name drugs under Medicare Part D changed between 2010 and 2014 and compare the rate of change in pharmacy reimbursement for brand-name drugs under Medicare Part D to the rate of inflation for the same period.  Prices for the most commonly used brand-name drugs have risen substantially since 2002.  For example, prices for the most commonly used brand-name drugs increased nearly 13 percent in 2013; this increase was eight times greater than the general inflation rate for the same year.

Office of Evaluation and Inspections; 03-15-00080; expected issue date:  FY 2017.

OIG 2016 Plan at 31.

Controls over networked medical devices at hospitals

“[OIG] will examine whether FDA’s oversight of hospitals’ networked medical devices is sufficient to effectively protect associated electronic protected health information (ePHI) and ensure beneficiary safety.  Computerized medical devices, such as dialysis machines, radiology systems, and medication dispensing systems that are integrated with electronic medical records (EMRs) and the larger health network, pose a growing threat to the security and privacy of personal health information.  Such medical devices use hardware, software, and networks to monitor a patient’s medical status and transmit and receive related data using wired or wireless communications.  Medical device manufacturers provide Manufacturer Disclosure Statement for Medical Device Security (MDS2) forms to assist health care providers in assessing the vulnerability and risks associated with ePHI that is transmitted or maintained by a medical device.”

Office of Audit Services; W-00-16-42020; expected issue date:  FY 2016.

OIG 2016 Plan at 53.

Office for Civil Rights oversight of the security of electronic protected health information

“[OIG] will determine the adequacy of the Office for Civil Rights (OCR) oversight over the security of electronic protected health information (ePHI).  Prior OIG audits reported that OCR had not assessed the risks, established priorities, or implemented controls for its HITECH Act requirement to provide for periodic audits of covered entities and business associates to ensure compliance with HITECH Act and HIPAA Rule requirements and, therefore, had limited assurance that covered entities and business associates adequately protected ePHI.  Prior OIG audits have also summarized numerous vulnerabilities in the systems and controls to protect ePHI at selected covered entities.”

Office of Audit Services; W-0016-42020; expected issue date:  FY 2016.

OIG 2016 Plan at 66.

Allowability of contract expenditures ACA, §1311

“[OIG] will review the allowability of expenditures for contractor services claimed for federal reimbursement by selected health insurance marketplace grantees funded under the ACA Marketplace Establishment Grants.  HHS award recipients often contract with organizations to provide services necessary to meet the performance requirements of the grant.  Contractors that provide services specified in the grant award to beneficiaries are subject to the same requirements and cost principles as the grantee.”

Office of Audit Services; W-00-15-59034; expected issue date:  FY 2016.

OIG 2016 Plan at 69.

Physicians referring/ordering Medicare services and supplies

“[OIG] will review select Medicare services, supplies and durable medical equipment (DME) referred/ordered by physicians and non-physician practitioners to determine whether the payments were made in accordance with Medicare requirements.  Pursuant to ACA Sec. 6405, CMS requires that physicians and non-physician practitioners who order certain services, supplies and/or DME are required to be Medicare-enrolled physicians or nonphysician practitioners and legally eligible to refer/order services, supplies and DME.  If the referring/ordering physician or non-physician practitioner is not eligible to order or refer, then Medicare claims should not be paid.”

Office of Audit Services; W-00-15-35748; expected issue date:  FY 2016, ACA.

OIG 2016 Plan at 20.

OIG will periodically update its online Work Plan, which is available at http://www.oig.hhs.gov.