OIG Gets Proactive in 2010 Work Plan

"They're really looking at that process from a lot of angles," Miller says.

Also, this is another quality of care issue, Hernandez says. The results of adverse events can be devastating for both the patient and the providers. Therefore, she says, the OIG must determine whether CMS is doing its job of enforcement so that facilities understand the repercussions of having an adverse event.

"If CMS pays for the [adverse event], there is no incentive for the facilities to improve," she says.

Hospital admissions with conditions coded as POA
According to the Work Plan, acute care hospitals are required to report on their Medicare claims which diagnoses were POA. The OIG plans to determine how many diagnoses were coded as POA and which diagnoses were coded most frequently as POA.

American Recovery and Reinvestment Act of 2009
This section of the Work Plan includes reviews of the many areas affected by this new act, passed by Congress on February 13, 2009. Top concerns include:

• Breach notification and medical identity theft in Medicare: This review will look at CMS' compliance with new breach notification requirements for personally identifiable information (PII). Section 13402 of the Recovery Act requires entities covered by HIPAA to notify individuals of PII breaches, which can lead to medical identity theft. The OIG also plans to examine CMS' internal procedures and processes related to the breach notification requirements.
• Medicare incentive payments for electronic health records (EHR): Sections 4101 and 4102 of the Recovery Act authorize incentive payments over a five-year period to physicians and hospitals that demonstrate meaningful use of certified EHR technology. The OIG will review Medicare incentive payment data from calendar year 2011 to identify erroneous payments. If the OIG identifies errors, it will assess CMS' actions to correct these mistakes.

With the federal government issuing great sums of money for EHR implementation, this project is open to scrutiny, Hernandez says.

This is also another example of how the OIG is being proactive with newer issues, scheduling the EHR incentive payments review ahead of time, Miller says.

Create your audit plan for 2010
As you're reading through the Work Plan, think about which reviews apply to your facility or practice. Include these reviews in your own audit plan to gauge your facility's compliance.

For example, "if you've had any adverse events involving a Medicare patient in the last year, you might expect the OIG requesting the record for that event," Miller says. In this example, review that case?determine how preventable the event was and how your staff members handled it. This will help you know what to expect and show government auditors that you and your staff members responded appropriately.