The Department of Health and Human Services (HHS) Office of Inspector General (OIG) recently released its annual publication entitled, “The Top Management and Performance Challenges Facing HHS.” The 2018 edition synthesized the OIG’s oversight, risk analysis, data analytics, and enforcement work to identify 12 top management and performance challenges (TMCs) across the Department. The TMCs reflect challenges resulting from many issues, including improper payments, quality of service and care to beneficiaries, effective use of health information technology (IT), and combating fraud. The 2018 TMCs include the following:
Preventing and Treating Opioid Misuse
The President declared the opioid epidemic to be a public health emergency in 2017. In that year, an estimated 49,000 people died from opioid-related overdoses. Key components in combating the epidemic include:
- Reducing inappropriate prescribing and misuse of opioids.
HHS agencies should monitor and assess the effectiveness of their ongoing efforts. The OIG recommends that the Centers for Medicare & Medicaid Services (CMS) provide educational tools on appropriately prescribing opioids when medically necessary. CMS should particularly engage with and educate providers who may be prescribing inappropriately. States and the Indian Health Service (IHS) should also encourage the use of prescription drug monitoring programs (PDMPs). States should share Medicaid beneficiary data amongst themselves and with HHS to identify patient harm that may have resulted from patients crossing state lines.
- Combating fraud and diversion of prescription opioids and potentiator drugs.
HHS should address this challenge by improving its efforts to identify and investigate potential fraud and abuse. HHS can collect comprehensive data from Medicare Part D plan sponsors to identify opioid related fraud and abuse. Also, CMS should ensure the sufficiency of national Medicaid data, to better help states accurately detect fraud and abuse. CMS should work with states to report on questionable prescribing patterns and follow up with prescribers who have been identified as having these questionable prescribing patterns. CMS and state efforts in these areas will help ensure that Medicare Part D and Medicaid-paid drugs are not being diverted for resale or recreational use. Additionally, IHS should improve controls to protect its pharmacies’ inventory and ensure that sensitive patient information is not accessible by unauthorized individuals.
- Ensuring access to appropriate treatment for opioid use disorder.
First, CMS and the Substance Abuse Mental Health Services Administration (SAMHSA) should monitor the effectiveness of their efforts to increase access to medication assisted treatment (MAT). SAMHSA must also adequately oversee waiver processes that allow for the prescribing and dispensing of specific narcotic medications outside of opioid treatment programs. Finally, CMS should continue developing reimbursement policies that ensure that treatment resources and qualified providers are available to beneficiaries.
- Ensuring that funding for prevention and treatment is used appropriately.
The OIG should monitor and review the use of federal grant funds related to opioid abuse prevention and treatment to prevent fraudulent use. SAMHSA and other HHS operating divisions should also involve the OIG in suspected grant fund fraud or misuse.
Ensuring Program Integrity in Medicare Fee-for-Service and Effective Administration of Medicare
The Medicare program provided health coverage to 58.4 million beneficiaries in fiscal year (FY) 2017, spending $698.7 billion and accounting for over 15 percent of all federal spending. To ensure the integrity and continuation of this Medicare spending, HHS agencies should take actions towards:
- Reducing improper payments.
HHS can first address this challenge by resolving program integrity weaknesses that the OIG has identified. CMS, specifically, should take stronger actions in provider, supplier, and geographic settings that present high financial integrity risks. OIG and CMS have identified chiropractors, home health providers, hospices, skilled nursing facilities (SNFs), and high-risk hospital services as the providers and services that have the highest rate of improper payments. CMS should also strengthen skilled nursing facility (SNF) and hospice general inpatient billing oversight.
- Combating fraud.
CMS should use, and continue to improve, program integrity tools already available to prevent fraudulent payment to providers. CMS should also better utilize performance results within its Fraud Prevention System (FPS) to increase the accuracy of its predictive analytic models.
- Fostering prudent payment policies.
CMS should evaluate new payment and delivery models to mitigate financial and quality-of-care risks under current systems. Additionally, CMS needs to evaluate potential Medicare therapy payment rate reductions and SNF Medicare payment adjustments.
- Maximizing the promise of health information technology.
HHS must address data barriers throughout the Department and the health care industry. CMS should ensure that complete, accurate, timely, and secure data are collected for Medicare purposes. It must also ensure that evolving technologies, including telemedicine, are effective in improving patient care. The Office of the National Coordinator (ONC) for Health Information Technology and CMS should strengthen collaboration and create a comprehensive plan to address fraud vulnerabilities in electronic health records (EHRs). CMS should adopt effective record-retention and documentation practices for Medicare Fee-for-Service (FFS) providers that are not overly burdensome for the provider.
Ensuring Program Integrity and Effective Administration of Medicaid
As the largest federal health care program, Medicaid had 67 million individuals enrolled and $592 billion in expenditures for FY 2017. These are expected to increase at an average annual rate of 5.7 percent and reach $1 trillion by 2026. Key challenges to the effective administration of the program include:
- Improving the reliability of national Medicaid data.
CMS and states should prioritize Transformed Medicaid Statistical Information System (T-MISS) data management to address this challenge. CMS should also establish and adhere to a deadline for T-MISS data availability, ensure that the same data elements are consistently reported across the states, and use its enforcement authority when states do not submit timely and complete data.
- Reducing improper payments.
CMS should continue to engage and collaborate with state Medicaid agencies. These agencies should develop corrective action plans and provide specific guidance to states regarding the service and benefit categories most vulnerable to improper payments.
- Combating fraud.
CMS should work with states to implement tools such as site visits or fingerprint-based criminal background checks for high-risk providers. CMS should also develop a central repository of provider information for all states and Medicare to use. The agency should establish a T-MISS data availability deadline for multi-state program integrity efforts.
- Ensuring appropriate Medicaid eligibility determinations.
CMS should closely monitor state Medicaid eligibility determinations to ensure the accuracy of such determinations. The agency should also work with states to ensure that systems are able to verify eligibility, vulnerabilities are addressed through the development and implementation of policies and procedures, and redeterminations are undertaken.
Ensuring Value and Integrity in Managed Care and Other Innovative Healthcare Payment and Service Delivery Models
Managed care and other health care delivery models are being developed to promote innovation and effectiveness and protect against fraud, waste, and abuse. However, HHS still faces significant challenges in ensuring value and integrity in these payment and service delivery models. Key components of that challenge include:
- Ensuring effectiveness and integrity in new payment models.
CMS should focus on program integrity risks, incorporating safeguards, and correcting identified issues when testing value-based care models. This is especially relevant for models that introduce new payment incentives or models for which payment, coverage, or fraud and abuse law waivers may have been issued. CMS should also clearly define quality measures to reduce provider burden.
- Combating provider fraud and abuse.
CMS should ensure the completeness, validity, and timeliness of Medicare Advantage Organization (MAO) and Medicare encounter data.
- Fostering MCO compliance.
CMS should work with states and MAOs to ensure that plans’ networks allow timely access to care. The agency should also enhance its oversight of MAO contracts.
Protecting the Health and Safety of Vulnerable Populations
HHS administers programs that provide critical services to vulnerable populations such as unaccompanied alien children (UAC) that enter the U.S. without legal status, children in state foster care programs, and vulnerable populations that receive nursing home, group home, and hospice care. TMCs for ensuring the safety of these vulnerable populations include:
- Ensuring the safety and security of unaccompanied children in HHS care.
The Administration for Children and Families (ACF) should continue overseeing the health and safety of children in the Office of Refugee Resettlement’s (ORR) care, while adapting to sudden changes in numbers and/or needs of children. The OIG should also continue oversight of the UAC program and continue examining potential criminal misconduct in ORR facilities to determine if investigations or referrals are needed.
- Addressing substandard nursing home care.
To address this challenge, HHS should adopt strategies to strengthen nursing home oversight and improve nursing care. The Department must also improve internal controls, surveyor guidance, and training to detect nursing home deficiencies to prevent quality and safety issue reoccurrence. CMS should improve nursing home resident abuse and neglect identification and reporting. It should also instruct nursing home surveyors to review facility practices for reducing and identifying adverse events. CMS should also assist states with meeting timeframes for investigations of nursing home complaints.
- Reducing problems in hospice care.
CMS must first strengthen the survey process to address quality and patient protections. CMS should also promote physician involvement and accountability to ensure beneficiaries receive appropriate care and physicians properly and adequately tie payment to beneficiary needs and quality of care. Additionally, CMS should explain the hospice benefit to families and caregivers by producing consumer-friendly information.
- Mitigating risks to individuals receiving home and community-based services.
CMS should address this challenge by continuing to implement the Model Practices outlined in the HHS joint report. CMS needs to immediately act upon serious health and safety findings in home-and community-based service providers. The agency must also ensure that states successfully implement Electronic Visit Verification (EVV) systems for all Medicaid personal care services by January 1, 2020 and for all home health services by January 1, 2023.
- Ensuring access to safe and appropriate services for children.
This challenge requires the ACF to ensure state compliance with health and safety standards for childcare providers and evaluate the effectiveness of program integrity and fraud fighting efforts in these programs. In addition, the ACF should improve state foster care program oversight regarding treatment and should specifically strengthen state requirements for children at risk for inappropriate psychotropic medication treatment and prescribing.
- Addressing serious mental illness.
HHS should address this challenge by taking steps to increase access and quality of mental health services, particularly for serious mental illness. HHS should also take steps to implement recommendations made by the Mental Health and Substance Abuse Disorder Parity Task Force.
Improving Financial and Administrative Management and Reducing Improper Payments
HHS reported total budgetary resources of approximately $1.1 trillion for FY 2017. The Department’s programs also account for some of the largest improper payment rates due to the size and funding expenditures of the programs. The top financial and administrative management challenges in administering the massive HHS budget and its programs include:
- Addressing weaknesses in financial management systems.
HHS must address its financial management systems’ weaknesses and continue to implement user access controls. HHS must confirm that system changes are properly approved and approval of these changes is appropriately documented. HHS should also ensure that duties are segregated appropriately such that no employee can both input and approve the information entered into HHS financial management systems.
- Addressing Medicare trust fund issues/social assurances.
HHS and the CMS Chief Actuary should continue to analyze the Patient Protection and Affordable Care Act’s (ACA) impact on the sustainability of productivity adjustments. HHS should also ensure the long-term viability of the Federal Hospital Insurance Trust Fund and revise accounting standards for the Statement of Social Insurance and the Statement of Changes in Social Insurance Amounts.
- Reducing improper payments.
HHS should pursue legislative remedies to develop an appropriate methodology for measuring Temporary Assistance for Needy Families (TANF) payment accuracy. HHS should continue to establish improper payment reduction, with a goal of reporting less than 10 percent improper payments across all programs.
- Improving contract management. HHS should first ensure that acquisition strategies are completed as required, to address this challenge. Agencies awarding complex contracts should assign systems integrators, when appropriate, to better manage the contracts. HHS should strengthen contract closeout and fund management oversight and coordination.
- Implementing the Digital Accountability and Transparency Act of 2014 (DATA Act).
To implement the DATA Act, HHS must continue to address financial management system weaknesses and limit reliance on manual processes to submit the required data.
Protecting the Integrity of HHS Grants
HHS awarded $101 billion in grants across the Department for FY 2017, not including CMS. Appropriate measurement standards should be set, and outcomes need to be monitored to help oversee program integrity. Key challenges to protecting HHS grant integrity include:
- Ensuring appropriate and effective use of grant funds.
To address this challenge, HHS must maintain accountability and transparency for federal funds. HHS must also set baseline expectations and incentives for improvement for grant programs. The Department must issue an updated Grants Policy Statement that includes references to the Part 75 grant rules and the changes made to the rule. It should also ensure that sub-recipients of Child Care and Development Fund (CCDF) funds adequately perform program integrity activities and should expand the scope of state reviews, when necessary, to assess sufficiency of CCDF plans.
- Ensuring effective grant management at the Department level.
HHS will need to set measurement standards, monitor outcomes, and oversee program integrity when implementing its new ReInvent Grants Management initiative. HHS must also use the Office of the Assistant Secretary for Financial Resources’ (ASFR) analysis to fully implement interoperable grant management systems.
- Ensuring program integrity and financial capability at the grantee level.
HHS awarding agencies, in conjunction with states and other grantees, should assess and strengthen program integrity and program evaluation tools to ensure grantee integrity and decrease fraud.
- Combating fraud, waste, and abuse.
The OIG, HHS grant programs, grantees, and sub-recipients must better recognize prevalent fraud schemes. HHS must conduct antifraud activities, such as reviewing provider records, identifying duplicate payments, performing verification checks, and conducting onsite visits. HHS, grantees, and grant sub-recipients must refer suspected fraud to OIG and HHS and should work to increase the number of referrals each year.
Ensuring Food, Drug, and Medical Device Safety
The products under FDA oversight represent about 20 percent of all U.S. consumer spending, and the Department’s budget exceeds $5 billion. As drug supply chains grow increasingly complex, in both domestic and global markets, the FDA must increase efforts to prevent drug diversion, theft, counterfeiting, and adulteration. Key challenges that the FDA must address are:
- Ensuring food safety.
The FDA should create a timely and effective process to correct problems identified during domestic food facility inspections. The FDA should also act against food facilities with significant inspection violations and put in place prompt food recall procedures.
- Ensuring the safety, effectiveness, and quality of drugs and medical devices.
The FDA should continue to implement the 21st Century Cures Act of 2016. The FDA should improve the premarket review process and its procedures for responding to post-market cybersecurity incidents. The agency should encourage device manufactures to analyze cybersecurity risks and create controls to mitigate risk to devices. It should also encourage device manufactures to use FDA meetings, early in the approval process, to discuss cyber security questions prior to submitting a device application. In addition, the FDA should require cybersecurity documentation as part of the hazard analysis that a manufacturer must consider, and include material submitted to the FDA during premarket reviews.
- Ensuring the security of drug supply chains.
The FDA should provide drug wholesale distributors and dispensers with more educational and technical assistance for implementing the drug product tracing provisions of the Drug Supply Chain Security Act (DSCSA).
Ensuring Quality and Integrity in Programs Serving American Indian/Alaska Native (AI/AN) Populations
The Indian Health Service (IHS) has a $5.5 billion budget for FY 2018 to provide primary and preventative health services to 2.3 million AI/AN beneficiaries in 573 federally-recognized Tribes. Other HHS agencies provide grants to Tribes for human services programs such as Head Start and the Low-Income Home Energy Assistance Program (LIHEAP). Key challenge components that address program quality and integrity for AI/AN programs include:
- Addressing deficiencies in IHS management, infrastructure, and quality of care.
HHS should reconvene a multi-agency council that is focused on providing high quality care to AI/AN populations. The IHS should develop a quality-focused compliance program for its hospitals, implement a strategic plan with actionable initiatives and target dates, communicate with IHS leadership about deficiencies in facilities, and provide technical assistance to Tribes operating their own clinics, pursuant to the Indian Self-Determination and Education Assistance Act. The IHS should also ensure that patient information is fully recoverable, implement an effective continuity of operations program, and develop a disaster recovery plan. CMS should provide IHS hospitals with technical assistance and training regarding the Quality Improvement Organization (QIO) 11th Scope of Work.
- Preventing fraud and misuse of HHS funds serving AI/AN populations.
HHS must strengthen program integrity and safeguarding of funds that serve AI/AN populations. The OIG will coordinate with OIGs across departments to audit and expand oversight of HHS and other agencies that serve AI/AN populations. Tribes and Tribal organizations should implement internal control mechanisms and conduct proper procedure training to prevent fraud.
Protecting HHS Data, Systems, and Beneficiaries from Cybersecurity Threats
HHS spends more than $5 billion annually on IT, not including grants-related IT expenditures. Each HHS agency has its own IT systems, making cybersecurity protection across the Department more complex. Key challenges that HHS faces in combating these health data cybersecurity threats include:
- Securing HHS data and systems.
HHS needs a well-designed contingency program to respond to both natural or man-made disasters and cyber threats. The Department must also proactively identify vulnerabilities and develop mitigation protocols for cybersecurity threats. HHS should focus on its ability to efficiently and effectively respond to threats, including the Department’s ability to utilize incident response channels and its contingency plan.
- Advancing cybersecurity within the health care ecosystem.
HHS should seek partnerships with other public and private stakeholders regarding cybersecurity information, emerging threats, risks, and best practices. HHS must also ensure that cybersecurity threats and guidance on cyber hygiene best practices are properly communicated to the health care and public health sectors.
Ensuring that HHS Prescription Drug Programs Work as Intended
HHS oversees prescription drug coverage under various programs such as Medicare, Medicaid, and IHS. These programs accounted for a combined 40 percent (roughly), or $130 billion, of total U.S. drug expenditures in 2016. HHS also directs prescription drug availability and pricing through programs such as the 340B Drug Pricing Program. HHS has several major challenges is administering prescription drug programs, which include:
- Protecting the integrity of prescription drug programs.
First, CMS should pursue a means to gain authority, likely through legislative changes, to compel manufacturers to correct inaccurate classification data that is reported to the Medicaid Drug Rebate Program. CMS should also conduct periodic matches between CMS provided Medicaid quarterly rebate amounts and the rebate offset amount sent to states to decrease the incorrect rebate amounts claimed. The OIG has recommended that Part D prescribers must also be enrolled in Medicare; this will help the OIG coordinate efforts around mitigating problematic prescribers who would otherwise have been excluded if the provider was enrolled in Medicare. State agencies should be strengthening internal controls to verify that all physician-administered outpatient drugs eligible for rebates under the Medicaid Drug Rebate program are invoiced. Next, CMS should require claim-level methods to be used so that states can more accurately identify 340B drug claims. Additionally, CMS should clarify coverage of compounded topical drug and utilization management tool usage policies in Part D. The HRSA should share 340B ceiling prices with 340B providers and states to increase transparency. Finally, the HRSA should also clarify guidance on preventing duplicate discounts for Medicaid MCO-paid drugs.
- Fostering prudent payments for prescription drugs.
CMS should seek a legislative solution for determining when non-covered versions of drugs should be included in Medicare Part B payment amount calculations. The agency should also make regulatory changes that decrease Medicare Part B payment rates for dispensing and supplying Part B drugs to rates similar to Medicare Part D and Medicaid.
- Ensuring appropriate access to prescription drugs.
HHS should ensure that there is appropriate beneficiary access to prescription drug programs when analyzing payment and program integrity policies. This can be done by requiring that policies meet minimum access standards when programs implement utilization management tools.
Ensuring Effective Preparation and Response to Public Health Emergencies
HHS is the lead agency for the Federal Government’s response to public health emergencies. The Office of the Assistant Secretary for Preparedness and Response (ASPR) also provides technical assistance and guidance to health care providers, emergency managers, and other emergency preparedness stakeholders during and after disasters. The key challenges for preparation and response to public health emergencies include:
- Ensuring access to health and human services during and after emergencies.
First, HHS should improve coordination within the public health and human services infrastructure to ensure that providers are implementing emergency preparedness requirements efficiently. Next, CMS should ensure that providers’ emergency preparedness requirements are effectively assessed by surveyors. Additionally, the ASPR should improve data collection and use data to provide real-time information about emerging threats and rapid emergency response. The ASPR should also use formula-based cooperative agreements, Regional Disaster Health Response System pilots, and support programs related to health care preparedness, response, and recovery to continue building regional surge capacity.
- Ensuring effective use and oversight of funding.
HHS should provide grantees with appropriate guidance on supplemental disaster relief fund use, fund expiration, and required documentation to ensure program integrity.
- Ensuring effective and timely responses to infectious disease threats.
HHS should improve the Strategic National Stockpile (SNS), which is a repository of medical countermeasures (MCMs) (i.e., vaccines, therapeutics, and diagnostics) to ensure that inventory is deployable in case of a public health emergency. Also, the ASPR should continue expanding the emerging infectious disease MCMs under development. Additionally, CMS should monitor emergency preparedness requirements to ensure that hospitals include emerging infectious diseases in their preparation.
The OIG report is available at: