Beta This is a new resource - your feedback will help us improve it. Learn More.
Recommendations Tracker
HHS-OIG provides independent and objective oversight that promotes economy, efficiency, and effectiveness in HHS programs and operations. To drive this positive change, we produce reports and identify recommendations for improvement. We have developed this public-facing page for tracking all of our open recommendations.
Use the “Top Unimplemented” View below to read OIG’s Top Unimplemented Recommendations—a subset that we think, if implemented, would have the most impact (learn more). Notable differences from our previous Top Unimplemented Recommendations report include:
- The list is comprised of individual recommendations from OIG reports, not rolled up by topic.
- No arbitrary cap is imposed on the number of recommendations included.
- Status updates as recommendations are implemented.
Summary of All Recommendations
Updated Monthly · Last updated on November 15, 2024
1,310
Unimplemented
recommendations
$270.4B
Potential savingsfrom unimplemented recommendations
2,698
Implemented and Closed
recommendations since FY 2017
Views
OIG Recommendations Grouped by Report
Showing 181–200 of 1,223 reports, containing 4,008 recommendations
Sorted by latest release date
-
The Risk of Misuse and Diversion of Buprenorphine for Opioid Use Disorder Appears to Be Low in Medicare Part D
23-E-02-028.01CMS should monitor the use of buprenorphine and share information, as appropriate, with Departmental partners.- Status
- Open Unimplemented
- Responsible Agency
- CMS
- Response
- Partial Concur
- Potential Savings
- -
- Last Update Received
- 04/09/2024
- Next Update Expected
- 05/15/2025
- Legislative Related
- No
23-E-02-028.02CMS should inform providers about buprenorphine use and the low risk of diversion to encourage providers to treat more Part D enrollees who have opioid use disorder.- Status
- Closed Implemented
- Responsible Agency
- CMS
- Response
- Concur
- Potential Savings
- -
- Last Update Received
- -
- Closed Date
- 05/15/2024
- Legislative Related
- No
23-E-02-028.03CMS should take steps to inform providers about the availability of buprenorphine combination products in Part D, which can minimize the risk of misuse and diversion.- Status
- Closed Implemented
- Responsible Agency
- CMS
- Response
- Concur
- Potential Savings
- -
- Last Update Received
- -
- Closed Date
- 05/15/2024
- Legislative Related
- No
23-E-02-028.04CMS should follow up on the prescribers with concerning patterns identified in this report.- Status
- Closed Implemented
- Responsible Agency
- CMS
- Response
- Concur
- Potential Savings
- -
- Last Update Received
- -
- Closed Date
- 01/24/2024
- Legislative Related
- No
-
Massachusetts MMIS and E&E System Security Controls Were Generally Effective, but Some Improvements Are Needed
23-A-18-071.01We recommend that the Massachusetts Department of Health and Human Services remediate the three security control findings OIG identified.- Status
- Open Unimplemented
- Responsible Agency
- CMS
- Response
- Concur
- Potential Savings
- -
- Last Update Received
- 10/04/2024
- Next Update Expected
- 04/04/2025
- Legislative Related
- No
23-A-18-071.02We recommend that the Massachusetts Department of Health and Human Services assess the effectiveness of all required NIST SP 800-53 controls according to the organization's defined frequency.- Status
- Open Unimplemented
- Responsible Agency
- CMS
- Response
- Concur
- Potential Savings
- -
- Last Update Received
- 10/04/2024
- Next Update Expected
- 04/04/2025
- Legislative Related
- No
23-A-18-071.03We recommend that the Massachusetts Department of Health and Human Services assess and adjust if necessary, vulnerability management procedures to ensure any pertinent publicly disclosed computer security vulnerabilities are assessed for risk and remediated promptly, if necessary.- Status
- Open Unimplemented
- Responsible Agency
- CMS
- Response
- Concur
- Potential Savings
- -
- Last Update Received
- 10/04/2024
- Next Update Expected
- 04/04/2025
- Legislative Related
- No
-
State Agencies Can Improve Their Reporting of Children Missing From Foster Care to Law Enforcement for Entry Into the National Crime Information Center Database as Required by Federal Statute
23-A-07-070.01We recommend that the Administration for Children and Families work with State agencies to ensure compliance with Federal requirements to report missing children episodes to law enforcement for entry into the NCIC database in a timely manner.- Status
- Closed Implemented
- Responsible Agency
- ACF
- Response
- Concur
- Potential Savings
- -
- Last Update Received
- -
- Closed Date
- 08/23/2024
- Legislative Related
- No
-
Review of the Department of Health and Human Services' Compliance with the Federal Information Security Modernization Act of 2014 for Fiscal Year 2022
23-A-18-069.01To strengthen HHS' enterprise-wide cybersecurity program, based on our reviews across the Department, we recommend that HHS continue to work with the OpDivs to implement automated CDM solutions to increase awareness and improve mitigation efforts across all of HHS.- Status
- Closed Unimplemented
- Responsible Agency
- OS
- Response
- Concur
- Potential Savings
- -
- Last Update Received
- -
- Closed Date
- 04/08/2024
- Legislative Related
- No
23-A-18-069.02To strengthen HHS' enterprise-wide cybersecurity program, based on our reviews across the Department, we recommend that HHS continue to advance the SCRM program to implement defined standards across HHS.- Status
- Closed Unimplemented
- Responsible Agency
- OS
- Response
- Concur
- Potential Savings
- -
- Last Update Received
- -
- Closed Date
- 11/27/2023
- Legislative Related
- No
23-A-18-069.03To strengthen HHS' enterprise-wide cybersecurity program, based on our reviews across the Department, we recommend that HHS continue to work with the OpDivs to ensure privileged users' logical access contains strong authentication mechanisms; and to confirm that OpDivs are periodically performing sufficient monitoring over privileged user access.- Status
- Closed Unimplemented
- Responsible Agency
- OS
- Response
- Non-Concur
- Potential Savings
- -
- Last Update Received
- -
- Closed Date
- 11/27/2023
- Legislative Related
- No
23-A-18-069.04To strengthen HHS' enterprise-wide cybersecurity program, based on our reviews across the Department, we recommend that HHS confirm that the OpDivs contingency plan testing is being performed within the timeframe required by HHS policy.- Status
- Open Unimplemented
- Responsible Agency
- OS
- Response
- Non-Concur
- Potential Savings
- -
- Last Update Received
- 11/27/2023
- Next Update Expected
- 05/27/2024
- Legislative Related
- No
23-A-18-069.05We recommend that the HHS OCIO work with the OpDivs to ensure that all OpDivs implement the capability to deny access to mobile devices, such as smartphones and tablets, from connecting to the network if the device's software is outdated.- Status
- Closed Implemented
- Responsible Agency
- OS
- Response
- Concur
- Potential Savings
- -
- Last Update Received
- -
- Closed Date
- 04/08/2024
- Legislative Related
- No
23-A-18-069.06We recommend that the HHS OCIO work with the OpDivs to implement oversight sufficient to ensure that Information Security Continuous Monitoring (ISCM) policies and procedures are consistently implemented in accordance with NIST standards for all systems.- Status
- Closed Implemented
- Responsible Agency
- OS
- Response
- Concur
- Potential Savings
- -
- Last Update Received
- -
- Closed Date
- 11/27/2023
- Legislative Related
- No
23-A-18-069.07We recommend that the HHS OCIO work with the OpDivs to ensure that all OpDivs remediate weaknesses identified during controls assessments and review/perform risk assessments within the timeframe established by HHS policy.- Status
- Open Unimplemented
- Responsible Agency
- OS
- Response
- Concur
- Potential Savings
- -
- Last Update Received
- 11/27/2023
- Next Update Expected
- 05/27/2024
- Legislative Related
- No
23-A-18-069.08We recommend that the HHS OCIO work with the OpDivs to ensure that all OpDivs complete its discovery of all information systems and maintain an up- to-date inventory of systems, software, and licenses.- Status
- Open Unimplemented
- Responsible Agency
- OS
- Response
- Concur
- Potential Savings
- -
- Last Update Received
- 11/27/2023
- Next Update Expected
- 05/27/2024
- Legislative Related
- No
23-A-18-069.09We recommend that the HHS OCIO work with the OpDivs to ensure that SCAs are conducted within the appropriate timeframe as defined by policy for all systems.- Status
- Closed Implemented
- Responsible Agency
- OS
- Response
- Concur
- Potential Savings
- -
- Last Update Received
- -
- Closed Date
- 11/27/2023
- Legislative Related
- No
23-A-18-069.10We recommend that the HHS OCIO work with the OpDivs to ensure that all OpDiv's SCRM policies and procedures are being consistently implemented across the organization and ensure their execution.- Status
- Closed Unimplemented
- Responsible Agency
- OS
- Response
- Concur
- Potential Savings
- -
- Last Update Received
- -
- Next Update Expected
- Legislative Related
- No
23-A-18-069.11We recommend that the HHS OCIO work with the OpDivs to ensure that all OpDivs finalize and implement draft policies and procedures to include the review of suppliers or contractors for risks to the organization's systems and system components.- Status
- Open Unimplemented
- Responsible Agency
- OS
- Response
- Concur
- Potential Savings
- -
- Last Update Received
- 11/27/2023
- Next Update Expected
- 05/27/2024
- Legislative Related
- No
23-A-18-069.12We recommend that the HHS OCIO work with the OpDivs to ensure that OpDivs define and implement policy for data exfiltration, enhanced network defenses, e-mail authentication, and DNS infrastructure tampering mitigation. Further, ensure the OpDiv enforces implementation of data encryption in transit and at rest in accordance with HHS policy, NIST standards, and OMB guidance.- Status
- Closed Unimplemented
- Responsible Agency
- OS
- Response
- Concur
- Potential Savings
- -
- Last Update Received
- -
- Closed Date
- 11/27/2023
- Legislative Related
- No
23-A-18-069.13We recommend that the HHS OCIO work with the OpDivs to ensure that all OpDivs implement the requirement to resolve high and critical vulnerabilities within 30 and 15 days respectively and create POA&Ms to monitor and resolve the weakness in a timely manner.- Status
- Closed Implemented
- Responsible Agency
- OS
- Response
- Concur
- Potential Savings
- -
- Last Update Received
- -
- Closed Date
- 09/06/2023
- Legislative Related
- No
23-A-18-069.14We recommend that the HHS OCIO work with the OpDivs to ensure that all OpDivs implement its policies and procedures to perform periodic BIAs and contingency plan testing within the timeframe required by HHS policy.- Status
- Open Unimplemented
- Responsible Agency
- OS
- Response
- Concur
- Potential Savings
- -
- Last Update Received
- 11/27/2023
- Next Update Expected
- 05/27/2024
- Legislative Related
- No
23-A-18-069.15We recommend that the HHS OCIO work with the OpDivs to ensure the timely completion of PIAs for all systems to identify privacy and compliance risk with federal regulations or laws, tracking implementation of privacy controls, identifying instances where the Agency collects or handles PII and/or PHI subject to the Privacy Act of 1974.- Status
- Closed Implemented
- Responsible Agency
- OS
- Response
- Concur
- Potential Savings
- -
- Last Update Received
- -
- Closed Date
- 09/06/2023
- Legislative Related
- No
23-A-18-069.16We recommend that the HHS OCIO work with the OpDivs to ensure that secure configuration settings are being maintained as defined by existing policy.- Status
- Open Unimplemented
- Responsible Agency
- OS
- Response
- Concur
- Potential Savings
- -
- Last Update Received
- 11/27/2023
- Next Update Expected
- 05/27/2024
- Legislative Related
- No
23-A-18-069.17We recommend that the HHS OCIO work with the OpDivs to ensure that all operational systems have multifactor or an alternative strong authentication mechanism (PIV or an Identity Assurance Level (IAL)3/Authenticator Assurance Level (AAL) 3 credential) for both privileged and non-privileged users.- Status
- Open Unimplemented
- Responsible Agency
- OS
- Response
- Concur
- Potential Savings
- -
- Last Update Received
- 11/27/2023
- Next Update Expected
- 05/27/2024
- Legislative Related
- No
23-A-18-069.18We recommend that the HHS OCIO work with the OpDivs to ensure that policies and procedures for identity and access management are being consistently implemented and proper safeguards (i.e., logging, monitoring, review of privileged user activity) are developed across the Department to ensure their execution.- Status
- Closed Implemented
- Responsible Agency
- OS
- Response
- Concur
- Potential Savings
- -
- Last Update Received
- -
- Closed Date
- 11/27/2023
- Legislative Related
- No
23-A-18-069.19We recommend that the HHS OCIO work with the OpDivs to ensure that all OpDivs enforce its policies and procedures established to review users' activities periodically.- Status
- Closed Unimplemented
- Responsible Agency
- OS
- Response
- Concur
- Potential Savings
- -
- Last Update Received
- -
- Closed Date
- 11/27/2023
- Legislative Related
- No
23-A-18-069.20We recommend that the HHS OCIO work with the OpDivs to implement oversight procedures sufficient to ensure that all personnel complete role-based training in a timely manner.- Status
- Closed Implemented
- Responsible Agency
- OS
- Response
- Concur
- Potential Savings
- -
- Last Update Received
- -
- Closed Date
- 11/27/2023
- Legislative Related
- No
23-A-18-069.21We recommend that the HHS OCIO work with the OpDivs to ensure that operational systems have valid and current Authorization to Operate (ATO) and that security controls are assessed annually as per HHS policy.- Status
- Open Unimplemented
- Responsible Agency
- OS
- Response
- Concur
- Potential Savings
- -
- Last Update Received
- 11/27/2023
- Next Update Expected
- 05/27/2024
- Legislative Related
- No
23-A-18-069.22We recommend that the HHS OCIO work with the OpDivs to implement oversight sufficient to ensure that all OpDivs review pre-defined privileged users' activities periodically and document the review and any follow-up activities for all systems.- Status
- Closed Unimplemented
- Responsible Agency
- OS
- Response
- Concur
- Potential Savings
- -
- Last Update Received
- -
- Closed Date
- 11/27/2023
- Legislative Related
- No
23-A-18-069.23We recommend that the HHS OCIO work with the OpDivs to consistently implement the requirement to assign risk designations, re-signing access agreements, and training for all systems so that OpDivs can restrict privileges for users based on risk designations.- Status
- Closed Implemented
- Responsible Agency
- OS
- Response
- Concur
- Potential Savings
- -
- Last Update Received
- -
- Closed Date
- 11/27/2023
- Legislative Related
- No
23-A-18-069.24We recommend that the HHS OCIO work with the OpDivs to ensure that data encryption methods to protect data determined to be PII or sensitive are implemented across the organization for all systems.- Status
- Closed Implemented
- Responsible Agency
- OS
- Response
- Concur
- Potential Savings
- -
- Last Update Received
- -
- Closed Date
- 11/27/2023
- Legislative Related
- No
-
The Office of Refugee Resettlement Needs To Improve Its Practices for Background Checks During Influxes
23-A-06-067.01We recommend that the Office of Refugee Resettlement ensure that all ICFs and EISs currently in operation have conducted the required background checks on current employees whose checks were not conducted or take action to ensure that these employees do not have direct access to children while any results of the checks are pending.- Status
- Closed Implemented
- Responsible Agency
- ACF
- Response
- Concur
- Potential Savings
- -
- Last Update Received
- -
- Closed Date
- 11/16/2023
- Legislative Related
- No
23-A-06-067.02We recommend that the Office of Refugee Resettlement clarify and reissue guidance for background checks at EISs so that it is clear which checks are required, who is responsible for conducting the checks, and which checks must be conducted prior to hire.- Status
- Closed Implemented
- Responsible Agency
- ACF
- Response
- Concur
- Potential Savings
- -
- Last Update Received
- -
- Closed Date
- 11/16/2023
- Legislative Related
- No
23-A-06-067.03We recommend that the Office of Refugee Resettlement include a review of compliance by ICFs and EISs with all background check requirements and facility access as a part of ORR's routine site visit monitoring.- Status
- Closed Implemented
- Responsible Agency
- ACF
- Response
- Concur
- Potential Savings
- -
- Last Update Received
- -
- Closed Date
- 03/21/2024
- Legislative Related
- No
23-A-06-067.04We recommend that the Office of Refugee Resettlement ensure that future awards and subawards for services that involve contact with children (e.g., transportation) include detailed information on background check requirements and specify that background checks must be conducted prior to hire.- Status
- Closed Implemented
- Responsible Agency
- ACF
- Response
- Concur
- Potential Savings
- -
- Last Update Received
- -
- Closed Date
- 11/16/2023
- Legislative Related
- No
23-A-06-067.05We recommend that the Office of Refugee Resettlement re-evaluate the need for waivers of background checks and explore alternative means of obtaining required checks.- Status
- Closed Implemented
- Responsible Agency
- ACF
- Response
- Concur
- Potential Savings
- -
- Last Update Received
- -
- Closed Date
- 11/16/2023
- Legislative Related
- No
23-A-06-067.06We recommend that the Office of Refugee Resettlement re-evaluate the use of public records checks in lieu of, or prior to receiving the results of, FBI fingerprint and CA/N checks, and require a DOJ sex offender registry check in addition to a public records check if ORR determines there is a need to use public records checks.- Status
- Closed Implemented
- Responsible Agency
- ACF
- Response
- Concur
- Potential Savings
- -
- Last Update Received
- -
- Closed Date
- 11/16/2023
- Legislative Related
- No
23-A-06-067.07We recommend that the Office of Refugee Resettlement reiterate to EISs the importance of ensuring that access to a site is secure and that access badges are collected and deactivated for individuals who no longer require access to EISs.- Status
- Closed Implemented
- Responsible Agency
- ACF
- Response
- Concur
- Potential Savings
- -
- Last Update Received
- -
- Closed Date
- 11/16/2023
- Legislative Related
- No
-
Medicare Improperly Paid Providers for Some Psychotherapy Services, Including Those Provided via Telehealth, During the First Year of the COVID-19 Public Health Emergency
23-A-09-068.01We recommend that the Centers for Medicare & Medicaid Services work with the MACs to recover $35,560 in improper payments made to providers for the 128 sampled enrollee days that did not meet Medicare requirements.- Status
- Closed Implemented
- Responsible Agency
- CMS
- Response
- Concur
- Potential Savings
- $35,560
- Last Update Received
- -
- Closed Date
- 08/26/2024
- Legislative Related
- No
23-A-09-068.02We recommend that the Centers for Medicare & Medicaid Services work with the MACs to based upon the results of this audit, notify appropriate providers (i.e., those for whom CMS determines this audit constitutes credible information of potential overpayments) so that the providers can exercise reasonable diligence to identify, report, and return any overpayments in accordance with the 60-day rule and identify any of those returned overpayments as having been made in accordance with this recommendation.- Status
- Closed Implemented
- Responsible Agency
- CMS
- Response
- Concur
- Potential Savings
- -
- Last Update Received
- -
- Closed Date
- 08/10/2023
- Legislative Related
- No
23-A-09-068.03Now that CMS has reinstituted most program integrity measures, we also recommend that CMS take the following steps, which if in effect during the audit period could have saved Medicare an estimated $579,667,510 during that period: Conduct medical reviews of psychotherapy services, including services provided via telehealth, to verify that the services are documented and billed in accordance with Medicare requirements.- Status
- Closed Implemented
- Responsible Agency
- CMS
- Response
- Concur
- Potential Savings
- $579,631,950
- Last Update Received
- -
- Closed Date
- 09/30/2024
- Legislative Related
- No
23-A-09-068.04Now that CMS has reinstituted most program integrity measures, we also recommend that CMS take the following steps, which if in effect during the audit period could have saved Medicare an estimated $579,667,510 during that period: Implement system edits for psychotherapy services, including services provided via telehealth, to prevent payments for services that were billed incorrectly.- Status
- Closed Implemented
- Responsible Agency
- CMS
- Response
- Non-Concur
- Potential Savings
- -
- Last Update Received
- -
- Closed Date
- 02/02/2024
- Legislative Related
- No
23-A-09-068.05Now that CMS has reinstituted most program integrity measures, we also recommend that CMS take the following steps, which if in effect during the audit period could have saved Medicare an estimated $579,667,510 during that period: Strengthen educational efforts to make providers aware of educational materials on how to meet Medicare requirements and guidance for psychotherapy services, including services provided via telehealth.- Status
- Closed Implemented
- Responsible Agency
- CMS
- Response
- Concur
- Potential Savings
- -
- Last Update Received
- -
- Closed Date
- 09/30/2024
- Legislative Related
- No
23-A-09-068.06Now that CMS has reinstituted most program integrity measures, we also recommend that CMS work with the MACs to take the following steps, which if in effect during the audit period could have saved Medicare an estimated $579,667,510 during that period: Review MAC jurisdictions' LCD requirements for psychotherapy services to identify which provisions effectively promote program integrity, and consider additional steps that CMS could undertake to ensure appropriate coverage and payment for psychotherapy services across all jurisdictions.- Status
- Open Unimplemented
- Responsible Agency
- CMS
- Response
- Overdue
- Potential Savings
- -
- Last Update Received
- -
- Next Update Expected
- 11/01/2023
- Legislative Related
- No
-
Medicare Could Have Saved Up To $128 Million Over 5 Years if CMS Had Implemented Controls To Address Duplicate Payments for Services Provided to Individuals With Medicare and Veterans Health Administration Benefits
23-A-09-066.01We recommend that the Centers for Medicare & Medicaid Services establish a comprehensive data-sharing agreement with VHA for the ongoing sharing of data.- Status
- Open Unimplemented
- Responsible Agency
- CMS
- Response
- Concur
- Potential Savings
- -
- Last Update Received
- 08/16/2024
- Next Update Expected
- 02/16/2025
- Legislative Related
- No
23-A-09-066.02We recommend that the Centers for Medicare & Medicaid Services establish an interagency process to integrate VHA enrollment, claims, and payment data into the CMS IDR to identify potential fraud, waste, and abuse under the Medicare program.- Status
- Open Unimplemented
- Responsible Agency
- CMS
- Response
- Concur
- Potential Savings
- -
- Last Update Received
- 04/05/2024
- Next Update Expected
- 10/06/2024
- Legislative Related
- No
23-A-09-066.03We recommend that the Centers for Medicare & Medicaid Services establish an internal process (such as system edits) to address duplicate payments made by Medicare for medical services authorized and paid for by VHA, which could have saved Medicare up to $128 million during our audit period.- Status
- Open Unimplemented
- Responsible Agency
- CMS
- Response
- Concur
- Potential Savings
- $127,981,462
- Last Update Received
- 08/16/2024
- Next Update Expected
- 02/16/2025
- Legislative Related
- No
23-A-09-066.04We recommend that the Centers for Medicare & Medicaid Services issue guidance to providers on not billing Medicare for a medical service that was authorized by VHA.- Status
- Closed Implemented
- Responsible Agency
- CMS
- Response
- Concur
- Potential Savings
- -
- Last Update Received
- -
- Closed Date
- 08/16/2024
- Legislative Related
- No
-
Crow/Northern Cheyenne Hospital—an IHS-Operated Health Facility—Did Not Timely Conduct Required Background Checks of Staff and Supervise Certain Staff
23-A-02-065.01We recommend that Crow/Northern Cheyenne Hospital, Billings Area Office, and Indian Health Service Headquarters work together to take action to complete background investigations for staff members identified in this report as not having a satisfactory background investigation and adjudicate the investigations that were still pending adjudication.- Status
- Open Unimplemented
- Responsible Agency
- IHS
- Response
- Overdue
- Potential Savings
- -
- Last Update Received
- -
- Next Update Expected
- 10/20/2023
- Legislative Related
- No
23-A-02-065.02We recommend that Crow/Northern Cheyenne Hospital, Billings Area Office, and Indian Health Service Headquarters work together to update standard operating procedures for background investigations to address the deficiencies we identified in this report.- Status
- Open Unimplemented
- Responsible Agency
- IHS
- Response
- Overdue
- Potential Savings
- -
- Last Update Received
- -
- Next Update Expected
- 10/20/2023
- Legislative Related
- No
23-A-02-065.03We recommend that Crow/Northern Cheyenne Hospital, Billings Area Office, and Indian Health Service Headquarters work together to establish a monitoring system to ensure all elements of required background investigations in accordance with Federal requirements are completed within required timeframes.- Status
- Open Unimplemented
- Responsible Agency
- IHS
- Response
- Overdue
- Potential Savings
- -
- Last Update Received
- -
- Next Update Expected
- 10/20/2023
- Legislative Related
- No
23-A-02-065.04We recommend that Crow/Northern Cheyenne Hospital, Billings Area Office, and Indian Health Service Headquarters work together to determine which staff members in contact with Indian children currently have a pending background investigation and take immediate action to ensure that there is adequate documented evidence that these staff members meet IHS sight and supervision requirements when children are in their care.- Status
- Open Unimplemented
- Responsible Agency
- IHS
- Response
- Overdue
- Potential Savings
- -
- Last Update Received
- -
- Next Update Expected
- 10/20/2023
- Legislative Related
- No
23-A-02-065.05We recommend that Crow/Northern Cheyenne Hospital, Billings Area Office, and Indian Health Service Headquarters work together to update standard operating procedures for provisional staff supervision to address the deficiencies we identified in this report.- Status
- Open Unimplemented
- Responsible Agency
- IHS
- Response
- Overdue
- Potential Savings
- -
- Last Update Received
- -
- Next Update Expected
- 10/20/2023
- Legislative Related
- No
23-A-02-065.06We recommend that Crow/Northern Cheyenne Hospital, Billings Area Office, and Indian Health Service Headquarters work together to establish a monitoring system to ensure that the Hospital meets sight and supervision requirements for staff with pending background investigations and documents that they are met.- Status
- Open Unimplemented
- Responsible Agency
- IHS
- Response
- Overdue
- Potential Savings
- -
- Last Update Received
- -
- Next Update Expected
- 10/20/2023
- Legislative Related
- No
-
CMS Did Not Accurately Report on Care Compare One or More Deficiencies Related to Health, Fire Safety, and Emergency Preparedness for an Estimated Two-Thirds of Nursing Homes
23-A-09-064.01We recommend that the Centers for Medicare & Medicaid Services correct the inaccurately reported deficiencies that we identified for the sampled nursing homes.- Status
- Closed Implemented
- Responsible Agency
- CMS
- Response
- Non-Concur
- Potential Savings
- -
- Last Update Received
- -
- Closed Date
- 02/12/2024
- Legislative Related
- No
23-A-09-064.02We recommend that the Centers for Medicare & Medicaid Services evaluate whether additional modifications are needed to existing programming in CASPER that prevented the entry of 2 different inspections that were performed on the same date.- Status
- Closed Implemented
- Responsible Agency
- CMS
- Response
- Non-Concur
- Potential Savings
- -
- Last Update Received
- -
- Closed Date
- 06/26/2023
- Legislative Related
- No
23-A-09-064.03We recommend that the Centers for Medicare & Medicaid Services ensure that any future revisions to the list of deficiencies that is used to describe deficiencies reported on Care Compare are accurate.- Status
- Closed Implemented
- Responsible Agency
- CMS
- Response
- Non-Concur
- Potential Savings
- -
- Last Update Received
- -
- Closed Date
- 06/26/2023
- Legislative Related
- No
23-A-09-064.04We recommend that the Centers for Medicare & Medicaid Services correct existing programming in ASPEN that prevented the 56 emergency preparedness deficiencies from being reported on Care Compare.- Status
- Closed Implemented
- Responsible Agency
- CMS
- Response
- Non-Concur
- Potential Savings
- -
- Last Update Received
- -
- Closed Date
- 02/12/2024
- Legislative Related
- No
23-A-09-064.05We recommend that the Centers for Medicare & Medicaid Services strengthen its processes for reviewing inspection results reported on Care Compare by requiring State survey agencies to verify that deficiencies shown in ASPEN are also shown in CASPER when they are preparing to conduct an inspection.- Status
- Closed Acceptable Alternative
- Responsible Agency
- CMS
- Response
- Concur
- Potential Savings
- -
- Last Update Received
- -
- Closed Date
- 02/12/2024
- Legislative Related
- No
23-A-09-064.06We recommend that the Centers for Medicare & Medicaid Services strengthen its processes for reviewing inspection results reported on Care Compare by providing technical assistance and additional training to State survey agencies that are not following procedures in the State Operations Manual and ASPEN Central Office Procedures Guide for reporting deficiencies in ASPEN.- Status
- Closed Implemented
- Responsible Agency
- CMS
- Response
- Concur
- Potential Savings
- -
- Last Update Received
- -
- Closed Date
- 02/12/2024
- Legislative Related
- No
23-A-09-064.07We recommend that the Centers for Medicare & Medicaid Services strengthen its processes for reviewing inspection results reported on Care Compare by including in its manual quality assurance check a verification that nursing home inspection results are accurately reported.- Status
- Closed Acceptable Alternative
- Responsible Agency
- CMS
- Response
- Non-Concur
- Potential Savings
- -
- Last Update Received
- -
- Closed Date
- 02/12/2024
- Legislative Related
- No
-
Medicare Advantage Compliance Audit of Specific Diagnosis Codes That HumanaChoice (Contract H6609) Submitted to CMS
23-A-05-063.01We recommend that HumanaChoice refund to the Federal Government the $480,295 of net overpayments.- Status
- Open Unimplemented
- Responsible Agency
- CMS
- Response
- Concur
- Potential Savings
- $480,295
- Last Update Received
- 09/30/2024
- Next Update Expected
- 03/30/2025
- Legislative Related
- No
23-A-05-063.02We recommend that HumanaChoice identify, for the high-risk diagnoses included in this report, similar instances of noncompliance that occurred before or after our audit period and refund any resulting overpayments to the Federal Government.- Status
- Open Unimplemented
- Responsible Agency
- CMS
- Response
- Concur
- Potential Savings
- -
- Last Update Received
- 09/30/2024
- Next Update Expected
- 03/30/2025
- Legislative Related
- No
23-A-05-063.03We recommend that HumanaChoice examine its existing compliance procedures to identify areas where improvements can be made to ensure that diagnosis codes that are at high risk for being miscoded comply with Federal requirements and take the necessary steps to enhance those procedures.- Status
- Open Unimplemented
- Responsible Agency
- CMS
- Response
- Concur
- Potential Savings
- -
- Last Update Received
- 09/30/2024
- Next Update Expected
- 03/30/2025
- Legislative Related
- No
-
Rhode Island Medicaid Fraud Control Unit: 2022 Inspection
22-E-07-040.01Assess whether the Office of the Attorney General's case management system can be modified to fully meet the Unit's needs, and if appropriate, seek approval to implement its own case management system.- Status
- Closed Implemented
- Responsible Agency
- MFCU
- Response
- Concur
- Potential Savings
- -
- Last Update Received
- -
- Closed Date
- 02/08/2024
- Legislative Related
- No
22-E-07-040.02Establish policies and/or procedures to ensure that case files are maintained in an effective manner.- Status
- Closed Implemented
- Responsible Agency
- MFCU
- Response
- Concur
- Potential Savings
- -
- Last Update Received
- -
- Closed Date
- 02/08/2024
- Legislative Related
- No
22-E-07-040.03Develop a plan to ensure that case files include documentation of periodic supervisory reviews and update the Unit's policies and procedures manual to describe the Unit's current practices for periodic supervisory reviews.- Status
- Closed Implemented
- Responsible Agency
- MFCU
- Response
- Concur
- Potential Savings
- -
- Last Update Received
- -
- Closed Date
- 02/08/2024
- Legislative Related
- No
22-E-07-040.04Update its policies and procedures manual to reflect current practices.- Status
- Closed Implemented
- Responsible Agency
- MFCU
- Response
- Concur
- Potential Savings
- -
- Last Update Received
- -
- Closed Date
- 02/08/2024
- Legislative Related
- No
22-E-07-040.05Assess the duties of the Supervisor of Investigations, and if warranted, develop a plan to reduce his nonmanagerial duties.- Status
- Closed Implemented
- Responsible Agency
- MFCU
- Response
- Concur
- Potential Savings
- -
- Last Update Received
- -
- Closed Date
- 12/01/2023
- Legislative Related
- No
22-E-07-040.06Take steps to ensure that convictions and adverse actions are reported to Federal partners within the appropriate timeframes.- Status
- Closed Implemented
- Responsible Agency
- MFCU
- Response
- Concur
- Potential Savings
- -
- Last Update Received
- -
- Closed Date
- 02/08/2024
- Legislative Related
- No
22-E-07-040.07Take steps to track and verify that Unit staff meet requirements in its training plan.- Status
- Closed Implemented
- Responsible Agency
- MFCU
- Response
- Concur
- Potential Savings
- -
- Last Update Received
- -
- Closed Date
- 12/01/2023
- Legislative Related
- No
-
Medicare Advantage Compliance Audit of Specific Diagnosis Codes That Cigna-HealthSpring Life & Health Insurance Company, Inc. (Contract H4513) Submitted to CMS
23-A-07-062.01We recommend that Cigna-HealthSpring Life & Health Insurance Company, Inc. refund to the Federal Government the $468,372 of overpayments.- Status
- Open Unimplemented
- Responsible Agency
- CMS
- Response
- Concur
- Potential Savings
- $468,372
- Last Update Received
- 09/16/2024
- Next Update Expected
- 03/16/2025
- Legislative Related
- No
23-A-07-062.02We recommend that Cigna-HealthSpring Life & Health Insurance Company, Inc. identify, for the high-risk diagnoses included in this report, similar instances of noncompliance that occurred before or after our audit period and refund any resulting overpayments to the Federal Government.- Status
- Open Unimplemented
- Responsible Agency
- CMS
- Response
- Concur
- Potential Savings
- -
- Last Update Received
- 09/16/2024
- Next Update Expected
- 03/16/2025
- Legislative Related
- No
23-A-07-062.03We recommend that Cigna-HealthSpring Life & Health Insurance Company, Inc. continue its examination of its existing compliance procedures to identify areas where improvements can be made to ensure that diagnosis codes that are at high risk for being miscoded comply with Federal requirements (when submitted to CMS for use in CMS's risk adjustment program) and take the necessary steps to enhance those procedures.- Status
- Open Unimplemented
- Responsible Agency
- CMS
- Response
- Concur
- Potential Savings
- -
- Last Update Received
- 09/16/2024
- Next Update Expected
- 03/16/2025
- Legislative Related
- No
-
Medicare Advantage Compliance Audit of Specific Diagnosis Codes That MCS Advantage, Inc. (Contract H5577) Submitted to CMS
23-A-02-061.01We recommend that MCS Advantage, Inc. refund to the Federal Government the $220,577 of net overpayments.- Status
- Open Unimplemented
- Responsible Agency
- CMS
- Response
- Concur
- Potential Savings
- $220,577
- Last Update Received
- 09/24/2024
- Next Update Expected
- 03/24/2025
- Legislative Related
- No
23-A-02-061.02We recommend that MCS Advantage, Inc. identify, for the high-risk diagnoses included in this report, similar instances of noncompliance that occurred before or after our audit period and refund any resulting overpayments to the Federal Government.- Status
- Open Unimplemented
- Responsible Agency
- CMS
- Response
- Concur
- Potential Savings
- -
- Last Update Received
- 09/24/2024
- Next Update Expected
- 03/24/2025
- Legislative Related
- No
23-A-02-061.03We recommend that MCS Advantage, Inc. continue its examination of its existing compliance procedures to identify areas where improvements can be made to ensure that diagnosis codes that are at high risk for being miscoded comply with Federal requirements (when submitted to CMS for use in CMS's risk adjustment program) and take the necessary steps to enhance those procedures.- Status
- Open Unimplemented
- Responsible Agency
- CMS
- Response
- Concur
- Potential Savings
- -
- Last Update Received
- 09/24/2024
- Next Update Expected
- 03/24/2025
- Legislative Related
- No
-
Maryland's Child Support Administration Generally Claimed Administrative Costs That Were Allowable and Allocable
23-A-01-060.01We recommend that the Maryland Department of Human Services, Child Support Administration periodically review the allocation of payroll costs invoiced by the AOC.- Status
- Closed Implemented
- Responsible Agency
- ACF
- Response
- Concur
- Potential Savings
- -
- Last Update Received
- -
- Closed Date
- 10/03/2023
- Legislative Related
- No
23-A-01-060.02We recommend that the Maryland Department of Human Services, Child Support Administration periodically review the support of payroll costs invoiced by the AOC.- Status
- Closed Implemented
- Responsible Agency
- ACF
- Response
- Concur
- Potential Savings
- -
- Last Update Received
- -
- Closed Date
- 10/03/2023
- Legislative Related
- No
23-A-01-060.03We recommend that the Maryland Department of Human Services, Child Support Administration verify that the AOC calculates indirect costs charged to the CSE program by applying the de minimis rate of 10 percent to the correct allocation base.- Status
- Closed Implemented
- Responsible Agency
- ACF
- Response
- Concur
- Potential Savings
- -
- Last Update Received
- -
- Closed Date
- 10/03/2023
- Legislative Related
- No
-
Medicare Improperly Paid Physicians an Estimated $30 Million for Spinal Facet-Joint Interventions
23-A-09-059.01We recommend that the Centers for Medicare & Medicaid Services direct the MACs to recover $18,084 in improper payments made to physicians for the 66 sampled sessions for facet-joint interventions.- Status
- Closed Implemented
- Responsible Agency
- CMS
- Response
- Concur
- Potential Savings
- $18,084
- Last Update Received
- -
- Closed Date
- 08/21/2023
- Legislative Related
- No
23-A-09-059.02We recommend that the Centers for Medicare & Medicaid Services instruct the MACs to, based upon the results of this audit, notify appropriate physicians (i.e., those for whom CMS determines this audit constitutes credible information of potential overpayments) so that the physicians can exercise reasonable diligence to identify, report, and return any overpayments in accordance with the 60-day rule and identify any of those returned overpayments as having been made in accordance with this recommendation.- Status
- Closed Unimplemented
- Responsible Agency
- CMS
- Response
- Concur
- Potential Savings
- -
- Last Update Received
- -
- Closed Date
- 08/21/2023
- Legislative Related
- No
23-A-09-059.03We recommend that the Centers for Medicare & Medicaid Services encourage the MACs to: (1) develop collaborative training programs to be used for all of the MAC jurisdictions and that are specific to Medicare requirements for facet-joint interventions, which could have saved an estimated $29,566,172 for our audit period; and (2) develop solutions to prevent the incorrect billing of diagnostic facet-joint injections as therapeutic facet-joint injections, such as developing additional education specific to billing injections with modifier KX or updating guidance on how each type of injection should be billed.- Status
- Closed Implemented
- Responsible Agency
- CMS
- Response
- Concur
- Potential Savings
- $29,548,088
- Last Update Received
- -
- Closed Date
- 07/26/2023
- Legislative Related
- No
-
Missouri's Oversight of Certified Individualized Supported Living Provider Health and Safety Could Be Improved in Some Areas
23-A-07-058.01We recommend that the Missouri Department of Social Services, Missouri HealthNet Division ensure that the Missouri Department of Mental Health maintains all supporting documentation of the ISL provider certification surveys.- Status
- Closed Implemented
- Responsible Agency
- CMS
- Response
- Concur
- Potential Savings
- -
- Last Update Received
- -
- Closed Date
- 08/11/2023
- Legislative Related
- No
23-A-07-058.02We recommend that the Missouri Department of Social Services, Missouri HealthNet Division ensure that the Missouri Department of Mental Health works to improve the completion timeliness of the certification surveys.- Status
- Closed Implemented
- Responsible Agency
- CMS
- Response
- Concur
- Potential Savings
- -
- Last Update Received
- -
- Closed Date
- 08/11/2023
- Legislative Related
- No
23-A-07-058.03We recommend that the Missouri Department of Social Services, Missouri HealthNet Division ensure that the Missouri Department of Mental Health consider strengthening its background screening requirements for ISL providers to include periodic background screenings of staff after the date of hire and establish a timeframe for doing so.- Status
- Closed Unimplemented
- Responsible Agency
- CMS
- Response
- Non-Concur
- Potential Savings
- -
- Last Update Received
- -
- Closed Date
- 08/11/2023
- Legislative Related
- No
23-A-07-058.04We recommend that the Missouri Department of Social Services, Missouri HealthNet Division ensure that the Missouri Department of Mental Health continues to monitor ISL providers to ensure that providers maintain documentation to support that: ISL provider staff have taken all required trainings; background screenings of all ISL provider staff have been performed in a timely manner; all ISL provider staff who transport recipients possess current and valid driver's licenses; and all recipients have received an annual review of the DMH individual rights brochure and a monthly visit from a service coordinator.- Status
- Closed Implemented
- Responsible Agency
- CMS
- Response
- Concur
- Potential Savings
- -
- Last Update Received
- -
- Closed Date
- 08/11/2023
- Legislative Related
- No
23-A-07-058.05We recommend that the Missouri Department of Social Services, Missouri HealthNet Division ensure that the Missouri Department of Mental Health consider strengthening its infection control and prevention guidelines for ISL providers to include periodic training of staff after the date of hire.- Status
- Closed Implemented
- Responsible Agency
- CMS
- Response
- Concur
- Potential Savings
- -
- Last Update Received
- -
- Closed Date
- 08/11/2023
- Legislative Related
- No
-
The District of Columbia Has Taken Significant Steps To Ensure Accountability Over Amounts Managed Care Organizations Paid to Pharmacy Benefit Managers
23-A-03-056.01We recommend that the District of Columbia Department of Health Care Finance develop policies and procedures for validating MCO, PBM, and pharmacy transactions on a periodic basis to ensure transparency of costs associated with the prescription drug program.- Status
- Closed Implemented
- Responsible Agency
- CMS
- Response
- Concur
- Potential Savings
- -
- Last Update Received
- -
- Closed Date
- 10/17/2024
- Legislative Related
- No
-
Medicare Advantage Compliance Audit of Specific Diagnosis Codes That Geisinger Health Plan (Contract H3954) Submitted to CMS
23-A-09-057.01We recommend that Geisinger Health Plan refund to the Federal Government the $566,476 of net overpayments.- Status
- Open Unimplemented
- Responsible Agency
- CMS
- Response
- Concur
- Potential Savings
- $566,476
- Last Update Received
- 09/14/2024
- Next Update Expected
- 03/24/2025
- Legislative Related
- No
23-A-09-057.02We recommend that Geisinger Health Plan identify, for the high-risk diagnoses included in this report, similar instances of noncompliance that occurred before and after our audit period and refund any resulting overpayments to the Federal Government.- Status
- Open Unimplemented
- Responsible Agency
- CMS
- Response
- Concur
- Potential Savings
- -
- Last Update Received
- 09/14/2024
- Next Update Expected
- 03/24/2025
- Legislative Related
- No
23-A-09-057.03We recommend that Geisinger Health Plan examine its existing compliance procedures to identify areas where improvements can be made to ensure that diagnosis codes that are at high risk for being miscoded comply with Federal requirements (when submitted to CMS for use in CMS's risk adjustment program) and take the necessary steps to enhance those procedures.- Status
- Open Unimplemented
- Responsible Agency
- CMS
- Response
- Concur
- Potential Savings
- -
- Last Update Received
- 09/14/2024
- Next Update Expected
- 03/24/2025
- Legislative Related
- No
-
Georgia Did Not Comply With Federal Waiver and State Requirements at All 20 Adult Day Health Care Facilities Reviewed
23-A-04-055.01We recommend that the Georgia Department of Community Health ensure that providers correct the 312 instances of provider noncompliance identified in this report.- Status
- Open Unimplemented
- Responsible Agency
- CMS
- Response
- Concur
- Potential Savings
- -
- Last Update Received
- 03/22/2024
- Next Update Expected
- 09/22/2024
- Legislative Related
- No
23-A-04-055.02We recommend that the Georgia Department of Community Health improve its oversight and monitoring of providers.- Status
- Open Unimplemented
- Responsible Agency
- CMS
- Response
- Concur
- Potential Savings
- -
- Last Update Received
- 03/22/2024
- Next Update Expected
- 09/22/2024
- Legislative Related
- No
23-A-04-055.03We recommend that the Georgia Department of Community Health work with providers to improve their facilities, staffing, and training.- Status
- Open Unimplemented
- Responsible Agency
- CMS
- Response
- Concur
- Potential Savings
- -
- Last Update Received
- 03/22/2024
- Next Update Expected
- 09/22/2024
- Legislative Related
- No
-
Georgia Did Not Always Invoice Rebates to Manufacturers for Pharmacy and Physician-Administered Drugs
23-A-04-054.01We recommend that the Georgia Department of Community Health refund to the Federal Government $644,802 (Federal share) for single-source physicianadministered drug claims that were ineligible for Federal reimbursement.- Status
- Closed Implemented
- Responsible Agency
- CMS
- Response
- Concur
- Potential Savings
- $644,802
- Last Update Received
- -
- Closed Date
- 09/23/2024
- Legislative Related
- No
23-A-04-054.02We recommend that the Georgia Department of Community Health refund to the Federal Government $9,325 (Federal share) for top-20 multiple-source physician-administered drug claims that were ineligible for Federal reimbursement.- Status
- Closed Implemented
- Responsible Agency
- CMS
- Response
- Concur
- Potential Savings
- $9,325
- Last Update Received
- -
- Closed Date
- 09/23/2024
- Legislative Related
- No
23-A-04-054.03We recommend that the Georgia Department of Community Health work with CMS to determine and refund the unallowable portion of $52,837 (Federal share) for other multiple-source physician-administered drug claims that may have been ineligible for Federal reimbursement and consider invoicing drug manufacturers for rebates for those drug claims that CMS determines are allowable.- Status
- Closed Implemented
- Responsible Agency
- CMS
- Response
- Concur
- Potential Savings
- $52,837
- Last Update Received
- -
- Closed Date
- 09/23/2024
- Legislative Related
- No
23-A-04-054.04We recommend that the Georgia Department of Community Health complete the process for rebating pharmacy drug claims totaling $1,240,894 (Federal share) for single-source and $360,454 (Federal share) for multiple-source drugs that it had not previously sent for invoicing or refund the Federal share.- Status
- Closed Implemented
- Responsible Agency
- CMS
- Response
- Concur
- Potential Savings
- $1,601,348
- Last Update Received
- -
- Closed Date
- 08/18/2023
- Legislative Related
- No
23-A-04-054.05We recommend that the Georgia Department of Community Health work with CMS to determine and refund the unallowable portion of Federal reimbursement for physician-administered drug claims that were not invoiced for rebates after December 31, 2019.- Status
- Closed Implemented
- Responsible Agency
- CMS
- Response
- Concur
- Potential Savings
- -
- Last Update Received
- -
- Closed Date
- 08/18/2023
- Legislative Related
- No
23-A-04-054.06We recommend that the Georgia Department of Community Health strengthen its internal controls to ensure that all pharmacy and physician-administered drugs eligible for rebates are invoiced.- Status
- Closed Implemented
- Responsible Agency
- CMS
- Response
- Concur
- Potential Savings
- -
- Last Update Received
- -
- Closed Date
- 08/18/2023
- Legislative Related
- No